579 Commits

Author	SHA1	Message	Date
Jami Cogswell	e64d581f7a	Java: remove duplicate 'Files.newInputStream' ai model	2023-08-04 14:05:05 -04:00
Jami Cogswell	d2a24dee7f	Java: remove duplicate 'Files.delete' ai model	2023-08-04 14:02:59 -04:00
Jami Cogswell	516831aa41	Java: remove duplicate 'Files.move' ai model	2023-08-04 14:01:27 -04:00
Jami Cogswell	c510d33fbf	Java: remove duplicate 'Files.deleteIfExists' ai model	2023-08-04 13:52:18 -04:00
Michael Nebel	9c4d77a925	Java: Address review comments.	2023-08-04 13:47:30 +02:00
Michael Nebel	d3eb9c1325	Java: Add release note and address review comments.	2023-08-04 13:36:43 +02:00
Anders Schack-Mulligen	37455ec29e	Java: Replace ratpack test fix with general heuristic summary.	2023-08-03 10:04:06 +02:00
Anders Schack-Mulligen	70bef64e2a	Java: Fix ratpack flow.	2023-08-03 10:04:05 +02:00
Anders Schack-Mulligen	d1a616a70a	Java: Add proper support for variable capture flow.	2023-08-03 10:04:02 +02:00
Michael Nebel	a9bc23fa3e	Java: Add threat model configuration related extensible predicates and some initial tuples.	2023-08-01 12:56:13 +02:00
Michael Nebel	99ac98bffc	Java: Re-factor a model to use WithElement (this model is already tested in collections/B.java).	2023-08-01 12:03:44 +02:00
Michael Nebel	0604a85bb1	Java: Add WithoutElement model for List.clear and add appropriate test.	2023-08-01 12:03:44 +02:00
Tony Torralba	3bd4d34a47	Java: Remove superfluous generated models	2023-07-31 09:48:03 +02:00
Tony Torralba	2dff0ce5b4	Merge pull request #13712 from pwntester/java/new_struts2_models ... [Java] New models for Struts2 framework	2023-07-28 14:31:25 +02:00
Tony Torralba	c9fc5a54c7	Remove generated sinks and sources	2023-07-25 14:42:32 +02:00
Tony Torralba	29543f5726	Change InputStream.read from neutral to summary	2023-07-19 14:44:18 +02:00
Tony Torralba	2dbbcc2413	Java: Avoid low-confidence dispatch to InputStream methods ... Also adds a neutral model for `InputStream.read`, which offers a high-confidence alternative for this method.	2023-07-19 11:30:53 +02:00
Tony Torralba	cafc67e3be	Merge pull request #13714 from pwntester/java/langs3_improvements ... [Java] Add missing commons lang3 model for ToStringBuilder.reflectionToString	2023-07-13 14:45:33 +02:00
Stephan Brandauer	4391799b7e	Merge pull request #13403 from github/java/update-mad-decls-after-triage-2023-06-08T08-51-47 ... Java: Update MaD Declarations after Triage	2023-07-13 11:15:41 +02:00
Alvaro Muñoz	51f7031416	Update java/ql/lib/ext/org.apache.commons.lang3.builder.model.yml ... Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>	2023-07-12 09:06:05 +02:00
Alvaro Muñoz	e8563e5dfd	fix row	2023-07-11 10:47:23 +02:00
Alvaro Muñoz	c2f1fbbf98	Add missing commons lang3 model for ToStringBuilder.reflectionToString	2023-07-11 10:34:17 +02:00
Alvaro Muñoz	047d486509	add new struts2 models	2023-07-11 10:23:26 +02:00
Tony Torralba	ce600367df	Java: Add support for Kotlin's apply to java/android/unsafe-android-webview-fetch	2023-07-10 17:40:16 +02:00
Tony Torralba	b70e21df4f	Merge pull request #13702 from atorralba/atorralba/kotlin/apply ... Kotlin: Support apply	2023-07-10 17:39:57 +02:00
Tony Torralba	0f18c0227b	Kotlin: Support apply	2023-07-10 16:15:27 +02:00
jorgectf	9d8ae5039a	Add models for javax.portlet	2023-06-28 17:53:56 +02:00
Tony Torralba	a7c2a25cac	Merge pull request #12879 from atorralba/atorralba/java/command-injection-mad-sinks ... Java: Convert all command injection sinks to MaD format	2023-06-27 14:06:45 +02:00
Tony Torralba	6e20bd04e9	Merge pull request #13539 from atorralba/atorralba/java/url-to-string-model ... Java: Add URL.toString summary	2023-06-27 14:05:47 +02:00
jorgectf	2dc4f23dbb	Add models for org.apache.commons.lang	2023-06-23 19:34:21 +02:00
Tony Torralba	d07e2862f9	Java: Add URL.toString summary ... This adds coverage for CVE-2023-35149.	2023-06-22 17:39:30 +02:00
Jami	622cd05b77	Merge branch 'main' into java/update-mad-decls-after-triage-2023-06-08T08-51-47	2023-06-20 21:58:15 -04:00
Tony Torralba	c62689022e	Merge pull request #13256 from atorralba/atorralba/java/stapler-models ... Java: Model the Stapler framework	2023-06-19 15:27:19 +02:00
Tony Torralba	dcd180f3f6	Remove model	2023-06-15 12:00:46 +02:00
Tony Torralba	af240ff533	Apply suggestions from code review	2023-06-15 11:58:53 +02:00
Tony Torralba	37a62d3021	Merge pull request #13227 from atorralba/atorralba/java/jenkins-generated-models ... Java: Add autogenerated models for frameworks related to Jenkins	2023-06-14 15:59:28 +02:00
Tony Torralba	7c4cdbf0d6	Remove badly generated models	2023-06-14 14:20:16 +02:00
Tony Torralba	5e3d9d8136	Java: Model the Stapler framework	2023-06-14 12:34:52 +02:00
Tony Torralba	182513a981	Merge pull request #13235 from atorralba/atorralba/java/hudson-models ... Java: Add Hudson models	2023-06-14 12:33:18 +02:00
Taus	e5b17af9b5	Java: Fix bad tool output	2023-06-14 12:16:44 +02:00
Tony Torralba	8bafc22add	Replace open-url sink kinds with request-forgery	2023-06-14 09:59:59 +02:00
Tony Torralba	686c35e210	Add autogenerated models	2023-06-14 09:58:30 +02:00
Taus	b860b21ced	Update MaD Declarations after Triage	2023-06-13 16:50:58 +02:00
Tony Torralba	ffe67689ec	Merge branch 'main' into atorralba/java/command-injection-mad-sinks	2023-06-13 09:27:33 +02:00
Tony Torralba	2fd2c434f2	Apply suggestions from code review ... Co-authored-by: Jami <57204504+jcogs33@users.noreply.github.com>	2023-06-13 09:24:15 +02:00
Stephan Brandauer	1ae2fee309	Java: Update java/ql/lib/ext/okhttp3.model.yml ... Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>	2023-06-09 13:48:16 +02:00
Stephan Brandauer	44785b72ce	Java: Update java/ql/lib/ext/okhttp3.model.yml ... Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>	2023-06-09 13:46:09 +02:00
Anders Schack-Mulligen	a0a9d30286	Java: Fix qltests.	2023-06-09 08:37:35 +02:00
Tony Torralba	0e242cba7e	Update java/ql/lib/ext/retrofit2.model.yml	2023-06-08 14:59:10 +02:00
Tony Torralba	4608481d7b	Java: Fix more problems in the Gson models ... Found during type strengthening work by @aschackmull	2023-06-08 14:53:09 +02:00