10350 Commits

Author	SHA1	Message	Date
Edward Minnix III	d54489931c	Merge pull request #15869 from egregius313/egregius313/java/fix/parcelfiledescriptor-open-sink ... Java: Add path-injection sink for `ParcelFileDescriptor::open`	2024-03-12 16:39:20 -04:00
Erik Krogh Kristensen	863e3f79e5	Merge pull request #15731 from erik-krogh/java-url ... Java: More sanitizers for request-forgery	2024-03-12 19:31:52 +01:00
erik-krogh	f613823047	add explicit QLDoc that any method named "contains" is matched	2024-03-12 15:25:27 +01:00
erik-krogh	35aae0a981	move changenote to src/	2024-03-12 15:22:57 +01:00
Erik Krogh Kristensen	b53ae77c56	expand change-note ... Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>	2024-03-12 15:22:17 +01:00
erik-krogh	74876ff49b	add change-note	2024-03-12 15:07:36 +01:00
erik-krogh	52f71e4553	small fixes based on review	2024-03-12 15:07:29 +01:00
Ian Lynagh	c2aa334465	Java: Accept test changes	2024-03-12 14:03:02 +00:00
Ed Minnix	76aeee2820	Change note	2024-03-11 10:34:15 -04:00
Ed Minnix	61dbe26858	Add sinks for android.os.ParcelFileDescriptor	2024-03-11 10:31:51 -04:00
Tom Hvitved	da66281fef	Sync files	2024-03-11 13:02:04 +01:00
Tom Hvitved	7a39f077d9	Data flow: Add ConfigSig::accessPathLimit	2024-03-11 13:01:58 +01:00
Ian Lynagh	a9bab18804	Merge pull request #15848 from igfoo/igfoo/deleg2 ... Kotlin 2: Accept some more loc changes in exprs test	2024-03-08 11:49:11 +00:00
Chris Smowton	2321eecb9e	Add tests for multi-release jars under Java 11 and 17	2024-03-07 21:07:49 +00:00
Ian Lynagh	e74606eba3	Kotlin 2: Accept some more loc changes	2024-03-07 18:40:59 +00:00
Ian Lynagh	79c5ad93b0	Kotlin 2: Accept a loc change ... This is a bit of an odd location for the IrVariableImpl as it includes a comment, but the comment is already included in the corrresponding IrLocalDelegatedPropertyImpl so it's not clearly wrong: Element: 16 59 (2:4 - 2:47) class org.jetbrains.kotlin.ir.declarations.impl.IrLocalDelegatedPropertyImpl -Element: 29 42 (2:17 - 2:30) class org.jetbrains.kotlin.ir.declarations.impl.IrVariableImpl +Element: 16 59 (2:4 - 2:47) class org.jetbrains.kotlin.ir.declarations.impl.IrVariableImpl So just accept the change.	2024-03-07 18:37:00 +00:00
Chris Smowton	c9474050c8	Merge pull request #15839 from smowton/smowton/admin/jdk22-extractor-upgrade-test-changes ... Java: Explicitly import Lock class	2024-03-07 15:05:50 +00:00
Chris Smowton	dae20ca50c	Explicitly import Lock	2024-03-07 09:54:17 +00:00
Ian Lynagh	e58b6e86b2	Kotlin 2: Accept more loc changes in exprs test	2024-03-06 17:57:44 +00:00
Ian Lynagh	6e09dcc16a	Kotlin 2: Accept more loc changes in exprs	2024-03-04 19:06:32 +00:00
Ian Lynagh	22e6c676c3	Kotlin 2: Accept loc change for a string literal in expr test	2024-03-04 19:02:40 +00:00
Ian Lynagh	b7d2e54bbd	Kotlin 2: exprs test: Accept loc change for ClassWithDelegate	2024-03-04 19:00:40 +00:00
Ian Lynagh	00ab1a3129	Kotlin 2: exprs test: Accept loc change for MyClass	2024-03-04 19:00:38 +00:00
Ian Lynagh	ab288d0d4c	Merge pull request #15712 from igfoo/igfoo/k2ref ... Kotlin 2: Accept changes in library-tests/reflection	2024-03-04 13:19:56 +00:00
Ian Lynagh	73fe20f33b	Merge pull request #15713 from igfoo/igfoo/past ... Kotlin 2: Accept some PrintAst changes in library-tests/exprs	2024-03-04 13:12:49 +00:00
Max Schaefer	1f3a3492ae	Merge pull request #15792 from github/max-schaefer-patch-1 ... Java: Fix sink type in hudson.model.yml	2024-03-04 13:08:47 +00:00
Ian Lynagh	9bad1e60db	Merge pull request #15765 from igfoo/igfoo/deleg ... Kotlin 2: Accept loc changes in library-tests/exprs/delegatedProperties	2024-03-04 13:02:34 +00:00
Owen Mansel-Chan	279605b486	Merge pull request #15786 from owen-mc/java/sensitive-logging-query-exclude-null-in-variable-name ... Java: sensitive logging query exclude null in variable name	2024-03-04 12:14:42 +00:00
