hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
75,734 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.4
Commit Graph

5453 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
ba86dea657 Java: Improve taint step modeling to use postupdate nodes. 2020-02-05 15:33:29 +01:00
Anders Schack-Mulligen
07482abed7 Java/C++/C#: Sync. 2020-02-05 15:17:20 +01:00
Anders Schack-Mulligen
274919ca08 Java: Fix recent perf regressions. 2020-02-05 15:15:15 +01:00
Jonathan Leitschuh
832a4f2e07 Add DefaultFullHttpResponse to Netty Check 2020-02-04 15:40:59 -05:00
Tom Hvitved
15ee1e37b9 Java: Follow-up changes 2020-02-04 14:09:12 +01:00
Tom Hvitved
c591719df2 Data flow: Sync files 2020-02-04 14:09:12 +01:00
Anders Schack-Mulligen
3b81c3b95c Merge pull request #2651 from ggolawski/java-ldap-injection 
Java LDAP Injection (CWE-90)
 2020-01-31 16:43:52 +01:00
yo-h
7ca7bdfc46 Merge pull request #2725 from aschackmull/java/sqlinjection-number-barrier 
Java: Add java.lang.Number as a sanitizer for SQL injection.
 2020-01-30 18:25:24 -05:00
yo-h
b542b08c95 Merge pull request #2726 from aschackmull/java/outputstream-write-taint 
Java: Improve taint for OutputStream.write and InputStream.read.
 2020-01-30 18:24:00 -05:00
yo-h
563be9f817 Merge pull request #2719 from aschackmull/java/deprecate-parexpr 
Java: Deprecate ParExpr
 2020-01-30 18:23:13 -05:00
Grzegorz Golawski
db55ec250a Rename CWE-90 to CWE-090 2020-01-30 22:32:36 +01:00
Anders Schack-Mulligen
2a0a568cbb Java: Remove duplicate class. 2020-01-30 17:04:35 +01:00
yo-h
dd517a433a Merge pull request #2671 from aschackmull/java/null-flow 
Java: Allow null literals as sources in data flow.
 2020-01-30 09:47:46 -05:00
Anders Schack-Mulligen
9bea581a23 Java: Improve taint for OutputStream.write and InputStream.read. 2020-01-30 14:29:56 +01:00
Anders Schack-Mulligen
a167577551 Java: Add java.lang.Number as a sanitizer for SQL injection. 2020-01-30 12:01:36 +01:00
Anders Schack-Mulligen
d8b842298c Java: Autoformat. 2020-01-30 10:54:54 +01:00
Anders Schack-Mulligen
75c549baa1 Java: Deprecate ParExpr. 2020-01-30 10:52:16 +01:00
ggolawski
ebd2b932e8 Update java/ql/src/Security/CWE/CWE-90/LdapInjection.qhelp 
Co-Authored-By: Felicity Chapman <felicitymay@github.com>
 2020-01-29 20:05:20 +01:00
Anders Schack-Mulligen
9b7a728609 Java: Autoformat. 2020-01-29 12:16:25 +01:00
Grzegorz Golawski
bbcfbd7a28 Apply suggestion from code review 2020-01-28 22:34:01 +01:00
yo-h
97069a7988 Merge pull request #2683 from aschackmull/java/lshift32 
Java: Add new query for large left shifts and bugfix ConstantExpAppearsNonConstant.
