hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
77,734 Commits 1,672 Branches 157 Tags
codeql-cli-2.21.0
Commit Graph

1183 Commits

Author SHA1 Message Date
Geoffrey White
cf75397ef1 Java: Rename tests. 2020-06-30 14:33:05 +01:00
Geoffrey White
f8425b8a58 Java: Update uses. 2020-06-30 13:02:48 +01:00
Tom Hvitved
c01f570d9e Java: Implement clearsContent() 2020-06-23 10:55:12 +02:00
Tom Hvitved
e578827626 Java: Add more field-flow tests 2020-06-23 10:55:11 +02:00
Anders Schack-Mulligen
8107fbadc2 Merge pull request #3456 from hvitved/dataflow/precise-field-types 
Data flow: Track precise types during field flow
 2020-06-19 11:50:10 +02:00
Anders Schack-Mulligen
74eab3cbc0 Dataflow: Fix qltest. 2020-06-17 17:23:35 +02:00
Anders Schack-Mulligen
64225c31a6 Java: Add test case. 2020-06-04 10:31:08 +02:00
Anders Schack-Mulligen
37c8917813 Java: Add test. 2020-05-18 13:19:19 +02:00
Tom Hvitved
e608c53c3f Java: Follow-up changes 2020-05-14 15:58:50 +02:00
Anders Schack-Mulligen
0aad24e6db Java: Extend library support for switch expressions. 2020-05-14 15:40:26 +02:00
Anders Schack-Mulligen
2561ba82db Merge pull request #3215 from aibaars/validating-object-input 
Java: teach UnsafeDeserialization about ValidatingObjectInputStream
 2020-05-07 14:57:50 +02:00
Arthur Baars
797721cd31 Test 2020-05-06 12:15:27 +02:00
Anders Schack-Mulligen
3b3ca6d41e Merge pull request #3214 from aibaars/base64 
Java: Add org.apache.commons.codec.(De|En)coder to TaintTrackingUtil
 2020-05-06 09:21:18 +02:00
Anders Schack-Mulligen
b7458091a9 Merge pull request #3110 from hvitved/dataflow/no-more-summaries 
Data flow: No more flow summaries
 2020-05-05 13:27:07 +02:00
Anders Schack-Mulligen
b6a7ab8bf4 Merge pull request #3372 from aibaars/spring-multipart 
Java: add `org.springframework.web.multipart.MultipartFile::getX` as RemoteFlowSource
 2020-04-29 11:35:04 +02:00
Arthur Baars
ae2bab7e9c Add test case 2020-04-28 16:57:03 +02:00
Arthur Baars
31e284a707 Add test case 2020-04-28 11:26:43 +02:00
Arthur Baars
59869ace63 Java: teach Encryption.qll about MessageDigest.getInstance 
We already modelled usage of the protected `MessageDigest(String algo)`
constructor as a crypto algorithm specification. For some reason we did
not model the more commonly used public `MessageDigest.getInstance` method.
 2020-04-25 00:41:10 +02:00
Tom Hvitved
05ec75558d Java: Update test 2020-04-17 13:49:08 +02:00
yo-h
697b273e32 Java 14: update expected test output 2020-04-07 22:22:10 -04:00
yo-h
9d2f76849b Java 14: switch expressions are no longer in preview 2020-04-07 22:22:07 -04:00
Anders Schack-Mulligen
b2769b42ed Merge pull request #3117 from adityasharad/java/jackson-taint-steps 
Java: Add taint steps through Jackson serialization methods.
 2020-03-30 10:34:56 +02:00
Aditya Sharad
a6e039b284 Java: Add tests for Jackson taint steps. 
Add stubs for jackson-databind-2.10.
Based on http://fasterxml.github.io/jackson-databind/javadoc/2.10.
Test taint through Jackson serialization APIs.
