hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
81,788 Commits 1,671 Branches 157 Tags
codeql-cli-2.22.4
Commit Graph

5752 Commits

Author SHA1 Message Date
Jonathan Leitschuh
8578bc5cf0 Update java/ql/src/Security/CWE/CWE-338/JHipsterGeneratedPRNG.qhelp 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2020-09-22 15:02:00 -04:00
Jonathan Leitschuh
24fe3d0663 Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2020-09-22 13:11:11 -04:00
Arthur Baars
252f8aa89d Java: add Spring::MultipartRequest as taint source 2020-09-22 19:01:10 +02:00
Tamás Vajk
54c35748f0 Merge pull request #4193 from tamasvajk/feature/sign-analysis 
C#: Sign analysis
 2020-09-22 15:33:33 +02:00
Anders Schack-Mulligen
66e2ed9b65 Merge pull request #4031 from aibaars/hibernate 
Add additional Hibernate SQL sinks
 2020-09-22 15:29:40 +02:00
Anders Schack-Mulligen
47506a859e Merge pull request #4287 from joefarebrother/exectainted-array 
Java: Improve the ExecTainted query
 2020-09-22 13:16:05 +02:00
Tom Hvitved
71da9045e5 Java/Python: Reduce size of blockPrecedesVar 2020-09-22 11:00:26 +02:00
Jonathan Leitschuh
ab618dcf2f Java: QL Query Detector for JHipster Generated CVE-2019-16303 2020-09-21 18:46:13 -04:00
Tamas Vajk
8bf4a4209c C#: Sign analysis 
Synced between Java and C# through `identical-files.json`.
 2020-09-21 16:15:12 +02:00
Anders Schack-Mulligen
4a3118b13e Merge pull request #4246 from RasmusWL/java-fix-ssa-varBlockReaches 
Java: Minor fixup for SSA AdjacentUsesImpl::varBlockReaches
 2020-09-21 13:28:20 +02:00
Rasmus Wriedt Larsen
233dd43635 Java: Port varBlockReaches fix to BaseSSA.qll 2020-09-21 12:11:25 +02:00
Joe
9baf2b9eff Fix cartesian product 2020-09-18 15:42:03 +01:00
Joe
abb1731be7 Java: Simplify the implementation of ExecTainted 2020-09-18 15:21:03 +01:00
Anders Schack-Mulligen
b3bf570fb7 Merge pull request #4301 from lcartey/java/update-cwe-claims 
Java: Update some CWE claims
 2020-09-18 16:08:40 +02:00
Joe
3cc38feebc Fix a couple of typos in QLDoc comments 2020-09-18 14:51:38 +01:00
lcartey@github.com
2c6f587ee9 Java: Add coverage claim for CWE 193 (off by one) 2020-09-18 12:51:24 +01:00
lcartey@github.com
39200566c3 Java: Update CWE claims for XXE. 
This matches the claims in the C# equivalent.
 2020-09-18 12:30:52 +01:00
Joe
3258134098 Java: Remove superfluous conjunct 2020-09-18 10:41:06 +01:00
lcartey@github.com
32f43a84be Java: Add CWE 564 (SQL Injection: Hibernate) 2020-09-18 10:20:21 +01:00
Joe
9c643ec1cd Java: Fix formatting 2020-09-17 17:46:05 +01:00
Joe
69fd579dfd Java: Fix QLDoc 2020-09-17 17:37:16 +01:00
Joe
2da6234317 Java: Fix QLDoc 2020-09-17 17:31:24 +01:00
Joe
6d0df7cb3a Java: Add a container node for Imports in the PrintAst view 2020-09-17 17:29:36 +01:00
Joe
810baad63f Java: Fix formatting 2020-09-17 17:13:55 +01:00
Joe
b6cf1cce20 Java: Make the equivalent changes to ExecTaintedLocal 2020-09-17 15:53:04 +01:00
Joe
6bfc0afaeb Java: Improve the ExecTainted query 2020-09-17 15:39:35 +01:00
Tamás Vajk
5079deb92a Merge pull request #4268 from tamasvajk/feature/java-range-analysis-fn 
Java: Fix range analysis false negative
 2020-09-16 11:08:33 +02:00
Joe
7e9b1a2975 Java: PrintAst: Fix more formatting issues 2020-09-15 17:15:00 +01:00
Joe
3be8fa5155 Java: PrintAst: Fix formatting 2020-09-15 15:10:56 +01:00
Joe
28338eb32e Java: PrintAst: Various minor fixes of typos 
Fix references to C#

