hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,643 Commits 1,671 Branches 157 Tags
alexet/avoid-path-node-java
Commit Graph

3173 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
5709365c0f Merge pull request #6921 from igfoo/igfoo/types 
Java: Replace @type with more specific types
 2021-10-25 13:15:12 +02:00
Tony Torralba
1333f67a69 Merge pull request #6917 from JLLeitschuh/feat/JLL/jdk_lambda_collections_model_tracking 
[Java] JDK Collection lambda models
 2021-10-22 10:26:50 +02:00
Joe Farebrother
2d368a7d9a Remove redundant imports from ExternalFlow 2021-10-21 16:48:53 +01:00
Joe Farebrother
a9dde419d2 Fix up test 2021-10-21 16:46:07 +01:00
Ian Lynagh
830f81bfdb Java: Autoformat 2021-10-20 17:45:01 +01:00
Joe Farebrother
3e3503a763 Fix failing checks 2021-10-20 17:25:38 +01:00
Joe Farebrother
447e06d92a Rename from SensitiveBroadcast to SensitiveCommmunication 2021-10-20 17:09:59 +01:00
Joe Farebrother
54e9c49080 Remove SendBroadcastMethodAccess 2021-10-20 17:09:59 +01:00
Joe Farebrother
e02be6cf93 Add additional sinks 2021-10-20 17:09:59 +01:00
Joe Farebrother
e616122982 Rename parameter 2021-10-20 17:09:59 +01:00
Joe Farebrother
fede77a934 Rename some utility methods 2021-10-20 17:09:59 +01:00
Joe Farebrother
069d6627b5 Improve sanitizers 2021-10-20 17:09:59 +01:00
Joe Farebrother
174ac3d6c3 Move to correct directory 2021-10-20 17:09:59 +01:00
Joe Farebrother
4012866c6f Allow arbitrary read steps at the sink 2021-10-20 17:09:57 +01:00
Ian Lynagh
25fcae1c51 Java: Make some types more specific 
Where we used to use RefType, we now use ClassOrInterface.
 2021-10-20 12:18:20 +01:00
Tom Hvitved
0bf5238f39 Update QL doc for allowParameterReturnInSelf 2021-10-20 12:08:58 +02:00
Tom Hvitved
dd138b0429 Address review comments 2021-10-20 12:08:58 +02:00
Tom Hvitved
ec5d8ab2db Java: Restrict use-use flow 2021-10-20 12:08:57 +02:00
Tom Hvitved
a1511e13d8 Data flow: Sync files 2021-10-20 12:08:57 +02:00
Jonathan Leitschuh
d4b18fe6a3 [Java] JDK Collection lambda models 
Adds support for data flow tracking through simple JDK collection
functional APIs.
 - `Iterable::forEach`
 - `Iterator::forEachRemaining`
 - `Map::forEach`

Replaces #5871

Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
 2021-10-19 15:57:58 -04:00
Jonathan Leitschuh
8231907116 Ratpack code cleanup from code review 2021-10-19 11:42:35 -04:00
haby0
283376eb19 Modify the model 2021-10-19 12:49:08 +01:00
haby0
d0eec1e381 Add CWE-552-UnsafeUrlForward 2021-10-19 12:49:07 +01:00
Chris Smowton
d46b897492 Add explicit this 2021-10-19 11:32:24 +01:00
Chris Smowton
beaa1cffd2 Make import private 2021-10-19 11:28:56 +01:00
Chris Smowton
3bf9abb4ce Avoid ambiguous term 'successor'. 2021-10-19 11:28:56 +01:00
Chris Smowton
0d66cebfba Autoformat 2021-10-19 11:28:56 +01:00
Chris Smowton
3c25301593 Extend documentation 2021-10-19 11:28:55 +01:00
Chris Smowton
d0d17e3b84 Make import private 2021-10-19 11:28:55 +01:00
Chris Smowton
b71920209e Factor out string prefix logic 2021-10-19 11:28:54 +01:00
Anders Schack-Mulligen
90a50e7ca9 Java: Fix bad join-order. 2021-10-19 10:55:52 +02:00
Anders Schack-Mulligen
6508afe824 Merge pull request #6900 from Marcono1234/marcono1234/MemberRefExpr-receiver-type 
Java: Add `MemberRefExpr.getReceiverType()`
 2021-10-19 10:49:15 +02:00
Jonathan Leitschuh
db2892b9ea Resove taint tracking issues from asMultimap 
Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
 2021-10-18 14:30:46 -04:00
Jonathan Leitschuh
5a2bdc9a0f Jackson taint tracking of elements 
Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
 2021-10-18 12:21:11 -04:00
Jonathan Leitschuh
8fecc158ff Add support for Map.forEach 
Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
 2021-10-18 12:21:11 -04:00
Jonathan Leitschuh
ebbbda70c0 Ratpack tests all passing 
Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
 2021-10-18 12:21:11 -04:00
Jonathan Leitschuh
fe374f5e9c Ratpack: Add support for Promise::apply 
Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
 2021-10-18 12:21:10 -04:00
Jonathan Leitschuh
6562ac3680 Ratpack conversion to new lambda model 
Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
 2021-10-18 12:21:10 -04:00
Jonathan Leitschuh
4f90f0a748 Begin refactoring Ratpack to use functional taint tracking 
Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
 2021-10-18 12:21:10 -04:00
Marcono1234
86d53931aa Java: Improve MemberRefExpr.getReceiverType() documentation 2021-10-18 18:20:22 +02:00
Geoffrey White
3f3c79f48f Merge pull request #6884 from geoffw0/setliterals 
Replace or chains with set literals.
 2021-10-18 16:46:55 +01:00
Anders Schack-Mulligen
b67032d1cc Merge pull request #6891 from erik-krogh/fix-java-this 
add explicit this qualifier on all of java
 2021-10-18 17:13:37 +02:00
Tom Hvitved
a10bde5795 Merge pull request #6872 from hvitved/dataflow/path-into-callable0-join 
Data flow: Performance tweaks
 2021-10-18 16:25:10 +02:00
Tony Torralba
a5749a5eb1 Add ComponentName tests to existing Intent tests 2021-10-18 15:23:52 +02:00
Tom Hvitved
e6954292aa Address review comments 2021-10-18 14:09:44 +02:00
Anders Schack-Mulligen
df9836cce0 Work around compiler bug. 2021-10-18 14:04:16 +02:00
Tony Torralba
392e2eebeb Add intent creation from a URI as a taint step 2021-10-18 12:18:07 +02:00
Tony Torralba
d1d2d61d7e Add more sinks 
Also, fix things after rebase
 2021-10-18 12:00:07 +02:00
Tony Torralba
e7983fb269 Add test and check for another edge case 2021-10-18 11:10:23 +02:00
Tony Torralba
bc6c13be69 Refactor to actually build the full flows from src to sink 
Add more tests for edge cases
 2021-10-18 11:10:22 +02:00