13728 Commits

Author	SHA1	Message	Date
Chris Smowton	94f0a1532d	Merge pull request #5682 from smowton/smowton/docs/fix-has-modifier-comment ... Fix documentation of Modifier.qll	2021-04-21 15:41:29 +01:00
Owen Mansel-Chan	9c72e73a82	Make ExecTainted easier to extend ... To add a method that executes a command, you can now define a class extending ExecMethod.	2021-04-21 14:55:37 +01:00
Tamas Vajk	e25305e3cc	Java: Introduce LoC summary metric query	2021-04-21 14:27:00 +02:00
Anders Schack-Mulligen	f9599da32d	Java/C#: Move a couple of flow summary tweaks to the shared implementation.	2021-04-21 14:24:15 +02:00
edvraa	452ec8c43f	comments	2021-04-21 13:12:53 +03:00
edvraa	13655b5d80	Add RegExUtils	2021-04-21 13:08:35 +03:00
Anders Schack-Mulligen	9362ae0687	Merge pull request #5422 from tamasvajk/feature/sink-migration-ldap ... Java: Migrate LDAP injection sinks to CSV format	2021-04-21 10:05:28 +02:00
haby0	84f00c21df	update IfConditionSink.	2021-04-21 15:38:41 +08:00
intrigus	231b07795c	Java: Ignore results in test directories.	2021-04-20 23:25:13 +02:00
intrigus	fcaf5e7657	Java: Plural type name -> singular type name.	2021-04-20 23:09:44 +02:00
intrigus	3acec94773	Java: Fix typos.	2021-04-20 23:04:06 +02:00
intrigus	149c4491ce	Java: Simplify qldoc.	2021-04-20 23:03:10 +02:00
intrigus	9e4fa90f6e	Java: Refer to Java types in qldoc instead of ql types.	2021-04-20 23:02:18 +02:00
intrigus	26502881d7	Java: Consistently use this in charpred.	2021-04-20 22:56:58 +02:00
yo-h	00137f2905	Merge pull request #5721 from github/yo-h/java-diagnostic-queries ... Java: add extractor `diagnostic` queries	2021-04-20 13:36:49 -04:00
Tamas Vajk	583513bafd	Fix review findings	2021-04-20 16:28:47 +02:00
Chris Smowton	9bfb0d93ca	Autoformat QL	2021-04-20 13:59:09 +01:00
Chris Smowton	0ec3ee29e4	Style last use of SecureASTCustomizer	2021-04-20 12:44:49 +01:00
Hayk Andriasyan	bb58a50503	Update GroovyInjection.qhelp	2021-04-20 15:41:58 +04:00
p0wn4j	f2de440886	[Java] CWE-094: Query to detect Groovy Code Injections	2021-04-20 19:18:24 +04:00
haby0	3e376f95c4	Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.ql ... Co-authored-by: Chris Smowton <smowton@github.com>	2021-04-20 19:36:16 +08:00
haby0	b1ee864ad9	Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.ql ... Co-authored-by: Chris Smowton <smowton@github.com>	2021-04-20 19:35:52 +08:00
haby0	9e87f4ec4e	Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.ql ... Co-authored-by: Chris Smowton <smowton@github.com>	2021-04-20 19:35:34 +08:00
haby0	408dd31d3c	Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.qhelp ... Co-authored-by: Chris Smowton <smowton@github.com>	2021-04-20 19:34:37 +08:00
haby0	9ece4dac0f	Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.qhelp ... Co-authored-by: Chris Smowton <smowton@github.com>	2021-04-20 19:33:47 +08:00
haby0	d82878ac3b	Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.qhelp ... Co-authored-by: Chris Smowton <smowton@github.com>	2021-04-20 19:33:06 +08:00
haby0	0b1637a409	Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.qhelp ... Co-authored-by: Chris Smowton <smowton@github.com>	2021-04-20 19:32:39 +08:00
haby0	b60bffaf83	Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSourceLib.qll ... Co-authored-by: Chris Smowton <smowton@github.com>	2021-04-20 19:31:59 +08:00
haby0	0053158884	update qhelp file and ql comments	2021-04-20 10:58:54 +08:00
yo-h	87cd72496c	Java: add extractor diagnostic queries	2021-04-19 15:34:16 -04:00
yo-h	cb524b6c19	Merge pull request #5611 from github/yo-h/java16 ... Java: adjust test `options` for JDK 16 upgrade	2021-04-19 15:12:23 -04:00
Anders Schack-Mulligen	80eb0a2df6	Apply suggestions from code review ... Co-authored-by: Chris Smowton <smowton@github.com>	2021-04-19 15:45:58 +02:00
haby0	8296abcea8	Fix Modify the ql query (the qhelp part is not modified).	2021-04-19 20:59:47 +08:00
Anders Schack-Mulligen	7d84cfacef	Java: Add MapKeyContent and MapValueContent.	2021-04-19 14:06:27 +02:00
Anders Schack-Mulligen	39862740e0	Java: Convert support for fluent interfaces.	2021-04-19 14:06:27 +02:00
Anders Schack-Mulligen	579c955892	Java: Adjust some tests.	2021-04-19 14:06:27 +02:00
Anders Schack-Mulligen	175c71221a	Java: Adjust some test output with more edges/nodes.	2021-04-19 14:06:27 +02:00
haby0	23b508c5e7	Merge remote-tracking branch 'upstream/main' into UseOfLessTrustedSource	2021-04-19 20:05:49 +08:00
Anders Schack-Mulligen	60965b0d8c	Java: Adjust some csv models.	2021-04-19 14:02:19 +02:00
Anders Schack-Mulligen	a27dac029f	Java: Use shared flow summary library for csv models.	2021-04-19 14:02:19 +02:00
Anders Schack-Mulligen	29aec0d770	Java: Adjust expected output.	2021-04-19 13:16:46 +02:00
Anders Schack-Mulligen	c5193cf03f	Apply suggestions from code review	2021-04-19 13:14:56 +02:00
Anders Schack-Mulligen	06514159be	Java: Add XXE tests.	2021-04-19 10:58:21 +02:00
Anders Schack-Mulligen	daad62c4e0	Java: Add TaintedPath test.	2021-04-19 10:07:03 +02:00
Mathias Vorreiter Pedersen	e36b42a03f	Java: Fix invalid id in experimental query ... The invalid id broke CI here: https://github.com/github/codeql/pull/5703 (see https://github.slack.com/archives/CPSEA0G22/p1618602834224600)	2021-04-17 09:47:15 +02:00
edvraa	29e320627f	Regex injection	2021-04-16 23:29:08 +03:00
Anders Schack-Mulligen	605f28f741	Merge pull request #5686 from smowton/haby0/JsonHijacking ... Java: JSONP Injection w/cleanups	2021-04-16 11:09:17 +02:00
Chris Smowton	c37994089c	Revert changes to unrelated query	2021-04-15 16:24:29 +01:00
Chris Smowton	254de76078	Remove unnecessary stubs	2021-04-15 16:20:27 +01:00
haby0	dedf765542	Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll ... Co-authored-by: Chris Smowton <smowton@github.com>	2021-04-15 22:59:22 +08:00