hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
79,688 Commits 1,671 Branches 157 Tags
codeql-cli-2.22.0
Commit Graph

3040 Commits

Author SHA1 Message Date
Ed Minnix
172b8a6967 Documentation fixes 2023-08-17 13:05:37 -04:00
Ed Minnix
b567ec875a Documentation 2023-08-17 13:05:37 -04:00
Ed Minnix
55fae2daaa Added ESAPI sanitizer 2023-08-17 13:05:37 -04:00
Ed Minnix
f58590c6a9 Trust Boundary Work 2023-08-17 13:05:37 -04:00
Ed Minnix
b9f2da7875 Comments and import fixes 2023-08-17 13:05:36 -04:00
Ed Minnix
a8b7e70d01 Convert trust boundary models to MaD 2023-08-17 13:05:36 -04:00
Ed Minnix
76438f13b6 Trust Boundary Query 2023-08-17 13:05:36 -04:00
Edward Minnix III
41a527cf72 Merge pull request #13934 from egregius313/egregius313/add-dashes-to-sha-algorithms 
Java: Add dashes to SHA algorithm names in `Encryption.qll`
 2023-08-17 13:03:15 -04:00
Anders Schack-Mulligen
e27aad9d6c Merge pull request #13987 from aschackmull/java/rangeanalysis-joinorder-fix 
Java: Join-order fix in RangeAnalysis.
 2023-08-17 14:47:26 +02:00
Anders Schack-Mulligen
f8a0b6cd22 Java: Add nomagic 2023-08-17 11:20:02 +02:00
Anders Schack-Mulligen
0afda68ba1 Java: Join-order fix in RangeAnalysis. 2023-08-17 11:07:24 +02:00
Jeroen Ketema
33e8310625 Merge branch 'main' into shared-taint-tracking 2023-08-17 00:14:25 +02:00
Ed Minnix
7cfe78a52d Add dashes to SHA algorithm names in Encryption.qll 2023-08-15 23:42:17 -04:00
Michael Nebel
a95aad51bd Merge pull request #13546 from michaelnebel/java/withoutelement 
Java: Support for With[out]Element for MaD.
 2023-08-15 10:03:03 +02:00
Anders Schack-Mulligen
0ca3f3308b Merge pull request #13478 from aschackmull/java/varcapture 
Java: Add proper support for variable capture flow.
 2023-08-08 16:22:56 +02:00
Anders Schack-Mulligen
9d59f50340 Java: Review fixes. 2023-08-08 13:37:40 +02:00
Anders Schack-Mulligen
ab334f6c1b Java: Always apply heuristic query regardless of existing models. 2023-08-08 10:01:43 +02:00
erik-krogh
45c39e6072 limit field flow when tracking regex strings in Java 2023-08-08 09:01:23 +02:00
Jeroen Ketema
8b6a7985db Refactor the traint-tracking library to follow the dataflow library refactoring 2023-08-07 15:23:15 +02:00
Jeroen Ketema
5d2984b7a5 Merge branch 'main' into shared-taint-tracking 2023-08-07 15:22:29 +02:00
Edward Minnix III
58d8a2d77f Merge pull request #13899 from egregius313/egregius313/random-nextbytes-typo-fix 
Java: Fix typo in `StdlibRandomSource::getOutput`
 2023-08-07 07:36:44 -04:00
Tom Hvitved
2126ab0dde Merge pull request #13901 from hvitved/dataflow/refactor 
Data flow: Refactor shared library
 2023-08-07 13:22:53 +02:00
Michael Nebel
e62ec888c0 Merge pull request #13506 from michaelnebel/java/threatmodels 
Java: Threat Models
 2023-08-07 12:50:01 +02:00
Tom Hvitved
693970f243 Java: Adjust to data flow refactor 2023-08-07 11:35:23 +02:00
Tony Torralba
43b9199734 Java: Improved JaxWsEndpoint::getARemoteMethod 2023-08-07 10:21:58 +02:00
Ed Minnix
fe4eef0bcb Fix typo, replace getBytes with nextBytes 2023-08-07 00:16:47 -04:00
