Mauro Baluda
|
4c8058d97b
|
Merge branch 'github:main' into couchdb
|
2026-01-09 17:20:40 +01:00 |
|
Owen Mansel-Chan
|
8a80158959
|
Merge pull request #17590 from Kwstubbs/java-mad-test
Java: FileUpload Support MaD
|
2026-01-08 13:33:55 +00:00 |
|
Owen Mansel-Chan
|
6a3c74c989
|
Merge pull request #20999 from joefarebrother/java-spring-websocket
Java: Add models for spring WebSocketHandler
|
2026-01-07 13:29:19 +00:00 |
|
Owen Mansel-Chan
|
6c291e1e7f
|
Add model for handlePongMessage and update test
|
2026-01-07 11:09:59 +00:00 |
|
Mauro Baluda
|
1e1fb43534
|
Update JsonObject put method signatures in YAML
Use erased type
|
2026-01-02 11:55:40 +01:00 |
|
Owen Mansel-Chan
|
bf79b8a792
|
Merge branch 'main' into java-mad-test
|
2026-01-01 23:34:45 +00:00 |
|
Mauro Baluda
|
15ee88ee24
|
SQLi test case
|
2025-12-24 20:30:21 +01:00 |
|
Mauro Baluda
|
fd78c949d3
|
Merge branch 'github:main' into couchdb
|
2025-12-22 20:25:41 +01:00 |
|
Mauro Baluda
|
b22077c371
|
Hardcoded credentials in CouchBase
|
2025-12-22 20:22:20 +01:00 |
|
Owen Mansel-Chan
|
87f58fe51a
|
Convert regex injection barrier to MaD
|
2025-12-11 16:24:29 +01:00 |
|
Owen Mansel-Chan
|
44295e4c7d
|
Convert XSS barrier to MaD
|
2025-12-11 16:24:28 +01:00 |
|
Owen Mansel-Chan
|
7e562f3150
|
Convert request forgery barrier guard to MaD
|
2025-12-11 16:24:28 +01:00 |
|
Owen Mansel-Chan
|
f6e3c77145
|
Convert path injection barrier to MaD
|
2025-12-11 16:24:27 +01:00 |
|
Owen Mansel-Chan
|
f6e40bd49d
|
Convert trust boundary violation barrier and barrier guard to MaD
|
2025-12-11 16:24:26 +01:00 |
|
Anders Schack-Mulligen
|
dcf6041dca
|
Java: Add empty extensible data.
|
2025-12-11 16:24:26 +01:00 |
|
Joe Farebrother
|
d98e660803
|
Test fixes + more tests
|
2025-12-09 14:13:28 +00:00 |
|
Joe Farebrother
|
41b94e7031
|
Add spring websocket handler models
|
2025-12-09 14:12:39 +00:00 |
|
Owen Mansel-Chan
|
7b533db4fb
|
Sort models and tests alphabetically
|
2025-11-12 15:10:29 +00:00 |
|
Owen Mansel-Chan
|
f598027cbd
|
Apply suggestions from code review
|
2025-11-12 15:02:42 +00:00 |
|
Kevin Stubbings
|
88f9f90236
|
Fix merge problems
|
2025-10-06 22:41:16 -07:00 |
|
Kevin Stubbings
|
0d3b65a35b
|
Resolved merge conflicts and completed merge
|
2025-10-06 22:37:28 -07:00 |
|
Idriss Riouak
|
b89b68dfdb
|
Merge pull request #20339 from github/idrissrio/scoped-values
Java: Add MaDs for `java.lang.ScopedValue`
|
2025-09-10 11:21:34 +02:00 |
|
idrissrio
|
728a4aff22
|
Java: Add model for thenExpand and accept new results
|
2025-09-08 13:17:53 +02:00 |
|
idrissrio
|
55ff71b760
|
Java: Address review comment. Fix dataflow model
|
2025-09-08 13:17:51 +02:00 |
|
idrissrio
|
f52a427295
|
Java: Add MaDs for java.crypto.KDF
|
2025-09-08 13:17:48 +02:00 |
|
idrissrio
|
117c41bd55
|
Java: Address review comment. Fix dataflow model
|
2025-09-08 12:55:19 +02:00 |
|
idrissrio
|
9f1e60ca6d
|
Java: Add MaDs for java.lang.scoped
|
2025-09-08 12:55:14 +02:00 |
|
Sid Gawri
|
a8889ff056
|
add extensions for remote sources
|
2025-08-14 16:10:49 -04:00 |
|
Owen Mansel-Chan
|
fdd1e3fefe
|
Use MaD models for unsafe deserialization sinks when possible
Many of the unsafe deserialization sinks have to stay defined in QL
because they have custom logic that cannot be expressed in MaD models.
