hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
58,700 Commits 1,672 Branches 157 Tags
b18de9e6417c60b51d2371c98394f4033d2683e4
Commit Graph

343 Commits

Author SHA1 Message Date
Tony Torralba
5367fb99d9 Manually update a couple of models affected by the nested name change 2023-08-25 11:25:40 +02:00
Tony Torralba
2ed01d06b4 Java: Re-generate Jenkins and Stapler models 
Re-generated the Jenkins and Stapler models to pick up the changes from github/codeql#14032
 2023-08-25 10:01:28 +02:00
Anders Schack-Mulligen
7af1e96943 Merge pull request #14032 from aschackmull/java/mad-nestednames 
Java: Use nested names in MaD signatures.
 2023-08-24 13:53:55 +02:00
Tony Torralba
8c32919381 Merge pull request #13903 from atorralba/atorralba/jaxrs-mad-models 
Java: New models for JAX-RS
 2023-08-24 11:43:13 +02:00
Anders Schack-Mulligen
6c02e30f56 Java: Update models. 2023-08-23 13:24:55 +02:00
Ed Minnix
655a98452a Remove escapeHTML models 2023-08-17 13:05:37 -04:00
Ed Minnix
a36c12ff1f Add trust-boundary-violation sink kind 2023-08-17 13:05:37 -04:00
Ed Minnix
ab9f0240d3 Add taint steps for HTML encoding methods 2023-08-17 13:05:36 -04:00
Ed Minnix
a8b7e70d01 Convert trust boundary models to MaD 2023-08-17 13:05:36 -04:00
Ed Minnix
76438f13b6 Trust Boundary Query 2023-08-17 13:05:36 -04:00
Michael Nebel
a95aad51bd Merge pull request #13546 from michaelnebel/java/withoutelement 
Java: Support for With[out]Element for MaD.
 2023-08-15 10:03:03 +02:00
Anders Schack-Mulligen
0ca3f3308b Merge pull request #13478 from aschackmull/java/varcapture 
Java: Add proper support for variable capture flow.
 2023-08-08 16:22:56 +02:00
Michael Nebel
0ed724eb13 Java: Make a flow summary for Set.clear using WithoutElement and introduce appropriate tests. 2023-08-08 11:10:08 +02:00
Jami
5862cd2378 Merge pull request #13889 from jcogs33/jcogs33/fix-some-models 
Java: remove duplicate models
 2023-08-07 08:46:18 -04:00
Tony Torralba
fb0102b763 Java: New models for JAX-RS 2023-08-07 11:52:23 +02:00
Jami Cogswell
19622aec49 Java: remove duplicate 'Files.newOutputStream' ai model 2023-08-04 14:06:57 -04:00
Jami Cogswell
e64d581f7a Java: remove duplicate 'Files.newInputStream' ai model 2023-08-04 14:05:05 -04:00
Jami Cogswell
d2a24dee7f Java: remove duplicate 'Files.delete' ai model 2023-08-04 14:02:59 -04:00
Jami Cogswell
516831aa41 Java: remove duplicate 'Files.move' ai model 2023-08-04 14:01:27 -04:00
Jami Cogswell
c510d33fbf Java: remove duplicate 'Files.deleteIfExists' ai model 2023-08-04 13:52:18 -04:00
Michael Nebel
9c4d77a925 Java: Address review comments. 2023-08-04 13:47:30 +02:00
Michael Nebel
d3eb9c1325 Java: Add release note and address review comments. 2023-08-04 13:36:43 +02:00
Anders Schack-Mulligen
37455ec29e Java: Replace ratpack test fix with general heuristic summary. 2023-08-03 10:04:06 +02:00
Anders Schack-Mulligen
70bef64e2a Java: Fix ratpack flow. 2023-08-03 10:04:05 +02:00
Anders Schack-Mulligen
d1a616a70a Java: Add proper support for variable capture flow. 2023-08-03 10:04:02 +02:00
Michael Nebel
a9bc23fa3e Java: Add threat model configuration related extensible predicates and some initial tuples. 2023-08-01 12:56:13 +02:00
Michael Nebel
99ac98bffc Java: Re-factor a model to use WithElement (this model is already tested in collections/B.java). 2023-08-01 12:03:44 +02:00
Michael Nebel
0604a85bb1 Java: Add WithoutElement model for List.clear and add appropriate test. 2023-08-01 12:03:44 +02:00
Tony Torralba
3bd4d34a47 Java: Remove superfluous generated models 2023-07-31 09:48:03 +02:00
Tony Torralba
2dff0ce5b4 Merge pull request #13712 from pwntester/java/new_struts2_models 
[Java] New models for Struts2 framework
 2023-07-28 14:31:25 +02:00
Tony Torralba
c9fc5a54c7 Remove generated sinks and sources 2023-07-25 14:42:32 +02:00
Tony Torralba
29543f5726 Change InputStream.read from neutral to summary 2023-07-19 14:44:18 +02:00
Tony Torralba
2dbbcc2413 Java: Avoid low-confidence dispatch to InputStream methods 
Also adds a neutral model for `InputStream.read`, which offers a high-confidence alternative for this method.
