hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-14 11:19:27 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
c336a1595d5b8d82e289c58e835e2d3c7d9bf81b
codeql/java/ql/lib/ext
History
MarkLee131 c336a1595d Java: split read-only path sinks into path-injection[read] 
Introduce a new Models-as-Data sink sub-kind path-injection[read] for
models that only read from or inspect a path. The general
java/path-injection query and its PathInjectionSanitizer barrier
continue to consider both path-injection and path-injection[read]
sinks, so no alerts are lost. The java/zipslip query deliberately
selects only path-injection sinks, since read-only accesses such as
ClassLoader.getResource or FileInputStream are outside the archive
extraction threat model.

Addresses https://github.com/github/codeql/issues/21606 along the lines
proposed on the issue thread: prefer path-injection[read] over a
[create] sub-kind so that miscategorizing a sink causes a false
positive (easy to spot) rather than a false negative.

- shared/mad/codeql/mad/ModelValidation.qll: allow path-injection[...]
  as a valid sink kind.
- java/ql/lib/ext/*.model.yml: relabel the models that PR #12916
  migrated from the historical read-file kind (plus the newer
  ClassLoader resource-lookup variants that share the same read-only
  semantics).
- java/ql/lib/semmle/code/java/security/TaintedPathQuery.qll and
  PathSanitizer.qll: select both path-injection and
  path-injection[read] sinks/barriers.
- java/ql/lib/semmle/code/java/security/ZipSlipQuery.qll: keep only
  path-injection, with a comment explaining why path-injection[read]
  is excluded.
- java/ql/test/query-tests/security/CWE-022/semmle/tests/ZipTest.java:
  add m7 regression covering the Dubbo-style classpath lookup from
  issue #21606 and assert no alert is produced.
- Update TaintedPath.expected for the renamed kinds in the models list.
- Add change-notes under java/ql/lib/change-notes and
  java/ql/src/change-notes.
2026-04-21 09:17:36 +10:00
..
experimental
Java: Move non-experimental models out of the experimental folder.
2024-11-11 10:08:45 +01:00
generated
Java: Re-generate JDK 17 models.
2024-10-21 15:19:45 +02:00
android.app.model.yml
Address review comments.
2024-02-06 12:54:29 +00:00
android.content.model.yml
Java: update intent-start sink kind to intent-redirection
2023-05-31 15:49:07 -04:00
android.database.model.yml
Java: update sql sink kind to sql-injection
2023-05-31 15:49:06 -04:00
android.database.sqlite.model.yml
Java: Update models.
2023-08-23 13:24:55 +02:00
android.net.model.yml
Java: Replace Argument[-1] with Argument[this].
2023-03-20 10:14:20 +01:00
android.os.model.yml
Add sinks for android.os.ParcelFileDescriptor
2024-03-11 10:31:51 -04:00
android.support.v4.app.model.yml
Java: Make the corresponding rename in all the data extensions.
2022-12-14 13:48:31 +01:00
android.util.model.yml
Java: update logging sink kind to log-injection
2023-05-31 15:49:06 -04:00
android.webkit.model.yml
Java: Add support for Kotlin's apply to java/android/unsafe-android-webview-fetch
2023-07-10 17:40:16 +02:00
android.widget.model.yml
Java: switch 'android-widget' source kind to 'remote'
2023-06-01 12:25:25 -04:00
androidx.core.app.model.yml
Reorder sink models
2024-01-23 09:51:41 +00:00
androidx.fragment.app.model.yml
Java: Make the corresponding rename in all the data extensions.
2022-12-14 13:48:31 +01:00
androidx.slice.builders.model.yml
Java: Replace Argument[-1] with Argument[this].
2023-03-20 10:14:20 +01:00
androidx.slice.model.yml
Java: update pending-intent-sent sink kind to pending-intents
2023-05-31 15:49:07 -04:00
ch.ethz.ssh2.model.yml
Set provenance of models from otherApiCallableCredentialParam to manual and remove extra models
2023-10-25 14:31:55 -04:00
cn.hutool.core.codec.model.yml
Java: Make the corresponding rename in all the data extensions.
2022-12-14 13:48:31 +01:00
com.alibaba.com.caucho.hessian.io.model.yml
Use MaD models for unsafe deserialization sinks when possible
2025-07-16 14:42:07 +01:00
com.alibaba.druid.sql.model.yml
Update MaD Declarations after Triage
2023-06-06 16:38:31 +02:00
com.alibaba.druid.sql.repository.model.yml
Update MaD Declarations after Triage
2023-10-24 17:42:03 +02:00
com.alibaba.fastjson2.model.yml
Update MaD Declarations after Triage
2023-06-13 16:50:58 +02:00
com.amazonaws.auth.model.yml
Set provenance of models from otherApiCallableCredentialParam to manual and remove extra models
2023-10-25 14:31:55 -04:00
com.auth0.jwt.algorithms.model.yml
Set provenance of models from otherApiCallableCredentialParam to manual and remove extra models
2023-10-25 14:31:55 -04:00
com.azure.identity.model.yml
Set provenance of models from otherApiCallableCredentialParam to manual and remove extra models
2023-10-25 14:31:55 -04:00
com.caucho.burlap.io.model.yml
Use MaD models for unsafe deserialization sinks when possible
2025-07-16 14:42:07 +01:00
com.caucho.hessian.io.model.yml
Use MaD models for unsafe deserialization sinks when possible
2025-07-16 14:42:07 +01:00
com.cedarsoftware.util.io.model.yml
Use MaD models for unsafe deserialization sinks when possible
2025-07-16 14:42:07 +01:00
com.couchbase.client.core.env.model.yml
Improved models for Supplier arguments
2026-01-14 12:32:42 +01:00
com.couchbase.client.java.model.yml
Improve model for CWE-089
2026-01-13 21:48:43 +01:00
com.esotericsoftware.kryo5.io.model.yml
Java: Replace Argument[-1] with Argument[this].
2023-03-20 10:14:20 +01:00
com.esotericsoftware.kryo.io.model.yml
Java: Replace Argument[-1] with Argument[this].
2023-03-20 10:14:20 +01:00
com.esotericsoftware.yamlbeans.model.yml
Use MaD models for unsafe deserialization sinks when possible
2025-07-16 14:42:07 +01:00
com.fasterxml.jackson.core.model.yml
Java: Make the corresponding rename in all the data extensions.
2022-12-14 13:48:31 +01:00
com.fasterxml.jackson.databind.model.yml
Update java/ql/lib/ext/com.fasterxml.jackson.databind.model.yml
2024-01-25 10:00:56 +01:00
com.google.common.base.model.yml
Java: Update models that uses -1 in a range.
2023-03-20 10:14:20 +01:00
com.google.common.cache.model.yml
Java: Replace Argument[-1] with Argument[this].
2023-03-20 10:14:20 +01:00
com.google.common.collect.model.yml
Java: Update models.
