hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-23 20:26:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
55,503 Commits 1,672 Branches 157 Tags
22124409fe5eddfac6adf77de01422e32c74e06c
Commit Graph

2799 Commits

Author SHA1 Message Date
Tony Torralba
abb775c616 Merge pull request #13409 from atorralba/atorralba/java/fix-gson-models 
Java: Fix more problems in the Gson models
 2023-06-08 17:36:40 +02:00
Tony Torralba
4608481d7b Java: Fix more problems in the Gson models 
Found during type strengthening work by @aschackmull
 2023-06-08 14:53:09 +02:00
Anders Schack-Mulligen
dabb4dd643 Java: Improve join-order for FunctionalInterface. 2023-06-08 13:02:54 +02:00
Anders Schack-Mulligen
cc45db7c76 Merge pull request #13394 from atorralba/atorralba/java/fix-gson-jsonarray-models 
Java: Fix Gson's JsonArray.add models
 2023-06-08 11:05:40 +02:00
Tony Torralba
c0135673fa Fix JsonArray.addAll model 
Properly test JsonArray.add(String) and JsonArray.addAll(JsonArray) as well
 2023-06-07 16:18:32 +02:00
Tony Torralba
6d7234f8ed Merge pull request #13225 from atorralba/atorralba/java/path-injection-mad-sinks-2 
Java: Migrate path injection sinks to models-as-data (simplified)
 2023-06-07 14:27:36 +02:00
Tony Torralba
35b4c438ff Fix Gson's JsonArray.add models 
When the type of the argument isn't JsonElement, the summary must be taint flow instead of value flow
 2023-06-07 14:12:20 +02:00
Erik Krogh Kristensen
6ba7f9a238 Merge pull request #13352 from erik-krogh/once-again-deps-not-py-cpp 
delete old deprecations
 2023-06-07 13:00:57 +02:00
Tony Torralba
46b30453e3 Merge pull request #13386 from github/java/update-mad-decls-after-triage-2023-06-06T14-38-29 
Java: Update MaD Declarations after Triage
 2023-06-07 12:33:26 +02:00
Tony Torralba
27763d6bbe Improve ZipSlip exclusion to take varargs into account 2023-06-07 09:25:56 +02:00
Tony Torralba
8001ae9669 Update java/ql/lib/semmle/code/java/security/ZipSlipQuery.qll 
Co-authored-by: Jami <57204504+jcogs33@users.noreply.github.com>
 2023-06-07 09:08:24 +02:00
Tony Torralba
60725e9580 Update java/ql/lib/ext/org.springframework.core.io.model.yml 2023-06-07 09:07:22 +02:00
Tony Torralba
2f12ae2e0d Update java/ql/lib/ext/okhttp3.model.yml 2023-06-07 08:57:12 +02:00
Stephan Brandauer
b31131d33a Merge pull request #13344 from github/java/update-mad-decls-after-triage-2023-06-01T12-58-13 
Java: Update MaD Declarations after Triage
 2023-06-06 17:08:50 +02:00
Stephan Brandauer
75cbcdd72e Update MaD Declarations after Triage 2023-06-06 16:38:31 +02:00
Taus
f4fd908f7f Java: Comment out sinks for which no query exists 2023-06-06 13:01:59 +02:00
Tony Torralba
1d8ca88aca Add change note 2023-06-06 11:25:07 +02:00
Tony Torralba
72af634575 Kotlin: Add flow through use and with 2023-06-06 11:22:16 +02:00
Tony Torralba
1601846478 Add exclusion to the ZipSlip query to avoid FPs 2023-06-06 10:28:49 +02:00
Tony Torralba
0065e6e1d6 Apply suggestions from code review 
Fix incorrect models-as-data rows
 2023-06-06 10:04:22 +02:00
Tony Torralba
1ccec90c6f Apply suggestions from code review 
Co-authored-by: Jami <57204504+jcogs33@users.noreply.github.com>
 2023-06-06 09:10:18 +02:00
Taus
7ad860fc98 Java: Update MaD declarations after triage 
Co-authored-by: Stephan Brandauer <kaeluka@github.com>
 2023-06-05 18:00:40 +02:00
Jami
64830809a6 Merge pull request #13228 from jcogs33/jcogs33/deprecated-sink-error-message 
Java: add error message for outdated sink kinds in `getInvalidModelKind`
 2023-06-02 13:44:18 -04:00
erik-krogh
ac9ede4ec0 add change-notes 2023-06-02 11:58:11 +02:00
erik-krogh
44b6366586 delete old deprecations 2023-06-02 11:58:08 +02:00
Tony Torralba
527fe523a8 Add PathCreation.qll sinks to models-as-data 
The old PathCreation sinks can't be removed because doing so would cause alert wobble in the path injection queries. See their getReportingNode predicates.
