hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,850 Commits 1,671 Branches 157 Tags
01f9b42472c3e6bfc0c8cf93730cc1bf2e218807
Commit Graph

50 Commits

Author SHA1 Message Date
Owen Mansel-Chan
f6e3c77145 Convert path injection barrier to MaD 2025-12-11 16:24:27 +01:00
Jami Cogswell
c0ebeb9c7b Java: use AdditionalTaintStep 2025-02-14 13:52:43 -05:00
Anders Schack-Mulligen
d7fbf68a59 Merge pull request #17597 from aschackmull/java/chararraywriter-tostring 
Java: Add model for CharArrayWriter.toString().
 2024-11-12 12:55:44 +01:00
Michael Nebel
9a44eec04c Java: Add manual models for FileReader (they would also have disappeared if models were re-generated without using mixed mode). 2024-10-21 15:19:37 +02:00
Anders Schack-Mulligen
2d76752ca0 Java: Add model for CharArrayWriter.toString(). 2024-09-27 11:28:20 +02:00
Tony Torralba
f16dd8c010 Apply code review suggestions. 2024-06-04 10:35:11 +02:00
Tony Torralba
f84c2a842d Java: Add more File-related sinks for path-injection 2024-06-04 10:35:07 +02:00
Owen Mansel-Chan
23a58a0835 Add df-manual models related to existing df-manual models 2024-03-17 14:21:05 +00:00
Owen Mansel-Chan
8e52483beb Add df-manual models in manually modeled classes 2024-03-15 10:10:23 +00:00
Tony Torralba
eecab9122a Recognize the model generator involvement in the models' provenances 2024-03-14 08:56:23 +01:00
Tony Torralba
039bea1625 Java: Add more neutral JDK models 
This is similar to https://github.com/github/codeql/pull/15766, in the sense that it adds neutral models to prevent the model generator from generating summaries for them. These models were spotted while evaluating https://github.com/github/codeql/pull/14919.
 2024-03-13 16:59:38 +01:00
Max Schaefer
93990ec9df Merge pull request #15486 from github/java/update-mad-decls-after-triage-2024-01-31T11-16-45 
Java: Update MaD Declarations after Triage
 2024-02-09 11:18:17 +00:00
Max Schaefer
ad8038bade Update MaD Declarations after Triage 2024-01-31 11:28:10 +00:00
Tony Torralba
e2bf9ea2eb Consider File.exists() et al a path-injection sink 2024-01-30 14:51:36 +01:00
Tony Torralba
19cb7adb6d Migrate path injection sinks to MaD 
Deprecate and stop using PathCreation

Path creation sinks are now summaries
 2024-01-26 12:19:54 +01:00
Edward Minnix III
655470f3da Refactor EnvInput to MaD 2023-10-03 22:28:47 -04:00
Tony Torralba
29543f5726 Change InputStream.read from neutral to summary 2023-07-19 14:44:18 +02:00
Tony Torralba
2dbbcc2413 Java: Avoid low-confidence dispatch to InputStream methods 
Also adds a neutral model for `InputStream.read`, which offers a high-confidence alternative for this method.
 2023-07-19 11:30:53 +02:00
Stephan Brandauer
8f697ac1ee Java: fix broken MaD export format 2023-06-08 12:02:50 +02:00
Stephan Brandauer
c6f10519fa Merge branch 'main' into java/update-mad-decls-after-triage-2023-06-08T08-51-47 2023-06-08 12:00:07 +02:00
Stephan Brandauer
bda938c544 Update MaD Declarations after Triage 2023-06-08 10:51:48 +02:00
Tony Torralba
527fe523a8 Add PathCreation.qll sinks to models-as-data 
The old PathCreation sinks can't be removed because doing so would cause alert wobble in the path injection queries. See their getReportingNode predicates.
 2023-06-02 09:14:35 +02:00
Jami
617107de35 Merge pull request #12916 from jcogs33/jcogs33/revamp-java-sink-kinds 
Java: revamp MaD sink kinds
 2023-06-01 12:48:30 -04:00
Jami Cogswell
cb10f4976b Java: update create/read-file sink kinds to path-injection 2023-05-31 15:49:07 -04:00
Jami Cogswell
eb1a8e2189 Java: update write-file sink kind to file-system-store 2023-05-31 15:49:07 -04:00
Jami Cogswell
7e6913af62 Java: update provenance to 'hq-manual' 2023-05-26 18:55:13 -04:00
Jami Cogswell
65dd7eb8e7 Java: add neutral models discovered with path-inj and ssrf heuristics 2023-05-26 18:55:13 -04:00
Michael Nebel
bd23814e7c Java: Update existing neutrals to include kind information. 2023-05-08 16:18:59 +02:00
Michael Nebel
169d8d5cf9 Java: All ai-generated models have been manually verified. 2023-04-13 09:21:06 +02:00
Tony Torralba
944bdfde45 Apply suggestions from code review 2023-04-11 09:47:47 +02:00
Stephan Brandauer
cb8506d51a Update MaD Declarations after Triage 2023-04-11 09:25:39 +02:00
Tony Torralba
cdb3d9ea5a Apply suggestions from code review 2023-04-06 12:23:50 +02:00
Stephan Brandauer
18801b39c6 Update MaD Declarations after Triage 2023-04-06 12:23:50 +02:00
Jami Cogswell
8046ec2f78 Java: update -1 to this 2023-03-23 18:01:28 -04:00
Jami Cogswell
0f3a0a1e81 Java: remove ArrayElement from listFiles 2023-03-23 18:00:21 -04:00
Jami Cogswell
79ce46a221 Java: remove FileInputStream summary model since causing issues in DCA 2023-03-23 18:00:20 -04:00
Jami Cogswell
bdd7f18e35 Java: remove some comments 2023-03-23 18:00:20 -04:00
Jami Cogswell
17e0920325 Java: resolve more conflicts 2023-03-23 18:00:14 -04:00
Jami Cogswell
c213d56d2c Java: resolve some more -1 to this conflicts 2023-03-23 17:56:46 -04:00
Jami Cogswell
44c3a41194 Java: resolve more -1 to this conflicts 2023-03-23 17:53:27 -04:00
Jami Cogswell
971b0e8814 Java: -1 to this conflict 2023-03-23 17:50:08 -04:00
Michael Nebel
e86f1e4961 Java: Replace Argument[-1] with Argument[this]. 2023-03-20 10:14:20 +01:00
Tony Torralba
db83fe6f42 Fix incorrect java.io models 2023-03-14 11:21:17 +01:00
Tony Torralba
698dfa46fc Minor fixes to the models 2023-03-10 12:35:13 +01:00
Stephan Brandauer
0c19da926c Update MaD Declarations after Triage 2023-03-10 12:35:13 +01:00
Jami Cogswell
21a018e5c5 Java: add summary model and test for File.getName 2023-01-03 13:12:24 -05:00
Jami Cogswell
939279af38 Java: add comments 2022-12-22 16:25:12 -05:00
Jami Cogswell
99ddd484be Java: add java.io models 2022-12-21 12:34:26 -05:00
Michael Nebel
bc02adb400 Java: Make the corresponding rename in all the data extensions. 2022-12-14 13:48:31 +01:00
Michael Nebel
9cb5ff1cdc Java: Add data extensions for all manual models. 2022-11-28 12:30:34 +01:00