2023-08-23 13:24:55 +02:00
com.google.common.flogger.model.yml
Java: update logging sink kind to log-injection
2023-05-31 15:49:06 -04:00
com.google.common.io.model.yml
Java: split read-only path sinks into path-injection[read]
2026-04-21 09:17:36 +10:00
com.google.gson.model.yml
Remove zero width space characters.
2024-01-08 13:15:38 -08:00
com.hubspot.jinjava.model.yml
Java: update ssti sink kind to template-injection
2023-05-31 15:49:06 -04:00
com.jcraft.jsch.model.yml
Set provenance of models from otherApiCallableCredentialParam to manual and remove extra models
2023-10-25 14:31:55 -04:00
com.microsoft.sqlserver.jdbc.model.yml
Set provenance of models from otherApiCallableCredentialParam to manual and remove extra models
2023-10-25 14:31:55 -04:00
com.mitchellbosecke.pebble.model.yml
Java: update ssti sink kind to template-injection
2023-05-31 15:49:06 -04:00
com.mongodb.model.yml
Add signatures to models
2023-10-25 14:31:56 -04:00
com.opensymphony.xwork2.ognl.model.yml
Java: Make the corresponding rename in all the data extensions.
2022-12-14 13:48:31 +01:00
com.rabbitmq.client.impl.model.yml
Java: Replace Argument[-1] with Argument[this].
2023-03-20 10:14:20 +01:00
com.rabbitmq.client.model.yml
Java: Update models.
2023-08-23 13:24:55 +02:00
com.sshtools.j2ssh.authentication.model.yml
Set provenance of models from otherApiCallableCredentialParam to manual and remove extra models
2023-10-25 14:31:55 -04:00
com.sun.crypto.provider.model.yml
Use hq-generated provenance
2023-10-25 14:31:55 -04:00
com.sun.jndi.ldap.model.yml
Use hq-generated provenance
2023-10-25 14:31:55 -04:00
com.sun.net.httpserver.model.yml
Use hq-generated provenance
2023-10-25 14:31:55 -04:00
com.sun.net.ssl.model.yml
Use hq-generated provenance
2023-10-25 14:31:55 -04:00
com.sun.rowset.model.yml
Use hq-generated provenance
2023-10-25 14:31:55 -04:00
com.sun.security.auth.module.model.yml
Use hq-generated provenance
2023-10-25 14:31:55 -04:00
com.sun.security.ntlm.model.yml
Use hq-generated provenance
2023-10-25 14:31:55 -04:00
com.sun.security.sasl.digest.model.yml
Use hq-generated provenance
2023-10-25 14:31:55 -04:00
com.thoughtworks.xstream.model.yml
Java: split read-only path sinks into path-injection[read]
2026-04-21 09:17:36 +10:00
com.trilead.ssh2.model.yml
Add signature back to trilead ssh2 model
2023-10-25 14:31:56 -04:00
com.unboundid.ldap.sdk.model.yml
Java: update ldap sink kind to ldap-injection
2023-05-31 15:49:07 -04:00
com.zaxxer.hikari.model.yml
Java: update open/jdbc-url sink kinds to request-forgery
2023-05-31 15:50:31 -04:00
empty.model.yml
Java: Add empty extensible data.
2025-12-11 16:24:26 +01:00
flexjson.model.yml
Java: Replace Argument[-1] with Argument[this].
2023-03-20 10:14:20 +01:00
freemarker.cache.model.yml
Java: update ssti sink kind to template-injection
2023-05-31 15:49:06 -04:00
freemarker.template.model.yml
Java: update ssti sink kind to template-injection
2023-05-31 15:49:06 -04:00
groovy.lang.model.yml
Java: update groovy sink kind to groovy-injection
2023-05-31 15:49:06 -04:00
groovy.util.model.yml
Java: update groovy sink kind to groovy-injection
2023-05-31 15:49:06 -04:00
hudson.cli.model.yml
Java: update open/jdbc-url sink kinds to request-forgery
2023-05-31 15:50:31 -04:00
hudson.console.model.yml
Update MaD Declarations after Triage
2023-10-31 16:52:02 +01:00
hudson.lifecycle.model.yml
Java: update create/read-file sink kinds to path-injection
2023-05-31 15:49:07 -04:00
hudson.model.model.yml
Java: split read-only path sinks into path-injection[read]
2026-04-21 09:17:36 +10:00
hudson.model.yml
Java: split read-only path sinks into path-injection[read]
2026-04-21 09:17:36 +10:00
hudson.os.model.yml
Java: All ai-generated models have been manually verified.
2023-04-13 09:21:06 +02:00
hudson.remoting.model.yml
Java: All ai-generated models have been manually verified.
2023-04-13 09:21:06 +02:00
hudson.scm.model.yml
Java: split read-only path sinks into path-injection[read]
2026-04-21 09:17:36 +10:00
hudson.util.io.model.yml
Java: update create/read-file sink kinds to path-injection
2023-05-31 15:49:07 -04:00
hudson.util.jna.model.yml
Java: split read-only path sinks into path-injection[read]
2026-04-21 09:17:36 +10:00
hudson.util.model.yml
Java: split read-only path sinks into path-injection[read]
2026-04-21 09:17:36 +10:00
io.jsonwebtoken.model.yml
Add SyntheticFields for JwsHeader
2023-05-04 16:52:40 -04:00
io.netty.bootstrap.model.yml
Java: update open/jdbc-url sink kinds to request-forgery
2023-05-31 15:50:31 -04:00
io.netty.buffer.model.yml
Argument[-1] -> Argument[this]
2023-03-23 14:37:32 +00:00
io.netty.channel.model.yml
Java: update open/jdbc-url sink kinds to request-forgery
2023-05-31 15:50:31 -04:00
io.netty.handler.codec.base64.model.yml
Formatting fixes
2023-03-23 14:37:30 +00:00
io.netty.handler.codec.http2.model.yml
Argument[-1] -> Argument[this]
2023-03-23 14:37:32 +00:00
io.netty.handler.codec.http.cookie.model.yml
Argument[-1] -> Argument[this]
2023-03-23 14:37:32 +00:00
io.netty.handler.codec.http.model.yml
Java: update open/jdbc-url sink kinds to request-forgery
2023-05-31 15:50:31 -04:00
io.netty.handler.codec.http.multipart.model.yml
Java: split read-only path sinks into path-injection[read]
2026-04-21 09:17:36 +10:00
io.netty.handler.codec.http.websocketx.model.yml
Argument[-1] -> Argument[this]
2023-03-23 14:37:32 +00:00
io.netty.handler.codec.model.yml
Argument[-1] -> Argument[this]
2023-03-23 14:37:32 +00:00
io.netty.handler.ssl.model.yml
Java: split read-only path sinks into path-injection[read]
2026-04-21 09:17:36 +10:00
io.netty.handler.stream.model.yml
Java: split read-only path sinks into path-injection[read]
2026-04-21 09:17:36 +10:00
io.netty.resolver.model.yml
Java: All ai-generated models have been manually verified.
