hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
79,688 Commits 1,671 Branches 157 Tags
codeql-cli-2.22.0
Commit Graph

3040 Commits

Author SHA1 Message Date
Jami Cogswell
0355b78f13 Java: add deprecation deletion comment 2023-06-01 12:57:06 -04:00
Jami Cogswell
b3d218a503 Java: condense 'replacementKind' code 2023-06-01 12:57:06 -04:00
Jami Cogswell
06c83ee14d Java: add error message for deprecated sink kinds to 'getInvalidModelKind' 2023-06-01 12:57:05 -04:00
Jami
617107de35 Merge pull request #12916 from jcogs33/jcogs33/revamp-java-sink-kinds 
Java: revamp MaD sink kinds
 2023-06-01 12:48:30 -04:00
Jami Cogswell
de15013715 Java: remove RemoteFlowSources module 2023-06-01 12:25:26 -04:00
Jami Cogswell
5700a6eea4 Java: remove DefaultAndroidWidgetSources class 2023-06-01 12:25:26 -04:00
Jami Cogswell
6722892828 Java: switch 'android-widget' source kind to 'remote' 2023-06-01 12:25:25 -04:00
Michael Nebel
06b02eb3ce Sync files. 2023-06-01 09:30:31 +02:00
Jami Cogswell
ca8ac0c93f Java: add comment about request-forgery sinks 2023-05-31 15:51:07 -04:00
Jami Cogswell
5dbb698481 Java: update open/jdbc-url sink kinds to request-forgery 2023-05-31 15:50:31 -04:00
Jami Cogswell
cb10f4976b Java: update create/read-file sink kinds to path-injection 2023-05-31 15:49:07 -04:00
Jami Cogswell
eb1a8e2189 Java: update write-file sink kind to file-system-store 2023-05-31 15:49:07 -04:00
Jami Cogswell
ac8d985a63 Java: update xss sink kind to html-injection and js-injection 2023-05-31 15:49:07 -04:00
Jami Cogswell
041caa7405 Java: update header-splitting sink kind to response-splitting 2023-05-31 15:49:07 -04:00
Jami Cogswell
51df84ed1c Java: update set-hostname-verifier sink kind to hostname-verification 2023-05-31 15:49:07 -04:00
Jami Cogswell
b23f384a50 Java: update intent-start sink kind to intent-redirection 2023-05-31 15:49:07 -04:00
Jami Cogswell
5aa3e57ff3 Java: update pending-intent-sent sink kind to pending-intents 2023-05-31 15:49:07 -04:00
Jami Cogswell
3ff4c7de8f Java: update ldap sink kind to ldap-injection 2023-05-31 15:49:07 -04:00
Jami Cogswell
6d2d25406c Java: update xslt sink kind to xslt-injection 2023-05-31 15:49:07 -04:00
Jami Cogswell
cea97b3f2a Java: update mvel sink kind to mvel-injection 2023-05-31 15:49:06 -04:00
Jami Cogswell
6cee0c4c75 Java: update jexl sink kind to jexl-injection 2023-05-31 15:49:06 -04:00
Jami Cogswell
6431d370c1 Java: update groovy sink kind to groovy-injection 2023-05-31 15:49:06 -04:00
Jami Cogswell
430010daa3 Java: update logging sink kind to log-injection 2023-05-31 15:49:06 -04:00
Jami Cogswell
8c4b394e1a Java: update ssti sink kind to template-injection 2023-05-31 15:49:06 -04:00
Jami Cogswell
fc58d10a4e Java: update xpath sink kind to xpath-injection 2023-05-31 15:49:06 -04:00
Jami Cogswell
55be2e5b67 Java: update url-redirect sink kind to url-redirection 2023-05-31 15:49:06 -04:00
Jami Cogswell
d24d8b1626 Java: update sql sink kind to sql-injection 2023-05-31 15:49:06 -04:00
Tony Torralba
282ee08ba9 Java: Fix GsonDeserializableField 2023-05-31 13:26:35 +02:00
Tony Torralba
482bb94ad9 Merge pull request #13179 from pwntester/java_gson 
[Java] Add basic support for Google's Gson library
 2023-05-31 11:16:19 +02:00
Tony Torralba
fe26aca238 Remove non-ASCII character 2023-05-31 09:25:37 +02:00
Tony Torralba
70138448c3 Visibility 2023-05-30 17:54:59 +02:00
Tony Torralba
54e011188d Formatting 2023-05-30 17:50:50 +02:00
Michael Nebel
915042a881 Minor cleanup and sync files. 2023-05-26 12:25:00 +02:00
Michael Nebel
b7a8660375 Java: Re-factor getComponent. 2023-05-26 12:24:59 +02:00
Tony Torralba
a276cc3094 Convert all command injection sinks to MaD format 2023-05-25 11:41:32 +02:00
Edward Minnix III
52340802bb Merge pull request #13097 from egregius313/egregius313/java/webgoat/ssrf-regex-fix 
Java: Add constraint to `HostnameSanitizingPrefix` to prevent false negatives in SSRF queries
 2023-05-23 10:50:43 -04:00
Tony Torralba
6f012d51c0 Merge pull request #13091 from atorralba/atorralba/java/inputstreamwrapper-transitive 
Java: Make inputStreamWrapper consider supertypes transitively
 2023-05-23 13:28:17 +02:00
Ed Minnix
43966ebaeb Change regex used in HostnameSanitizingPrefix 2023-05-22 15:57:15 -04:00
Alvaro Muñoz
bf3fb09dfd Apply suggestions from code review 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2023-05-18 12:39:41 +02:00
Alvaro Muñoz
b235b1cbb9 improve yaml models 2023-05-17 16:40:28 +02:00
Alvaro Muñoz
7baf244ac6 remove test predicate 2023-05-17 16:18:46 +02:00
Alvaro Muñoz
8cd85a5676 add flow support for unmarshaled object fields 2023-05-17 16:16:30 +02:00
Tony Torralba
770099f210 Merge branch 'main' into atorralba/java/promote-xxe-experimental-sinks 2023-05-16 09:49:34 +02:00
Tony Torralba
7d79d87d48 Add XPath.evaluate as XXE sink 2023-05-15 17:39:35 +02:00
Tony Torralba
549fa7e288 Java: make inputStreamWrapper only act on constructors from outside of source 2023-05-12 17:47:56 +02:00
Kasper Svendsen
d40cd0f275 Java: Make implicit this receivers explicit 2023-05-12 12:47:21 +02:00
Tony Torralba
aa14105e1c Don't use the reflexive transitive closure, so that the predicate becomes a little more efficient 2023-05-10 16:45:07 +02:00
Tony Torralba
2c41c5b0e2 Make inputStreamWrapper consider supertypes transitively 2023-05-09 17:27:16 +02:00
Anders Schack-Mulligen
e996eaefb1 Merge pull request #13036 from aschackmull/java/typeprefix-perf 
Java: Minor perf fix for typePrefixContainsAux1.
 2023-05-09 08:57:56 +02:00
Michael Nebel
f2f9944a1c Merge pull request #12931 from michaelnebel/neutralkinds 
Java/C#: Introduce kind for neutrals.
 2023-05-09 08:42:38 +02:00