hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
23,680 Commits 1,671 Branches 157 Tags
aibaars/drop-duplicate-query
Commit Graph

2555 Commits

Author SHA1 Message Date
Arthur Baars
f4f81886d7 Java: update @id of experimental ExecTainted.ql query 2021-06-28 13:18:25 +02:00
Arthur Baars
e7a3ca2ed4 Revert "Java: remove duplicate query" 
This reverts commit 0b59e408ba.
 2021-06-28 13:15:10 +02:00
Arthur Baars
0b59e408ba Java: remove duplicate query 2021-06-28 12:29:54 +02:00
yo-h
ffdc752720 Merge pull request #6059 from smowton/smowton/fix/qualified-name-generic-types 
Adapt to static methods and nested types returning unbound declaring types
 2021-06-23 14:45:51 -04:00
Chris Smowton
9c91d1a965 Add change note 2021-06-23 16:09:29 +01:00
Chris Smowton
74feaf2893 Adapt to static methods and nested types returning unbound declaring types 
Previously these returned raw declaring types instead
 2021-06-23 16:03:18 +01:00
Chris Smowton
b34448af87 {Generic,Parameterized,Raw}Type: implement getAPrimaryQlClass 
An aid to debugging
 2021-06-23 15:58:31 +01:00
Artem Smotrakov
0dfb869c5b Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-06-23 13:23:54 +02:00
Artem Smotrakov
14e724bce6 Added sinks for RmiBasedExporter and HessianExporter 2021-06-23 09:53:47 +02:00
Anders Schack-Mulligen
206a37cf08 Merge pull request #6130 from aschackmull/java/collection-test 
Java: Improve test and fix a few missing cases.
 2021-06-22 11:56:44 +02:00
Anders Schack-Mulligen
38fc8a750c Java: Improve test and fix a few missing cases. 2021-06-22 11:16:02 +02:00
Chris Smowton
e2aaae8181 Increase test fieldFlowBranchLimit to 1000 
Might as well head off future failures in this test

Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-06-21 12:51:37 +01:00
Chris Smowton
c5eef7be8c Increase field flow branch limit in Jax-RS tests 
This fixes apparently-missing results by allowing the dataflow library to persist even when there are many Map implementations possibly available.
 2021-06-21 12:46:13 +01:00
Anders Schack-Mulligen
9110dfaeb3 Merge pull request #6095 from hvitved/dataflow/local-cc-join 
Data flow: Fix `getLocalCallContext` join-order
 2021-06-21 12:53:38 +02:00
Chris Smowton
6302187a5d Merge pull request #5957 from haby0/java/BeanShellInjection 
Java: BeanShell Injection
 2021-06-18 12:38:51 +01:00
Anders Schack-Mulligen
7eb6da3888 Merge pull request #5772 from smowton/smowton/feature/apache-tuple-flow 
Add models for Apache Commons Lang's tuple types
 2021-06-18 11:25:07 +02:00
haby0
a73cb3f04a Fix error 2021-06-18 17:22:26 +08:00
Calum Grant
32f6a465b0 Merge pull request #6080 from github/calumgrant/security-severities 
Update security-severity scores
 2021-06-18 09:40:40 +01:00
Tom Hvitved
eb86bceb4d Address review comments 2021-06-18 10:18:47 +02:00
haby0
0d18e4ff9c BeanShell Injection 2021-06-18 15:54:13 +08:00
Chris Smowton
64001cc02c Merge pull request #5587 from smowton/smowton/admin/promote-ssrf-query 
Promote SSRF query from experimental
 2021-06-17 13:02:33 +01:00
Chris Smowton
d28c95d16c Field foo of -> Field[foo] of 2021-06-17 12:49:25 +01:00
Chris Smowton
74b2a2c7a6 Improve style of interpretField 2021-06-17 12:45:44 +01:00
Chris Smowton
5cf0243dd0 Add change note 2021-06-17 12:34:40 +01:00
Chris Smowton
2cc1f46871 Model constructors for (Imm|M)utable(Pair|Triple) 2021-06-17 12:34:40 +01:00
Chris Smowton
fbaa382158 Add tests for Pair.of and Triple.of 2021-06-17 12:34:40 +01:00
Chris Smowton
eebaab8fe9 Order left and right consistently 2021-06-17 12:34:40 +01:00
Chris Smowton
472a2a64dd Add models for Apache Commons tuples 2021-06-17 12:25:21 +01:00
Chris Smowton
73fa680224 Add support for CSV-specified flow to or from fields. 2021-06-17 12:24:28 +01:00
Tamás Vajk
200126b302 Merge pull request #6008 from github/tamasvajk/feature/csv-coverage-report 
Add timeseries CSV generator script
 2021-06-17 13:03:41 +02:00
Chris Smowton
11b70326fd Add Jakarta WS url-open sink 2021-06-17 11:58:41 +01:00
Chris Smowton
da1e760269 Adjust Spring models to use erased function signatures 2021-06-17 11:43:33 +01:00
Chris Smowton
1176fec287 Improve docs 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-06-17 11:43:33 +01:00
Chris Smowton
09f27554d0 Note incidental extra models in change note 2021-06-17 11:43:33 +01:00
Chris Smowton
7509e36382 Remove no-longer-needed BasicRequestLine model from InsecureBasicAuth.ql; adjust test expectations accordingly 2021-06-17 11:43:33 +01:00
Chris Smowton
c531b81ebe Rename RequestForgery.java -> SanitizationTests.java 2021-06-17 11:43:33 +01:00
Chris Smowton
cb99e17f4d Split and rename JavaNetHttp and ApacheHttp tests for consistency 2021-06-17 11:43:32 +01:00
Chris Smowton
6c4a909b86 Remove dead code from test 2021-06-17 11:43:32 +01:00
Chris Smowton
08ab5f5546 Remove redundant test 2021-06-17 11:43:32 +01:00
Chris Smowton
74569ce316 Tidy Jax-RS test 2021-06-17 11:43:32 +01:00
Chris Smowton
57ca36baad Tidy Spring test 2021-06-17 11:43:32 +01:00
Chris Smowton
8b080a94e7 Convert request forgery tests to inline expectations; add missing models revealed by this process. 2021-06-17 11:43:32 +01:00
Chris Smowton
b66dcbe5b6 Factor request-forgery config so it can be used in an inline-expectations test 2021-06-17 11:43:32 +01:00
Chris Smowton
ee872f1752 Add missing tests, add additional models revealed missing in the process, and add stubs to support them all. 2021-06-17 11:43:32 +01:00
Chris Smowton
49bbfc3f4b Convert SSRF sinks into url-open CSV sinks 
I also drop the previous approach of taint-tracking through various builder objects in favour of assuming that a URI set in a request-builder object is highly likely to end up requested in some way or another.

This will cause the `java/non-https-url` query to pick the new sinks up too, and fixes a Spring case that had never worked but went unnoticed until now.
 2021-06-17 11:43:30 +01:00
Chris Smowton
0f2139ff5d Fix and document one-based argument indexing in StringFormat's getAnArgUsageOffset 2021-06-17 11:41:06 +01:00
Chris Smowton
55c72cebf2 Improve StringBuilder append chain tracking 
Previously this didn't catch the case of constructors chaining directly into appends, like `StringBuilder sb = new StringBuilder("1").append("2")`
 2021-06-17 11:41:06 +01:00
Chris Smowton
5b25694a52 Simplify and improve AddExpr logic 
The improvement is in considering (userSupplied + "/") itself a sanitising prefix.
 2021-06-17 11:41:06 +01:00
Chris Smowton
6b76f42d22 Broaden PrimitiveSanitizer to include boxed primitives and other java.lang.Numbers 2021-06-17 11:41:06 +01:00
Chris Smowton
3167af29bd Tidy and remove catersian product from getUrlArgument 2021-06-17 11:41:05 +01:00