2023-04-13 09:21:06 +02:00
io.netty.util.internal.model.yml
Java: update open/jdbc-url sink kinds to request-forgery
2023-05-31 15:50:31 -04:00
io.netty.util.model.yml
Argument[-1] -> Argument[this]
2023-03-23 14:37:32 +00:00
io.undertow.server.handlers.resource.model.yml
Java: update models
2024-03-27 20:39:34 -04:00
jakarta.activation.model.yml
Java: New models for JAX-RS
2023-08-07 11:52:23 +02:00
jakarta.faces.context.model.yml
Java: add resource-related methods as path-injection sinks and as summaries
2024-03-13 22:48:57 -04:00
jakarta.json.model.yml
Java: Replace Argument[-1] with Argument[this].
2023-03-20 10:14:20 +01:00
jakarta.json.stream.model.yml
Java: Make the corresponding rename in all the data extensions.
2022-12-14 13:48:31 +01:00
jakarta.persistence.criteria.model.yml
Update MaD Declarations after Triage
2023-10-24 17:42:03 +02:00
jakarta.persistence.model.yml
Update java/ql/lib/ext/jakarta.persistence.model.yml
2023-12-19 14:58:07 +01:00
jakarta.servlet.http.model.yml
Apply suggestions from code review
2025-11-12 15:02:42 +00:00
jakarta.servlet.model.yml
add extensions for remote sources
2025-08-14 16:10:49 -04:00
jakarta.ws.rs.client.model.yml
Java: update open/jdbc-url sink kinds to request-forgery
2023-05-31 15:50:31 -04:00
jakarta.ws.rs.container.model.yml
Java: Make the corresponding rename in all the data extensions.
2022-12-14 13:48:31 +01:00
jakarta.ws.rs.core.model.yml
Apply suggestions from code review
2023-10-17 11:51:55 +02:00
jakarta.xml.bind.attachment.model.yml
Java: New models for JAX-RS
2023-08-07 11:52:23 +02:00
java.awt.model.yml
Java: java.awt.Desktop::browse is a url-redirection sink
2024-01-23 09:28:13 +01:00
java.beans.model.yml
Use MaD models for unsafe deserialization sinks when possible
2025-07-16 14:42:07 +01:00
java.io.model.yml
Java: split read-only path sinks into path-injection[read]
2026-04-21 09:17:36 +10:00
java.lang.invoke.model.yml
Java: Update existing neutrals to include kind information.
2023-05-08 16:18:59 +02:00
java.lang.model.yml
Java: split read-only path sinks into path-injection[read]
2026-04-21 09:17:36 +10:00
java.lang.module.model.yml
Java: All ai-generated models have been manually verified.
2023-04-13 09:21:06 +02:00
java.lang.reflect.model.yml
Java: Update existing neutrals to include kind information.
2023-05-08 16:18:59 +02:00
java.lang.scoped.model.yml
Java: Address review comment. Fix dataflow model
2025-09-08 12:55:19 +02:00
java.math.model.yml
Java: Update existing neutrals to include kind information.
2023-05-08 16:18:59 +02:00
java.net.http.model.yml
Update MaD Declarations after Triage
2024-01-31 11:28:10 +00:00
java.net.model.yml
Fix incorrect constructor summary models
2026-03-05 12:03:21 +00:00
java.nio.channels.model.yml
Update MaD Declarations after Triage
2023-06-08 10:51:48 +02:00
java.nio.charset.model.yml
Java: Update existing neutrals to include kind information.
2023-05-08 16:18:59 +02:00
java.nio.file.model.yml
Java: split read-only path sinks into path-injection[read]
2026-04-21 09:17:36 +10:00
java.nio.file.spi.model.yml
Java: fix typos
2023-05-26 18:55:13 -04:00
java.nio.model.yml
Java: Move non-experimental models out of the experimental folder.
2024-11-11 10:08:45 +01:00
java.security.cert.model.yml
Java: Promote some generated models and add some manual neutrals.
2024-08-27 13:28:05 +02:00
java.security.model.yml
Java: Promote some generated models and add some manual neutrals.
2024-08-27 13:28:05 +02:00
java.security.spec.model.yml
Remove unnecessary crypto sinks
2023-12-11 11:18:40 -05:00
java.sql.model.yml
Use hq-generated provenance
2023-10-25 14:31:55 -04:00
java.text.model.yml
Accept suggestion to put models under the right heading
2024-03-01 16:05:28 +00:00
java.time.chrono.model.yml
Java: Change most java.time.* df-generated taint models to neutrals.
2024-05-22 10:29:54 +02:00
java.time.format.model.yml
Java: Update existing neutrals to include kind information.
2023-05-08 16:18:59 +02:00
java.time.model.yml
Java: Change most java.time.* df-generated taint models to neutrals.
2024-05-22 10:29:54 +02:00
java.time.temporal.model.yml
Java: Change most java.time.* df-generated taint models to neutrals.
2024-05-22 10:29:54 +02:00
java.time.zone.model.yml
Java: Change most java.time.* df-generated taint models to neutrals.
2024-05-22 10:29:54 +02:00
java.util.concurrent.atomic.model.yml
Java: Update existing neutrals to include kind information.
2023-05-08 16:18:59 +02:00
java.util.concurrent.locks.model.yml
Java: Update existing neutrals to include kind information.
2023-05-08 16:18:59 +02:00
java.util.concurrent.model.yml
Java: Update existing neutrals to include kind information.
2023-05-08 16:18:59 +02:00
java.util.function.model.yml
Java: Update existing neutrals to include kind information.
2023-05-08 16:18:59 +02:00
java.util.logging.model.yml
Java: Update the Byte- and CharBuffer models and add models for set- and getParameters on LogRecord.
2024-08-28 16:15:09 +02:00
java.util.model.yml
Java: Adapt to changes in FlowSummaryImpl
2026-01-26 12:40:15 +01:00
java.util.prefs.model.yml
Recognize the model generator involvement in the models' provenances
2024-03-14 08:56:23 +01:00
java.util.regex.model.yml
Convert regex injection barrier to MaD
2025-12-11 16:24:29 +01:00
java.util.stream.model.yml
Java: Add manual models for various mapToObj methods.
2024-10-23 09:29:15 +02:00
java.util.zip.model.yml
Fix incorrect constructor summary models
2026-03-05 12:03:21 +00:00
javafx.scene.web.model.yml
Java: update open/jdbc-url sink kinds to request-forgery
2023-05-31 15:50:31 -04:00
javax.activation.model.yml
Java: New models for JAX-RS
2023-08-07 11:52:23 +02:00
javax.crypto.model.yml
Java: Address review comment. Fix dataflow model
2025-09-08 13:17:51 +02:00
javax.crypto.spec.model.yml
Java: Add model for thenExpand and accept new results
2025-09-08 13:17:53 +02:00
javax.faces.context.model.yml
Java: add resource-related methods as path-injection sinks and as summaries
2024-03-13 22:48:57 -04:00
javax.imageio.stream.model.yml
Update MaD Declarations after Triage
2023-10-31 16:52:02 +01:00
javax.jms.model.yml
Java: Replace Argument[-1] with Argument[this].
