hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,643 Commits 1,671 Branches 157 Tags
alexet/avoid-path-node-java
Commit Graph

1214 Commits

Author SHA1 Message Date
Francis Alexander
1f5a466e46 Playframework test cases & review fixes 2021-01-06 22:57:14 +05:30
Jonathan Leitschuh
ba4a562c9a Update PrintAst.actual with new test output 2021-01-04 23:37:58 -05:00
Jonathan Leitschuh
028e4756bb Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-01-04 10:13:52 -05:00
Jonathan Leitschuh
54950c2f42 Add MethodAccessSystemGetProperty predicate 2021-01-01 20:07:45 -05:00
luchua-bc
bed8a68d28 Exclude broken algorithms from the list of secure algorithms 2020-12-17 00:41:23 +00:00
luchua-bc
d7facb42d6 Add missing broken crypto algorithms 2020-12-16 04:32:11 +00:00
yo-h
7e8bc4a61b Merge commit '2fa9037' into yo-h/java15-merge 2020-11-29 18:42:20 -05:00
yo-h
eedc385b37 Java 15: adjust test options 2020-11-26 00:14:24 -05:00
Anders Schack-Mulligen
92494441a7 Merge pull request #4554 from aschackmull/dataflow/reverse-partial 
Dataflow: Add support reverse partial flow exploration.
 2020-11-03 15:34:30 +01:00
Anders Schack-Mulligen
89361a3b75 Merge pull request #3812 from luchua-bc/java-android-remote-source 
Java: Add remote source of Android intent extra
 2020-11-03 09:35:40 +01:00
Anders Schack-Mulligen
7eb64aa998 Dataflow: Code review fixes. 2020-11-03 09:16:20 +01:00
Anders Schack-Mulligen
d5be4d7b92 Dataflow: Add support reverse partial flow exploration. 2020-11-03 09:16:19 +01:00
luchua-bc
7ac3fb41d5 Clean up query and test files 2020-10-31 13:37:36 +00:00
Joe Farebrother
2050f82553 Merge pull request #4383 from joefarebrother/guava-strings 
Java: Add modelling for Guava
 2020-10-26 10:16:55 +00:00
Tom Hvitved
492b1141ef Merge pull request #4445 from hvitved/csharp/sign-analysis-cfg 
C#: Use CFG nodes instead of AST nodes in sign/modulus analysis
 2020-10-26 09:45:38 +01:00
Francis Alexander
ddc544aa07 Initial support for Play Framework > 2.6.x 2020-10-22 20:20:49 +05:30
Joe Farebrother
980fdd8dea Java: Update Guava version in test stubs and change note 2020-10-19 11:56:28 +01:00
Joe Farebrother
8834a8fed6 Java: Make tests less noisy 2020-10-16 10:22:41 +01:00
Joe
28647b20e2 Java: Add tests 2020-10-16 10:22:41 +01:00
Joe Farebrother
388f60f818 Merge pull request #4430 from joefarebrother/tainttrackingutils-refactor 
Java: Refactor part of TaintTrackingUtil.qll
 2020-10-15 16:05:38 +01:00
Tom Hvitved
2af7e1c213 C#: Use CFG nodes instead of AST nodes in sign/modulus analysis 2020-10-14 13:39:44 +02:00
Jonathan Leitschuh
fc71ca747d Java: Track taint through java.io.File::toPath & java.nio.file.Path::toFile 2020-10-13 21:15:09 -04:00
Joe Farebrother
eafde05a55 Java: Expand flow step refactoring to Callables 
Also add some missing flow steps for StringBuilder
 2020-10-12 15:50:47 +01:00
Joe Farebrother
91ce02aad4 Java: Fix bug involving varadic parameters 2020-10-12 15:50:46 +01:00
Joe Farebrother
ca60f2cc18 Java: Fix failing tests 2020-10-12 15:48:43 +01:00
Daniel Beck
0c70be145f Track taint through java.io.File constructor and #toURI; URI#toURL 2020-10-10 20:54:55 +02:00
Anders Schack-Mulligen
cb00f8bcc4 Merge pull request #4362 from tamasvajk/feature/sign-analysis-cleanup 
Sign analysis cleanup
 2020-10-08 09:10:04 +02:00
Tamás Vajk
06f1c898dc Merge pull request #4349 from tamasvajk/feature/modulus-analysis 
ModulusAnalysis shared between C# and Java
 2020-10-07 21:21:20 +02:00
Tamas Vajk
40a7f5aa1f Java: Minor fix to modulus analysis to handle constant expressions and not only compile time constants 2020-10-07 11:42:42 +02:00
Tamas Vajk
5688210249 Java: add test for modulus analysis 2020-10-07 11:41:55 +02:00
Arthur Baars
89710928c8 Merge branch 'main' into android-database 2020-10-06 10:48:22 +02:00
Anders Schack-Mulligen
30f29e0ba7 Merge pull request #4320 from aibaars/multipart-request 
Java: add Spring::MultipartRequest as taint source
 2020-10-05 13:45:06 +02:00
Anders Schack-Mulligen
e660ac54da Merge pull request #4358 from joefarebrother/format-taint 
Java: Add taint steps through string formatting methods
 2020-10-05 13:25:54 +02:00
Tamas Vajk
1cf3196b61 Fix additional PR review findings 2020-10-02 09:12:13 +02:00
Tamas Vajk
21ff1a0445 Address some of the PR review findings 2020-10-02 09:12:13 +02:00
Arthur Baars
cf6036f9b4 Java: fix some android database sinks 2020-09-30 14:42:19 +02:00
Arthur Baars
061c2a754f Java: tests for android database flow steps 2020-09-30 12:42:19 +02:00
Arthur Baars
a13e845127 Java: tests for android database sinks 2020-09-30 12:42:19 +02:00
Joe
be07d27a4c Java: Improve tests 2020-09-29 16:36:34 +01:00
Joe
bea38fcd07 Java: Add taint modelling for string format methods 2020-09-28 16:25:45 +01:00
Tamas Vajk
2bbaa4e173 Handle unsigned types in sign analysis (C# and Java) 2020-09-28 14:46:32 +02:00
Joe
5256c0ba39 Java: Improve PrintAst tests and rename things 
Add tests for `EnhcancedForStmt`s and `InstanceOfExpr`s.
Rename LocalVarDeclParent to SingleLocalVarDeclParent
 2020-09-25 11:31:56 +01:00
Joe
9c8a468237 Java: PrintAst: Add synthetic nodes for other declarations 2020-09-24 14:31:24 +01:00
Joe
1f99607624 Java: PrintAst: Improve test 2020-09-24 14:31:24 +01:00
Arthur Baars
252f8aa89d Java: add Spring::MultipartRequest as taint source 2020-09-22 19:01:10 +02:00
Tamas Vajk
8bf4a4209c C#: Sign analysis 
Synced between Java and C# through `identical-files.json`.
 2020-09-21 16:15:12 +02:00
Tamas Vajk
441fbe3215 Add Java test file for sign analysis 2020-09-21 15:07:09 +02:00
Joe
6d0df7cb3a Java: Add a container node for Imports in the PrintAst view 2020-09-17 17:29:36 +01:00
Tamás Vajk
5079deb92a Merge pull request #4268 from tamasvajk/feature/java-range-analysis-fn 
Java: Fix range analysis false negative
 2020-09-16 11:08:33 +02:00
Joe
28338eb32e Java: PrintAst: Various minor fixes of typos 
Fix references to C#

Fix getAPrimaryQlClass for JavadocTag

Fix typo for Import

Update test outputs
 2020-09-15 15:02:56 +01:00