codeql

mirror of https://github.com/github/codeql.git synced 2026-02-12 05:01:06 +01:00

Author	SHA1	Message	Date
Owen Mansel-Chan	7b533db4fb	Sort models and tests alphabetically	2025-11-12 15:10:29 +00:00
Owen Mansel-Chan	f598027cbd	Apply suggestions from code review	2025-11-12 15:02:42 +00:00
Kevin Stubbings	88f9f90236	Fix merge problems	2025-10-06 22:41:16 -07:00
Kevin Stubbings	0d3b65a35b	Resolved merge conflicts and completed merge	2025-10-06 22:37:28 -07:00
Idriss Riouak	b89b68dfdb	Merge pull request #20339 from github/idrissrio/scoped-values Java: Add MaDs for `java.lang.ScopedValue`	2025-09-10 11:21:34 +02:00
idrissrio	728a4aff22	Java: Add model for `thenExpand` and accept new results	2025-09-08 13:17:53 +02:00
idrissrio	55ff71b760	Java: Address review comment. Fix dataflow model	2025-09-08 13:17:51 +02:00
idrissrio	f52a427295	Java: Add MaDs for `java.crypto.KDF`	2025-09-08 13:17:48 +02:00
idrissrio	117c41bd55	Java: Address review comment. Fix dataflow model	2025-09-08 12:55:19 +02:00
idrissrio	9f1e60ca6d	Java: Add MaDs for `java.lang.scoped`	2025-09-08 12:55:14 +02:00
Sid Gawri	a8889ff056	add extensions for remote sources	2025-08-14 16:10:49 -04:00
Owen Mansel-Chan	fdd1e3fefe	Use MaD models for unsafe deserialization sinks when possible Many of the unsafe deserialization sinks have to stay defined in QL because they have custom logic that cannot be expressed in MaD models.	2025-07-16 14:42:07 +01:00
Jami Cogswell	c0ebeb9c7b	Java: use AdditionalTaintStep	2025-02-14 13:52:43 -05:00
Kevin Stubbings	58e4a40323	Merge branch 'github:main' into java-mad-test	2024-11-19 13:54:26 -08:00
Anders Schack-Mulligen	d7fbf68a59	Merge pull request #17597 from aschackmull/java/chararraywriter-tostring Java: Add model for CharArrayWriter.toString().	2024-11-12 12:55:44 +01:00
Michael Nebel	404ca27aec	Java: Move non-experimental models out of the experimental folder.	2024-11-11 10:08:45 +01:00
Michael Nebel	3d70f91b9f	Java: Add manual models for various mapToObj methods.	2024-10-23 09:29:15 +02:00
Michael Nebel	d59df1f938	Java: Re-generate JDK 17 models.	2024-10-21 15:19:45 +02:00
Michael Nebel	97f0037a7b	Java: Manually model InetSocketAddress as the model generator doesn't correctly taint the hostname.	2024-10-21 15:19:40 +02:00
Michael Nebel	9a44eec04c	Java: Add manual models for FileReader (they would also have disappeared if models were re-generated without using mixed mode).	2024-10-21 15:19:37 +02:00
Michael Nebel	b356c3cd48	Java: Manually model ZipFile (due to CWE-522 compression bombs test failure).	2024-10-21 15:19:36 +02:00
Michael Nebel	f7b38a8955	Java: Add some less precise models for BasicAttributes to get the models to work with search sink and re-generate SDK models.	2024-10-21 15:19:34 +02:00
Michael Nebel	3b6f39931b	Java: Re-add generated (mixed) summaries and neutrals for the Java SDK 17.	2024-10-21 15:19:28 +02:00
Michael Nebel	f50734f0ee	Java: Delete all generated Java JDK models.	2024-10-21 15:19:27 +02:00
Kevin Stubbings	999fcca8f3	Add summary steps	2024-10-15 23:24:41 +00:00
Anders Schack-Mulligen	6081ba5902	Merge pull request #17604 from aschackmull/java/neutral-overrides Java/C#: Add overrides to the interpretation of neutral MaD models.	2024-10-01 14:55:54 +02:00
Anders Schack-Mulligen	222ae6ad2d	Java: Add a neutral for Comparable.compareTo	2024-09-30 15:51:48 +02:00
Anders Schack-Mulligen	fcb677e84d	Java: Add a neutral for Collection.remove.	2024-09-30 15:46:43 +02:00
Anders Schack-Mulligen	38818f3cd2	Java: Adjust Set.clear model to apply to overrides.	2024-09-30 15:46:42 +02:00
Anders Schack-Mulligen	0459d136d3	Java: Remove neutral model for Object.toString.	2024-09-30 15:17:21 +02:00
Anders Schack-Mulligen	1f95fa10fb	Java: Fix comment re. neutrals and WithoutElement. The remove methods should not have been in this section, as they're plain neutrals.	2024-09-30 15:08:56 +02:00
Kevin Stubbings	f0560458af	Finished up	2024-09-27 19:24:40 +00:00
Anders Schack-Mulligen	fb630d266e	Java: Add a couple of neutrals	2024-09-27 15:24:06 +02:00
Anders Schack-Mulligen	2d76752ca0	Java: Add model for CharArrayWriter.toString().	2024-09-27 11:28:20 +02:00
Kevin Stubbings	1b5299de5a	Forgot something	2024-09-25 22:00:42 +00:00
Kevin Stubbings	6445074fea	Fixed but errors still	2024-09-25 21:46:52 +00:00
Kevin Stubbings	0a697e49c1	Add MaD	2024-09-24 17:29:25 -07:00
Mauro Baluda	cab35a25a5	Remove duplicate summary for `MultipartFile.getInputStream` and update `.expected` file	2024-09-18 20:43:04 +02:00
Mauro Baluda	5ae51f0b56	Address review	2024-09-18 19:28:03 +02:00
Mauro Baluda	cfa14ad5eb	Update org.springframework.core.io.model.yml Model summary for `getInputStream` methods	2024-09-18 18:13:29 +02:00
Michael Nebel	bd5529cefa	Java: Update the Byte- and CharBuffer models and add models for set- and getParameters on LogRecord.	2024-08-28 16:15:09 +02:00
Michael Nebel	d79aa294ec	Java: Move some neutrals into the model.yml file (they have previosly been ignored due to wrong file extension).	2024-08-27 13:28:09 +02:00
Michael Nebel	db51604f46	Java: Promote some generated models and add some manual neutrals.	2024-08-27 13:28:05 +02:00
Chris Smowton	15989ce213	Merge pull request #14089 from am0o0/amammad-java-JWT Java: JWT decoding without verification	2024-08-21 14:14:08 +01:00
am0o0	d88b310b0e	add getCredentials method of AuthenticationToken as a remote source	2024-08-16 15:41:19 +02:00
Chris Smowton	95e504a5ff	Merge branch 'main' into am0o0-java-PathInjection	2024-08-05 11:41:25 +01:00
Jami	4fb29c4473	Merge branch 'main' into jcogs33/java/add-apache-ant-path-inj-sinks	2024-07-31 08:15:07 -04:00
Jami	ff9093f2de	Merge branch 'main' into jcogs33/java/add-apache-ant-path-inj-sinks	2024-07-26 08:54:27 -04:00
Jami Cogswell	eea3e82cca	Java: fix 'regex-use' comments	2024-07-25 10:39:03 -04:00
Owen Mansel-Chan	3edeb82d5b	Add comment by models using `regex-use` sink kind	2024-07-23 21:40:45 +01:00

1 2 3 4 5 ...

583 Commits