|
2025-07-16 14:42:07 +01:00 |
|
Jami Cogswell
|
c0ebeb9c7b
|
Java: use AdditionalTaintStep
|
2025-02-14 13:52:43 -05:00 |
|
Kevin Stubbings
|
58e4a40323
|
Merge branch 'github:main' into java-mad-test
|
2024-11-19 13:54:26 -08:00 |
|
Anders Schack-Mulligen
|
d7fbf68a59
|
Merge pull request #17597 from aschackmull/java/chararraywriter-tostring
Java: Add model for CharArrayWriter.toString().
|
2024-11-12 12:55:44 +01:00 |
|
Michael Nebel
|
404ca27aec
|
Java: Move non-experimental models out of the experimental folder.
|
2024-11-11 10:08:45 +01:00 |
|
Michael Nebel
|
3d70f91b9f
|
Java: Add manual models for various mapToObj methods.
|
2024-10-23 09:29:15 +02:00 |
|
Michael Nebel
|
d59df1f938
|
Java: Re-generate JDK 17 models.
|
2024-10-21 15:19:45 +02:00 |
|
Michael Nebel
|
97f0037a7b
|
Java: Manually model InetSocketAddress as the model generator doesn't correctly taint the hostname.
|
2024-10-21 15:19:40 +02:00 |
|
Michael Nebel
|
9a44eec04c
|
Java: Add manual models for FileReader (they would also have disappeared if models were re-generated without using mixed mode).
|
2024-10-21 15:19:37 +02:00 |
|
Michael Nebel
|
b356c3cd48
|
Java: Manually model ZipFile (due to CWE-522 compression bombs test failure).
|
2024-10-21 15:19:36 +02:00 |
|
Michael Nebel
|
f7b38a8955
|
Java: Add some less precise models for BasicAttributes to get the models to work with search sink and re-generate SDK models.
|
2024-10-21 15:19:34 +02:00 |
|
Michael Nebel
|
3b6f39931b
|
Java: Re-add generated (mixed) summaries and neutrals for the Java SDK 17.
|
2024-10-21 15:19:28 +02:00 |
|
Michael Nebel
|
f50734f0ee
|
Java: Delete all generated Java JDK models.
|
2024-10-21 15:19:27 +02:00 |
|
Kevin Stubbings
|
999fcca8f3
|
Add summary steps
|
2024-10-15 23:24:41 +00:00 |
|
Anders Schack-Mulligen
|
6081ba5902
|
Merge pull request #17604 from aschackmull/java/neutral-overrides
Java/C#: Add overrides to the interpretation of neutral MaD models.
|
2024-10-01 14:55:54 +02:00 |
|
Anders Schack-Mulligen
|
222ae6ad2d
|
Java: Add a neutral for Comparable.compareTo
|
2024-09-30 15:51:48 +02:00 |
|
Anders Schack-Mulligen
|
fcb677e84d
|
Java: Add a neutral for Collection.remove.
|
2024-09-30 15:46:43 +02:00 |
|
Anders Schack-Mulligen
|
38818f3cd2
|
Java: Adjust Set.clear model to apply to overrides.
|
2024-09-30 15:46:42 +02:00 |
|
Anders Schack-Mulligen
|
0459d136d3
|
Java: Remove neutral model for Object.toString.
|
2024-09-30 15:17:21 +02:00 |
|
Anders Schack-Mulligen
|
1f95fa10fb
|
Java: Fix comment re. neutrals and WithoutElement.
The remove methods should not have been in this section, as they're
plain neutrals.
|
2024-09-30 15:08:56 +02:00 |
|
Kevin Stubbings
|
f0560458af
|
Finished up
|
2024-09-27 19:24:40 +00:00 |
|
Anders Schack-Mulligen
|
fb630d266e
|
Java: Add a couple of neutrals
|
2024-09-27 15:24:06 +02:00 |
|