hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-20 18:04:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
63,132 Commits 1,683 Branches 158 Tags
055ead20e3804f18cf69bbefd24bdc8e8d889d8e
Commit Graph

436 Commits

Author SHA1 Message Date
Stephan Brandauer
95b439bf31 Merge branch 'main' into java/update-mad-decls-after-triage-2023-12-21T14-39-02 2024-01-23 09:40:50 +01:00
Stephan Brandauer
cd765e7c19 work on review comments 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2024-01-23 09:35:36 +01:00
Stephan Brandauer
8b34407ab7 Java: java.awt.Desktop::browse is a url-redirection sink 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2024-01-23 09:28:13 +01:00
Owen Mansel-Chan
2f01688319 Merge pull request #15280 from owen-mc/java/add-manual-models-for-df-generation 
Java: improve models for some important JDK methods
 2024-01-11 12:47:37 +00:00
Eric Bickle
f6fa7120d9 Merge branch 'main' into fix/update-gson-model 2024-01-08 15:46:14 -08:00
Eric Bickle
929ce65af1 Remove zero width space characters. 2024-01-08 13:15:38 -08:00
Ed Minnix
814885f7f6 Hudson environment variables models 2024-01-08 09:38:43 -05:00
Ed Minnix
028bd49211 org.apache.commons.exec models 2024-01-08 09:38:42 -05:00
Ed Minnix
ad32b81492 environment-injection sink 2024-01-08 09:38:41 -05:00
Tony Torralba
7e6f2d1fc5 Merge pull request #14681 from atorralba/atorralba/java/weak-randomness-cve-coverage 
Java: Add more sinks to the Insecure Randomness query
 2024-01-08 15:33:03 +01:00
Owen Mansel-Chan
ce3097e9ce Fix manual models for String.valueOf(Object) 
Add a neutral model for it, but also a summary model for `String.valueOf(CharSequence)`
 2024-01-04 11:31:20 +00:00
Owen Mansel-Chan
0076f06ce7 Improve manual models of java.lang.Exception 2024-01-04 11:31:18 +00:00
Owen Mansel-Chan
e415c54c5e Reorder manual models of java.lang.Throwable 2024-01-04 11:31:16 +00:00
Owen Mansel-Chan
f52ea5c2fd Improve manual models of java.lang.Throwable 2024-01-04 11:31:14 +00:00
Eric Bickle
0cd89bf815 Merge branch 'main' into fix/update-gson-model 2024-01-02 14:05:33 -08:00
Stephan Brandauer
a9d21cef01 Update MaD Declarations after Triage 2023-12-21 15:39:03 +01:00
Tony Torralba
1b9f59efa7 Merge pull request #14646 from github/java/update-mad-decls-after-triage-2023-10-31T15-52-01 
Java: Update MaD Declarations after Triage
 2023-12-20 15:37:19 +01:00
Tony Torralba
e744d974e8 Merge pull request #14580 from github/java/update-mad-decls-after-triage-2023-10-24T15-42-01 
Java: Update MaD Declarations after Triage
 2023-12-20 15:01:24 +01:00
Tony Torralba
c8a369d9ef Update java/ql/lib/ext/jakarta.persistence.model.yml 2023-12-19 14:58:07 +01:00
Eric Bickle
95ce7c9ba4 Merge branch 'main' into fix/update-gson-model 2023-12-15 10:15:53 -08:00
Tony Torralba
fc45621ab1 Add pac4j JWT cryptographic key sinks 2023-12-13 11:15:27 +01:00
Tony Torralba
27be5ba14b Merge pull request #15073 from atorralba/atorralba/java/remove-invalid-ognl-sinks 
Java: Remove invalid OGNL sinks
 2023-12-12 16:52:31 +01:00
Tony Torralba
fad53a25c0 Update java/ql/lib/ext/struts2.model.yml 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2023-12-12 14:58:47 +01:00
Tony Torralba
103110f9c2 Java: Remove invalid OGNL sinks 
Fixes #15053
 2023-12-12 13:39:51 +01:00
Ed Minnix
1271cd3348 Remove unnecessary crypto sinks 2023-12-11 11:18:40 -05:00
Ed Minnix
b9d2a26e6e Move ESAPI models into the Weak Randomness query 
These models don't need to apply to all queries. So instead they are
better suited to be within the weak randomness query itself.
 2023-12-11 11:18:39 -05:00
Ed Minnix
7f3995f524 Remove extra encryption-iv models 2023-12-11 11:18:39 -05:00
Ed Minnix
7241e0920c Replace convertBytesToString with models 2023-12-11 11:18:39 -05:00
Ed Minnix
b8b2de2f3c Remove use of crypto-parameter sink kind 2023-12-11 11:18:39 -05:00
Ed Minnix
0313f39229 Cryptographic sinks 2023-12-11 11:18:38 -05:00
Jami Cogswell
ba3548b317 Java: switch to createRelative sink and add UrlPathHelper sources 2023-11-29 14:46:28 -05:00
Jami Cogswell
efa5ab18c1 Java: add taint steps for getResource sink 2023-11-29 14:46:27 -05:00
Eric Bickle
aab7ff919e Java: Improve Gson parse, get, and stream models 2023-11-27 12:26:28 -08:00
Chris Smowton
24b4b05be8 Add models for new Collections methods 2023-11-06 16:44:40 +00:00
Chris Smowton
5b72aee3ae Java: model JDK21 SequencedCollection, Set and Map 2023-11-06 16:04:13 +00:00
Edward Minnix III
1ec1dd368d Merge pull request #13978 from egregius313/egregius313/java/mad/convert-sensitive-api-to-mad 
Java: Convert `SensitiveApi.qll` to use Models-as-Data
 2023-10-31 15:25:42 -04:00
Tony Torralba
107a05af71 Update MaD Declarations after Triage 2023-10-31 16:52:02 +01:00
Dave Bartolomeo
d2afb20f3f Merge remote-tracking branch 'origin/main' into dbartol/threat-models-2 2023-10-26 14:05:40 -04:00
Ed Minnix
f288ddc3d5 Add signature back to trilead ssh2 model 2023-10-25 14:31:56 -04:00
Ed Minnix
d923784ae4 Add signatures to models 2023-10-25 14:31:56 -04:00
Ed Minnix
90c63ab6b0 Remove additional net.schmizz.sshj models 2023-10-25 14:31:56 -04:00
Edward Minnix III
2fb4dfeb90 TrustType should be nested in sun.security.pkcs11.Secmod models 
Co-authored-by: Jami <57204504+jcogs33@users.noreply.github.com>
 2023-10-25 14:31:55 -04:00
Ed Minnix
665b140a8a Make SaltAndParams be nested 2023-10-25 14:31:55 -04:00
Edward Minnix III
700201556c Remove extra model 
Co-authored-by: Jami <57204504+jcogs33@users.noreply.github.com>
 2023-10-25 14:31:55 -04:00
Ed Minnix
58dae6d1c6 Set provenance of models from otherApiCallableCredentialParam to manual and remove extra models 2023-10-25 14:31:55 -04:00
Ed Minnix
a28f19c857 Remove initialization vectors from SensitiveApi 2023-10-25 14:31:55 -04:00
Ed Minnix
855d96db66 Remove extra models 2023-10-25 14:31:55 -04:00
Ed Minnix
02c98fae5f Use hq-generated provenance 2023-10-25 14:31:55 -04:00
Ed Minnix
1ad06f3293 Add missing GaloisCounterMode model 2023-10-25 14:31:55 -04:00
Ed Minnix
3b0b5e403c Replace crypto-parameter with credentials-key 2023-10-25 14:31:55 -04:00