Michael Nebel
|
b5c596b2ce
|
Shared: Split model printing of summaries and sources/sinks into separate param modules.
|
2025-04-29 15:21:59 +02:00 |
|
Mathias Vorreiter Pedersen
|
b91a2cc159
|
Shared: Use 'isSink/1' in 'PropagateFlowConfig'.
|
2025-04-28 17:36:37 +01:00 |
|
Michael Nebel
|
f6135d507b
|
Shared: Address review comments.
|
2025-04-25 15:50:06 +02:00 |
|
Michael Nebel
|
f78be91af2
|
Shared: Re-factor the model generator and put the heuristic queries in its own module.
|
2025-04-25 15:49:45 +02:00 |
|
Mathias Vorreiter Pedersen
|
ea3bb8cf0c
|
Shared: Provide a hook to MaD generation to modify the 'ReturnValue' string.
|
2025-04-10 14:02:31 +01:00 |
|
Mathias Vorreiter Pedersen
|
c484945f39
|
Shared: Move 'getEnclosingCallable' and 'getAsExprEnclosingCallable' out of the class signature.
|
2025-04-10 14:00:11 +01:00 |
|
Mathias Vorreiter Pedersen
|
732fcbf1c9
|
Shared: Move 'asParameter' out of the class signature.
|
2025-04-10 13:58:59 +01:00 |
|
Mathias Vorreiter Pedersen
|
a1dc87496a
|
Shared: Replace a 'count' with a 'strictcount' to prevent a CP when testing on C++.
|
2025-04-10 13:56:38 +01:00 |
|
Michael Nebel
|
8763d18c91
|
C#: Correct printing of out and ref notes in the model generator.
|
2025-03-26 15:06:26 +01:00 |
|
Napalys
|
89040d0d06
|
Added missing response and request MaD source kinds.
|
2025-03-06 18:10:25 +01:00 |
|
Simon Friis Vindum
|
9d87f26145
|
Shared: Use strictconcat in model generator printing
|
2025-01-29 11:56:39 +01:00 |
|
Simon Friis Vindum
|
13e0829d19
|
Shared: Generalize the number of columns in a generated MaD row
|
2025-01-28 15:36:09 +01:00 |
|
Tom Hvitved
|
7402276ec7
|
Data flow: Move more logic into DataFlowImplCommon
|
2024-11-27 09:03:37 +01:00 |
|
Michael Nebel
|
e9c9519d90
|
C#: Address review comments.
|
2024-11-06 16:29:20 +01:00 |
|
Michael Nebel
|
55cfbccd43
|
C#/Java: Exclude summaries using callbacks in fields, properties and synthetic fields.
|
2024-11-06 16:29:19 +01:00 |
|
Michael Nebel
|
fe854812ec
|
C#: Add read and store steps for delegate calls.
|
2024-11-06 16:29:13 +01:00 |
|
Michael Nebel
|
5d4ceeebb5
|
Shared: Only generate df summary model in the mixed query in case no context sensitive model exist.
|
2024-10-09 13:04:32 +02:00 |
|
Michael Nebel
|
104d448b16
|
Shared: Only use heuristic summary flow in case there is no content based flow.
|
2024-10-02 15:24:01 +02:00 |
|
Michael Nebel
|
baae8d0bb2
|
Shared: Address model generator review comments.
|
2024-09-30 09:12:30 +02:00 |
|
Michael Nebel
|
80497f551e
|
Shared: Only make unlifted models in case the API itself is relevant.
|
2024-09-27 09:22:25 +02:00 |
|
Michael Nebel
|
8310faa2e9
|
C#/Java: Add a query that uses both content based and non-content based model generation.
|
2024-09-27 09:22:11 +02:00 |
|
Michael Nebel
|
e70297a7bc
|
Shared: Content based models is now printed with dfc-generated provenance.
|
2024-09-26 13:00:39 +02:00 |
|
Michael Nebel
|
53c20ccaeb
|
Shared: Some model generator re-factoring.
|
2024-09-26 12:55:01 +02:00 |
|
Michael Nebel
|
b041829569
|
Shared: steps in synthetic path chains should just mention the same synthetic fields.
|
2024-09-26 12:49:07 +02:00 |
|
Michael Nebel
|
6cd548f410
|
Shared: Only exclude API and parameter combinations where we could get more than three summaries.
