hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
63,235 Commits 1,672 Branches 157 Tags
75b13da4e422c6f00519b51a3d29017cebf40aab
Commit Graph

452 Commits

Author SHA1 Message Date
Edward Minnix III
3a75c0fde7 Refactor DatabaseInput to MaD 2023-10-03 22:28:59 -04:00
Edward Minnix III
655470f3da Refactor EnvInput to MaD 2023-10-03 22:28:47 -04:00
Michael Nebel
5b949b19f7 Java: Cleanup threat model taxanomy to align with the EDR. 2023-10-03 09:16:39 +02:00
Anders Schack-Mulligen
7e04ac55b7 Merge pull request #14268 from aschackmull/java/xmlparsers-typetrack 
Java/Dataflow: Add new light-weight data flow api and use it in XmlParsers
 2023-09-21 13:33:21 +02:00
Anders Schack-Mulligen
5c40d553b4 Java: Switch XmlParsers lib to lightweight data flow. 2023-09-20 10:21:53 +02:00
Tony Torralba
b08e410f45 Merge pull request #14029 from atorralba/atorralba/apache-cxf-models 
Java: Add new Apache CXF models
 2023-09-18 10:54:05 +02:00
Tony Torralba
5367fb99d9 Manually update a couple of models affected by the nested name change 2023-08-25 11:25:40 +02:00
Tony Torralba
2448bc8ce2 Java: Add new Apache CXF models 2023-08-25 11:17:51 +02:00
Tony Torralba
2ed01d06b4 Java: Re-generate Jenkins and Stapler models 
Re-generated the Jenkins and Stapler models to pick up the changes from github/codeql#14032
 2023-08-25 10:01:28 +02:00
Anders Schack-Mulligen
7af1e96943 Merge pull request #14032 from aschackmull/java/mad-nestednames 
Java: Use nested names in MaD signatures.
 2023-08-24 13:53:55 +02:00
Tony Torralba
8c32919381 Merge pull request #13903 from atorralba/atorralba/jaxrs-mad-models 
Java: New models for JAX-RS
 2023-08-24 11:43:13 +02:00
Anders Schack-Mulligen
6c02e30f56 Java: Update models. 2023-08-23 13:24:55 +02:00
Ed Minnix
655a98452a Remove escapeHTML models 2023-08-17 13:05:37 -04:00
Ed Minnix
a36c12ff1f Add trust-boundary-violation sink kind 2023-08-17 13:05:37 -04:00
Ed Minnix
ab9f0240d3 Add taint steps for HTML encoding methods 2023-08-17 13:05:36 -04:00
Ed Minnix
a8b7e70d01 Convert trust boundary models to MaD 2023-08-17 13:05:36 -04:00
Ed Minnix
76438f13b6 Trust Boundary Query 2023-08-17 13:05:36 -04:00
Michael Nebel
a95aad51bd Merge pull request #13546 from michaelnebel/java/withoutelement 
Java: Support for With[out]Element for MaD.
 2023-08-15 10:03:03 +02:00
Anders Schack-Mulligen
0ca3f3308b Merge pull request #13478 from aschackmull/java/varcapture 
Java: Add proper support for variable capture flow.
