hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
81,788 Commits 1,672 Branches 157 Tags
codeql-cli-2.22.4
Commit Graph

5752 Commits

Author SHA1 Message Date
Joe Farebrother
a8cca4ba0e Merge pull request #6373 from joefarebrother/test-gen-improvements 
Java: Test generator improvements
 2021-07-27 15:44:56 +01:00
Joe Farebrother
309f0e7c26 Fix handling of arrays 2021-07-27 15:05:57 +01:00
Joe Farebrother
9ffcfbcd33 Add --force option 2021-07-27 15:05:57 +01:00
Joe Farebrother
8ab0fd54b4 Improvements to the test generator: 
- Only reference public methods
- Report rows for which test cases could not be generated
- Add a blanket `throws Exception` clause to the generated method
 2021-07-27 15:05:55 +01:00
Joe Farebrother
2036aa1e4a Format test generator 2021-07-27 15:04:19 +01:00
mc
10a3dcb188 Update GroovyInjection.qhelp 2021-07-27 14:26:49 +01:00
Chris Smowton
97d603cafb Add test-case generator check for non-parseable rows 2021-07-27 14:26:22 +01:00
Anders Schack-Mulligen
aa8fa26a2a Merge pull request #6355 from intrigus-lgtm/patch-6 
Update broken link
 2021-07-27 09:05:02 +02:00
haby0
00f13e1e6e Modify isAdditionalTaintStep 2021-07-27 10:59:38 +08:00
intrigus-lgtm
434b36c648 Update broken link 2021-07-26 15:48:47 +02:00
Anders Schack-Mulligen
6c666b49f5 Merge pull request #6366 from smowton/smowton/fiix/junit-nested-classes 
Prevent class-could-be-static alerts regarding JUnit Nested tests
 2021-07-26 12:45:23 +02:00
Joe Farebrother
358a7c1707 Fix issue when building with no pom file 2021-07-26 10:38:16 +01:00
Anders Schack-Mulligen
5d3e8d2add Merge pull request #6365 from Marcono1234/marcono1234/InstanceOfExpr-getCheckedType 
Java: Add `InstanceOfExpr.getCheckedType()`
 2021-07-26 11:20:48 +02:00
Chris Smowton
aca905fa36 Prevent class-could-be-static alerts regarding JUnit Nested tests 2021-07-26 09:35:26 +01:00
Marcono1234
606173012a Java: Add InstanceOfExpr.getCheckedType() 
Additionally change `EqualsUsesInstanceOf.ql` to check for all RefTypes
instead of only Class.
 2021-07-26 00:50:11 +02:00
Marcono1234
3569ed56e5 Java: Add TypeLiteral.getReferencedType() 2021-07-26 00:02:08 +02:00
haby0
291ca3830a Modify according to suggestions 2021-07-23 09:28:55 +08:00
intrigus-lgtm
a30005c42e Replace broken link with archive.org link. 2021-07-22 22:14:44 +02:00
Joe Farebrother
6be9c705f0 Update usage text 2021-07-22 16:30:26 +01:00
Chris Smowton
5c917b4a23 Merge pull request #6353 from sauyon/sauyon/java/model-constructors 
Java: Add models for collection constructors
 2021-07-22 16:27:59 +01:00
Sauyon Lee
150f3fd352 improve windows compatibility 2021-07-22 08:00:14 -07:00
Sauyon Lee
5d716b95b1 Allow use of pom.xml to generate stubs 2021-07-22 07:52:35 -07:00
haby0
2a50cf8244 Fix 2021-07-22 22:24:09 +08:00
Sauyon Lee
fd02dcdf2e Java: Add models for collection constructors 2021-07-22 07:23:26 -07:00
haby0
e160352b38 Fix 2021-07-22 21:48:46 +08:00
haby0
735ab28040 Update java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.qhelp 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-07-22 21:45:30 +08:00
haby0
7cf2e9ed79 Update java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.qhelp 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-07-22 21:45:29 +08:00
haby0
46a212b712 Update java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-07-22 21:45:29 +08:00
haby0
676f0ad817 Update java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-07-22 21:45:29 +08:00
haby0
4ebf0ed7c5 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') 2021-07-22 21:45:29 +08:00
Chris Smowton
e2a533c7de Merge pull request #6346 from aschackmull/java/perf-fix 
Java: Fix bad magic.
 2021-07-22 10:15:16 +01:00
Chris Smowton
605f037af8 Merge pull request #6247 from p0wn4j/spring-responseentity-redirect-sink 
[Java] CWE-601: Add Spring URL Redirect ResponseEntity sink
 2021-07-22 09:45:30 +01:00
Anders Schack-Mulligen
dcfc027b5f Java: Fix bad magic. 2021-07-22 10:12:49 +02:00
Chris Smowton
c568a9463a Remove <> qualifier from ResponseEntity name 
This was an extractor bug that was fixed recently
 2021-07-21 17:58:06 +01:00
Tony Torralba
76905c47b4 Formatting 2021-07-21 09:47:45 +02:00
p0wn4j
f0d5520976 Add Spring URL Redirect ResponseEntity sink 
Copyedit qhelp
 2021-07-21 03:16:16 +04:00
Tony Torralba
26999c7ac4 Decouple UnsafeAndroidAccess.qll to reuse the taint tracking configuration 2021-07-20 17:46:35 +02:00
Tony Torralba
99e66cffa2 Merge branch 'main' into atorralba/promote-unsafe-android-webview-fetch 2021-07-20 17:30:56 +02:00
Tony Torralba
3259ead946 Decouple OgnlInjection.qll to reuse the taint tracking configuration 2021-07-20 17:21:10 +02:00
Tony Torralba
b6904a7992 Merge branch 'main' into atorralba/promote-ognl-injection 2021-07-20 17:17:17 +02:00
Tony Torralba
22c9baa462 Refactor JWT.qll 2021-07-20 17:14:34 +02:00
Tony Torralba
430d9f1834 Merge branch 'main' into atorralba/promote-missing-jwt-signature-check 2021-07-20 16:20:35 +02:00
Tony Torralba
8f1ecf529f QLDoc 2021-07-20 15:53:38 +02:00
Tony Torralba
42b6b26c10 Decouple JndiInjection.qll to reuse the taint tracking configuration 2021-07-20 15:38:34 +02:00
Anders Schack-Mulligen
77d53676ba Java: Remove deprecated ParExpr. 2021-07-20 15:27:31 +02:00
Tony Torralba
b8ea833a61 Merge branch 'main' into atorralba/promote-jndi-injection 2021-07-20 15:01:26 +02:00
Tony Torralba
68df8028d2 Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-07-20 14:47:16 +02:00
Artem Smotrakov
158a75e5a1 Import UnsafeDeserializationQuery in unsafeDeserialization.ql 2021-07-20 10:14:50 +02:00
Tony Torralba
0f199601f8 Refactor GroovyInjection.qll 2021-07-20 09:44:37 +02:00
Chris Smowton
34a4b71891 Add models of JSON-java, aka org.json 2021-07-19 17:57:27 +01:00