 2020-03-24 12:59:24 -07:00
Anders Schack-Mulligen
d8edae96df Java: Add test. 2020-03-24 15:24:17 +01:00
Anders Schack-Mulligen
e1a0c2d846 Java: Add minor test case to typeflow qltest. 2020-03-11 13:13:19 +01:00
Anders Schack-Mulligen
4298a3a931 Java: Add test. 2020-03-09 11:16:59 +01:00
yo-h
f8bf055fe1 Merge pull request #2927 from aschackmull/java/taintgettersetter-tests 
Java: Add some more taint-getter-setter tests.
 2020-02-27 22:12:25 -05:00
Anders Schack-Mulligen
33f6392be5 Java: Add some more taint-getter-setter tests. 2020-02-27 10:47:25 +01:00
Anders Schack-Mulligen
0c30d7cced Java: Update test output. 2020-02-27 10:28:12 +01:00
semmle-qlci
ecad925101 Merge pull request #2631 from hvitved/dataflow/generalize-flow-summaries 
Approved by aschackmull
 2020-02-17 18:22:46 +00:00
Anders Schack-Mulligen
75f7671e75 Java: Fix .expected 2020-02-06 10:27:44 +01:00
Anders Schack-Mulligen
ba86dea657 Java: Improve taint step modeling to use postupdate nodes. 2020-02-05 15:33:29 +01:00
Tom Hvitved
15ee1e37b9 Java: Follow-up changes 2020-02-04 14:09:12 +01:00
Anders Schack-Mulligen
2b1723dd88 Java: Move some taint tests. 2020-02-04 13:21:31 +01:00
yo-h
b542b08c95 Merge pull request #2726 from aschackmull/java/outputstream-write-taint 
Java: Improve taint for OutputStream.write and InputStream.read.
 2020-01-30 18:24:00 -05:00
yo-h
563be9f817 Merge pull request #2719 from aschackmull/java/deprecate-parexpr 
Java: Deprecate ParExpr
 2020-01-30 18:23:13 -05:00
yo-h
dd517a433a Merge pull request #2671 from aschackmull/java/null-flow 
Java: Allow null literals as sources in data flow.
 2020-01-30 09:47:46 -05:00
Anders Schack-Mulligen
9bea581a23 Java: Improve taint for OutputStream.write and InputStream.read. 2020-01-30 14:29:56 +01:00
Anders Schack-Mulligen
75c549baa1 Java: Deprecate ParExpr. 2020-01-30 10:52:16 +01:00
Anders Schack-Mulligen
4bd332ddca Java: Add Expr.isParenthesized, adjust VarAccess.toString, and fix tests. 2020-01-28 10:15:48 +01:00
Anders Schack-Mulligen
b92203a87f Java: Allow null literals as sources in data flow. 2020-01-22 12:04:42 +01:00
Anders Schack-Mulligen
bca79cd4d6 Java/C++/C#: Add support for taint-getter/setter summaries. 2019-12-16 16:15:48 +01:00
Anders Schack-Mulligen
333d0a69d2 Java/C++/C#: Bugfix for field flow through reverse read. 2019-11-29 09:38:24 +01:00
yh-semmle
e232f538e9 Java 13: update test options 2019-11-02 16:09:32 -04:00
Anders Schack-Mulligen
38aba7bfc1 Java: Fix qltest. 2019-10-07 15:51:42 +02:00
Cornelius Riemenschneider
9ef61bd43c Address more parts of Anders review. 2019-10-07 15:19:20 +02:00
Cornelius Riemenschneider
0f5dd5d7c7 Add one more test with a more complicated guard. 2019-10-07 15:14:42 +02:00
Cornelius Riemenschneider
d79eaffd3a Prune unreachable paths in the Java dataflow library based on call context. 
We now detect patterns like
f(bool cond){
       if(cond)
        then A
        else B
and prune branches for calls like f(true) or f(false).
This pruning is done both in the local (bigstep) flow graph
as well as in the inter-procedural dataflow graph.
 2019-10-07 15:10:54 +02:00
Cornelius Riemenschneider
dba93b30e7 Add tests exhibiting false positives in the dataflow library, where call context is not used to prune branches. 2019-10-07 14:59:55 +02:00
Tom Hvitved
7f6e253425 Java: Update expected test output 2019-10-04 11:09:44 +02:00