 2023-08-08 16:22:56 +02:00
Michael Nebel
0ed724eb13 Java: Make a flow summary for Set.clear using WithoutElement and introduce appropriate tests. 2023-08-08 11:10:08 +02:00
Jami
5862cd2378 Merge pull request #13889 from jcogs33/jcogs33/fix-some-models 
Java: remove duplicate models
 2023-08-07 08:46:18 -04:00
Tony Torralba
fb0102b763 Java: New models for JAX-RS 2023-08-07 11:52:23 +02:00
Jami Cogswell
19622aec49 Java: remove duplicate 'Files.newOutputStream' ai model 2023-08-04 14:06:57 -04:00
Jami Cogswell
e64d581f7a Java: remove duplicate 'Files.newInputStream' ai model 2023-08-04 14:05:05 -04:00
Jami Cogswell
d2a24dee7f Java: remove duplicate 'Files.delete' ai model 2023-08-04 14:02:59 -04:00
Jami Cogswell
516831aa41 Java: remove duplicate 'Files.move' ai model 2023-08-04 14:01:27 -04:00
Jami Cogswell
c510d33fbf Java: remove duplicate 'Files.deleteIfExists' ai model 2023-08-04 13:52:18 -04:00
Michael Nebel
9c4d77a925 Java: Address review comments. 2023-08-04 13:47:30 +02:00
Michael Nebel
d3eb9c1325 Java: Add release note and address review comments. 2023-08-04 13:36:43 +02:00
Anders Schack-Mulligen
37455ec29e Java: Replace ratpack test fix with general heuristic summary. 2023-08-03 10:04:06 +02:00
Anders Schack-Mulligen
70bef64e2a Java: Fix ratpack flow. 2023-08-03 10:04:05 +02:00
Anders Schack-Mulligen
d1a616a70a Java: Add proper support for variable capture flow. 2023-08-03 10:04:02 +02:00
Michael Nebel
a9bc23fa3e Java: Add threat model configuration related extensible predicates and some initial tuples. 2023-08-01 12:56:13 +02:00
Michael Nebel
99ac98bffc Java: Re-factor a model to use WithElement (this model is already tested in collections/B.java). 2023-08-01 12:03:44 +02:00
Michael Nebel
0604a85bb1 Java: Add WithoutElement model for List.clear and add appropriate test. 2023-08-01 12:03:44 +02:00
Tony Torralba
3bd4d34a47 Java: Remove superfluous generated models 2023-07-31 09:48:03 +02:00
Tony Torralba
2dff0ce5b4 Merge pull request #13712 from pwntester/java/new_struts2_models 
[Java] New models for Struts2 framework
 2023-07-28 14:31:25 +02:00
Tony Torralba
c9fc5a54c7 Remove generated sinks and sources 2023-07-25 14:42:32 +02:00
Tony Torralba
29543f5726 Change InputStream.read from neutral to summary 2023-07-19 14:44:18 +02:00
Tony Torralba
2dbbcc2413 Java: Avoid low-confidence dispatch to InputStream methods 
Also adds a neutral model for `InputStream.read`, which offers a high-confidence alternative for this method.
 2023-07-19 11:30:53 +02:00
Tony Torralba
cafc67e3be Merge pull request #13714 from pwntester/java/langs3_improvements 
[Java] Add missing commons lang3 model for ToStringBuilder.reflectionToString
 2023-07-13 14:45:33 +02:00
Stephan Brandauer
4391799b7e Merge pull request #13403 from github/java/update-mad-decls-after-triage-2023-06-08T08-51-47 
Java: Update MaD Declarations after Triage
 2023-07-13 11:15:41 +02:00
Alvaro Muñoz
51f7031416 Update java/ql/lib/ext/org.apache.commons.lang3.builder.model.yml 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2023-07-12 09:06:05 +02:00
Alvaro Muñoz
e8563e5dfd fix row 2023-07-11 10:47:23 +02:00
Alvaro Muñoz
c2f1fbbf98 Add missing commons lang3 model for ToStringBuilder.reflectionToString 2023-07-11 10:34:17 +02:00
Alvaro Muñoz
047d486509 add new struts2 models 2023-07-11 10:23:26 +02:00
Tony Torralba
ce600367df Java: Add support for Kotlin's apply to java/android/unsafe-android-webview-fetch 2023-07-10 17:40:16 +02:00
Tony Torralba
b70e21df4f Merge pull request #13702 from atorralba/atorralba/kotlin/apply 
Kotlin: Support apply
 2023-07-10 17:39:57 +02:00
Tony Torralba
0f18c0227b Kotlin: Support apply 2023-07-10 16:15:27 +02:00
jorgectf
9d8ae5039a Add models for javax.portlet 2023-06-28 17:53:56 +02:00