8900 Commits

Author	SHA1	Message	Date
tiferet	3987d8d374	Small update to SafeExternalApiMethodCharacteristic	2023-03-14 12:49:28 -07:00
tiferet	fd75952c1e	Improvements to ExtractSinkCandidatesWithFlow.ql	2023-03-14 12:49:28 -07:00
tiferet	4db0dec82e	Minor improvement	2023-03-14 12:49:28 -07:00
tiferet	a73b52adef	Improvements to ExtractSinkCandidatesWithFlow.ql	2023-03-14 12:49:28 -07:00
tiferet	39a4513fcc	Delete the queries the Java team isn't currently interested in boosting	2023-03-14 12:49:28 -07:00
tiferet	3c44332f17	Move isFlowLikelyInBaseQuery to the ATMConfig and delete AdaptiveThreatModeling.qll	2023-03-14 12:49:27 -07:00
tiferet	06c7f1012c	Rename request forgery sink to server-side request forgery sink	2023-03-14 12:49:27 -07:00
tiferet	9421ba5303	Add and implementation of request forgery sinks and corresponding positive EndpointCharacteristic in Java	2023-03-14 12:49:27 -07:00
tiferet	f5109be2ac	Bug fixes	2023-03-14 12:49:27 -07:00
tiferet	c14a4c4d93	Add an implementation of TaintedPathATM.qll and corresponding positive EndpointCharacteristic in Java	2023-03-14 12:49:27 -07:00
tiferet	4546dbe51b	Subsample negative examples to 1% to prevent huge numbers.	2023-03-14 12:49:26 -07:00
tiferet	5d62dc3d2e	Add a Java NotASinkCharacteristic safe external API method	2023-03-14 12:49:26 -07:00
tiferet	0acd06a6d3	Add queries to surface high-confidence Java sinks and non-sinks to use as examples in the codex prompt.	2023-03-14 12:49:26 -07:00
tiferet	04abb87fef	Rewrite ExtractSinkCandidatesWithFlow.ql as a problem query so we can run it with codeql database analyze to output SARIF results.	2023-03-14 12:49:26 -07:00
tiferet	5dc5c3fb3f	Add a couple of endpoint filters for Java	2023-03-14 12:49:26 -07:00
tiferet	653b0128f5	Try implementing SqlInjectionATM.qll in Java	2023-03-14 12:49:26 -07:00
tiferet	c0f58371b4	Start making the additions needed to surface candidate Java sinks for codex classification outside the evaluator.	2023-03-14 12:49:26 -07:00
Anders Schack-Mulligen	30163e4f60	Merge pull request #12515 from aschackmull/java/neutral-dispatch ... Java: Remove low-confidence dispatch to known neutrals.	2023-03-14 15:35:05 +01:00
Tom Hvitved	c132891669	Merge pull request #12513 from hvitved/dataflow/lambda-flow-no-expects-content ... Data flow: Exclude `expectsContent` nodes from lambda flow	2023-03-14 15:28:35 +01:00
Ian Lynagh	32e8b130ad	Merge pull request #12501 from tamasvajk/java/javadoc_printast ... Java: Fix printAST to handle javadoc belonging to multiple elements	2023-03-14 13:42:22 +00:00
Anders Schack-Mulligen	a9d2b936af	Java: Add qldoc.	2023-03-14 14:15:15 +01:00
Anders Schack-Mulligen	dbfc256f40	Java: Remove low-confidence dispatch to known neutrals.	2023-03-14 11:34:07 +01:00
Edward Minnix III	de1ecf943e	Merge pull request #11915 from egregius313/egregius313/arbitrary-apk-installation ... Java: Arbitrary APK installation	2023-03-14 06:23:51 -04:00
Tom Hvitved	bdd56f1b6e	Data flow: Sync files	2023-03-14 10:01:56 +01:00
