4305 Commits

Author	SHA1	Message	Date
github-actions[bot]	432c21d4fb	Post-release preparation for codeql-cli-2.14.2	2023-08-09 18:45:18 +00:00
Anders Schack-Mulligen	0ca3f3308b	Merge pull request #13478 from aschackmull/java/varcapture ... Java: Add proper support for variable capture flow.	2023-08-08 16:22:56 +02:00
Anders Schack-Mulligen	9d59f50340	Java: Review fixes.	2023-08-08 13:37:40 +02:00
Michael Nebel	0ed724eb13	Java: Make a flow summary for Set.clear using WithoutElement and introduce appropriate tests.	2023-08-08 11:10:08 +02:00
Anders Schack-Mulligen	ab334f6c1b	Java: Always apply heuristic query regardless of existing models.	2023-08-08 10:01:43 +02:00
erik-krogh	45c39e6072	limit field flow when tracking regex strings in Java	2023-08-08 09:01:23 +02:00
github-actions[bot]	79c90fa36a	Release preparation for version 2.14.2	2023-08-07 18:08:52 +00:00
Jeroen Ketema	8b6a7985db	Refactor the traint-tracking library to follow the dataflow library refactoring	2023-08-07 15:23:15 +02:00
Jeroen Ketema	5d2984b7a5	Merge branch 'main' into shared-taint-tracking	2023-08-07 15:22:29 +02:00
Jami	5862cd2378	Merge pull request #13889 from jcogs33/jcogs33/fix-some-models ... Java: remove duplicate models	2023-08-07 08:46:18 -04:00
Edward Minnix III	58d8a2d77f	Merge pull request #13899 from egregius313/egregius313/random-nextbytes-typo-fix ... Java: Fix typo in `StdlibRandomSource::getOutput`	2023-08-07 07:36:44 -04:00
Tom Hvitved	2126ab0dde	Merge pull request #13901 from hvitved/dataflow/refactor ... Data flow: Refactor shared library	2023-08-07 13:22:53 +02:00
Michael Nebel	e62ec888c0	Merge pull request #13506 from michaelnebel/java/threatmodels ... Java: Threat Models	2023-08-07 12:50:01 +02:00
Tony Torralba	fb0102b763	Java: New models for JAX-RS	2023-08-07 11:52:23 +02:00
Tom Hvitved	693970f243	Java: Adjust to data flow refactor	2023-08-07 11:35:23 +02:00
Tony Torralba	43b9199734	Java: Improved JaxWsEndpoint::getARemoteMethod	2023-08-07 10:21:58 +02:00
Ed Minnix	23e2eb11dd	Change note	2023-08-07 00:23:58 -04:00
Ed Minnix	fe4eef0bcb	Fix typo, replace getBytes with nextBytes	2023-08-07 00:16:47 -04:00
Jeroen Ketema	747cd1745a	Update all languages to use the shared taint-tracking library	2023-08-04 22:53:25 +02:00
Jami Cogswell	19622aec49	Java: remove duplicate 'Files.newOutputStream' ai model	2023-08-04 14:06:57 -04:00
Jami Cogswell	e64d581f7a	Java: remove duplicate 'Files.newInputStream' ai model	2023-08-04 14:05:05 -04:00
Jami Cogswell	d2a24dee7f	Java: remove duplicate 'Files.delete' ai model	2023-08-04 14:02:59 -04:00
Jami Cogswell	516831aa41	Java: remove duplicate 'Files.move' ai model	2023-08-04 14:01:27 -04:00
Jami Cogswell	c510d33fbf	Java: remove duplicate 'Files.deleteIfExists' ai model	2023-08-04 13:52:18 -04:00
Michael Nebel	9c4d77a925	Java: Address review comments.	2023-08-04 13:47:30 +02:00
Michael Nebel	d3eb9c1325	Java: Add release note and address review comments.	2023-08-04 13:36:43 +02:00
Anders Schack-Mulligen	84316c41a3	Java: Add more qldoc.	2023-08-03 10:04:06 +02:00
