hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
75,734 Commits 1,672 Branches 157 Tags
codeql-cli-2.20.4
Commit Graph

4003 Commits

Author SHA1 Message Date
Ian Lynagh
4721ccd965 Kotlin: Add tests 2022-05-10 18:45:51 +01:00
Marcono1234
c760d39d59 Merge remote-tracking branch 'remotes/origin/main' into marcono1234/statement-expression 2022-05-09 00:28:19 +02:00
Marcono1234
36f56b5a18 Java: Rename StmtExpr to ValueDiscardingExpr 
As mentioned by aschackmull during review, StatementExpression as defined
by the JLS only lists possible types of expressions, it does _not_ specify
that their value is discarded. Therefore, for example any method call could
be considered a StatementExpression.

The name ValueDiscardingExpr was chosen as replacement because the JLS uses
the phrase "if the expression has a value, the value is discarded" multiple
times.
 2022-05-09 00:27:15 +02:00
Tony Torralba
ca2959cf37 Merge pull request #8537 from atorralba/atorralba/unsafe_android_access_improvs 
Java: Improvements to UnsafeAndroidAccess
 2022-05-05 16:46:54 +02:00
luchua-bc
937ab417b1 Query to detect hardcoded JWT secret keys 2022-05-04 23:09:48 +00:00
Joe Farebrother
64227c9109 Fix codescanning alerts 2022-05-04 15:58:30 +01:00
Joe Farebrother
66ab2bca75 Update PrintAst test output 2022-05-04 15:41:41 +01:00
Joe Farebrother
5e3ba130dc Add a test for deeply nested sequences 2022-05-04 15:41:40 +01:00
Joe Farebrother
4ed2e8d1fd Update tests to account for only regexes with quantifiers being considered 2022-05-04 15:41:40 +01:00
Joe Farebrother
1605d36ddf Refine polynomial redos sources to exclude length limited methods 2022-05-04 15:41:39 +01:00
Joe Farebrother
6794268a3c Split PolynomialRedos definition into a library to avoid duplication in the tests 2022-05-04 15:41:38 +01:00
Joe Farebrother
5555985ad6 Distingush between whether or not a regex is matched against a full string 
Also some fixes and additional tests
 2022-05-04 15:41:38 +01:00
Joe Farebrother
bb562643c6 Support possessive quantifiers, which cannot backtrack. 
They are approximated by limiting them to up to one repetition (effectively making *+ like ? and ++ like a no-op).
 2022-05-04 15:41:37 +01:00
Joe Farebrother
49374b877a Fix parsing of alternations in character classes 2022-05-04 15:41:37 +01:00
Joe Farebrother
3ce0c2c23b Add more regex use functions in String 2022-05-04 15:41:36 +01:00
Joe Farebrother
57ba8a4d1b Improve handling of hex escapes; and support some named character classes 2022-05-04 15:41:36 +01:00
Joe Farebrother
5143585080 Fix to PolynomialRedos not finding results and to test cases not finding that 2022-05-04 15:41:36 +01:00
Joe Farebrother
e23162d91b Add test cases for PolynomialRedos dataflow logic; make fixes 2022-05-04 15:41:35 +01:00
Joe Farebrother
5a4316d945 Add test cases for exponential redos query 2022-05-04 15:41:35 +01:00
Joe Farebrother
4b845d5dac Move test cases to their own directory to avoid conflict 2022-05-04 15:41:35 +01:00
Joe Farebrother
9f4da65030 Improve calculation of locations of regex terms 2022-05-04 15:41:35 +01:00
Joe Farebrother
bc109521aa Simplify octal handling 2022-05-04 15:41:34 +01:00
Joe Farebrother
9e88c67c19 Add more test cases; make some fixes 2022-05-04 15:41:34 +01:00
Joe Farebrother
