hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-03 01:30:19 +01:00
Code Issues Packages Projects Releases Wiki Activity
71,290 Commits 1,673 Branches 157 Tags
85e59c9920ff653d39260d64ec6d39ae95d78305
Commit Graph

553 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
6081ba5902 Merge pull request #17604 from aschackmull/java/neutral-overrides 
Java/C#: Add overrides to the interpretation of neutral MaD models.
 2024-10-01 14:55:54 +02:00
Anders Schack-Mulligen
222ae6ad2d Java: Add a neutral for Comparable.compareTo 2024-09-30 15:51:48 +02:00
Anders Schack-Mulligen
fcb677e84d Java: Add a neutral for Collection.remove. 2024-09-30 15:46:43 +02:00
Anders Schack-Mulligen
38818f3cd2 Java: Adjust Set.clear model to apply to overrides. 2024-09-30 15:46:42 +02:00
Anders Schack-Mulligen
0459d136d3 Java: Remove neutral model for Object.toString. 2024-09-30 15:17:21 +02:00
Anders Schack-Mulligen
1f95fa10fb Java: Fix comment re. neutrals and WithoutElement. 
The remove methods should not have been in this section, as they're
plain neutrals.
 2024-09-30 15:08:56 +02:00
Anders Schack-Mulligen
fb630d266e Java: Add a couple of neutrals 2024-09-27 15:24:06 +02:00
Mauro Baluda
cab35a25a5 Remove duplicate summary for MultipartFile.getInputStream and update .expected file 2024-09-18 20:43:04 +02:00
Mauro Baluda
5ae51f0b56 Address review 2024-09-18 19:28:03 +02:00
Mauro Baluda
cfa14ad5eb Update org.springframework.core.io.model.yml 
Model summary for `getInputStream` methods
 2024-09-18 18:13:29 +02:00
Michael Nebel
bd5529cefa Java: Update the Byte- and CharBuffer models and add models for set- and getParameters on LogRecord. 2024-08-28 16:15:09 +02:00
Michael Nebel
d79aa294ec Java: Move some neutrals into the model.yml file (they have previosly been ignored due to wrong file extension). 2024-08-27 13:28:09 +02:00
Michael Nebel
db51604f46 Java: Promote some generated models and add some manual neutrals. 2024-08-27 13:28:05 +02:00
Chris Smowton
15989ce213 Merge pull request #14089 from am0o0/amammad-java-JWT 
Java: JWT decoding without verification
 2024-08-21 14:14:08 +01:00
am0o0
d88b310b0e add getCredentials method of AuthenticationToken as a remote source 2024-08-16 15:41:19 +02:00
Chris Smowton
95e504a5ff Merge branch 'main' into am0o0-java-PathInjection 2024-08-05 11:41:25 +01:00
Jami
4fb29c4473 Merge branch 'main' into jcogs33/java/add-apache-ant-path-inj-sinks 2024-07-31 08:15:07 -04:00
Jami
ff9093f2de Merge branch 'main' into jcogs33/java/add-apache-ant-path-inj-sinks 2024-07-26 08:54:27 -04:00
Jami Cogswell
eea3e82cca Java: fix 'regex-use' comments 2024-07-25 10:39:03 -04:00
Owen Mansel-Chan
3edeb82d5b Add comment by models using regex-use sink kind 2024-07-23 21:40:45 +01:00
Jami Cogswell
f3e5b55cc4 Java: add path injection sinks for Property.setFile and Property.setResource 2024-07-19 18:04:17 -04:00
Ed Minnix
0990a370c7 Convert QL classes for Lastaflute to MaD 2024-07-18 17:41:06 -04:00
Ed Minnix
3bd330423d Add some models for the org.lastaflute.web library 
Methods annotated `@Execute` are handlers for URLs. Therefore, the
parameters of the methods annotated with the
`org.lastaflute.web.Execute` annotation are likely either URL parameters
or forms.
 2024-07-18 17:41:00 -04:00
Jami
a73170df49 Merge branch 'main' into jcogs33/add-toByteArray-summaries 2024-07-16 10:46:36 -04:00
Anders Schack-Mulligen
12d6875cc4 Java: Replace the MaD Object.clone() models with a non-aliasing value step. 2024-07-16 11:11:50 +02:00
Jami
b70a4c839c Merge branch 'main' into jcogs33/add-toByteArray-summaries 2024-07-15 12:35:05 -04:00
Jami Cogswell
cd82ada239 Java: add manual models for all overloads of IOUtils.toByteArray 2024-07-15 12:12:31 -04:00
am0o0
1d1c476674 update tests and use TaintFlowTestArgString 
add stubs
add missed sink models
 2024-07-13 16:58:51 +02:00
Jami Cogswell
77a8ba934c Java: add path-injection sink for hudson.FilePath.exists() 2024-07-11 15:03:40 -04:00
Jami Cogswell
4a1497f367 Java: add IOUtils.toByteArray(InputStream) summary 2024-07-11 13:33:08 -04:00
am0o0
7e5f2e2a48 experimentalSinkModel to sinkModel, remove one path injection sink that already exist before 2024-07-03 08:55:12 +02:00
Jami
901245ae3d Merge branch 'main' into jcogs33/unsafe-url-forward-promotion-resource-and-file-methods 2024-06-26 21:57:07 -04:00
Mauro Baluda
29e3816412 Apply suggestions from code review 
Address reviewiew comments

Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2024-06-11 12:05:14 +02:00
Mauro Baluda
1d44f45be2 Update org.apache.commons.io.model.yml 2024-06-10 12:03:57 +02:00
Mauro Baluda
71505f4003 Added more org.apache.commons.io.FileUtils-related sinks to the path injection query. 2024-06-10 11:29:51 +02:00
am0o0
412472e9a4 add zip4j 2024-06-08 01:14:04 +02:00
am0o0
ceea475c45 add new s3 and spring IO path injection sinks 2024-06-08 01:04:20 +02:00
Tony Torralba
f16dd8c010 Apply code review suggestions. 2024-06-04 10:35:11 +02:00
Tony Torralba
f84c2a842d Java: Add more File-related sinks for path-injection 2024-06-04 10:35:07 +02:00
Anders Schack-Mulligen
ba97c3623a Java: Change most java.time.* df-generated taint models to neutrals. 2024-05-22 10:29:54 +02:00
Anders Schack-Mulligen
54f2316d00 Java: Add a neutral model. 2024-05-22 10:29:49 +02:00
Owen Mansel-Chan
83249cd9c2 Fix grammar in comment 2024-05-02 09:59:48 +01:00
Owen Mansel-Chan
16dcc0969b Standardise comment explaining why extensible predicates must be defined 2024-05-01 22:00:01 +01:00
Owen Mansel-Chan
09e59ccf44 Name files with empty definitions of MaD extensible predicates to erowdmpty.model.yml 2024-05-01 21:39:38 +01:00
Owen Mansel-Chan
ae8240a695 Delete models for JDK internal packages 2024-04-09 13:23:03 +01:00
Jami
5792f7b770 Merge branch 'main' into jcogs33/unsafe-url-forward-promotion-resource-and-file-methods 2024-04-08 10:26:42 -04:00
Owen Mansel-Chan
e10333bf2b Merge pull request #14919 from github/java/jdk-model-autogeneration 
Java: add dataflow-generated models for JDK17
 2024-04-04 21:12:55 +01:00
Owen Mansel-Chan
919436efbb Remove df-gen models we have deliberately modeled 
Manual models always take precedence over generated models, so there is
no point in keeping the generated models.

These manual models were deliberately written to take precedence over
the corresponding df-gen models.
 2024-04-01 13:59:36 +01:00
Jami
d889e3cf98 Merge pull request #14854 from jcogs33/jcogs33/unsafe-url-forward-promotion 
Java: Promote Unsafe URL Forward query from experimental
 2024-03-29 16:34:06 -04:00
Jami Cogswell
b35f318910 Java: update models 2024-03-27 20:39:34 -04:00