2023-03-20 10:14:20 +01:00
javax.json.model.yml
Java: Replace Argument[-1] with Argument[this].
2023-03-20 10:14:20 +01:00
javax.json.stream.model.yml
Java: Make the corresponding rename in all the data extensions.
2022-12-14 13:48:31 +01:00
javax.management.model.yml
Java: Promote some generated models and add some manual neutrals.
2024-08-27 13:28:05 +02:00
javax.management.remote.model.yml
Java: Replace Argument[-1] with Argument[this].
2023-03-20 10:14:20 +01:00
javax.naming.directory.model.yml
Java: Add some less precise models for BasicAttributes to get the models to work with search sink and re-generate SDK models.
2024-10-21 15:19:34 +02:00
javax.naming.model.yml
Java: All ai-generated models have been manually verified.
2023-04-13 09:21:06 +02:00
javax.net.ssl.model.yml
Use hq-generated provenance
2023-10-25 14:31:55 -04:00
javax.portlet.model.yml
Java: remove todo comments from ext files
2024-03-13 16:28:43 -04:00
javax.print.attribute.standard.model.yml
Use hq-generated provenance
2023-10-25 14:31:55 -04:00
javax.script.model.yml
Apply suggestions from code review
2023-10-17 11:51:55 +02:00
javax.security.auth.callback.model.yml
Use hq-generated provenance
2023-10-25 14:31:55 -04:00
javax.security.auth.kerberos.model.yml
Use hq-generated provenance
2023-10-25 14:31:55 -04:00
javax.servlet.http.model.yml
Apply suggestions from code review
2025-11-12 15:02:42 +00:00
javax.servlet.model.yml
Java: split read-only path sinks into path-injection[read]
2026-04-21 09:17:36 +10:00
javax.sql.model.yml
Use hq-generated provenance
2023-10-25 14:31:55 -04:00
javax.validation.model.yml
Java: Make the corresponding rename in all the data extensions.
2022-12-14 13:48:31 +01:00
javax.ws.rs.client.model.yml
Java: update open/jdbc-url sink kinds to request-forgery
2023-05-31 15:50:31 -04:00
javax.ws.rs.container.model.yml
Java: Make the corresponding rename in all the data extensions.
2022-12-14 13:48:31 +01:00
javax.ws.rs.core.model.yml
Java: update header-splitting sink kind to response-splitting
2023-05-31 15:49:07 -04:00
javax.xml.bind.attachment.model.yml
Java: New models for JAX-RS
2023-08-07 11:52:23 +02:00
javax.xml.transform.model.yml
Java: update xslt sink kind to xslt-injection
2023-05-31 15:49:07 -04:00
javax.xml.transform.sax.model.yml
Java: Replace Argument[-1] with Argument[this].
2023-03-20 10:14:20 +01:00
javax.xml.transform.stream.model.yml
Java: update create/read-file sink kinds to path-injection
2023-05-31 15:49:07 -04:00
javax.xml.xpath.model.yml
Java: update xpath sink kind to xpath-injection
2023-05-31 15:49:06 -04:00
jodd.json.model.yml
Java: Replace Argument[-1] with Argument[this].
2023-03-20 10:14:20 +01:00
kotlin.collections.model.yml
Java: Make the corresponding rename in all the data extensions.
2022-12-14 13:48:31 +01:00
kotlin.io.model.yml
Java: split read-only path sinks into path-injection[read]
2026-04-21 09:17:36 +10:00
kotlin.jvm.internal.model.yml
Java: Make the corresponding rename in all the data extensions.
2022-12-14 13:48:31 +01:00
kotlin.model.yml
Kotlin: Support apply
2023-07-10 16:15:27 +02:00
liquibase.database.jvm.model.yml
Update MaD Declarations after Triage
2023-10-24 17:42:03 +02:00
liquibase.statement.core.model.yml
Update MaD Declarations after Triage
2023-10-24 17:42:03 +02:00
net.lingala.zip4j.model.yml
Java: Move non-experimental models out of the experimental folder.
2024-11-11 10:08:45 +01:00
net.schmizz.sshj.model.yml
Remove additional net.schmizz.sshj models
2023-10-25 14:31:56 -04:00
net.sf.saxon.s9api.model.yml
Java: update xslt sink kind to xslt-injection
2023-05-31 15:49:07 -04:00
ognl.enhance.model.yml
Java: Replace Argument[-1] with Argument[this].
2023-03-20 10:14:20 +01:00
ognl.model.yml
Java: Replace Argument[-1] with Argument[this].
2023-03-20 10:14:20 +01:00
okhttp3.model.yml
Java: Update java/ql/lib/ext/okhttp3.model.yml
2023-06-09 13:48:16 +02:00
org.antlr.runtime.model.yml
Update MaD Declarations after Triage
2023-06-06 16:38:31 +02:00
org.apache.commons.codec.model.yml
Java: Make the corresponding rename in all the data extensions.
2022-12-14 13:48:31 +01:00
org.apache.commons.collections4.bag.model.yml
Java: Replace Argument[-1] with Argument[this].
2023-03-20 10:14:20 +01:00
org.apache.commons.collections4.bidimap.model.yml
Java: Replace Argument[-1] with Argument[this].
2023-03-20 10:14:20 +01:00
org.apache.commons.collections4.collection.model.yml
Java: Replace Argument[-1] with Argument[this].
2023-03-20 10:14:20 +01:00
org.apache.commons.collections4.iterators.model.yml
Java: Replace Argument[-1] with Argument[this].
2023-03-20 10:14:20 +01:00
org.apache.commons.collections4.keyvalue.model.yml
Java: Update models.
2023-08-23 13:24:55 +02:00
org.apache.commons.collections4.list.model.yml
Java: Replace Argument[-1] with Argument[this].
2023-03-20 10:14:20 +01:00
org.apache.commons.collections4.map.model.yml
Java: Adapt to changes in FlowSummaryImpl
2026-01-26 12:40:15 +01:00
org.apache.commons.collections4.model.yml
Java: Adapt to changes in FlowSummaryImpl
2026-01-26 12:40:15 +01:00
org.apache.commons.collections4.multimap.model.yml
Java: Replace Argument[-1] with Argument[this].
2023-03-20 10:14:20 +01:00
org.apache.commons.collections4.multiset.model.yml
Java: Replace Argument[-1] with Argument[this].
2023-03-20 10:14:20 +01:00
org.apache.commons.collections4.properties.model.yml
Java: Make the corresponding rename in all the data extensions.
2022-12-14 13:48:31 +01:00
org.apache.commons.collections4.queue.model.yml
Java: Replace Argument[-1] with Argument[this].