 2023-07-19 11:30:53 +02:00
Tony Torralba
cafc67e3be Merge pull request #13714 from pwntester/java/langs3_improvements 
[Java] Add missing commons lang3 model for ToStringBuilder.reflectionToString
 2023-07-13 14:45:33 +02:00
Stephan Brandauer
4391799b7e Merge pull request #13403 from github/java/update-mad-decls-after-triage-2023-06-08T08-51-47 
Java: Update MaD Declarations after Triage
 2023-07-13 11:15:41 +02:00
Alvaro Muñoz
51f7031416 Update java/ql/lib/ext/org.apache.commons.lang3.builder.model.yml 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2023-07-12 09:06:05 +02:00
Alvaro Muñoz
e8563e5dfd fix row 2023-07-11 10:47:23 +02:00
Alvaro Muñoz
c2f1fbbf98 Add missing commons lang3 model for ToStringBuilder.reflectionToString 2023-07-11 10:34:17 +02:00
Alvaro Muñoz
047d486509 add new struts2 models 2023-07-11 10:23:26 +02:00
Tony Torralba
ce600367df Java: Add support for Kotlin's apply to java/android/unsafe-android-webview-fetch 2023-07-10 17:40:16 +02:00
Tony Torralba
b70e21df4f Merge pull request #13702 from atorralba/atorralba/kotlin/apply 
Kotlin: Support apply
 2023-07-10 17:39:57 +02:00
Tony Torralba
0f18c0227b Kotlin: Support apply 2023-07-10 16:15:27 +02:00
jorgectf
9d8ae5039a Add models for javax.portlet 2023-06-28 17:53:56 +02:00
Tony Torralba
a7c2a25cac Merge pull request #12879 from atorralba/atorralba/java/command-injection-mad-sinks 
Java: Convert all command injection sinks to MaD format
 2023-06-27 14:06:45 +02:00
Tony Torralba
6e20bd04e9 Merge pull request #13539 from atorralba/atorralba/java/url-to-string-model 
Java: Add URL.toString summary
 2023-06-27 14:05:47 +02:00
jorgectf
2dc4f23dbb Add models for org.apache.commons.lang 2023-06-23 19:34:21 +02:00
Tony Torralba
d07e2862f9 Java: Add URL.toString summary 
This adds coverage for CVE-2023-35149.
 2023-06-22 17:39:30 +02:00
Jami
622cd05b77 Merge branch 'main' into java/update-mad-decls-after-triage-2023-06-08T08-51-47 2023-06-20 21:58:15 -04:00
Tony Torralba
c62689022e Merge pull request #13256 from atorralba/atorralba/java/stapler-models 
Java: Model the Stapler framework
 2023-06-19 15:27:19 +02:00
Tony Torralba
dcd180f3f6 Remove model 2023-06-15 12:00:46 +02:00