hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,643 Commits 1,671 Branches 157 Tags
alexet/avoid-path-node-java
Commit Graph

5825 Commits

Author SHA1 Message Date
Tony Torralba
4dfc9b13cd Java: Fix performance issue in the stub generator 2023-05-26 12:44:53 +02:00
Stephan Brandauer
5ca2221097 remove some of the biggest frameworks from application mode consideration 2023-05-25 17:06:02 +02:00
Stephan Brandauer
db77c6b9a3 Java: mark functional expressions as likely not sinks 2023-05-25 16:39:27 +02:00
Stephan Brandauer
76d731a61d improve CannotBeTaintedCharacteristic 2023-05-25 16:28:07 +02:00
Stephan Brandauer
9a041243ff Java: fine-tune characteristics 2023-05-25 14:16:32 +02:00
Stephan Brandauer
f224a40dec Java: use containing call as call context, not argument 2023-05-25 14:16:23 +02:00
Stephan Brandauer
33fdb0fc52 Java: remove superfluous characteristic 2023-05-25 14:16:23 +02:00
Taus
2000f22533 Java: Port over characteristics from codex branch 2023-05-25 14:16:23 +02:00
Taus
11ab7e2e71 Java: Share argument indexing logic 
Adds a utility predicate for turning integer indices into the desired string representation.
 2023-05-25 14:16:23 +02:00
Taus
04b8bf35d4 Java: Avoid overlapping import 
Importing `AutomodelEndpointTypes` inside `AutomodelSharedUtil` non-privately made it overlap with the imports in the candidate extraction queries.
 2023-05-25 14:16:23 +02:00
Stephan Brandauer
db61a2d099 Java: share isKnownKind between modes 2023-05-25 14:16:16 +02:00
Stephan Brandauer
d93ad9b398 Java: remove unneeded abstract metadata extractor classes and fix some names 2023-05-25 14:16:11 +02:00
Stephan Brandauer
6e21f14c09 Java: update extraction query metadata 2023-05-25 14:16:03 +02:00
Stephan Brandauer
7c3bc26c41 Java: make input an actual string, not an integer 2023-05-25 14:15:59 +02:00
Stephan Brandauer
185ad101b3 Java: add application-mode and framework-mode tags to extraction queries 2023-05-25 14:15:50 +02:00
Taus
9b30f9a476 Java: Add negative characteristic for static calls 2023-05-25 14:15:49 +02:00
Taus
6fc16574b3 Java: Add QL support for automodel application mode 2023-05-25 14:15:49 +02:00
erik-krogh
9f5bf8fb22 also fix the first code-block 2023-05-25 13:56:29 +02:00
erik-krogh
765076bcba fix whitespace in the samples in ReDoS.qhelp 2023-05-25 13:28:39 +02:00
Tony Torralba
a276cc3094 Convert all command injection sinks to MaD format 2023-05-25 11:41:32 +02:00
github-actions[bot]
d2e192020b Post-release preparation for codeql-cli-2.13.3 2023-05-24 11:26:12 +00:00
Erik Krogh Kristensen
50cb5ea184 Merge pull request #13164 from erik-krogh/polyQhelp 
ReDoS: add another example to the qhelp in poly-redos, showing how to just limit the length of the input
 2023-05-23 09:25:15 +02:00
github-actions[bot]
7aa23cf11d Release preparation for version 2.13.3 2023-05-22 20:47:00 +00:00
erik-krogh
710b309142 apply suggestions from doc review 2023-05-21 22:18:48 +02:00
erik-krogh
10bf17c33e Merge branch 'main' into polyQhelp 2023-05-21 22:17:06 +02:00
Tony Torralba
b58eb3a92c Java: Add TemplateEngine.createTemplate as a groovy injection sink 2023-05-19 17:45:47 +02:00
Tony Torralba
1b06bf132c Merge pull request #12932 from atorralba/atorralba/java/promote-xxe-experimental-sinks 
Java: Promote experimental XXE sinks
 2023-05-17 17:39:31 +02:00
Stephan Brandauer
a5ef738bb0 add extra parameters in query-messages 2023-05-17 08:37:18 +00:00
erik-krogh
480e71fd69 avoid contractions 2023-05-17 08:42:45 +02:00
Stephan Brandauer
2cd8a879a5 use asParameter().getName() instead of toString() 
Co-authored-by: Taus <tausbn@github.com>
 2023-05-16 17:28:02 +02:00
Stephan Brandauer
9845887452 automodel java fix: export method name as 'name' metadata parameter; export parameter name as 'parameterName' parameter 2023-05-16 15:07:14 +00:00
Tony Torralba
770099f210 Merge branch 'main' into atorralba/java/promote-xxe-experimental-sinks 2023-05-16 09:49:34 +02:00
Tony Torralba
7d79d87d48 Add XPath.evaluate as XXE sink 2023-05-15 17:39:35 +02:00
erik-krogh
83ca1495e0 trim the whitespace in the poly-redos examples 2023-05-15 16:47:24 +02:00
erik-krogh
d989359656 add another example to the qhelp in poly-redos, showing how to just limit the length of the input 2023-05-15 16:47:02 +02:00
Kasper Svendsen
d40cd0f275 Java: Make implicit this receivers explicit 2023-05-12 12:47:21 +02:00
Stephan Brandauer
510febf46d Merge pull request #12830 from github/kaeluka/parameter-candidate-extraction 
Java: Automodel Framework Mode Extraction Queries
 2023-05-11 18:00:55 +02:00
Stephan Brandauer
c31ad01579 squash ql-for-ql warnings 2023-05-11 16:18:52 +02:00
Tony Torralba
c17b0e809f Apply suggestions from code review 2023-05-11 14:53:56 +02:00
Anders Schack-Mulligen
587ee53917 Java: Fix ExternalApi.jarContainer(). 2023-05-11 14:09:27 +02:00
Stephan Brandauer
e15610cfcd use ascii dash 2023-05-11 11:32:05 +02:00
Stephan Brandauer
f3d096cf37 update DollarAtString class to use hasLocationInfo instead of getURL 2023-05-10 15:02:22 +02:00
Stephan Brandauer
79f2beca2a ql-for-ql 2023-05-10 14:04:29 +02:00
Stephan Brandauer
cd388264d3 use new DollarAtString class to return metadata using notation 2023-05-10 13:44:50 +02:00
Stephan Brandauer
6be11d93bd document FrameworkCandidatesImpl 2023-05-10 12:03:32 +02:00
Stephan Brandauer
d2d884b007 special case for Argument[this] 2023-05-10 11:53:40 +02:00
Stephan Brandauer
7ae6a992b6 fix code compilation error after main branch breaking change 2023-05-10 11:29:49 +02:00
Stephan Brandauer
9ed3c248ad Merge branch 'main' into kaeluka/parameter-candidate-extraction 2023-05-10 11:26:49 +02:00
Stephan Brandauer
1e5c9e8a58 simplify by using hasQualifiedName 2023-05-10 10:49:27 +02:00
Stephan Brandauer
f43edb8046 rename query files to make framework mode explicit 2023-05-10 10:30:58 +02:00