2023-03-20 10:14:20 +01:00
org.apache.commons.collections4.set.model.yml
Java: Adapt to changes in FlowSummaryImpl
2026-01-26 12:40:15 +01:00
org.apache.commons.collections4.splitmap.model.yml
Java: Replace Argument[-1] with Argument[this].
2023-03-20 10:14:20 +01:00
org.apache.commons.collections4.trie.model.yml
Java: Replace Argument[-1] with Argument[this].
2023-03-20 10:14:20 +01:00
org.apache.commons.collections.bag.model.yml
Java: Replace Argument[-1] with Argument[this].
2023-03-20 10:14:20 +01:00
org.apache.commons.collections.bidimap.model.yml
Java: Replace Argument[-1] with Argument[this].
2023-03-20 10:14:20 +01:00
org.apache.commons.collections.collection.model.yml
Java: Replace Argument[-1] with Argument[this].
2023-03-20 10:14:20 +01:00
org.apache.commons.collections.iterators.model.yml
Java: Replace Argument[-1] with Argument[this].
2023-03-20 10:14:20 +01:00
org.apache.commons.collections.keyvalue.model.yml
Java: Update models.
2023-08-23 13:24:55 +02:00
org.apache.commons.collections.list.model.yml
Java: Replace Argument[-1] with Argument[this].
2023-03-20 10:14:20 +01:00
org.apache.commons.collections.map.model.yml
Java: Update models.
2023-08-23 13:24:55 +02:00
org.apache.commons.collections.model.yml
Java: Replace Argument[-1] with Argument[this].
2023-03-20 10:14:20 +01:00
org.apache.commons.collections.multimap.model.yml
Java: Replace Argument[-1] with Argument[this].
2023-03-20 10:14:20 +01:00
org.apache.commons.collections.multiset.model.yml
Java: Replace Argument[-1] with Argument[this].
2023-03-20 10:14:20 +01:00
org.apache.commons.collections.properties.model.yml
Java: Make the corresponding rename in all the data extensions.
2022-12-14 13:48:31 +01:00
org.apache.commons.collections.queue.model.yml
Java: Replace Argument[-1] with Argument[this].
2023-03-20 10:14:20 +01:00
org.apache.commons.collections.set.model.yml
Java: Replace Argument[-1] with Argument[this].
2023-03-20 10:14:20 +01:00
org.apache.commons.collections.splitmap.model.yml
Java: Replace Argument[-1] with Argument[this].
2023-03-20 10:14:20 +01:00
org.apache.commons.collections.trie.model.yml
Java: Replace Argument[-1] with Argument[this].
2023-03-20 10:14:20 +01:00
org.apache.commons.compress.archivers.tar.model.yml
Java: All ai-generated models have been manually verified.
2023-04-13 09:21:06 +02:00
org.apache.commons.exec.environment.model.yml
org.apache.commons.exec models
2024-01-08 09:38:42 -05:00
org.apache.commons.exec.launcher.model.yml
org.apache.commons.exec models
2024-01-08 09:38:42 -05:00
org.apache.commons.exec.model.yml
org.apache.commons.exec models
2024-01-08 09:38:42 -05:00
org.apache.commons.fileupload.model.yml
Sort models and tests alphabetically
2025-11-12 15:10:29 +00:00
org.apache.commons.fileupload.util.model.yml
Sort models and tests alphabetically
2025-11-12 15:10:29 +00:00
org.apache.commons.httpclient.util.model.yml
Java: All ai-generated models have been manually verified.
2023-04-13 09:21:06 +02:00
org.apache.commons.io.model.yml
Java: split read-only path sinks into path-injection[read]
2026-04-21 09:17:36 +10:00
org.apache.commons.jelly.model.yml
Java: update open/jdbc-url sink kinds to request-forgery
2023-05-31 15:50:31 -04:00
org.apache.commons.jexl2.model.yml
Java: update jexl sink kind to jexl-injection
2023-05-31 15:49:06 -04:00
org.apache.commons.jexl3.model.yml
Java: update jexl sink kind to jexl-injection
2023-05-31 15:49:06 -04:00
org.apache.commons.lang3.builder.model.yml
Update java/ql/lib/ext/org.apache.commons.lang3.builder.model.yml
2023-07-12 09:06:05 +02:00
org.apache.commons.lang3.model.yml
Use MaD models for unsafe deserialization sinks when possible
2025-07-16 14:42:07 +01:00
org.apache.commons.lang3.mutable.model.yml
Java: Replace Argument[-1] with Argument[this].
2023-03-20 10:14:20 +01:00
org.apache.commons.lang3.text.model.yml
Java: Replace Argument[-1] with Argument[this].
2023-03-20 10:14:20 +01:00
org.apache.commons.lang3.tuple.model.yml
Java: Replace Argument[-1] with Argument[this].
2023-03-20 10:14:20 +01:00
org.apache.commons.lang.model.yml
Use MaD models for unsafe deserialization sinks when possible
2025-07-16 14:42:07 +01:00
org.apache.commons.logging.model.yml
Java: update logging sink kind to log-injection
2023-05-31 15:49:06 -04:00
org.apache.commons.net.ftp.model.yml
Set provenance of models from otherApiCallableCredentialParam to manual and remove extra models
2023-10-25 14:31:55 -04:00
org.apache.commons.net.model.yml
Java: split read-only path sinks into path-injection[read]
2026-04-21 09:17:36 +10:00
org.apache.commons.ognl.enhance.model.yml
Java: Replace Argument[-1] with Argument[this].
2023-03-20 10:14:20 +01:00
org.apache.commons.ognl.model.yml
Java: Replace Argument[-1] with Argument[this].
2023-03-20 10:14:20 +01:00
org.apache.commons.text.lookup.model.yml
Java: Replace Argument[-1] with Argument[this].
2023-03-20 10:14:20 +01:00
org.apache.commons.text.model.yml
Java: Replace Argument[-1] with Argument[this].
2023-03-20 10:14:20 +01:00
org.apache.cxf.catalog.model.yml
Java: Add new Apache CXF models
2023-08-25 11:17:51 +02:00
org.apache.cxf.common.classloader.model.yml
Java: Add new Apache CXF models
2023-08-25 11:17:51 +02:00
org.apache.cxf.common.jaxb.model.yml
Java: Add new Apache CXF models
2023-08-25 11:17:51 +02:00
org.apache.cxf.common.logging.model.yml
Java: Add new Apache CXF models
2023-08-25 11:17:51 +02:00
org.apache.cxf.configuration.jsse.model.yml
Java: Add new Apache CXF models
2023-08-25 11:17:51 +02:00
org.apache.cxf.feature.transform.model.yml
Java: Add new Apache CXF models
2023-08-25 11:17:51 +02:00
org.apache.cxf.helpers.model.yml
Java: Add new Apache CXF models
2023-08-25 11:17:51 +02:00
org.apache.cxf.resource.model.yml
Java: Add new Apache CXF models
2023-08-25 11:17:51 +02:00
org.apache.cxf.staxutils.model.yml
Java: Add new Apache CXF models
2023-08-25 11:17:51 +02:00
org.apache.cxf.tools.corba.utils.model.yml
Java: Add new Apache CXF models
2023-08-25 11:17:51 +02:00
org.apache.cxf.tools.util.model.yml
Java: Add new Apache CXF models
2023-08-25 11:17:51 +02:00
org.apache.directory.ldap.client.api.model.yml
Java: update ldap sink kind to ldap-injection
2023-05-31 15:49:07 -04:00
org.apache.hadoop.fs.model.yml
Address more review feedback.
