hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
28,569 Commits 1,672 Branches 157 Tags
aeisenberg/codeql-workspace
Commit Graph

3845 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
6d12c4aab1 use the correct cwe tags 2021-09-14 14:42:23 +02:00
Anders Schack-Mulligen
26eafcb55a Merge pull request #6456 from smowton/smowton/admin/flexjson-unsafe-deserialization 
Java: add unsafe-deserialization support for Flexjson
 2021-09-14 14:33:22 +02:00
Tony Torralba
0640b41f00 Adjust tests 2021-09-14 13:44:53 +02:00
Chris Smowton
6af5c5fc86 Add change note 2021-09-14 12:36:38 +01:00
Chris Smowton
26dbf058c8 Add reverse import from ExternalFlow.qll 2021-09-14 12:35:33 +01:00
Chris Smowton
fcc0f1d5a7 Expand test to exercise all sinks 2021-09-14 12:27:33 +01:00
Chris Smowton
e439b7d7f8 Remove resource-related sources 
These access application-owned resources AFAICT
 2021-09-14 12:24:27 +01:00
Tony Torralba
b740cf9664 Add change note 2021-09-14 13:16:47 +02:00
Tony Torralba
097927226b Improved heuristics to increase precision 2021-09-14 13:16:47 +02:00
Tony Torralba
f8d1e2ac11 Refactor tests to use InlineExpectationsTest 2021-09-14 13:16:45 +02:00
Tony Torralba
1f7990d6bb Refactor to use ConditionalBypassQuery.qll 2021-09-14 13:16:09 +02:00
Tony Torralba
a484e9fb06 Use RemoteFlowSource instead of UserInput 2021-09-14 13:16:09 +02:00
Chris Smowton
104873e8ee Autoformat 2021-09-14 12:07:59 +01:00
Chris Smowton
6811441459 Factor JSF source definitions 2021-09-14 12:07:48 +01:00
Chris Smowton
b7fc068cee Move JSFRenderer.qll to lib 2021-09-14 11:49:01 +01:00
Chris Smowton
023c533745 Combine Servlet and JSF vulnerable writer flow-tracking 
JSP and Servlet already shared this logic; might as well add JSF into the same mechanism.
 2021-09-14 11:48:34 +01:00
Chris Smowton
cb8096f636 Remove JSF XSS Example 
Per previous commit, no need for a top-level JSF example
 2021-09-14 11:47:37 +01:00
Chris Smowton
cca9ad06b4 Remove JSF example 
I don't think we need this: there are lots of possible XSS vectors; we don't need to enumerate every one in the qhelp file.
 2021-09-14 11:47:36 +01:00
Chris Smowton
76e4077b56 Delete unused classes 2021-09-14 11:47:35 +01:00
luchua-bc
24addd5c10 Query to detect XSS with JavaServer Faces (JSF) 2021-09-14 11:47:32 +01:00
Chris Smowton
e92b9cbe99 Improve getAProducesExpr documentation 2021-09-14 11:16:45 +01:00
Benjamin Muskalla
f9918cc63c Test generator uses InlineFlowTest 2021-09-14 11:58:56 +02:00
Anders Schack-Mulligen
e71173d953 Merge pull request #6591 from bmuskalla/inlineFlowTest 
Java: Simplify setup for flow tests using `InlineExpectationsTest`
 2021-09-14 10:31:29 +02:00
Benjamin Muskalla
199e015a06 Support missing String methods 2021-09-14 10:22:22 +02:00
github-actions[bot]
bf7c26e681 Add changed framework coverage reports 2021-09-14 00:07:57 +00:00
Tom Hvitved
3bdc92ba8e Merge pull request #6681 from hvitved/java/files-folders-drop-columns 
Java: Drop redundant columns from `files` and `folders` relations
 2021-09-13 17:43:31 +02:00
Chris Smowton
122ffca049 Merge pull request #6645 from Marcono1234/marcono1234/spurious-javadoc-param-generic-class 
Java: Detect spurious param Javadoc tag of generic classes
 2021-09-13 16:41:06 +01:00
Benjamin Muskalla
24d740b2da Merge branch 'main' into inlineFlowTest 2021-09-13 17:15:37 +02:00
Benjamin Muskalla
bf5a46f6d8 Simplify inline tests 2021-09-13 17:08:02 +02:00
Anders Schack-Mulligen
7b764aec92 Merge pull request #6682 from aschackmull/java/callbacks 
Java: Add support for callback-based library models.
 2021-09-13 16:43:03 +02:00
Chris Smowton
3c7b39f089 Add change note 2021-09-13 15:36:26 +01:00
Tom Hvitved
b60f1cd531 Java: Upgrade script 2021-09-13 16:09:47 +02:00
Tom Hvitved
9fdcacd865 Java: Drop redundant columns from files and folders relations 2021-09-13 16:09:47 +02:00
Anders Schack-Mulligen
ab862276fc Java: Fix tests. 2021-09-13 16:04:11 +02:00
Anders Schack-Mulligen
12aeaeed56 Java: Address review comment. 2021-09-13 16:03:50 +02:00
Anders Schack-Mulligen
818e75bb8f Java: Fix compilation error in telemetry lib. 2021-09-13 15:50:21 +02:00
Chris Smowton
abdd3a5dbe Adjust Java tests that check for unpaired surrogate extraction 2021-09-13 14:02:05 +01:00
Anders Schack-Mulligen
89a6cdc711 Java: Add support for callback-based library models. 2021-09-13 14:49:28 +02:00
Ian Lynagh
3404bcf265 Merge pull request #6680 from github/igfoo/java_location 
Java: Use the standard URL format for Location.toString()
 2021-09-13 13:43:32 +01:00
Ian Lynagh
4fbb165dce Java: Use the standard URL format for Location.toString() 2021-09-13 12:53:50 +01:00
Chris Smowton
68ed3250e8 Merge pull request #6478 from smowton/smowton/feature/jax-rs-request-filters 
Java: Add sources for Jax-RS filters
 2021-09-13 10:59:17 +01:00
Anders Schack-Mulligen
2db039fb77 Merge pull request #6673 from Marcono1234/marcono1234/clone-method-models 
Java: Remove duplicate classes modeling Object.clone
 2021-09-13 11:13:14 +02:00
Anders Schack-Mulligen
dde07fd2ee Merge pull request #6672 from Marcono1234/marcono1234/functional-interfaces-test 
Java: Extend functional interfaces test
 2021-09-13 11:13:06 +02:00
github-actions[bot]
26e8e89aca Add changed framework coverage reports 2021-09-13 00:08:00 +00:00
Marcono1234
d117593d72 Java: Remove duplicate classes modeling Object.clone 2021-09-12 02:05:57 +02:00
Marcono1234
5009ed618f Java: Extend functional interfaces test 2021-09-12 01:50:07 +02:00
Chris Smowton
95046b9bb1 Factor JaxRS models 2021-09-10 16:36:40 +01:00
Chris Smowton
451a46bf0e Add models for getLanguage, getMediaType 2021-09-10 16:36:38 +01:00
Chris Smowton
5e7a3ca2e6 Model UriInfo.relativize and resolve. 2021-09-10 16:36:37 +01:00
Chris Smowton
62ecab8432 Add change note 2021-09-10 16:36:36 +01:00