452 Commits

Author	SHA1	Message	Date
Joe Farebrother	031bd8bd0c	Merge pull request #15281 from joefarebrother/android-sensitive-ui-notif ... Java: Add query for exposure of sensitive information to android notifiactions	2024-01-26 16:42:55 +00:00
Max Schaefer	73130ec665	Merge pull request #15436 from github/max-schaefer-patch-1 ... Java: Add models for overloads of DatagramPacket constructor	2024-01-26 16:13:11 +00:00
Tony Torralba	d299971086	Fix code review mistake	2024-01-25 17:42:11 +01:00
Max Schaefer	13f0df3588	Add two more models.	2024-01-25 15:00:22 +00:00
Max Schaefer	5235291919	Add models for overloads of DatagramPacket constructor	2024-01-25 14:49:05 +00:00
Stephan Brandauer	1f9a968774	Java: PR discussion	2024-01-25 13:59:47 +01:00
Stephan Brandauer	5d6ee9c0cb	Update java/ql/lib/ext/com.fasterxml.jackson.databind.model.yml ... Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>	2024-01-25 10:00:56 +01:00
Stephan Brandauer	4e63cbc993	Merge branch 'main' into java/update-mad-decls-after-triage-2024-01-24T10-05-04	2024-01-24 14:55:20 +01:00
Stephan Brandauer	d5bcbcddab	Update MaD Declarations after Triage	2024-01-24 11:05:07 +01:00
Joe Farebrother	dedba1fc54	Address review comments - add barrierIn and fix a model for a PendingIntent sink	2024-01-23 09:51:42 +00:00
Joe Farebrother	b23bbf93d4	Reorder sink models	2024-01-23 09:51:41 +00:00
Joe Farebrother	d806fcae3d	Remove sink models involving PendingIntent; as they do not carry sensitive data (including from the original intent they were created with)	2024-01-23 09:51:39 +00:00
Joe Farebrother	2ca164ce35	Generate androidx stubs and correct some models	2024-01-23 09:51:39 +00:00
Joe Farebrother	bafd65b1d2	Add tests to cover each modeled sink + some corrections to the models	2024-01-23 09:51:38 +00:00
Joe Farebrother	f9bb004618	Add sink models to notification builder setters	2024-01-23 09:51:38 +00:00
Joe Farebrother	143ce0b94a	Add sensitive notification query	2024-01-23 09:51:37 +00:00
Stephan Brandauer	95b439bf31	Merge branch 'main' into java/update-mad-decls-after-triage-2023-12-21T14-39-02	2024-01-23 09:40:50 +01:00
Stephan Brandauer	cd765e7c19	work on review comments ... Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>	2024-01-23 09:35:36 +01:00
Stephan Brandauer	8b34407ab7	Java: java.awt.Desktop::browse is a url-redirection sink ... Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>	2024-01-23 09:28:13 +01:00
Owen Mansel-Chan	2f01688319	Merge pull request #15280 from owen-mc/java/add-manual-models-for-df-generation ... Java: improve models for some important JDK methods	2024-01-11 12:47:37 +00:00
Eric Bickle	f6fa7120d9	Merge branch 'main' into fix/update-gson-model	2024-01-08 15:46:14 -08:00
Eric Bickle	929ce65af1	Remove zero width space characters.	2024-01-08 13:15:38 -08:00
Ed Minnix	814885f7f6	Hudson environment variables models	2024-01-08 09:38:43 -05:00
Ed Minnix	028bd49211	org.apache.commons.exec models	2024-01-08 09:38:42 -05:00
Ed Minnix	ad32b81492	environment-injection sink	2024-01-08 09:38:41 -05:00
Tony Torralba	7e6f2d1fc5	Merge pull request #14681 from atorralba/atorralba/java/weak-randomness-cve-coverage ... Java: Add more sinks to the Insecure Randomness query	2024-01-08 15:33:03 +01:00
Owen Mansel-Chan	ce3097e9ce	Fix manual models for String.valueOf(Object) ... Add a neutral model for it, but also a summary model for `String.valueOf(CharSequence)`	2024-01-04 11:31:20 +00:00
Owen Mansel-Chan	0076f06ce7	Improve manual models of java.lang.Exception	2024-01-04 11:31:18 +00:00
Owen Mansel-Chan	e415c54c5e	Reorder manual models of java.lang.Throwable	2024-01-04 11:31:16 +00:00
Owen Mansel-Chan	f52ea5c2fd	Improve manual models of java.lang.Throwable	2024-01-04 11:31:14 +00:00
Eric Bickle	0cd89bf815	Merge branch 'main' into fix/update-gson-model	2024-01-02 14:05:33 -08:00
Stephan Brandauer	a9d21cef01	Update MaD Declarations after Triage	2023-12-21 15:39:03 +01:00
Tony Torralba	1b9f59efa7	Merge pull request #14646 from github/java/update-mad-decls-after-triage-2023-10-31T15-52-01 ... Java: Update MaD Declarations after Triage	2023-12-20 15:37:19 +01:00
Tony Torralba	e744d974e8	Merge pull request #14580 from github/java/update-mad-decls-after-triage-2023-10-24T15-42-01 ... Java: Update MaD Declarations after Triage	2023-12-20 15:01:24 +01:00
Tony Torralba	c8a369d9ef	Update java/ql/lib/ext/jakarta.persistence.model.yml	2023-12-19 14:58:07 +01:00
Eric Bickle	95ce7c9ba4	Merge branch 'main' into fix/update-gson-model	2023-12-15 10:15:53 -08:00
Tony Torralba	fc45621ab1	Add pac4j JWT cryptographic key sinks	2023-12-13 11:15:27 +01:00
Tony Torralba	27be5ba14b	Merge pull request #15073 from atorralba/atorralba/java/remove-invalid-ognl-sinks ... Java: Remove invalid OGNL sinks	2023-12-12 16:52:31 +01:00
Tony Torralba	fad53a25c0	Update java/ql/lib/ext/struts2.model.yml ... Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2023-12-12 14:58:47 +01:00
Tony Torralba	103110f9c2	Java: Remove invalid OGNL sinks ... Fixes #15053	2023-12-12 13:39:51 +01:00
Ed Minnix	1271cd3348	Remove unnecessary crypto sinks	2023-12-11 11:18:40 -05:00
Ed Minnix	b9d2a26e6e	Move ESAPI models into the Weak Randomness query ... These models don't need to apply to all queries. So instead they are better suited to be within the weak randomness query itself.	2023-12-11 11:18:39 -05:00
Ed Minnix	7f3995f524	Remove extra encryption-iv models	2023-12-11 11:18:39 -05:00
Ed Minnix	7241e0920c	Replace convertBytesToString with models	2023-12-11 11:18:39 -05:00
Ed Minnix	b8b2de2f3c	Remove use of crypto-parameter sink kind	2023-12-11 11:18:39 -05:00
Ed Minnix	0313f39229	Cryptographic sinks	2023-12-11 11:18:38 -05:00
Jami Cogswell	ba3548b317	Java: switch to createRelative sink and add UrlPathHelper sources	2023-11-29 14:46:28 -05:00
Jami Cogswell	efa5ab18c1	Java: add taint steps for getResource sink	2023-11-29 14:46:27 -05:00
Eric Bickle	aab7ff919e	Java: Improve Gson parse, get, and stream models	2023-11-27 12:26:28 -08:00
Chris Smowton	24b4b05be8	Add models for new Collections methods	2023-11-06 16:44:40 +00:00