5747 Commits

Author	SHA1	Message	Date
haby0	84f00c21df	update IfConditionSink.	2021-04-21 15:38:41 +08:00
intrigus	231b07795c	Java: Ignore results in test directories.	2021-04-20 23:25:13 +02:00
intrigus	fcaf5e7657	Java: Plural type name -> singular type name.	2021-04-20 23:09:44 +02:00
intrigus	3acec94773	Java: Fix typos.	2021-04-20 23:04:06 +02:00
intrigus	149c4491ce	Java: Simplify qldoc.	2021-04-20 23:03:10 +02:00
intrigus	9e4fa90f6e	Java: Refer to Java types in qldoc instead of ql types.	2021-04-20 23:02:18 +02:00
intrigus	26502881d7	Java: Consistently use this in charpred.	2021-04-20 22:56:58 +02:00
yo-h	00137f2905	Merge pull request #5721 from github/yo-h/java-diagnostic-queries ... Java: add extractor `diagnostic` queries	2021-04-20 13:36:49 -04:00
Tamas Vajk	583513bafd	Fix review findings	2021-04-20 16:28:47 +02:00
Chris Smowton	9bfb0d93ca	Autoformat QL	2021-04-20 13:59:09 +01:00
Chris Smowton	0ec3ee29e4	Style last use of SecureASTCustomizer	2021-04-20 12:44:49 +01:00
Hayk Andriasyan	bb58a50503	Update GroovyInjection.qhelp	2021-04-20 15:41:58 +04:00
p0wn4j	f2de440886	[Java] CWE-094: Query to detect Groovy Code Injections	2021-04-20 19:18:24 +04:00
haby0	3e376f95c4	Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.ql ... Co-authored-by: Chris Smowton <smowton@github.com>	2021-04-20 19:36:16 +08:00
haby0	b1ee864ad9	Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.ql ... Co-authored-by: Chris Smowton <smowton@github.com>	2021-04-20 19:35:52 +08:00
haby0	9e87f4ec4e	Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.ql ... Co-authored-by: Chris Smowton <smowton@github.com>	2021-04-20 19:35:34 +08:00
haby0	408dd31d3c	Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.qhelp ... Co-authored-by: Chris Smowton <smowton@github.com>	2021-04-20 19:34:37 +08:00
haby0	9ece4dac0f	Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.qhelp ... Co-authored-by: Chris Smowton <smowton@github.com>	2021-04-20 19:33:47 +08:00
haby0	d82878ac3b	Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.qhelp ... Co-authored-by: Chris Smowton <smowton@github.com>	2021-04-20 19:33:06 +08:00
haby0	0b1637a409	Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.qhelp ... Co-authored-by: Chris Smowton <smowton@github.com>	2021-04-20 19:32:39 +08:00
haby0	b60bffaf83	Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSourceLib.qll ... Co-authored-by: Chris Smowton <smowton@github.com>	2021-04-20 19:31:59 +08:00
haby0	0053158884	update qhelp file and ql comments	2021-04-20 10:58:54 +08:00
yo-h	87cd72496c	Java: add extractor diagnostic queries	2021-04-19 15:34:16 -04:00
Anders Schack-Mulligen	80eb0a2df6	Apply suggestions from code review ... Co-authored-by: Chris Smowton <smowton@github.com>	2021-04-19 15:45:58 +02:00
haby0	8296abcea8	Fix Modify the ql query (the qhelp part is not modified).	2021-04-19 20:59:47 +08:00
Anders Schack-Mulligen	7d84cfacef	Java: Add MapKeyContent and MapValueContent.	2021-04-19 14:06:27 +02:00
Anders Schack-Mulligen	39862740e0	Java: Convert support for fluent interfaces.	2021-04-19 14:06:27 +02:00
haby0	23b508c5e7	Merge remote-tracking branch 'upstream/main' into UseOfLessTrustedSource	2021-04-19 20:05:49 +08:00
Anders Schack-Mulligen	60965b0d8c	Java: Adjust some csv models.	2021-04-19 14:02:19 +02:00
Anders Schack-Mulligen	a27dac029f	Java: Use shared flow summary library for csv models.	2021-04-19 14:02:19 +02:00
Mathias Vorreiter Pedersen	e36b42a03f	Java: Fix invalid id in experimental query ... The invalid id broke CI here: https://github.com/github/codeql/pull/5703 (see https://github.slack.com/archives/CPSEA0G22/p1618602834224600)	2021-04-17 09:47:15 +02:00
edvraa	29e320627f	Regex injection	2021-04-16 23:29:08 +03:00
Anders Schack-Mulligen	605f28f741	Merge pull request #5686 from smowton/haby0/JsonHijacking ... Java: JSONP Injection w/cleanups	2021-04-16 11:09:17 +02:00
Chris Smowton	c37994089c	Revert changes to unrelated query	2021-04-15 16:24:29 +01:00
haby0	dedf765542	Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll ... Co-authored-by: Chris Smowton <smowton@github.com>	2021-04-15 22:59:22 +08:00
haby0	0e183ab4a4	Finish comment	2021-04-15 19:49:06 +08:00
Chris Smowton	fa36ba901a	Merge pull request #5471 from artem-smotrakov/el-injection ... Java: Query for detecting Jakarta Expression Language injections	2021-04-15 12:39:34 +01:00
haby0	d269a7e717	CWE-598 reduction	2021-04-15 19:33:15 +08:00
haby0	216f204438	delete FilterClass	2021-04-15 19:28:25 +08:00
haby0	583d0889e2	delete tomcat-embed-core stub, update the ServletGetMethod class	2021-04-15 17:40:51 +08:00
haby0	5d05e4d224	Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll ... Co-authored-by: Chris Smowton <smowton@github.com>	2021-04-15 17:28:53 +08:00
Chris Smowton	bd3b3178ba	Fix documentation of Modifier.qll	2021-04-15 09:16:51 +01:00
haby0	b3bdf89fc2	rm VerificationMethodFlowConfig, use springframework-5.2.3 stub	2021-04-15 10:25:40 +08:00
Anders Schack-Mulligen	f43d427875	Merge pull request #5645 from Marcono1234/marcono1234/primary-ql-class ... Java: Override getAPrimaryQlClass() for more classes	2021-04-14 14:51:29 +02:00
Chris Smowton	591ac38c31	Merge pull request #5591 from Marcono1234/marcono1234/member-nested-type ... Java: Add MemberType	2021-04-14 12:29:54 +01:00
Anders Schack-Mulligen	3b6cd0f681	Merge pull request #5661 from smowton/smowton/cleanup/call-is-exprparent ... Make Call a subclass of ExprParent.	2021-04-14 10:49:33 +02:00
Chris Smowton	2965a1f204	Use Thread$State as an inner-class example ... Map<>$Entry currently has odd generic notation that may be about to change.	2021-04-14 08:43:05 +01:00
haby0	77208bcc91	Fix the error that there is no VerificationMethodToIfFlowConfig	2021-04-14 13:14:43 +08:00
haby0	e2ed0d02b0	Delete existsFilterVerificationMethod and existsServletVerificationMethod, add from get handler to filter	2021-04-14 12:34:52 +08:00
haby0	37dae67a0d	Fix RequestResponseFlowConfig.isSink error	2021-04-14 09:55:24 +08:00