hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
77,734 Commits 1,671 Branches 157 Tags
codeql-cli-2.21.0
Commit Graph

13017 Commits

Author SHA1 Message Date
Arthur Baars
31e284a707 Add test case 2020-04-28 11:26:43 +02:00
Arthur Baars
9742d3892d Java: Add org.apache.commons.codec.(De|En)coder to TainTrackingUtil 
The commons codec library contains many encoder and decoder methods
and is fairly commonly used.
 2020-04-28 11:26:43 +02:00
Grzegorz Golawski
31a2972eca Remove qlpack.yml as these are not needed 2020-04-27 23:32:48 +02:00
Grzegorz Golawski
0c75330e42 Remove qlpack.yml as these are not needed 2020-04-27 23:31:10 +02:00
Grzegorz Golawski
639aa826ea Remove qlpack.yml as these are not needed 2020-04-27 23:26:59 +02:00
Grzegorz Golawski
d590f3fba8 CodeQL query to detect XSLT injections 2020-04-27 22:35:35 +02:00
yo-h
97f4cb64ef Merge pull request #3349 from aschackmull/java/qldoc1 
Java: Improve qldoc coverage.
 2020-04-27 12:49:23 -04:00
Tom Hvitved
d28c4fb0f5 Merge pull request #3202 from jbj/pathStep-join-unique 
Java/C++/C#: Use `unique` to improve join order fix
 2020-04-27 13:06:27 +02:00
Arthur Baars
59869ace63 Java: teach Encryption.qll about MessageDigest.getInstance 
We already modelled usage of the protected `MessageDigest(String algo)`
constructor as a crypto algorithm specification. For some reason we did
not model the more commonly used public `MessageDigest.getInstance` method.
 2020-04-25 00:41:10 +02:00
Anders Schack-Mulligen
beab320557 Java: Add more qldoc. 2020-04-24 14:17:47 +02:00
Grzegorz Golawski
40fcd4cbe5 Fix references 2020-04-19 20:49:07 +02:00
Grzegorz Golawski
457e2eaf59 CodeQL query to detect OGNL injections 2020-04-19 20:31:57 +02:00
Grzegorz Golawski
af48bc3e57 CodeQL query to detect JNDI injections 2020-04-17 21:45:42 +02:00
Tom Hvitved
05ec75558d Java: Update test 2020-04-17 13:49:08 +02:00
Tom Hvitved
1b6e978a62 Data flow: Sync files 2020-04-17 13:49:06 +02:00
Pavel Avgustinov
6737e99d65 Merge pull request #3209 from hmakholm/baselib-extractor 
Add extractor field in base language QL packs
 2020-04-09 15:24:49 +01:00
luchua-bc
b7f2d32fb0 Address improper URL authorization 2020-04-08 22:41:11 -04:00
luchua-bc
e1a680cd86 Address improper URL authorization 2020-04-08 22:41:11 -04:00
yo-h
9a79e3be2c Java 14: add PREVIEW FEATURE notes to QLDoc 2020-04-07 22:22:10 -04:00
yo-h
697b273e32 Java 14: update expected test output 2020-04-07 22:22:10 -04:00
yo-h
e12de3b021 Java 14: add dbscheme upgrade script for records 2020-04-07 22:22:09 -04:00
yo-h
70e09ddb88 Java 14: add dbscheme stats for records 2020-04-07 22:22:08 -04:00
yo-h
662cff8316 Java 14: add class Record to Type.qll 2020-04-07 22:22:08 -04:00
yo-h
e1787f58aa Java 14: add isRecord relation to dbscheme 2020-04-07 22:22:08 -04:00
yo-h
b763342277 Java 14: account for instanceof pattern matching 2020-04-07 22:22:07 -04:00
yo-h
9d2f76849b Java 14: switch expressions are no longer in preview 2020-04-07 22:22:07 -04:00
Henning Makholm
d1ff3211ef Add extractor fields to test qlpack.yml files. 2020-04-06 19:21:41 +02:00
Henning Makholm
bf579dedd4 Add extractor field in base language QL packs 2020-04-06 18:48:01 +02:00
Jonas Jensen
46fc91315b Java/C++/C#: Revert the join order fix from #2872 
This revert brings back the performance problems in
`DataFlowImplLocal.qll` so they can be fixed in a different way. The fix
in #2872 was asymptotically good but had undesired overhead because it
introduced another predicate in the SCC that existed purely for join
ordering.

