hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
63,235 Commits 1,671 Branches 157 Tags
75b13da4e422c6f00519b51a3d29017cebf40aab
Commit Graph

63 Commits

Author SHA1 Message Date
Owen Mansel-Chan
2f01688319 Merge pull request #15280 from owen-mc/java/add-manual-models-for-df-generation 
Java: improve models for some important JDK methods
 2024-01-11 12:47:37 +00:00
Ed Minnix
ad32b81492 environment-injection sink 2024-01-08 09:38:41 -05:00
Owen Mansel-Chan
ce3097e9ce Fix manual models for String.valueOf(Object) 
Add a neutral model for it, but also a summary model for `String.valueOf(CharSequence)`
 2024-01-04 11:31:20 +00:00
Owen Mansel-Chan
0076f06ce7 Improve manual models of java.lang.Exception 2024-01-04 11:31:18 +00:00
Owen Mansel-Chan
e415c54c5e Reorder manual models of java.lang.Throwable 2024-01-04 11:31:16 +00:00
Owen Mansel-Chan
f52ea5c2fd Improve manual models of java.lang.Throwable 2024-01-04 11:31:14 +00:00
Tony Torralba
107a05af71 Update MaD Declarations after Triage 2023-10-31 16:52:02 +01:00
Edward Minnix III
655470f3da Refactor EnvInput to MaD 2023-10-03 22:28:47 -04:00
Anders Schack-Mulligen
5c40d553b4 Java: Switch XmlParsers lib to lightweight data flow. 2023-09-20 10:21:53 +02:00
Anders Schack-Mulligen
6c02e30f56 Java: Update models. 2023-08-23 13:24:55 +02:00
Anders Schack-Mulligen
d1a616a70a Java: Add proper support for variable capture flow. 2023-08-03 10:04:02 +02:00
Stephan Brandauer
4391799b7e Merge pull request #13403 from github/java/update-mad-decls-after-triage-2023-06-08T08-51-47 
Java: Update MaD Declarations after Triage
 2023-07-13 11:15:41 +02:00
Tony Torralba
ffe67689ec Merge branch 'main' into atorralba/java/command-injection-mad-sinks 2023-06-13 09:27:33 +02:00
Tony Torralba
2fd2c434f2 Apply suggestions from code review 
Co-authored-by: Jami <57204504+jcogs33@users.noreply.github.com>
 2023-06-13 09:24:15 +02:00
Stephan Brandauer
8f697ac1ee Java: fix broken MaD export format 2023-06-08 12:02:50 +02:00
Stephan Brandauer
c6f10519fa Merge branch 'main' into java/update-mad-decls-after-triage-2023-06-08T08-51-47 2023-06-08 12:00:07 +02:00
Stephan Brandauer
bda938c544 Update MaD Declarations after Triage 2023-06-08 10:51:48 +02:00
Taus
f4fd908f7f Java: Comment out sinks for which no query exists 2023-06-06 13:01:59 +02:00
Taus
7ad860fc98 Java: Update MaD declarations after triage 
Co-authored-by: Stephan Brandauer <kaeluka@github.com>
 2023-06-05 18:00:40 +02:00
Tony Torralba
c3b1ef2cdf Merge branch 'main' into atorralba/java/command-injection-mad-sinks 2023-06-02 08:57:24 +02:00
Jami Cogswell
cb10f4976b Java: update create/read-file sink kinds to path-injection 2023-05-31 15:49:07 -04:00
Jami Cogswell
430010daa3 Java: update logging sink kind to log-injection 2023-05-31 15:49:06 -04:00
Tony Torralba
a276cc3094 Convert all command injection sinks to MaD format 2023-05-25 11:41:32 +02:00
Michael Nebel
bd23814e7c Java: Update existing neutrals to include kind information. 2023-05-08 16:18:59 +02:00
Michael Nebel
169d8d5cf9 Java: All ai-generated models have been manually verified. 2023-04-13 09:21:06 +02:00
Jami Cogswell
6b695434b7 Java: add yml model for UnsupportedOperationException; resolve conflict 2023-04-06 10:19:19 -04:00
Stephan Brandauer
f87618238f Review suggestions 2023-04-05 15:15:03 +02:00
Stephan Brandauer
0a5d19fc71 Update MaD Declarations after Triage 2023-04-05 15:15:02 +02:00
Jami Cogswell
8046ec2f78 Java: update -1 to this 2023-03-23 18:01:28 -04:00
Jami Cogswell
29999d7bc8 Java: add WithoutElement comment 2023-03-23 18:00:21 -04:00
Jami Cogswell
62d64d5828 Java: add comments for reflection-related models 2023-03-23 18:00:21 -04:00
Jami Cogswell
db545e4981 Java: switch StringBuilder.delete to AbstractStringBuilder.delete 2023-03-23 18:00:20 -04:00
Jami Cogswell
56d14820e4 Java: change taint to value for Class.cast 2023-03-23 18:00:20 -04:00
Jami Cogswell
bdd7f18e35 Java: remove some comments 2023-03-23 18:00:20 -04:00
Jami Cogswell
17e0920325 Java: resolve more conflicts 2023-03-23 18:00:14 -04:00
Jami Cogswell
c213d56d2c Java: resolve some more -1 to this conflicts 2023-03-23 17:56:46 -04:00
Jami Cogswell
44c3a41194 Java: resolve more -1 to this conflicts 2023-03-23 17:53:27 -04:00
Jami Cogswell
971b0e8814 Java: -1 to this conflict 2023-03-23 17:50:08 -04:00
Michael Nebel
e86f1e4961 Java: Replace Argument[-1] with Argument[this]. 2023-03-20 10:14:20 +01:00
Tony Torralba
698dfa46fc Minor fixes to the models 2023-03-10 12:35:13 +01:00
Stephan Brandauer
0c19da926c Update MaD Declarations after Triage 2023-03-10 12:35:13 +01:00
Stephan Brandauer
cf5a651b1f use provenance ai-generated for triage data and use the read-file MaD label 2023-02-20 11:33:18 +01:00
Stephan Brandauer
8d7031c166 Update Java MaD sink decls after triage 
Triage request: 2276
 2023-02-20 11:33:18 +01:00
Jami Cogswell
10f0975812 Java: remove models for System.[get|set]Property 2023-01-17 08:51:48 -05:00
Jami Cogswell
6bb865ad05 Java: make numeric flow models neutral 2023-01-11 18:04:43 -05:00
Jami Cogswell
0c7ffb0554 Java: update System.getProperty model 2023-01-11 12:04:22 -05:00
Jami Cogswell
2a99af0e6d Java: remove summary model for String.endsWith 2023-01-11 10:58:46 -05:00
Jami Cogswell
a3c7b2c3a2 Java: move java.lang.Math.min to the correct file 2023-01-06 14:35:09 -05:00
Jami Cogswell
29221ae426 Java: add summary model for System.getProperty, adjust comments 2023-01-03 15:11:21 -05:00
Jami Cogswell
939279af38 Java: add comments 2022-12-22 16:25:12 -05:00