Anders Schack-Mulligen	90052a3ca2	Java: Add proper types for capture nodes.	2023-08-03 10:04:06 +02:00
Anders Schack-Mulligen	37455ec29e	Java: Replace ratpack test fix with general heuristic summary.	2023-08-03 10:04:06 +02:00
Anders Schack-Mulligen	c5990311ca	Java: Redesign and reimplement variable capture flow.	2023-08-03 10:04:06 +02:00
Anders Schack-Mulligen	70bef64e2a	Java: Fix ratpack flow.	2023-08-03 10:04:05 +02:00
Anders Schack-Mulligen	a23e77ca58	Java: Disregard heap parameter in any-argument and any-parameter specs.	2023-08-03 10:04:05 +02:00
Anders Schack-Mulligen	d1a616a70a	Java: Add proper support for variable capture flow.	2023-08-03 10:04:02 +02:00
Mathias Vorreiter Pedersen	3007fdab5e	Sync identical files.	2023-08-02 14:33:33 +02:00
Anders Schack-Mulligen	7bc8bf616f	Merge pull request #13863 from aschackmull/dataflow/pack4 ... Dataflow: Move the shared library to a properly shared qlpack.	2023-08-02 14:19:49 +02:00
Anders Schack-Mulligen	c34c667e6b	Java: Adjust to use the qlpack data-flow api.	2023-08-01 13:47:09 +02:00
Anders Schack-Mulligen	d7ea60e137	Java: Move data flow lib.	2023-08-01 13:47:08 +02:00
Michael Nebel	a9bc23fa3e	Java: Add threat model configuration related extensible predicates and some initial tuples.	2023-08-01 12:56:13 +02:00
Michael Nebel	a8ccc8d980	Java: Update MaD internal documentation.	2023-08-01 12:03:44 +02:00
Michael Nebel	99ac98bffc	Java: Re-factor a model to use WithElement (this model is already tested in collections/B.java).	2023-08-01 12:03:44 +02:00
Michael Nebel	0604a85bb1	Java: Add WithoutElement model for List.clear and add appropriate test.	2023-08-01 12:03:44 +02:00
Michael Nebel	21ec83a197	Java: Add MaD support for With[out]Element.	2023-08-01 12:03:44 +02:00
Anders Schack-Mulligen	e87b8ba3d7	Java: Make the barrier in java/potentially-weak-cryptographic-algorithm less restrictive.	2023-07-31 14:28:53 +02:00
Tony Torralba	5488abc512	Merge pull request #13850 from atorralba/atorralba/java/unimportant-generated-models ... Java: Remove superfluous generated models	2023-07-31 11:25:03 +02:00
Tony Torralba	2cbb7ed296	Java: Add XXE sinks for MDHT	2023-07-31 11:13:17 +02:00
Tony Torralba	41f1315da9	Merge pull request #13772 from atorralba/atorralba/java/inputstream-wrapper-read-step ... Java: Add taint steps for InputStream wrappers	2023-07-31 11:12:43 +02:00
Tony Torralba	3bd4d34a47	Java: Remove superfluous generated models	2023-07-31 09:48:03 +02:00
Tony Torralba	08cba7dc5f	Merge pull request #13713 from pwntester/java/struts2_source_taint_inheriting ... [Java] Implement field taint inheritance for Struts2 unmarshalled objects	2023-07-28 16:46:27 +02:00
Owen Mansel-Chan	a020189895	Merge pull request #13822 from owen-mc/dataflow/mergepathgraph3-signature-fix ... Dataflow: MergePathGraph3 signature fix	2023-07-28 15:15:43 +01:00
Tony Torralba	2dff0ce5b4	Merge pull request #13712 from pwntester/java/new_struts2_models ... [Java] New models for Struts2 framework	2023-07-28 14:31:25 +02:00