Max Schaefer	52a36ce41c	Java: Fix sink type in hudson.model.yml	2024-03-04 11:53:37 +00:00
Chris Smowton	83cef78200	Merge pull request #15783 from github/smowton/fix/extractor-information-fractional-percentage ... Java: extractor information: tolerate fractional percentages	2024-03-04 11:09:42 +00:00
Owen Mansel-Chan	038afc4008	Merge pull request #15772 from owen-mc/java/model-generator-exclude-tostring ... Java: do not generate models for `toString` and lambda flow methods	2024-03-04 07:57:48 +00:00
Owen Mansel-Chan	037c76d840	Update change note ... Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>	2024-03-04 07:49:18 +00:00
Owen Mansel-Chan	7a96b11a0a	Add change note	2024-03-03 21:41:05 +00:00
Owen Mansel-Chan	19ac9e089a	Add test	2024-03-03 21:03:41 +00:00
Owen Mansel-Chan	c7efde3b7a	Remove variables with "null" in their name as sources	2024-03-03 20:55:04 +00:00
Owen Mansel-Chan	114c17ad57	Add more methods of java.util.Comparator	2024-03-02 20:55:30 +00:00
Chris Smowton	040395485e	Update ExtractorInformation.expected	2024-03-02 10:20:45 +00:00
Owen Mansel-Chan	bf22c6dae0	Merge pull request #15766 from owen-mc/java/add-neutral-models ... Java: add neutral models	2024-03-02 06:00:33 +00:00
Chris Smowton	0bb6a64e81	Java: extractor information: tolerate fractional percentages	2024-03-01 16:49:29 +00:00
Owen Mansel-Chan	0a8dfbafe4	Accept suggestion to put models under the right heading ... Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>	2024-03-01 16:05:28 +00:00
Owen Mansel-Chan	5399d88d15	Accept test change: slight change in gen vs man modelgen stats	2024-03-01 14:22:00 +00:00
Owen Mansel-Chan	6e63df9e32	Accept test change: toString method no longer generated	2024-03-01 14:16:14 +00:00
Owen Mansel-Chan	0e1c45e84b	Accept test change: some more APIs have manual models now	2024-03-01 14:08:42 +00:00
Owen Mansel-Chan	df64e0bc5f	Add neutral summary models for java.security.MessageDigest#digest	2024-03-01 14:08:31 +00:00
Owen Mansel-Chan	f89fedcbaf	Add some neutral models for java.util	2024-03-01 14:07:45 +00:00
Owen Mansel-Chan	10f6329b3e	Add manual neutral models for java.util.stream ... See comment in java/ql/src/Metrics/Summaries/TopJdkApis.qll * Note: the following top JDK APIs are not modeled with MaD: * `java.util.stream.Collectors#joining(CharSequence)`: cannot be modeled completely without a model for `java.util.stream.Stream#collect(Collector)` as well * `java.util.stream.Collectors#toMap(Function,Function)`: specialized collectors flow * `java.util.stream.Stream#collect(Collector)`: handled separately on a case-by-case basis as it is too complex for MaD	2024-03-01 12:32:04 +00:00
Owen Mansel-Chan	f907fd21ad	Add manual neutral models for java.text.Format and java.text.MessageFormat ... See comment in java/ql/src/Metrics/Summaries/TopJdkApis.qll * Note: the following top JDK APIs are not modeled with MaD: * `java.text.Format#format(Object)`: similar issue as `Object.toString`; depends on the object being passed as the argument * `java.text.MessageFormat#format(String,Object[])`: similar issue as `Object.toString`; depends on the object being passed as the argument	2024-03-01 12:31:59 +00:00
Owen Mansel-Chan	0e95f41900	Add manual neutral models for java.lang ... See comment in java/ql/src/Metrics/Summaries/TopJdkApis.qll * Note: the following top JDK APIs are not modeled with MaD: * `java.lang.System#getProperty(String)`: needs to be modeled by regular CodeQL matching the get and set keys to reduce FPs * `java.lang.System#setProperty(String,String)`: needs to be modeled by regular CodeQL matching the get and set keys to reduce FPs	2024-03-01 12:31:49 +00:00
Owen Mansel-Chan	bb97df1d71	do not generate models for lambda flow methods	2024-03-01 12:11:40 +00:00
Florin Coada	1719fd8acb	Merge pull request #15769 from github/coadaflorin/changelog-2.16.3-updates ... Match changelog updates with public unified changelog	2024-03-01 10:57:02 +00:00