Jeroen Ketema
747cd1745a Update all languages to use the shared taint-tracking library 2023-08-04 22:53:25 +02:00
Michael Nebel
d3eb9c1325 Java: Add release note and address review comments. 2023-08-04 13:36:43 +02:00
Anders Schack-Mulligen
84316c41a3 Java: Add more qldoc. 2023-08-03 10:04:06 +02:00
Anders Schack-Mulligen
90052a3ca2 Java: Add proper types for capture nodes. 2023-08-03 10:04:06 +02:00
Anders Schack-Mulligen
37455ec29e Java: Replace ratpack test fix with general heuristic summary. 2023-08-03 10:04:06 +02:00
Anders Schack-Mulligen
c5990311ca Java: Redesign and reimplement variable capture flow. 2023-08-03 10:04:06 +02:00
Anders Schack-Mulligen
a23e77ca58 Java: Disregard heap parameter in any-argument and any-parameter specs. 2023-08-03 10:04:05 +02:00
Anders Schack-Mulligen
d1a616a70a Java: Add proper support for variable capture flow. 2023-08-03 10:04:02 +02:00
Mathias Vorreiter Pedersen
3007fdab5e Sync identical files. 2023-08-02 14:33:33 +02:00
Anders Schack-Mulligen
7bc8bf616f Merge pull request #13863 from aschackmull/dataflow/pack4 
Dataflow: Move the shared library to a properly shared qlpack.
 2023-08-02 14:19:49 +02:00
Anders Schack-Mulligen
c34c667e6b Java: Adjust to use the qlpack data-flow api. 2023-08-01 13:47:09 +02:00
Anders Schack-Mulligen
d7ea60e137 Java: Move data flow lib. 2023-08-01 13:47:08 +02:00
Michael Nebel
a9bc23fa3e Java: Add threat model configuration related extensible predicates and some initial tuples. 2023-08-01 12:56:13 +02:00
Michael Nebel
a8ccc8d980 Java: Update MaD internal documentation. 2023-08-01 12:03:44 +02:00
Michael Nebel
21ec83a197 Java: Add MaD support for With[out]Element. 2023-08-01 12:03:44 +02:00
Anders Schack-Mulligen
e87b8ba3d7 Java: Make the barrier in java/potentially-weak-cryptographic-algorithm less restrictive. 2023-07-31 14:28:53 +02:00
Tony Torralba
2cbb7ed296 Java: Add XXE sinks for MDHT 2023-07-31 11:13:17 +02:00
Tony Torralba
41f1315da9 Merge pull request #13772 from atorralba/atorralba/java/inputstream-wrapper-read-step 
Java: Add taint steps for InputStream wrappers
 2023-07-31 11:12:43 +02:00
Tony Torralba
08cba7dc5f Merge pull request #13713 from pwntester/java/struts2_source_taint_inheriting 
[Java] Implement field taint inheritance for Struts2 unmarshalled objects
 2023-07-28 16:46:27 +02:00
Owen Mansel-Chan
a020189895 Merge pull request #13822 from owen-mc/dataflow/mergepathgraph3-signature-fix 
Dataflow: MergePathGraph3 signature fix
 2023-07-28 15:15:43 +01:00
Alvaro Muñoz
c3a2ae2943 Account for public fields/setters 2023-07-28 12:12:07 +02:00
Tony Torralba
c239a4399c Changed Struts2ActionSupportClassFieldReadSource to be a FieldValueNode instead of a field read 2023-07-27 10:39:06 +02:00
Alvaro Muñoz
f3fc56294e implement field taint inheritance for Struts2 unmarshalled objects 2023-07-27 10:39:06 +02:00
Tony Torralba
9d6bc76dc0 Merge pull request #13817 from atorralba/atorralba/java/non-static-fieldvaluenode-step 
Java: Allow flow out of FieldValueNodes for non-static fields
 2023-07-27 09:14:04 +02:00