|
2024-09-26 12:00:04 +02:00 |
|
Michael Nebel
|
e6085759ae
|
Shared: Put the content of CaptureSummaryFlowQuery into the shared library code.
|
2024-09-24 15:46:44 +02:00 |
|
Michael Nebel
|
fd45d2dcbb
|
Shared: Move the model generator implementation to an internal folder.
|
2024-09-24 15:27:29 +02:00 |
|
Michael Nebel
|
22c2522aac
|
Shared: Make a ContentSensitive module with predicates and classes related to content flow.
|
2024-09-24 15:16:16 +02:00 |
|
Michael Nebel
|
f142af50b7
|
Shared: QL doc improvement.
|
2024-09-19 12:20:59 +02:00 |
|
Michael Nebel
|
3b9f3c2c29
|
Shared: Add a model generator parameterised module.
|
2024-09-19 12:20:42 +02:00 |
|
Michael Nebel
|
d2c98c86dc
|
Java: Improve content based model generation.
|
2024-09-10 15:23:20 +02:00 |
|
Michael Nebel
|
6365e5edff
|
Java: Initial implementation of content based model generation.
|
2024-09-03 09:45:11 +02:00 |
|
Rasmus Wriedt Larsen
|
157d0b7f37
|
ThreatModels: Add stdin kind
None of the current local subgroups precisely captures stdin, so
although it's much like both commandargs and file, a separate kind seems
better.
|
2024-08-15 15:36:28 +02:00 |
|
Owen Mansel-Chan
|
2fe74a8554
|
Update model validation
|
2024-08-11 00:29:58 +01:00 |
|
Owen Mansel-Chan
|
f7d681516a
|
Allow MaD sinks for go/request-forgery
Request forgery sinks which have `getRequest` different from the sink
itself cannot be modeled using models-as-data.
|
2024-07-25 12:53:14 +01:00 |
|
Owen Mansel-Chan
|
ff8bb2b1f8
|
Merge pull request #16760 from owen-mc/java/reverse-dns-separate-threat-model-kind
Java: make a separate threat model kind for reverse DNS sources
|
2024-07-23 10:08:52 +01:00 |
|
Owen Mansel-Chan
|
64432215a9
|
Make "reverse-dns" pass validation
|
2024-07-08 15:16:14 +01:00 |
|
Michael Nebel
|
64ac52e918
|
C#: Only lift summary models in the model generator.
|
2024-06-27 09:54:00 +02:00 |
|
Michael Nebel
|
65e150b416
|
Add parameterized module for MaD model printing.
|
2024-06-24 11:48:33 +02:00 |
|
Geoffrey White
|
894497218d
|
Shared: Recognize 'remote-sink' in ModelValidation.qll.
|
2024-06-06 12:49:13 +01:00 |
|
Michael Nebel
|
78b8a9259a
|
Share the Models as Data inline expect predicates.
|
2024-05-17 09:44:57 +02:00 |
|
Asger F
|
ee5cb6f3d8
|
Update shared/mad/codeql/mad/dynamic/GraphExport.qll
|
2024-04-16 20:10:51 +02:00 |
|
Asger F
|
844b29b637
|
Update shared/mad/codeql/mad/dynamic/GraphExport.qll
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
|
2024-04-16 20:09:26 +02:00 |
|
Asger F
|
3949ae4123
|
Update shared/mad/codeql/mad/dynamic/GraphExport.qll
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
|
2024-04-12 15:00:24 +02:00 |
|
Asger F
|
82101434fd
|
Dynamic: Add hasPrettyName()
|
2024-04-09 14:32:59 +02:00 |
|
Asger F
|
8cb80d6014
|
JS: Switch from hasLocationInfo to Location
|
2024-04-09 14:32:59 +02:00 |
|
Asger F
|
acef9b7111
|
Dynamic/JS: Add library for exporting models
|
2024-04-09 14:32:58 +02:00 |
|
Jami Cogswell
|
1da1e896cb
|
Java: convert SpringModelAndViewSink to MaD
|
2024-03-13 16:28:41 -04:00 |
|
Ed Minnix
|
bc745dfd5e
|
Windows registry sources
|
2024-03-11 13:55:34 -04:00 |
|
Ed Minnix
|
b0eb0e1f1e
|
Move common source kinds to "shared"
|
2024-03-07 12:20:45 -05:00 |
|