codeql

mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00

Author	SHA1	Message	Date
yo-h	4f2060f96b	Merge commit '2d618d6b928d8b76ac8033b3b63d9bde71caa325' into yo-h/java16	2021-04-11 23:55:33 -04:00
luchua-bc	4e3791dc0d	Remove LoadCredentialsConfiguration and update qldoc	2021-04-09 19:36:35 +00:00
Tom Hvitved	fd8f745468	Java: Adopt shared flow summary library and refactor data-flow nodes.	2021-04-09 16:57:03 +02:00
Artem Smotrakov	b39a3ab12c	Added setVariable() sink	2021-04-08 20:41:43 +03:00
Anders Schack-Mulligen	6109ef5e88	Merge pull request #5475 from Marcono1234/marcono1234/minus-literal Java: Improve documentation regarding minus in front of numeric literals	2021-04-08 16:11:14 +02:00
haby0	86ef2588f1	Restore @Component annotation	2021-04-08 17:55:29 +08:00
haby0	3f0a3266aa	[Java] CWE-348: Use of less trusted source	2021-04-08 17:14:03 +08:00
Artem Smotrakov	a764a79090	Always bind arguments in TaintPropagatingCall	2021-04-07 21:12:21 +03:00
yo-h	cc63563a88	Merge remote-tracking branch 'upstream-public/main' into yo-h/java16	2021-04-06 13:16:02 -04:00
intrigus	885044e331	[Java] Add tests for jwt signature check query.	2021-04-06 01:01:57 +02:00
intrigus	b7e49c78fe	[Java] Add stubs for jwtk-jjwt-0.11.2	2021-04-06 01:01:23 +02:00
luchua-bc	1349bf7b0b	Create a .qll file to reuse the code and add check of Spring properties	2021-03-30 11:25:29 +00:00
haby0	0775d35591	update VerificationMethodFlowConfig, add if test	2021-03-29 12:02:37 +08:00
luchua-bc	5ce3f9d6ff	Update qldoc and enhance the query	2021-03-28 16:10:35 +00:00
luchua-bc	a53cbc1631	Update qldoc and make the query more readable	2021-03-27 00:11:01 +00:00
Chris Smowton	3a274424ab	Convert fluent method models to csv and generalise to the three different variants of StrBuilder.	2021-03-26 14:31:36 +00:00
Chris Smowton	851317e34f	Add models for StrBuilder's fluent methods	2021-03-26 14:31:36 +00:00
Anders Schack-Mulligen	506c95d098	Merge pull request #5372 from smowton/smowton/feature/commons-lang-models-to-csv Java: Convert existing Commons Lang models to CSV	2021-03-26 10:18:23 +01:00
luchua-bc	d33b04cd96	Query to detect plaintext credentials in Java properties files	2021-03-26 02:33:40 +00:00
Anders Schack-Mulligen	28fb0edfbe	Merge pull request #4920 from luchua-bc/java/hash-without-salt Java: Query to detect hash without salt	2021-03-25 16:13:26 +01:00
Chris Smowton	7fb5bd0cab	Add tests for and slightly expand models of Commons Lang's ArrayUtils class	2021-03-25 15:11:51 +00:00
luchua-bc	fe0e7f5eac	Change method check to taint flow	2021-03-25 01:45:13 +00:00
luchua-bc	08c3bf26d5	Update the query to accommodate more cases	2021-03-24 23:32:27 +00:00
Anders Schack-Mulligen	a1ccbcdaf1	Merge pull request #5260 from artem-smotrakov/spring-http-invoker Java: Query for detecting unsafe deserialization with Spring exporters	2021-03-24 13:57:17 +01:00
haby0	3df23eecb6	Merge remote-tracking branch 'upstream/main' into JsonHijacking	2021-03-24 15:52:01 +08:00
Anders Schack-Mulligen	27408fefe2	Merge pull request #5008 from torque59/cwe-346 Java: Queries to detect remote source flow origins to CORS header.	2021-03-23 13:54:00 +01:00
Anders Schack-Mulligen	9a56601dd3	Merge pull request #5164 from luchua-bc/java/insecure-ldap-endpoint Java: CWE-297 Query to detect insecure LDAP endpoint configuration	2021-03-23 13:53:51 +01:00
Anders Schack-Mulligen	1e6b5391d6	Merge pull request #4994 from haby0/main Java: CWE-652: Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')	2021-03-23 12:05:53 +01:00
Marcono1234	993999f64f	Java: Add test for negative numeric literals	2021-03-22 17:43:34 +01:00
yo-h	b495e1efab	Merge pull request #5411 from aschackmull/java/dataflow-lambda-dispatch Java: Bugfix dispatch to lambda in call context.	2021-03-22 08:25:21 -04:00
haby0	fe046ec71e	Merge remote-tracking branch 'upstream/main' into main	2021-03-22 17:25:37 +08:00
Artem Smotrakov	adb1ed380a	Added tests for Jakarta expression injection	2021-03-21 21:19:39 +03:00
Marcono1234	fa98443bb7	Java: Add value predicates for float and double literals; improve tests	2021-03-21 18:07:55 +01:00
yo-h	0200aedc2e	Java 16: adjust test `options`	2021-03-21 12:55:25 -04:00
haby0	c516d69b98	Merge remote-tracking branch 'upstream/main' into main	2021-03-17 16:42:48 +08:00
haby0	98204a15a6	Fix the problem	2021-03-17 15:28:04 +08:00
Joe Farebrother	1e3c4d0eb1	Add stubs to fix broken test case	2021-03-16 14:24:49 +00:00
Joe Farebrother	980b2c1f4c	Convert existing Guava models to CSV system	2021-03-16 14:24:49 +00:00
Anders Schack-Mulligen	45c9428668	Merge pull request #5337 from smowton/smowton/feature/commons-lang-random-sources Java: Add support for Commons-Lang's RandomUtils	2021-03-15 16:21:01 +01:00
Anders Schack-Mulligen	d1f30d9164	Java: Autoformat.	2021-03-15 15:28:04 +01:00
Anders Schack-Mulligen	662e17ff85	Java: Bugfix dispatch to lambda in call context.	2021-03-15 15:09:03 +01:00
Chris Smowton	58d5c2c32d	Abbreviate redundant value-flow / taint-flow tests	2021-03-12 10:53:27 +00:00
luchua-bc	c8b1bc3a89	Enhance the query	2021-03-11 21:41:34 +00:00
luchua-bc	0a35feef76	Exclude CSRF cookies to reduce FPs	2021-03-11 17:28:07 +00:00
Chris Smowton	6508a223c3	Remove useless =y value specification from inline test expectations	2021-03-11 16:22:56 +00:00
Chris Smowton	b5268def16	Add models for CONST_BYTE and CONST_SHORT	2021-03-11 16:22:56 +00:00
Chris Smowton	1c1ca70027	Add models for flow- and taint-preserving functions in Commons ObjectUtils. These should all be value-preserving, but we don't support value-preserving varargs methods yet.	2021-03-11 16:22:54 +00:00
luchua-bc	eeac7e322a	Query to detect insecure configuration of Spring Boot Actuator	2021-03-11 13:46:32 +00:00
Artem Smotrakov	0a5d58ed8a	Cover more configurations in UnsafeSpringExporterInConfigurationClass.ql	2021-03-10 21:15:19 +03:00
Chris Smowton	189b2215c5	Remove useless value from inline test expectations	2021-03-09 15:11:39 +00:00

... 67 68 69 70 71 ...

4033 Commits