28649da187 Add parser tests; fix some parser issues. 
[temporarily renamed existing regex/Test.java during rebasing to avoid conflict]
 2022-05-04 15:41:33 +01:00
Tony Torralba
2d3b15f936 Add more taint models 2022-05-04 12:32:59 +02:00
Tony Torralba
49259a6575 Remove everything related to WebView CSV models 
This reverts commit c6c72eb.
 2022-05-04 10:53:31 +02:00
Tony Torralba
7ba5a032ce Add tests and stubs for the new sources and flow steps 2022-05-04 10:53:30 +02:00
Tony Torralba
b876431950 Merge pull request #8706 from luchua-bc/java/unsafe-get-resource 
Java: CWE-552 Add sources and sinks to to detect unsafe getResource calls in Java EE applications
 2022-05-04 10:12:28 +02:00
Tony Torralba
7b3a803d19 Add flow step from startActivity to getIntent 2022-05-03 15:46:17 +02:00
Tony Torralba
9c92454fa7 Merge pull request #8872 from atorralba/atorralba/android-widget-flowstep 
Java: Add Editable.toString flow step
 2022-05-03 15:27:52 +02:00
Tony Torralba
de8b5f927b Adjust test expectations 2022-05-02 16:55:11 +02:00
Anders Schack-Mulligen
86516b157b Merge pull request #8884 from JLLeitschuh/feat/JLL/additional-file-taint-flow 
Java: Add additional `File` taint value flow models
 2022-05-02 16:30:45 +02:00
Tony Torralba
8602a6f6c9 Add models for OkHttp and Retrofit 2022-05-02 15:42:15 +02:00
luchua-bc
920a7cd2e6 Put back the taint step removed during merge 2022-04-29 20:29:04 +00:00
Tony Torralba
12320aa5d2 Fix Intent Redirection sanitizer 2022-04-29 12:19:49 +02:00
luchua-bc
0aa1251ffe Add more test cases 2022-04-29 02:31:43 +00:00
Jorge
193ea1a86e Merge branch 'main' into mybatis-new-sinks 2022-04-28 22:26:38 +02:00
Tony Torralba
604a5fc71f Merge pull request #8639 from atorralba/atorralba/spring-beans-improvements 
Java: Improve Spring models
 2022-04-28 11:59:51 +02:00
Tony Torralba
e99cee4913 Merge branch 'main' into java/unsafe-get-resource 2022-04-27 16:45:42 +02:00
Jonathan Leitschuh
2565cdb964 Add additional File taint value flow models 
Adds
 - File::getAbsoluteFile
 - File::getCanonicalFile
 - File::getAbsolutePath
 - File::getCanonicalPath
 2022-04-26 10:42:53 -04:00
Artem Smotrakov
12ca1f0b11 Fixed library-tests/frameworks/guava/handwritten/flow.ql 2022-04-26 13:34:24 +01:00
Artem Smotrakov
52b7fbf484 Removed non-ASCII characters 2022-04-26 13:34:24 +01:00
Artem Smotrakov
e86fd72529 Moved RabbitMQ tests to java/ql/test/library-tests/frameworks/rabbitmq 2022-04-26 13:34:23 +01:00
Artem Smotrakov
20f185e772 Use tainted tag in JMS tests 2022-04-26 13:34:23 +01:00
Artem Smotrakov
b6bd4f92d1 Added sources and steps for JMS API 2022-04-26 13:34:21 +01:00
Artem Smotrakov
269143a19f Java: Added sources and flow steps for RabbitMQ 2022-04-26 13:34:04 +01:00
Tony Torralba
2ee83e2ba2 Add Editable.toString flow step 2022-04-26 13:34:16 +02:00
Tony Torralba
85d5b122f7 Merge pull request #8817 from atorralba/atorralba/cleartext-storage-sharedprefs-improvs 
Java: Add value-preserving flow steps for Android's SharedPreferences
 2022-04-25 16:16:46 +02:00
Anders Schack-Mulligen
cbdd4927ce Merge pull request #8582 from Marcono1234/marcono1234/JumpStmt-superclass 
Java: Make `JumpStmt` a proper superclass
 2022-04-25 12:22:20 +02:00
Tony Torralba
f1c08bc492 Add value-preserving steps for SharedPreferences 2022-04-22 17:44:59 +02:00