github-actions[bot]	2c93ab99d8	Add changed framework coverage reports	2023-03-14 00:15:57 +00:00
Anders Schack-Mulligen	5792b4d363	Merge pull request #12503 from aschackmull/java/qltest-callback-instance-sideeffect ... Java: Add a qltest demonstrating side-effect on a callback instance.	2023-03-13 17:26:12 +01:00
Ian Lynagh	70b85a3e00	Merge pull request #12431 from igfoo/igfoo/double_interception ... Kotlin: Test double interceptions	2023-03-13 14:30:49 +00:00
Tamas Vajk	c57fcfb8fb	Java: Fix printAST to handle javadoc belonging to multiple elements	2023-03-13 14:26:33 +01:00
Tony Torralba	705691b096	Merge pull request #12446 from github/java/update-mad-decls-after-triage-2023-03-08T14-51-59 ... Java: Update MaD Declarations after Triage	2023-03-13 14:07:59 +01:00
Anders Schack-Mulligen	f54b02edb3	Java: Add a qltest demonstrating side-effect on a callback instance.	2023-03-13 13:22:18 +01:00
Anders Schack-Mulligen	0c95ab2cdc	Merge pull request #12474 from hvitved/dataflow/call-back-post-update ... Data flow: Synthesize post-update nodes for callback arguments inside summarized callables	2023-03-13 13:21:52 +01:00
Ian Lynagh	4fbc747f93	Kotlin: Move kotlin_double_interception test to posix_only ... It's failing on Windows	2023-03-13 11:57:57 +00:00
Ian Lynagh	fd8f7e071b	Kotlin: Tweak double_interception test	2023-03-13 11:57:57 +00:00
Ian Lynagh	fae4a8f37b	Kotlin: double interception test: Fix for old python versions	2023-03-13 11:57:57 +00:00
Ian Lynagh	8b6047dfd1	Kotlin: Handle double-interceptions without failing	2023-03-13 11:57:57 +00:00
Ian Lynagh	81e71c4669	Kotlin: Add a test for double niterception	2023-03-13 11:57:57 +00:00
Erik Krogh Kristensen	060c37b6a2	Merge pull request #12345 from erik-krogh/delOldDeps ... delete old deprecations	2023-03-13 12:48:24 +01:00
Tamas Vajk	e44aca0b33	Java: Add printAST test with javadoc	2023-03-13 12:02:50 +01:00
Anders Schack-Mulligen	c380ecbbbc	Data flow: Add change notes.	2023-03-13 11:09:13 +01:00
erik-krogh	6c1ebd999e	Merge branch 'main' into delOldDeps	2023-03-13 11:00:29 +01:00
Tony Torralba	e834f9302e	Fix Apache Commons HTTP Client and SQL Injection tests	2023-03-13 09:36:53 +01:00
Ed Minnix	59eea2a4a3	Change FlowState classes to use IPAs instead of string	2023-03-10 15:24:04 -05:00
Ed Minnix	b6eeac5bc8	Update names to new naming convention	2023-03-10 15:13:58 -05:00
Edward Minnix III	e2acc26419	Apply docs review suggestions ... - Punctuation - Rewording Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>	2023-03-10 09:47:47 -05:00
Anders Schack-Mulligen	1e64748ffe	Dataflow: Autoformat.	2023-03-10 15:12:19 +01:00
Anders Schack-Mulligen	a836444bc6	Dataflow: Add some qldoc.	2023-03-10 14:56:54 +01:00
Anders Schack-Mulligen	cce3728edf	Dataflow: Add MergePathGraph module.	2023-03-10 14:56:54 +01:00
Tom Hvitved	32a699e34a	Data flow: Sync files	2023-03-10 12:43:21 +01:00
Anders Schack-Mulligen	64dd8b9488	Merge branch 'main' into java/refactor-dataflow-queries-1	2023-03-10 12:38:06 +01:00
Tony Torralba	746c2d1fca	Add change note	2023-03-10 12:35:14 +01:00