 2020-01-28 13:30:26 -05:00
Anders Schack-Mulligen
0b3c90b526 Java: Fix whitespace query. 2020-01-28 10:15:48 +01:00
Anders Schack-Mulligen
f8805ebb24 Java: Update 2 queries. 2020-01-28 10:15:48 +01:00
Anders Schack-Mulligen
4bd332ddca Java: Add Expr.isParenthesized, adjust VarAccess.toString, and fix tests. 2020-01-28 10:15:48 +01:00
Anders Schack-Mulligen
597d8e7d94 Java: Update dbscheme for ParExpr removal. 2020-01-28 10:15:48 +01:00
Anders Schack-Mulligen
dc7e8ad2ff Java: Reword help according to review comment. 2020-01-28 10:13:35 +01:00
Anders Schack-Mulligen
a99a6f79cd Apply suggestions from code review 
Co-Authored-By: Felicity Chapman <felicitymay@github.com>
 2020-01-28 10:13:35 +01:00
Anders Schack-Mulligen
4cb28d9b1d Java: Add new query for large left shifts and bugfix ConstantExpAppearsNonConstant. 2020-01-28 10:13:34 +01:00
Grzegorz Golawski
7b2192d2e3 Apply suggestion from code review 2020-01-27 22:34:15 +01:00
ggolawski
408c49a61c Apply suggestions from code review 
Co-Authored-By: Felicity Chapman <felicitymay@github.com>
 2020-01-27 22:31:51 +01:00
Chris Gavin
484333b192 Java: Update help and description of java/suspicious-date-format. 2020-01-27 11:57:59 +00:00
Chris Gavin
88146295f9 Java: Add a query for suspicious date format patterns. 2020-01-27 11:57:18 +00:00
Anders Schack-Mulligen
816a8d1f9e Merge pull request #2586 from ggolawski/spring_disable_csrf 
Add check for disabled CSRF protection in Spring
 2020-01-27 11:32:39 +01:00
Esben Sparre Andreasen
57b3a55b48 java: sharpen java/maven/non-https-url to allow localhost URLs 2020-01-24 08:51:54 +01:00
Grzegorz Golawski
968c18d208 Query to detect LDAP injections in Java 
Refactoring according to review comments.
 2020-01-23 22:51:10 +01:00
yo-h
eb6f8da080 Merge pull request #2679 from aschackmull/java/remove-depr-flow-fwd-back 
Java/C++/C#: Remove the deprecated hasFlowForward/hasFlowBackward.
 2020-01-23 14:10:28 -05:00
yo-h
50320c7828 Merge pull request #2628 from aschackmull/java/no-adhoc-testclass 
Java: Replace ad-hoc TestClass detection.
 2020-01-23 14:09:11 -05:00
Anders Schack-Mulligen
e7f7c7370a Java/C++/C#: Remove the deprecated hasFlowForward/hasFlowBackward. 2020-01-23 14:05:18 +01:00
yo-h
9a939534c7 Merge pull request #2670 from aschackmull/java/remove-parityanalysis 
Java: Remove the deprecated ParityAnalysis.
 2020-01-22 16:22:34 -05:00
Grzegorz Golawski
bed6a9886f Query to detect LDAP injections in Java 
Autoformat
 2020-01-22 21:42:47 +01:00
Grzegorz Golawski
5596944926 Add check for disabled CSRF protection in Spring 
Fix help and correct formatting.
 2020-01-22 21:27:34 +01:00
Anders Schack-Mulligen
b92203a87f Java: Allow null literals as sources in data flow. 2020-01-22 12:04:42 +01:00
Anders Schack-Mulligen
cf004ac9d8 Java: Remove the deprecated ParityAnalysis. 2020-01-22 11:45:18 +01:00
Grzegorz Golawski
c5a974788b Add check for disabled CSRF protection in Spring 
Fix the help according to review comments.
 2020-01-21 21:54:36 +01:00
Anders Schack-Mulligen
9cc0d3d1f4 Java/C++/C#: Remove DataFlowLocation as it's no longer needed. 2020-01-21 15:08:39 +01:00
Grzegorz Golawski
00ee3d2549 Query to detect LDAP injections in Java 
Cleanup
 2020-01-18 20:21:38 +01:00
Grzegorz Golawski
95723b08e1 Query to detect LDAP injections in Java 
Add help
 2020-01-18 19:01:35 +01:00
Grzegorz Golawski
8cec46342f Query to detect LDAP injections in Java 
Refactoring
 2020-01-18 17:14:22 +01:00
Tom Hvitved
f7278d36e1 Merge pull request #2498 from aschackmull/java/taint-getter 
Java/C++/C#: Add support for taint-getter/setter summaries in data flow.
 2020-01-15 09:55:19 +01:00
Grzegorz Golawski
b7325232d7 Query to detect LDAP injections in Java 
Consider DNs as injection points as well
Add more taint steps
 2020-01-14 23:07:21 +01:00