hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,246 Commits 1,672 Branches 157 Tags
codeql-cli-2.23.0
Commit Graph

5817 Commits

Author SHA1 Message Date
Alvaro Muñoz
41d034d5a0 Attempt to use information-leak sink category 2021-05-30 00:22:40 +02:00
Artem Smotrakov
b28d639166 Fixed errors in UnsafeDeserializationRmi.qhelp 2021-05-29 09:32:08 +02:00
Artem Smotrakov
62c6bee5f8 Simplified UnsafeDeserializationRmi.ql 2021-05-29 09:21:20 +02:00
Alvaro Muñoz
706874491b Remove XSS sink for Java 2021-05-28 15:13:18 +02:00
Erik Krogh Kristensen
79989cc3f4 CPP/Java: Fix getAPrimaryQlClass implementations 2021-05-27 21:36:27 +02:00
Anders Schack-Mulligen
d05f524759 Merge pull request #5941 from aschackmull/java/virt-disp-perf 
Java: Improve performance of virtual dispatch calculation.
 2021-05-25 14:44:51 +02:00
Timo Müller
f44b97c1c3 Apply suggestions from code review 
Improved variable naming in examples and some documentation clearup

Co-authored-by: Chris Smowton <smowton@github.com>
 2021-05-25 13:03:07 +02:00
Timo Müller
e7021ffbee Apply suggestions from code review 
More clear or precise wording within the documentation

Co-authored-by: Chris Smowton <smowton@github.com>
 2021-05-25 12:53:47 +02:00
Anders Schack-Mulligen
4884da363f Java: Bugfix. 2021-05-25 11:48:35 +02:00
Anders Schack-Mulligen
017bf68906 Dataflow: Fix bad join order. 2021-05-25 11:40:53 +02:00
Artem Smotrakov
1b51dd47ec Added an example with deserialization filter to UnsafeDeserializationRmi.qhelp 2021-05-23 13:24:42 +02:00
Artem Smotrakov
c837605c85 Added test cases with sanitizers for UnsafeDeserializationRmi.ql 2021-05-23 13:01:22 +02:00
Artem Smotrakov
d2e29fc72c Renamed RmiUnsafeDeserialization.ql -> UnsafeDeserializationRmi.ql 2021-05-23 10:21:05 +02:00
Artem Smotrakov
2d93eeae33 Covered deserialization filters in RmiUnsafeDeserialization.ql 2021-05-23 10:21:05 +02:00
Artem Smotrakov
e28f919f3d Look for remote callable method only in RmiUnsafeDeserialization.ql 2021-05-23 10:21:05 +02:00
Artem Smotrakov
0182dfe1c0 Added RmiUnsafeDeserialization.qhelp 2021-05-23 10:21:04 +02:00
Artem Smotrakov
efa4b4f414 Cover Registry in RmiUnsafeDeserialization.ql 2021-05-23 10:21:04 +02:00
Artem Smotrakov
8b96ff9601 First draft of RmiUnsafeDeserialization.ql 2021-05-23 10:21:04 +02:00
Tony Torralba
7dbdba28cc Consider search methods with unsafe SearchControls 2021-05-21 15:21:04 +02:00
Anders Schack-Mulligen
d00618f4f4 Java: Improve performance of virtual dispatch calculation. 2021-05-21 15:04:08 +02:00
Sebastian Bauersfeld
28f597440f Add method invocations of Spring's SavedRequest as a remote sources. 2021-05-20 20:00:14 +07:00
Tony Torralba
2613e58916 Remove duplicated class 2021-05-20 12:49:02 +02:00
Tony Torralba
0589dd7e54 Move Jndi.qll from experimental 2021-05-20 12:30:28 +02:00
Tony Torralba
3f0b803796 Refactored to use CSV sink models 2021-05-20 12:00:05 +02:00
Anders Schack-Mulligen
4406b8e339 Dataflow: Sync. 2021-05-19 19:22:36 +02:00
Anders Schack-Mulligen
bb258813a1 Dataflow: Improve performance for dispatch-join in flow-through. 2021-05-19 19:20:57 +02:00
Tony Torralba
1351516e9a Moved JNDI injection related files from experimental to standard 2021-05-19 11:32:51 +02:00
Tony Torralba
43d4575359 Add createParser as taint preserving callable 2021-05-19 11:20:54 +02:00
Tony Torralba
e58746508d Merge branch 'main' into atorralba/promote-ognl-injection 2021-05-19 10:41:08 +02:00
luchua-bc
02aa9c6fc7 Optimize the sink and update qldoc 2021-05-18 16:12:23 +00:00
luchua-bc
d4323a4a54 Update qldoc 2021-05-18 16:12:23 +00:00
luchua-bc
9d392263a5 Refactor inconsistent method names 2021-05-18 16:12:23 +00:00
luchua-bc
2fa249a8eb Update method name and qldoc 2021-05-18 16:12:23 +00:00
luchua-bc
2c1374bdcf Use inline implementation for ScriptEngineFactory 2021-05-18 16:12:23 +00:00
luchua-bc
0ac8453398 Allow all arguments of methods in ScriptEngineFactory 2021-05-18 16:12:23 +00:00
luchua-bc
e4699f7fa9 Optimize the query 2021-05-18 16:12:22 +00:00
luchua-bc
d664aa6d6a Include more scenarios and update qldoc 2021-05-18 16:12:22 +00:00
luchua-bc
852bcfb5c7 Refactor the ScriptEngine query and the Rhino code injection query into one 2021-05-18 16:12:22 +00:00
luchua-bc
b0b5338359 Rhino code injection 2021-05-18 16:12:22 +00:00
Chris Smowton
4230869ee2 Merge pull request #5819 from luchua-bc/java/jpython-injection 
Java: CWE-094 Jython code injection
 2021-05-18 16:38:40 +01:00
Chris Smowton
71f540a755 Merge pull request #5844 from haby0/SpringRedirects 
[Java] CWE-601 Spring url redirection detect
 2021-05-18 16:37:40 +01:00
luchua-bc
2a0721b2ae Optimize the sink and update method name 2021-05-18 12:18:14 +00:00
haby0
e46de44473 Solve errors caused by private ownership 2021-05-18 19:56:32 +08:00
haby0
caf5f4d605 modified comment 2021-05-18 19:10:03 +08:00
Anders Schack-Mulligen
9b0e3b1950 Merge pull request #5814 from JLLeitschuh/feat/JLL/jackson_as_taint_step 
[Java] Add taint tracking through Jackson deserialization
 2021-05-18 09:31:16 +02:00
haby0
a0cd551bae Add filtering of String.format 2021-05-18 11:05:10 +08:00
luchua-bc
e652d8771c Update method name and qldoc 2021-05-17 20:36:15 +00:00
Tony Torralba
1815656a02 Use set literals for OGNL packages 2021-05-17 16:56:37 +02:00
Tony Torralba
8d682000b4 Fix QLDocs 2021-05-17 16:53:30 +02:00
Tony Torralba
ed13c17ea8 Fix qhelp file 2021-05-17 16:52:08 +02:00