 2023-06-02 09:14:35 +02:00
Jami
1a82e21fdb Merge pull request #13136 from jcogs33/jcogs33/revamp-java-source-kinds 
Java: change `android-widget` MaD source kind to `remote`
 2023-06-01 14:18:02 -04:00
Jami Cogswell
b8cedfa817 Java: switch 'deprecated' to 'outdated' 2023-06-01 13:30:27 -04:00
Jami Cogswell
d10857fbdb Java: fix typo blank qldoc 2023-06-01 12:57:06 -04:00
Jami Cogswell
0355b78f13 Java: add deprecation deletion comment 2023-06-01 12:57:06 -04:00
Jami Cogswell
b3d218a503 Java: condense 'replacementKind' code 2023-06-01 12:57:06 -04:00
Jami Cogswell
06c83ee14d Java: add error message for deprecated sink kinds to 'getInvalidModelKind' 2023-06-01 12:57:05 -04:00
Jami
617107de35 Merge pull request #12916 from jcogs33/jcogs33/revamp-java-sink-kinds 
Java: revamp MaD sink kinds
 2023-06-01 12:48:30 -04:00
Jami Cogswell
de15013715 Java: remove RemoteFlowSources module 2023-06-01 12:25:26 -04:00
Jami Cogswell
5700a6eea4 Java: remove DefaultAndroidWidgetSources class 2023-06-01 12:25:26 -04:00
Jami Cogswell
119b446dbc Java: add change note 2023-06-01 12:25:26 -04:00
Jami Cogswell
6722892828 Java: switch 'android-widget' source kind to 'remote' 2023-06-01 12:25:25 -04:00
Jami Cogswell
58845eca7c Java: update recently added 'open-url' sinks to 'request-forgery' 2023-06-01 08:10:44 -04:00
Ian Lynagh
c28af7672d Merge pull request #13286 from igfoo/igfoo/kotlin-1.9b 
Kotlin: Support 1.9.0
 2023-06-01 13:02:04 +01:00
Jami
10bab71c60 Merge pull request #12249 from jcogs33/jcogs33/add-heuristic-neutral-models 
Java: add some neutral models discovered with heuristics
 2023-06-01 07:51:55 -04:00
Tony Torralba
c1bd04e802 Merge pull request #13332 from atorralba/atorralba/java/gson-serializability 
Java: Fix GsonDeserializableField
 2023-06-01 10:45:32 +02:00
Jami Cogswell
51f8f98118 Java: update recently added 'sql' sinks 2023-05-31 15:51:07 -04:00
Jami Cogswell
ca8ac0c93f Java: add comment about request-forgery sinks 2023-05-31 15:51:07 -04:00
Jami Cogswell
9853a66b32 Java: update change note 2023-05-31 15:51:07 -04:00
Jami Cogswell
3e5dc28c0a Java: update more recently added sinks: path-injection and request-forgery 2023-05-31 15:51:07 -04:00
Jami Cogswell
6bb6802fb8 Java: add change note draft 2023-05-31 15:51:07 -04:00
Jami Cogswell
ad771984f1 Java: update recently added path-injection sinks 2023-05-31 15:51:07 -04:00
Jami Cogswell
5dbb698481 Java: update open/jdbc-url sink kinds to request-forgery 2023-05-31 15:50:31 -04:00
Jami Cogswell
cb10f4976b Java: update create/read-file sink kinds to path-injection 2023-05-31 15:49:07 -04:00
Jami Cogswell
eb1a8e2189 Java: update write-file sink kind to file-system-store 2023-05-31 15:49:07 -04:00