hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
28,569 Commits 1,672 Branches 157 Tags
aeisenberg/codeql-workspace
Commit Graph

3845 Commits

Author SHA1 Message Date
Joe Farebrother
ff733e0334 Fix up issues in generated tests 2021-09-16 15:23:00 +01:00
Joe Farebrother
693d729ec6 Generate tests and fix broken specs 2021-09-16 15:23:00 +01:00
Joe Farebrother
2150c1d58e Remove <> from flow summaries 2021-09-16 15:23:00 +01:00
Joe Farebrother
1273b063f4 Fix test expectations 2021-09-16 15:23:00 +01:00
Joe Farebrother
a755633405 Add the remaining utility classes 2021-09-16 15:22:59 +01:00
Joe Farebrother
19579f0d9a Add more utility class models and reorder existing ones 2021-09-16 15:22:59 +01:00
Joe Farebrother
ca583bffd5 Add Lists and Collections2 utilites 2021-09-16 15:22:59 +01:00
Joe Farebrother
5fee6d2d19 Convert Sets utilities 2021-09-16 15:22:59 +01:00
Joe Farebrother
10f0f3038c Add tables, improve tests, make fixes 2021-09-16 15:22:59 +01:00
Joe Farebrother
73aba09eee Add create methods 2021-09-16 15:22:59 +01:00
Joe Farebrother
035d655e72 Update guava collection flow steps to CSV 2021-09-16 15:22:59 +01:00
Marcono1234
020aa4d94c Java: Address feedback and fix test failures 2021-09-16 14:10:48 +01:00
Marcono1234
58d2d5d14e Java: Replace incorrect usage of Literal.getLiteral() 2021-09-16 14:10:48 +01:00
Tony Torralba
f18c163408 Improve handling of the 'author' word as an exception 2021-09-16 11:57:28 +02:00
Tony Torralba
8022530f34 Merge pull request #5983 from atorralba/atorralba/promote-insecure-basic-auth 
Java: Promote Insecure Basic Authentication query from experimental
 2021-09-16 11:45:30 +02:00
Anders Schack-Mulligen
28e5dcef52 Java: Add container flow to the local taint flow relation. 2021-09-16 11:14:30 +02:00
Benjamin Muskalla
d3caa80274 Merge pull request #6706 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2021-09-16 09:58:19 +02:00
Anders Schack-Mulligen
236ffc8972 Merge pull request #6700 from aschackmull/dataflow/subpaths-joinorder 
Dataflow: Fix bad joinorder in subpaths
 2021-09-16 08:22:59 +02:00
github-actions[bot]
563878d28d Add changed framework coverage reports 2021-09-16 00:08:03 +00:00
Tony Torralba
21079a1315 Fix conditionControlsMethod predicate 
Exceptions for throw and return statements were missing the appropriate condition
 2021-09-15 17:51:51 +02:00
Tony Torralba
d3cf697b07 QLDoc 2021-09-15 17:32:36 +02:00
Tony Torralba
5ed9949498 Adapt InsecureBasicAuth to the previous commit 2021-09-15 17:20:28 +02:00
Tony Torralba
2e08c5dd2b Refactored HttpsUrls.ql 2021-09-15 17:20:28 +02:00
Tony Torralba
c3c73377b8 Fix scope issues in the Java example 2021-09-15 17:20:28 +02:00
Tony Torralba
023264660b Suggestions from code review 2021-09-15 17:20:28 +02:00
mc
0e7cbbfeb8 Update InsecureBasicAuth.qhelp 2021-09-15 17:20:28 +02:00
mc
e58b90ef1c Added full stops 2021-09-15 17:20:28 +02:00
Tony Torralba
e159351179 Update java/change-notes/2021-06-01-insecure-basic-auth-query.md 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-09-15 17:20:27 +02:00
Tony Torralba
30178d4f23 Decouple InsecureBasicAuth.qll to reuse the taint tracking configuration 2021-09-15 17:20:27 +02:00
Tony Torralba
90df3fa94c Remove CWE reference from qlhelp since it's obtained from metadata 2021-09-15 17:20:27 +02:00
Tony Torralba
49c6a56f97 Add change note 2021-09-15 17:20:27 +02:00
Tony Torralba
148443fae1 Use InlineExpectationsTest 2021-09-15 17:20:27 +02:00
Tony Torralba
2cada386b4 Refactored into InsecureBasicAuth.qll 2021-09-15 17:20:27 +02:00
Tony Torralba
905be67aae Moved from experimental 2021-09-15 17:20:27 +02:00
Anders Schack-Mulligen
c0fd44c909 Dataflow: Sync. 2021-09-15 16:10:54 +02:00
Anders Schack-Mulligen
3abe1b4fc6 Dataflow: Fix bad join-order. 2021-09-15 16:10:30 +02:00
Erik Krogh Kristensen
3f736d3eb8 Merge pull request #6694 from erik-krogh/owasp-fixes 
JS/Java: use the correct cwe tags
 2021-09-15 13:46:35 +02:00
Chris Smowton
03db15af9a Merge pull request #6685 from smowton/smowton/admin/android-uri-model 
Java: Add models for android.net.Uri[.Builder]
 2021-09-15 10:48:33 +01:00
Anders Schack-Mulligen
8485b6f0b3 Merge pull request #6691 from bmuskalla/moreStringMethods 
Java: Support String#getChars and #translateEscapes
 2021-09-15 10:14:54 +02:00
Anders Schack-Mulligen
3f7d6e6f85 Merge pull request #6136 from smowton/smowton/admin/spring-xss-content-type-sensitivity 
Spring HTTP: improve content-type sensitivity
 2021-09-15 09:50:56 +02:00
github-actions[bot]
baab70bea6 Add changed framework coverage reports 2021-09-15 00:07:57 +00:00
Chris Smowton
e5b84fb795 Use InlineFlowTest 2021-09-14 16:37:07 +01:00
Chris Smowton
5d737934c3 Don't inherit models from a final class 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2021-09-14 16:37:07 +01:00
Chris Smowton
367a53dd71 Add models for android.net.Uri[.Builder] 2021-09-14 16:37:07 +01:00
Chris Smowton
ca87768a93 Merge pull request #6692 from bmuskalla/testGeneratorFlowTest 
Java: Test generator uses `InlineFlowTest`
 2021-09-14 15:44:24 +01:00
Chris Smowton
406466de9a Simplify specifiesContentType predicate 2021-09-14 15:24:46 +01:00
Chris Smowton
6cff0d0376 Merge pull request #6393 from luchua-bc/java/xss-jsf 
Java: CWE-079 Query to detect XSS with JavaServer Faces (JSF)
 2021-09-14 15:15:56 +01:00
Tony Torralba
4e93330cb9 Improved tests 
Note that a FN test case was added
 2021-09-14 15:51:08 +02:00
Benjamin Muskalla
abd770a027 Avoid empty template in test generator 2021-09-14 15:32:12 +02:00
Chris Smowton
a1ad1ddc10 Deprecated and replace uses of old name ServletWriterSource 2021-09-14 14:21:29 +01:00