Fix getAPrimaryQlClass for JavadocTag

Fix typo for Import

Update test outputs
 2020-09-15 15:02:56 +01:00
Joe
53ab8dac06 Java: PrintAst: Fix failing tests 2020-09-15 14:45:48 +01:00
Joe
112b6d28a1 Java: PrintAst: Handle multiple javadocs in one element correctly 2020-09-15 14:45:48 +01:00
Joe
e38b583ec4 Java: PrintAst: Add tests 2020-09-15 14:45:48 +01:00
Joe
b73e7d8390 Java: PrintAST: Support Javadoc 2020-09-15 14:45:48 +01:00
Joe
c3320eeb3c Java: Improve getAPrimaryQlClass 
Implement it for more types
Fix typos
 2020-09-15 14:45:48 +01:00
Joe
908f025888 Java: PrintAst: Fix a couple of issues related to Annotations 2020-09-15 14:45:48 +01:00
Joe
c20f802666 Java: PrintAst: Supprt generic parameters 2020-09-15 14:45:48 +01:00
Joe
19af3e5e30 Java: Add PrintAST 2020-09-15 14:45:48 +01:00
Joe
efe3ac0a37 Java: Rename the existing file called PrintAst.qll 2020-09-15 11:30:56 +01:00
Tamas Vajk
23a9d0764e Java: Fix range analysis false negative 2020-09-15 12:09:05 +02:00
Rasmus Wriedt Larsen
fb3060dc3d Java: Minor fixup for SSA AdjacentUsesImpl::varBlockReaches 
This should not change anything in regards to correctness overall -- what we
really care about is `varBlockStep`, and that checks `varOccursInBlock(v, b2)`.
However, the comment is a bit easier to read together with the code
now (and probably also gives slightly smaller predicate result size).
 2020-09-10 13:47:36 +02:00
Rasmus Wriedt Larsen
2172fb6e65 Dataflow: s/data flow/taint propagation/ in QLDoc for sanitizers 2020-09-09 14:30:33 +02:00
Rasmus Wriedt Larsen
d90f0be2c4 Dataflow: defaultTaintBarrier => defaultTaintSanitizer 
Just keeping things a bit more consistent :)
 2020-09-09 14:11:56 +02:00
Mathias Vorreiter Pedersen
9de1fb7c18 Merge pull request #4222 from jbj/BlockStmt 
C++/Java/JS: Rename Block -> BlockStmt
 2020-09-09 10:02:37 +02:00
Arthur Baars
1f4028f4a0 Java: Add new SQL sinks for Hibernate versions 4 and 6 2020-09-08 16:26:13 +02:00
CodeQL CI
9879c6c204 Merge pull request #4184 from aschackmull/java/cleanup-queryinjection 
Approved by aibaars
 2020-09-08 14:52:17 +01:00
Anders Schack-Mulligen
442de2e2d2 Java: Add qldoc. 2020-09-08 15:09:39 +02:00
Jonas Jensen
464d3630a2 Java: Rename Block -> BlockStmt 2020-09-08 08:40:20 +02:00
Arthur Baars
90f013d74f Merge pull request #4176 from aibaars/missing-qhelp 
Add missing QHelp files
 2020-09-02 16:12:42 +02:00
Anders Schack-Mulligen
ed6c1798e2 Java: Fix reference to Unit. 2020-09-02 14:47:01 +02:00