2024-02-09 09:21:30 +00:00
org.apache.hadoop.fs.s3a.model.yml
Update MaD Declarations after Triage
2024-01-31 11:28:10 +00:00
org.apache.hadoop.hive.metastore.api.model.yml
Java: update sql sink kind to sql-injection
2023-05-31 15:49:06 -04:00
org.apache.hadoop.hive.metastore.model.yml
Java: update sql sink kind to sql-injection
2023-05-31 15:49:06 -04:00
org.apache.hadoop.hive.ql.exec.model.yml
Update MaD Declarations after Triage
2023-10-31 16:52:02 +01:00
org.apache.hadoop.hive.ql.metadata.model.yml
Update MaD Declarations after Triage
2023-10-31 16:52:02 +01:00
org.apache.hc.client5.http.async.methods.model.yml
Java: update open/jdbc-url sink kinds to request-forgery
2023-05-31 15:50:31 -04:00
org.apache.hc.client5.http.classic.methods.model.yml
Java: update open/jdbc-url sink kinds to request-forgery
2023-05-31 15:50:31 -04:00
org.apache.hc.client5.http.fluent.model.yml
Java: update open/jdbc-url sink kinds to request-forgery
2023-05-31 15:50:31 -04:00
org.apache.hc.client5.http.protocol.model.yml
Java: update provenance to 'hq-manual'
2023-05-26 18:55:13 -04:00
org.apache.hc.client5.http.protocol.yml
Java: update provenance to hq-manual now that 12595 is merged
2023-04-13 10:11:31 -04:00
org.apache.hc.client5.http.utils.yml
Java: update provenance to hq-manual now that 12595 is merged
2023-04-13 10:11:31 -04:00
org.apache.hc.core5.benchmark.model.yml
Java: update open/jdbc-url sink kinds to request-forgery
2023-05-31 15:50:31 -04:00
org.apache.hc.core5.function.model.yml
Java: Replace Argument[-1] with Argument[this].
2023-03-20 10:14:20 +01:00
org.apache.hc.core5.http.impl.bootstrap.model.yml
Java: update open/jdbc-url sink kinds to request-forgery
2023-05-31 15:50:31 -04:00
org.apache.hc.core5.http.io.entity.model.yml
Fix incorrect constructor summary models
2026-03-05 12:03:21 +00:00
org.apache.hc.core5.http.io.model.yml
Java: Update models.
2023-08-23 13:24:55 +02:00
org.apache.hc.core5.http.io.support.model.yml
Java: update open/jdbc-url sink kinds to request-forgery
2023-05-31 15:50:31 -04:00
org.apache.hc.core5.http.message.model.yml
Java: update open/jdbc-url sink kinds to request-forgery
2023-05-31 15:50:31 -04:00
org.apache.hc.core5.http.model.yml
Java: update open/jdbc-url sink kinds to request-forgery
2023-05-31 15:50:31 -04:00
org.apache.hc.core5.http.nio.support.model.yml
Java: update open/jdbc-url sink kinds to request-forgery
2023-05-31 15:50:31 -04:00
org.apache.hc.core5.http.support.model.yml
Java: update open/jdbc-url sink kinds to request-forgery
2023-05-31 15:50:31 -04:00
org.apache.hc.core5.net.model.yml
Java: update provenance to hq-manual now that 12595 is merged
2023-04-13 10:11:31 -04:00
org.apache.hc.core5.util.model.yml
Java: Replace Argument[-1] with Argument[this].
2023-03-20 10:14:20 +01:00
org.apache.hive.hcatalog.templeton.model.yml
Java: update sql sink kind to sql-injection
2023-05-31 15:49:06 -04:00
org.apache.http.client.fluent.model.yml
Java: update open/jdbc-url sink kinds to request-forgery
2023-05-31 15:50:31 -04:00
org.apache.http.client.methods.model.yml
Java: update open/jdbc-url sink kinds to request-forgery
2023-05-31 15:50:31 -04:00
org.apache.http.client.model.yml
Java: update open/jdbc-url sink kinds to request-forgery
2023-05-31 15:50:31 -04:00
org.apache.http.client.utils.model.yml
More review suggestions
2023-10-17 11:54:32 +02:00
org.apache.http.entity.model.yml
Fix incorrect constructor summary models
2026-03-05 12:03:21 +00:00
org.apache.http.impl.client.model.yml
Address review comments.
2024-02-06 12:54:29 +00:00
org.apache.http.message.model.yml
Java: update open/jdbc-url sink kinds to request-forgery
2023-05-31 15:50:31 -04:00
org.apache.http.model.yml
Java: update open/jdbc-url sink kinds to request-forgery
2023-05-31 15:50:31 -04:00
org.apache.http.params.model.yml
Java: Replace Argument[-1] with Argument[this].
2023-03-20 10:14:20 +01:00
org.apache.http.protocol.model.yml
Java: Make the corresponding rename in all the data extensions.
2022-12-14 13:48:31 +01:00
org.apache.http.util.model.yml
Java: update xss sink kind to html-injection and js-injection
2023-05-31 15:49:07 -04:00
org.apache.ibatis.jdbc.model.yml
Java: update sql sink kind to sql-injection
2023-05-31 15:49:06 -04:00
org.apache.ibatis.mapping.model.yml
Update MaD Declarations after Triage
2023-10-24 17:42:03 +02:00
org.apache.log4j.model.yml
Java: update logging sink kind to log-injection
2023-05-31 15:49:06 -04:00
org.apache.logging.log4j.model.yml
Java: update logging sink kind to log-injection
2023-05-31 15:49:06 -04:00
org.apache.shiro.authc.model.yml
Java: Move non-experimental models out of the experimental folder.
2024-11-11 10:08:45 +01:00
org.apache.shiro.codec.model.yml
Java: Make the corresponding rename in all the data extensions.
2022-12-14 13:48:31 +01:00
org.apache.shiro.jndi.model.yml
Java: Make the corresponding rename in all the data extensions.
