hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,643 Commits 1,672 Branches 157 Tags
alexet/avoid-path-node-java
Commit Graph

4531 Commits

Author SHA1 Message Date
Ed Minnix
ce2cab0d2e Move TaintedPath configurations to Query.qll 2023-03-29 17:59:33 -04:00
Ed Minnix
744f2653f0 Add QLdoc for RemoteUserInputToArgumentToExecFlow 2023-03-29 11:45:09 -04:00
Ed Minnix
25359d2218 Deprecate execTainted 2023-03-29 11:45:09 -04:00
Ed Minnix
dcd703f1a9 Update to the TaintTracking::Global api 2023-03-29 11:45:09 -04:00
Ed Minnix
bbf7c67f9b Remove unnecessary private markers (CommandLine and Request forgery) 2023-03-29 11:45:09 -04:00
Ed Minnix
0249890747 Refactor CommandLineQuery.qll 2023-03-29 11:45:09 -04:00
Edward Minnix III
117a983423 Merge pull request #12639 from egregius313/egregius313/java/refactor-injection-queries 
Java: Refactor injection queries to new dataflow API
 2023-03-29 11:02:18 -04:00
Anders Schack-Mulligen
d0fa7c7ff8 Merge pull request #12683 from aschackmull/java/rangeanalysis-add 
Java: Support double-recursive range analysis bounds for addition.
 2023-03-29 13:39:59 +02:00
Ed Minnix
c8579d8c26 RegexInjection docs 2023-03-29 07:24:32 -04:00
Ed Minnix
17cdd16c19 Fix miscopied isBarrier in JndiInjectionQuery 2023-03-29 07:23:13 -04:00
Jeroen Ketema
0acca2ba76 Merge pull request #12687 from jketema/unit-2 
Make imports of `codeql.util.Unit` private
 2023-03-29 13:07:12 +02:00
Anders Schack-Mulligen
7844384768 Java: Add change note. 2023-03-29 11:39:07 +02:00
Edward Minnix III
b00104ebe3 Merge pull request #12458 from egregius313/egregius313/promote-insecure-ldap-authentication 
Java: Promote LDAP Authentication Query
 2023-03-28 10:39:17 -04:00
Edward Minnix III
97ec808a6f Make configuration public 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2023-03-28 10:28:15 -04:00
Anders Schack-Mulligen
7c74fd07e9 Merge pull request #12684 from aschackmull/dataflow/remove-footgun 
Dataflow: Remove accidentally exposed predicates.
 2023-03-28 15:14:58 +02:00
Jeroen Ketema
3b8ad087eb Make imports of codeql.util.Unit private 2023-03-28 14:14:13 +02:00
Anders Schack-Mulligen
47e7aa9566 Dataflow: Add change note. 2023-03-28 13:17:48 +02:00
Anders Schack-Mulligen
d406b051fc Dataflow: Remove accidentally exposed predicates. 2023-03-28 10:04:21 +02:00
Anders Schack-Mulligen
b5c66c514e Java: Support double-recursive range analysis bounds for addition. 2023-03-28 09:52:05 +02:00
Ed Minnix
9bfb13b942 Update to the Global/flow* api 2023-03-27 12:26:18 -04:00
Ed Minnix
0eaf222b54 Move public classes/predicates to top of library file 2023-03-27 12:16:44 -04:00
Ed Minnix
f28f1af5a4 Add InsecureLdapUrlSink 2023-03-27 12:16:44 -04:00
Edward Minnix III
24d4859149 Import changes 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2023-03-27 12:16:44 -04:00
Edward Minnix III
151357d02d Make classes/predicates not used outside of query private 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2023-03-27 12:16:44 -04:00
Ed Minnix
658c54a18f Change names of configuration to fit new naming convention 2023-03-27 12:16:44 -04:00
Ed Minnix
752620a34d Rename SSL configuration and fix PathGraph 2023-03-27 12:16:44 -04:00
Ed Minnix
59ce0d7682 Documentation changes 2023-03-27 12:16:44 -04:00
Ed Minnix
6a0167fa7f Convert to using the new DataFlow modules 2023-03-27 12:16:44 -04:00
Ed Minnix
05da1dc4a3 Merge concatInsecureLdapString into InsecureLdapUrl constructor 2023-03-27 12:16:44 -04:00
Ed Minnix
3936aea690 Split Ldap query file into libraries 2023-03-27 12:16:43 -04:00
Tony Torralba
907053f281 Merge pull request #12591 from github/java/update-mad-decls-after-triage-2023-03-20T12-45-37 
Java: Update MaD Declarations after Triage
 2023-03-27 13:23:55 +02:00
Joe Farebrother
489ce3d40a Merge pull request #12049 from joefarebrother/netty-models 
Java: Model the Netty framework
 2023-03-27 11:38:11 +01:00
Stephan Brandauer
6d91458586 Merge pull request #12506 from github/java/update-mad-decls-after-triage-2023-03-13T13-21-27 
Java: Update MaD Declarations after Triage
 2023-03-27 12:30:21 +02:00
Tony Torralba
7a9f1a5705 Add change note 2023-03-27 11:51:59 +02:00
Tony Torralba
95cc99c625 Apply suggestions from code review 2023-03-27 11:50:27 +02:00
Tony Torralba
ea1ca03bf1 Add change note 2023-03-27 10:30:47 +02:00
Tony Torralba
9a18043d9f Apply suggestions from code review 2023-03-27 10:28:13 +02:00
Jeroen Ketema
977f15f8a4 Merge pull request #12649 from jketema/unit 
Replace all definitions of `Unit` by `import codeql.util.Unit`
 2023-03-27 08:49:50 +02:00
Edward Minnix III
bb27ba7d3c Merge pull request #12632 from egregius313/egregius313/java/android/refactor-android-query-libraries 
Java: Refactor Android `Query.qll` libraries to new dataflow api
 2023-03-24 11:18:57 -04:00
Stephan Brandauer
4b458b2898 Merge branch 'main' into java/update-mad-decls-after-triage-2023-03-20T12-45-37 2023-03-24 16:17:07 +01:00
Stephan Brandauer
2c49e62c64 Merge branch 'main' into java/update-mad-decls-after-triage-2023-03-13T13-21-27 2023-03-24 16:16:57 +01:00
Ed Minnix
fcd53a8555 Deprecate old predicate 2023-03-24 10:07:40 -04:00
Ed Minnix
e7bad4cd90 Refactor to DataFlow::Global 2023-03-24 10:04:46 -04:00
Ed Minnix
899200a9c9 Remove unnecessary private markers 2023-03-24 09:57:55 -04:00
Ed Minnix
f6b8d89756 Refactor GroovyInjectionQuery 2023-03-24 09:57:55 -04:00
Ed Minnix
bf5f82bb78 Refactor SqlInjectionQuery 2023-03-24 09:57:55 -04:00
Ed Minnix
fec80973a9 Refactor SpelInjectionQuery 2023-03-24 09:57:55 -04:00
Ed Minnix
787b73317d Refactor TemplateInjection 2023-03-24 09:57:55 -04:00
Ed Minnix
7e1c42442a Refactor OgnlInjection 2023-03-24 09:57:55 -04:00
Ed Minnix
3116e306b1 Refactor MvelInjection 2023-03-24 09:57:55 -04:00