I did the revert by inlining the helper predicate, eliminating the
`enclosing` variable, and re-ordering the resulting lines to what they
were before #2872.
 2020-04-06 10:04:50 +02:00
Robert
1096e5d947 Merge pull request #3163 from robertbrignull/code_scanning_suites 
Add code-scanning suites
 2020-04-06 08:45:40 +01:00
Grzegorz Golawski
1d8da905ac Make the test runnable via codeql test run 2020-04-03 21:44:13 +02:00
ggolawski
79d7ea36ff Update java/ql/src/experimental/Security/CWE/CWE-016/SpringBootActuators.qll 
Co-Authored-By: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2020-04-03 21:36:34 +02:00
Grzegorz Golawski
6ca963a8c8 Fix 2020-04-03 00:30:02 +02:00
Grzegorz Golawski
f05b2af69d Move to experimental 2020-04-03 00:27:51 +02:00
Grzegorz Golawski
cffe89f652 Merge branch 'master' into java-spring-boot-actuators 2020-04-02 22:06:25 +02:00
Anders Schack-Mulligen
01157e43e3 Merge pull request #2899 from p-/cwe-036 
Java: Calling openStream on URLs created from remote source can lead to file disclosure
 2020-04-02 13:55:06 +02:00
Peter Stöckli
ca80bfda4f Fix tags 2020-04-02 07:43:55 +02:00
Peter Stöckli
36c351dc68 Add input from documentation review 2020-04-01 17:59:45 +02:00
Tom Hvitved
42e180d6c4 Merge pull request #3060 from aschackmull/dataflow/no-param-to-same-param-flow 
Dataflow: Exclude param-param flow through with identical params.
 2020-04-01 09:42:12 +02:00
Peter Stöckli
60d5ed9c79 Input from Review 2020-03-31 18:30:00 +02:00
Peter Stöckli
40c3b5468f Fix QHelp/XML syntax 2020-03-30 18:55:14 +02:00
Tom Hvitved
9fa9c10361 Merge pull request #2921 from aschackmull/dataflow/consistency-checks 
Java: Add data-flow consistency checks.
 2020-03-30 12:47:41 +02:00
Anders Schack-Mulligen
caf0d1528f Merge pull request #3155 from max-schaefer/add-module-comment 
Data flow: Add module doc comment for `TaintTrackingImpl.qll`
 2020-03-30 12:07:08 +02:00
Max Schaefer
e5e94e3357 Data flow: Add module doc comment for TaintTrackingImpl.qll 
Modelled after the correponding comment for `DataFlowImpl.qll`.
 2020-03-30 10:35:47 +01:00
Anders Schack-Mulligen
b2769b42ed Merge pull request #3117 from adityasharad/java/jackson-taint-steps 
Java: Add taint steps through Jackson serialization methods.
 2020-03-30 10:34:56 +02:00
luchua-bc
000d894d99 Include Gradle Logging 2020-03-28 14:00:28 -04:00
luchua-bc
048a33e143 Remove user ids from the check since they get logged a lot and are less sensitive 2020-03-27 19:40:00 -04:00
Robert Brignull
90fad6f762 add code scanning suites 2020-03-27 17:03:23 +00:00
Peter Stöckli
c6688eb349 Fix OpenStream documentation 2020-03-27 17:08:49 +01:00
Peter Stöckli
3de00443ff Review feeback for OpenStream 2020-03-27 17:06:58 +01:00