2022-12-14 13:48:31 +01:00
org.apache.shiro.mgt.model.yml
Set provenance of models from otherApiCallableCredentialParam to manual and remove extra models
2023-10-25 14:31:55 -04:00
org.apache.sshd.client.session.model.yml
Set provenance of models from otherApiCallableCredentialParam to manual and remove extra models
2023-10-25 14:31:55 -04:00
org.apache.struts2.dispatcher.model.yml
Add trust-boundary-violation sink kind
2023-08-17 13:05:37 -04:00
org.apache.struts2.interceptor.model.yml
Add trust-boundary-violation sink kind
2023-08-17 13:05:37 -04:00
org.apache.tools.ant.model.yml
Java: split read-only path sinks into path-injection[read]
2026-04-21 09:17:36 +10:00
org.apache.tools.ant.taskdefs.model.yml
Java: split read-only path sinks into path-injection[read]
2026-04-21 09:17:36 +10:00
org.apache.tools.zip.model.yml
Java: All ai-generated models have been manually verified.
2023-04-13 09:21:06 +02:00
org.apache.velocity.app.model.yml
Java: update ssti sink kind to template-injection
2023-05-31 15:49:06 -04:00
org.apache.velocity.runtime.model.yml
Java: update ssti sink kind to template-injection
2023-05-31 15:49:06 -04:00
org.apache.velocity.runtime.resource.util.model.yml
Java: update ssti sink kind to template-injection
2023-05-31 15:49:06 -04:00
org.codehaus.cargo.container.installer.model.yml
Java: update open/jdbc-url sink kinds to request-forgery
2023-05-31 15:50:31 -04:00
org.codehaus.groovy.control.model.yml
Java: update groovy sink kind to groovy-injection
2023-05-31 15:49:06 -04:00
org.dom4j.model.yml
Java: update xpath sink kind to xpath-injection
2023-05-31 15:49:06 -04:00
org.dom4j.tree.model.yml
Java: update xpath sink kind to xpath-injection
2023-05-31 15:49:06 -04:00
org.dom4j.util.model.yml
Java: update xpath sink kind to xpath-injection
2023-05-31 15:49:06 -04:00
org.eclipse.jetty.client.model.yml
Update MaD Declarations after Triage
2024-01-31 11:28:10 +00:00
org.exolab.castor.xml.model.yml
Use MaD models for unsafe deserialization sinks when possible
2025-07-16 14:42:07 +01:00
org.fusesource.leveldbjni.model.yml
Update MaD Declarations after Triage
2023-06-06 16:38:31 +02:00
org.geogebra.web.full.main.model.yml
Java: update url-redirect sink kind to url-redirection
2023-05-31 15:49:06 -04:00
org.gradle.api.file.model.yml
Fix missing quotes.
2024-01-31 11:49:25 +00:00
org.hibernate.model.yml
Java: update sql sink kind to sql-injection
2023-05-31 15:49:06 -04:00
org.hibernate.query.model.yml
Java: update sql sink kind to sql-injection
2023-05-31 15:49:06 -04:00
org.ho.yaml.model.yml
Use MaD models for unsafe deserialization sinks when possible
2025-07-16 14:42:07 +01:00
org.influxdb.model.yml
Java: Update models.
2023-08-23 13:24:55 +02:00
org.jabsorb.model.yml
Use MaD models for unsafe deserialization sinks when possible
2025-07-16 14:42:07 +01:00
org.jboss.logging.model.yml
Java: Update models.
2023-08-23 13:24:55 +02:00
org.jboss.vfs.model.yml
Java: add resource-related methods as path-injection sinks and as summaries
2024-03-13 22:48:57 -04:00
org.jdbi.v3.core.model.yml
Java: update open/jdbc-url sink kinds to request-forgery
2023-05-31 15:50:31 -04:00
org.jooq.model.yml
Java: update sql sink kind to sql-injection
2023-05-31 15:49:06 -04:00
org.json.model.yml
Java: Replace Argument[-1] with Argument[this].
2023-03-20 10:14:20 +01:00
org.keycloak.models.map.storage.model.yml
Update MaD Declarations after Triage
2023-10-24 17:42:03 +02:00
org.kohsuke.stapler.bind.model.yml
Java: Model the Stapler framework
2023-06-14 12:34:52 +02:00
org.kohsuke.stapler.framework.adjunct.model.yml
Java: All ai-generated models have been manually verified.
2023-04-13 09:21:06 +02:00
org.kohsuke.stapler.framework.io.model.yml
Java: split read-only path sinks into path-injection[read]
2026-04-21 09:17:36 +10:00
org.kohsuke.stapler.json.model.yml
Java: Model the Stapler framework
2023-06-14 12:34:52 +02:00
org.kohsuke.stapler.model.yml
Java: switch StaplerResponse.forward from request-forgery sink to url-forward sink
2024-03-13 16:28:41 -04:00
org.lastaflute.web.model.yml
Convert QL classes for Lastaflute to MaD
2024-07-18 17:41:06 -04:00
org.lastaflute.web.ruts.multipart.model.yml
Add some models for the org.lastaflute.web library
2024-07-18 17:41:00 -04:00
org.mvel2.compiler.model.yml
Java: update mvel sink kind to mvel-injection
2023-05-31 15:49:06 -04:00
org.mvel2.jsr223.model.yml
Java: update mvel sink kind to mvel-injection
2023-05-31 15:49:06 -04:00
org.mvel2.model.yml
Java: update mvel sink kind to mvel-injection
2023-05-31 15:49:06 -04:00
org.mvel2.templates.model.yml
Java: update mvel sink kind to mvel-injection
2023-05-31 15:49:06 -04:00
org.openjdk.jmh.runner.options.model.yml
Java: update create/read-file sink kinds to path-injection
2023-05-31 15:49:07 -04:00
org.owasp.esapi.model.yml
Convert trust boundary violation barrier and barrier guard to MaD
2025-12-11 16:24:26 +01:00
org.pac4j.jwt.config.encryption.model.yml
Add pac4j JWT cryptographic key sinks
2023-12-13 11:15:27 +01:00
org.pac4j.jwt.config.signature.model.yml
Add pac4j JWT cryptographic key sinks
2023-12-13 11:15:27 +01:00
org.scijava.log.model.yml
Java: update logging sink kind to log-injection
2023-05-31 15:49:06 -04:00
org.slf4j.model.yml
Java: update logging sink kind to log-injection
2023-05-31 15:49:06 -04:00
org.slf4j.spi.model.yml
Java: update logging sink kind to log-injection
2023-05-31 15:49:06 -04:00
org.springframework.beans.model.yml
Java: Replace Argument[-1] with Argument[this].
2023-03-20 10:14:20 +01:00
org.springframework.boot.jdbc.model.yml
Java: update open/jdbc-url sink kinds to request-forgery
2023-05-31 15:50:31 -04:00
org.springframework.cache.model.yml
Java: Replace Argument[-1] with Argument[this].
2023-03-20 10:14:20 +01:00
org.springframework.context.model.yml
Java: Make the corresponding rename in all the data extensions.
2022-12-14 13:48:31 +01:00
org.springframework.core.io.model.yml
Java: Move non-experimental models out of the experimental folder.
2024-11-11 10:08:45 +01:00
org.springframework.data.repository.model.yml
Java: Make the corresponding rename in all the data extensions.
