hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
75,734 Commits 1,672 Branches 157 Tags
codeql-cli-2.20.4
Commit Graph

5453 Commits

Author SHA1 Message Date
Benjamin Muskalla
99e19e6d59 Fix predicate to only match the current API 2021-08-17 16:26:08 +02:00
Benjamin Muskalla
035f7b57e9 Improve query name 2021-08-17 16:25:49 +02:00
Sauyon Lee
390e48fdd2 Remove more redundant models 2021-08-17 02:17:36 -07:00
Andrew Eisenberg
e566fb9c5a Packaging: Update suite-helpers qlpack 
Uses new style naming scheme.
 2021-08-16 17:51:33 -07:00
Chris Smowton
ff3f85be49 Autoformat 2021-08-16 18:09:40 +01:00
Owen Mansel-Chan
b23fabe8cb Fix errors from previous PR 2021-08-16 16:11:17 +01:00
Benjamin Muskalla
87ef540b52 Split out queries showing supported APIs 2021-08-16 16:38:32 +02:00
Benjamin Muskalla
89f4a35273 Remove filter to see all unsupported APIs 2021-08-16 15:40:53 +02:00
Joe Farebrother
48c61fc4b4 Update models for Cache.getAllPresent and LoadingCache.getAll 2021-08-16 13:50:54 +01:00
Fosstars
fbac5891b8 Fixed a typo in qldoc 2021-08-14 21:28:30 +02:00
Marcono1234
48872b4588 Java: Improve Callable.getStringSignature() documentation 2021-08-14 19:58:55 +02:00
Fosstars
e2dc9753ac Covered copyOfRange() and clone() in ArrayUpdate 2021-08-14 13:25:46 +02:00
Fosstars
d218813320 Updated qldoc for ArrayUpdate 2021-08-14 13:09:14 +02:00
Fosstars
11992404ec Be precise when checking for Cipher.ENCRYPT_MODE 2021-08-14 12:18:02 +02:00
Fosstars
4e69081c22 Support multi-dimensional arrays 2021-08-13 20:52:27 +02:00
Sauyon Lee
ed1d855025 Java: Remove redundant models from Spring web.util and fix typo 2021-08-12 11:20:49 -07:00
Sauyon Lee
9a5c0f6c73 Java: Add HTML escapes as XSS sanitizers 
Co-Authored-By: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-08-12 11:20:49 -07:00
Sauyon Lee
25649a61c4 Java: Add models for the Spring web.util package 2021-08-12 11:20:48 -07:00
Owen Mansel-Chan
1c2476c6a1 Add explanatory comments 2021-08-12 14:51:49 +01:00
Owen Mansel-Chan
fe477ff989 Fix more models based on review comments 2021-08-12 14:51:37 +01:00
Chris Smowton
7a2704373f Merge pull request #5943 from joefarebrother/java-stub 
[Java] Add stubbing script
 2021-08-11 16:11:53 +01:00
Benjamin Muskalla
8aba0b04bc Add QLDoc for all shared libraries 2021-08-11 16:07:24 +02:00
Benjamin Muskalla
6287e6d8e9 Filter unused API callsites 2021-08-11 15:31:56 +02:00
Benjamin Muskalla
ec7f4d18e1 Avoid duplicates and support modular runtime 2021-08-11 15:31:33 +02:00
Joe Farebrother
7462180dcd Improve handling or array types 2021-08-10 16:52:38 +01:00
Joe Farebrother
207c753f6f Update model for getAll 2021-08-10 15:05:02 +01:00
Owen Mansel-Chan
a55a32f50a Add more missing models 
And corresponding tests
 2021-08-10 11:35:20 +01:00
Benjamin Muskalla
8127f63b1e Only include APIs without support 2021-08-10 12:05:16 +02:00
Benjamin Muskalla
26d4269071 Use FlowSources for coverage tracking 2021-08-10 12:02:56 +02:00
Benjamin Muskalla
c48586ff80 Implement coverage tracking using dataflow nodes 2021-08-10 11:38:01 +02:00
Benjamin Muskalla
5b55a83aaa Use basename for jars 2021-08-10 11:37:19 +02:00
Owen Mansel-Chan
2d31bb8d64 Remove toString taint propagation 
We do not do this for other overrides of toString
 2021-08-09 17:18:02 +01:00
Owen Mansel-Chan
487a46ae77 Improve treatment of new and old package name 2021-08-09 16:25:11 +01:00
Chris Smowton
5ba9347281 Merge pull request #6006 from artem-smotrakov/timing-attacks 
Java: Timing attacks while comparing results of cryptographic operations
 2021-08-09 15:30:47 +01:00
Owen Mansel-Chan
f94e467076 Fixes to models and tests 
Running the test generator script again showed many missing tests.
 2021-08-08 14:03:48 +01:00
Owen Mansel-Chan
377403d525 Remove redundant models and corresponding test 
Iterator.next is already modelled
 2021-08-08 13:57:51 +01:00
Owen Mansel-Chan
5d3f10824e Fix erroneous treatment of varargs in models 2021-08-08 13:57:50 +01:00
Fosstars
df0f9ee3a5 Fixed a few typos 2021-08-08 12:50:04 +02:00
Owen Mansel-Chan
9533f12e24 Add explanatory commented for MapIterator model 2021-08-06 07:06:36 +01:00
Owen Mansel-Chan
b922d7c6f3 Duplicate models for old package name 
The package name was org.apache.commons.collection until release 4.0.
 2021-08-06 07:06:34 +01:00
Chris Smowton
0b6c991ac4 Unsafe deserialization: add support for Jodd JSON library 2021-08-05 16:01:14 +01:00
Tony Torralba
0356ed7f9e Merge pull request #5911 from atorralba/atorralba/promote-missing-jwt-signature-check 
Java: Promote Missing JWT signature check query from experimental
 2021-08-05 09:43:03 +02:00
Anders Schack-Mulligen
1932f604dc Merge pull request #6419 from smowton/smowton/admin/unsafe-deserialization-jabsorb 
Add unsafe-deserialization support for Jabsorb
 2021-08-05 09:04:23 +02:00
Fosstars
b913928294 Renamed queries and merged qhelp files 2021-08-04 17:54:16 +02:00
Chris Smowton
5a42448888 Code review suggestions 
- Remove unneeded import
- Remove unnecessary `toLowerCase` call
 2021-08-04 16:08:07 +01:00
Chris Smowton
69549e9ce3 Add unsafe-deserialization support for Jabsorb 
This is partly extracted from https://github.com/github/codeql/pull/5954
 2021-08-04 15:35:50 +01:00
Anders Schack-Mulligen
5f9f857c34 Update java/ql/src/semmle/code/java/security/JWT.qll 2021-08-04 16:23:21 +02:00
Anders Schack-Mulligen
78998d0ca1 Update java/ql/src/semmle/code/java/security/JWT.qll 2021-08-04 16:22:56 +02:00
Anders Schack-Mulligen
6a09a5667d Merge pull request #5931 from atorralba/atorralba/promote-jndi-injection 
Java: Promote JNDI Injection query from experimental
 2021-08-04 15:48:44 +02:00
Owen Mansel-Chan
b82389088b Model interfaces in Apache Commons Collections main package 2021-08-04 14:26:59 +01:00