2022-12-14 13:48:31 +01:00
org.springframework.http.model.yml
Java: Added up to date models for Spring's ResponseEntity
2023-10-23 16:06:11 +02:00
org.springframework.jdbc.core.model.yml
Java: update sql sink kind to sql-injection
2023-05-31 15:49:06 -04:00
org.springframework.jdbc.core.namedparam.model.yml
Java: update recently added 'sql' sinks
2023-05-31 15:51:07 -04:00
org.springframework.jdbc.datasource.model.yml
Java: update open/jdbc-url sink kinds to request-forgery
2023-05-31 15:50:31 -04:00
org.springframework.jdbc.object.model.yml
Java: update sql sink kind to sql-injection
2023-05-31 15:49:06 -04:00
org.springframework.jndi.model.yml
Java: Make the corresponding rename in all the data extensions.
2022-12-14 13:48:31 +01:00
org.springframework.ldap.core.model.yml
Java: update ldap sink kind to ldap-injection
2023-05-31 15:49:07 -04:00
org.springframework.ldap.model.yml
Java: Make the corresponding rename in all the data extensions.
2022-12-14 13:48:31 +01:00
org.springframework.security.core.userdetails.model.yml
Set provenance of models from otherApiCallableCredentialParam to manual and remove extra models
2023-10-25 14:31:55 -04:00
org.springframework.security.web.savedrequest.model.yml
Java: Make the corresponding rename in all the data extensions.
2022-12-14 13:48:31 +01:00
org.springframework.ui.model.yml
Java: Replace Argument[-1] with Argument[this].
2023-03-20 10:14:20 +01:00
org.springframework.util.model.yml
Java: split read-only path sinks into path-injection[read]
2026-04-21 09:17:36 +10:00
org.springframework.validation.model.yml
Java: Replace Argument[-1] with Argument[this].
2023-03-20 10:14:20 +01:00
org.springframework.web.client.model.yml
Java: update open/jdbc-url sink kinds to request-forgery
2023-05-31 15:50:31 -04:00
org.springframework.web.context.request.model.yml
Java: Make the corresponding rename in all the data extensions.
2022-12-14 13:48:31 +01:00
org.springframework.web.multipart.model.yml
Remove duplicate summary for MultipartFile.getInputStream and update .expected file
2024-09-18 20:43:04 +02:00
org.springframework.web.portlet.model.yml
Java: convert SpringModelAndViewSink to MaD
2024-03-13 16:28:41 -04:00
org.springframework.web.reactive.function.client.model.yml
Java: update open/jdbc-url sink kinds to request-forgery
2023-05-31 15:50:31 -04:00
org.springframework.web.servlet.model.yml
Java: convert SpringModelAndViewSink to MaD
2024-03-13 16:28:41 -04:00
org.springframework.web.socket.model.yml
Add model for handlePongMessage and update test
2026-01-07 11:09:59 +00:00
org.springframework.web.util.model.yml
Java: Adapt to changes in FlowSummaryImpl
2026-01-26 12:40:15 +01:00
org.thymeleaf.model.yml
Java: update ssti sink kind to template-injection
2023-05-31 15:49:06 -04:00
org.xml.sax.model.yml
Java: Replace Argument[-1] with Argument[this].
2023-03-20 10:14:20 +01:00
org.xmlpull.v1.model.yml
Java: Make the corresponding rename in all the data extensions.
2022-12-14 13:48:31 +01:00
org.yaml.snakeyaml.model.yml
Update MaD Declarations after Triage
2023-06-06 16:38:31 +02:00
play.libs.ws.model.yml
Java: update recently added 'open-url' sinks to 'request-forgery'
2023-06-01 08:10:44 -04:00
play.mvc.model.yml
Add trust-boundary-violation sink kind
2023-08-17 13:05:37 -04:00
ratpack.core.form.model.yml
Java: Replace Argument[-1] with Argument[this].
2023-03-20 10:14:20 +01:00
ratpack.core.handling.model.yml
Java: Make the corresponding rename in all the data extensions.
2022-12-14 13:48:31 +01:00
ratpack.core.http.model.yml
Java: Replace Argument[-1] with Argument[this].
2023-03-20 10:14:20 +01:00
ratpack.exec.model.yml
Java: Replace ratpack test fix with general heuristic summary.
2023-08-03 10:04:06 +02:00
ratpack.form.model.yml
Java: Replace Argument[-1] with Argument[this].
2023-03-20 10:14:20 +01:00
ratpack.func.model.yml
Java: Replace Argument[-1] with Argument[this].
2023-03-20 10:14:20 +01:00
ratpack.handling.model.yml
Java: Make the corresponding rename in all the data extensions.
2022-12-14 13:48:31 +01:00
ratpack.http.model.yml
Java: Replace Argument[-1] with Argument[this].
2023-03-20 10:14:20 +01:00
ratpack.util.model.yml
Java: Replace Argument[-1] with Argument[this].
2023-03-20 10:14:20 +01:00
retrofit2.model.yml
Update java/ql/lib/ext/retrofit2.model.yml
2023-06-08 14:59:10 +02:00
software.amazon.awssdk.transfer.s3.model.model.yml
Java: Move non-experimental models out of the experimental folder.
2024-11-11 10:08:45 +01:00
struts2.model.yml
Update java/ql/lib/ext/struts2.model.yml
2023-12-12 14:58:47 +01:00
sun.jvmstat.perfdata.monitor.protocol.local.model.yml
Use hq-generated provenance
2023-10-25 14:31:55 -04:00
sun.jvmstat.perfdata.monitor.protocol.rmi.model.yml
Use hq-generated provenance
2023-10-25 14:31:55 -04:00
sun.misc.model.yml
Use hq-generated provenance
2023-10-25 14:31:55 -04:00
sun.net.ftp.model.yml
Use hq-generated provenance
2023-10-25 14:31:55 -04:00
sun.net.www.protocol.http.model.yml
Use hq-generated provenance
2023-10-25 14:31:55 -04:00
sun.security.acl.model.yml
Use hq-generated provenance
2023-10-25 14:31:55 -04:00
sun.security.jgss.krb5.model.yml
Use hq-generated provenance
2023-10-25 14:31:55 -04:00
sun.security.krb5.model.yml
Make SaltAndParams be nested
2023-10-25 14:31:55 -04:00
sun.security.pkcs11.model.yml
TrustType should be nested in sun.security.pkcs11.Secmod models
2023-10-25 14:31:55 -04:00
sun.security.pkcs.model.yml
Use hq-generated provenance
2023-10-25 14:31:55 -04:00
sun.security.provider.model.yml
Use hq-generated provenance
2023-10-25 14:31:55 -04:00
sun.security.ssl.model.yml
Use hq-generated provenance
2023-10-25 14:31:55 -04:00
sun.security.x509.model.yml
Use hq-generated provenance
2023-10-25 14:31:55 -04:00
sun.tools.jconsole.model.yml
Use hq-generated provenance
2023-10-25 14:31:55 -04:00