hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,644 Commits 1,672 Branches 157 Tags
codeql-cli-2.23.1
Commit Graph

13728 Commits

Author SHA1 Message Date
porcupineyhairs
f27d2bdf6d Update java/ql/src/experimental/semmle/code/java/Logging.qll 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-03-18 16:12:00 +05:30
Porcuiney Hairs
d0c82d3756 Add flogger and android logging support 2021-03-18 16:12:00 +05:30
Porcuiney Hairs
17d7ba8049 Add Log Injection Vulnerability 2021-03-18 16:12:00 +05:30
haby0
c516d69b98 Merge remote-tracking branch 'upstream/main' into main 2021-03-17 16:42:48 +08:00
haby0
15206fd2ce JsonpInjection.ql autoformatted 2021-03-17 15:52:05 +08:00
haby0
98204a15a6 Fix the problem 2021-03-17 15:28:04 +08:00
Joe Farebrother
f5e4b87d1e Remove redundant rows and add note on collection flow 2021-03-16 14:28:24 +00:00
Joe Farebrother
1e3c4d0eb1 Add stubs to fix broken test case 2021-03-16 14:24:49 +00:00
Joe Farebrother
980b2c1f4c Convert existing Guava models to CSV system 2021-03-16 14:24:49 +00:00
Anders Schack-Mulligen
aa360c0378 Merge pull request #5413 from smowton/smowton/feature/infer-fluent-method-taint-flow 
Add taint-preserving edges where a call also has a value-preserving edge
 2021-03-16 14:10:11 +01:00
Anders Schack-Mulligen
53c360479a Merge pull request #5329 from tamasvajk/feature/csv-taint-step 
Java: migrate taint steps to CSV
 2021-03-16 14:09:21 +01:00
Anders Schack-Mulligen
46bae88181 Merge pull request #5375 from aschackmull/dataflow/unbind 
Dataflow: Switch from unbind to pragma[only_bind_into].
 2021-03-16 14:03:54 +01:00
Tom Hvitved
b11e15154f Data flow: Sync files and add stubs 2021-03-16 13:49:32 +01:00
Tamas Vajk
d02fba8c37 Java: adjust wrapped constructor calls 2021-03-16 12:42:41 +01:00
Tamas Vajk
e3534d1635 Java: cover wrapped constructor taint flow 2021-03-16 12:10:28 +01:00
Tamas Vajk
af0dff8c6f Java: migrate constructor flow taint steps to CSV 2021-03-16 12:10:28 +01:00
Tamas Vajk
f9a207dd9f Java: migrate 'arg to arg' taint steps to CSV 2021-03-16 12:10:28 +01:00
Tamas Vajk
7e1534a6cd Java: migrate 'arg to return' taint steps to CSV 2021-03-16 12:10:28 +01:00
Tamas Vajk
5cdbde2686 Java: migrate 'qualifier to return' taint steps to CSV 2021-03-16 12:10:28 +01:00
Tamas Vajk
40126563ef Java: migrate 'qualifier to arg' taint steps to CSV 2021-03-16 12:10:28 +01:00
Anders Schack-Mulligen
2d8d967060 Dataflow: Address review comment. 2021-03-16 11:07:33 +01:00
Chris Smowton
6d108c0fa7 Improve docstring for composedValueAndTaintModelStep 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-03-16 09:00:35 +00:00
Chris Smowton
915a19fb9d Improve naming; eliminate some harmless extra results 
Adding `src != valueSource` should have no effect as the introduced edge would already exist, but could reduce workload downstream.
 2021-03-16 08:57:14 +00:00
Chris Smowton
516122aa74 Add taint-preserving edges where a call also has a value-preserving edge 
For example, for a fluent method that returns `this`, we take a tainting edge from argX to either `this` or the return value to also taint the other.
 2021-03-16 08:45:24 +00:00
Anders Schack-Mulligen
45c9428668 Merge pull request #5337 from smowton/smowton/feature/commons-lang-random-sources 
Java: Add support for Commons-Lang's RandomUtils
 2021-03-15 16:21:01 +01:00
Anders Schack-Mulligen
d1f30d9164 Java: Autoformat. 2021-03-15 15:28:04 +01:00
Anders Schack-Mulligen
662e17ff85 Java: Bugfix dispatch to lambda in call context. 2021-03-15 15:09:03 +01:00
Anders Schack-Mulligen
5aa9c2bd19 Dataflow: One more pragma. 2021-03-12 15:59:19 +01:00
Chris Smowton
92d61354d4 Remove abstract class RandomNumberGenerator 2021-03-12 13:04:31 +00:00
luchua-bc
1a2e341b7c Refactor the business logic of the query into a separate predicate 2021-03-12 12:19:37 +00:00
Anders Schack-Mulligen
a8b84e430f Merge pull request #5390 from Marcono1234/patch-2 
Java: Fix documentation mistake in Modules.qll
 2021-03-12 12:51:24 +01:00
Anders Schack-Mulligen
c9786df760 Merge pull request #5344 from smowton/smowton/feature/commons-object-utils 
Java: Add models for flow- and taint-preserving functions in Commons ObjectUtils
 2021-03-12 12:46:31 +01:00
Chris Smowton
58d5c2c32d Abbreviate redundant value-flow / taint-flow tests 2021-03-12 10:53:27 +00:00
Anders Schack-Mulligen
1d3ad0cb52 Java: Remove value steps from taint steps. 2021-03-12 11:09:53 +01:00
Marcono1234
edeb08480e Java: Fix documentation mistake in Modules.qll 2021-03-11 23:45:59 +01:00
luchua-bc
c8b1bc3a89 Enhance the query 2021-03-11 21:41:34 +00:00
luchua-bc
0a35feef76 Exclude CSRF cookies to reduce FPs 2021-03-11 17:28:07 +00:00
luchua-bc
57953c523c Update qldoc 2021-03-11 17:16:36 +00:00
Chris Smowton
82a000bcca Improve change note 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-03-11 16:22:56 +00:00
Chris Smowton
6508a223c3 Remove useless =y value specification from inline test expectations 2021-03-11 16:22:56 +00:00
Chris Smowton
b5268def16 Add models for CONST_BYTE and CONST_SHORT 2021-03-11 16:22:56 +00:00
Chris Smowton
1c1ca70027 Add models for flow- and taint-preserving functions in Commons ObjectUtils. 
These should all be value-preserving, but we don't support value-preserving varargs methods yet.
 2021-03-11 16:22:54 +00:00
luchua-bc
eeac7e322a Query to detect insecure configuration of Spring Boot Actuator 2021-03-11 13:46:32 +00:00
Artem Smotrakov
4b7c57c077 Added a comment for getBeanIdentifier() 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-03-11 11:52:07 +01:00
Anders Schack-Mulligen
87e4dec86a Merge pull request #5300 from tamasvajk/feature/external-remote-flow-sources 
Java: Convert remote flow sources to use new CSV format
 2021-03-11 10:44:17 +01:00
Artem Smotrakov
0a5d58ed8a Cover more configurations in UnsafeSpringExporterInConfigurationClass.ql 2021-03-10 21:15:19 +03:00
luchua-bc
a0a1ddee86 Update class name 2021-03-10 17:07:31 +00:00
Anders Schack-Mulligen
674886a17d Dataflow: Sync. 2021-03-10 16:53:51 +01:00
Anders Schack-Mulligen
667dab28d4 Dataflow: Switch from unbind to pragma[only_bind_into]. 2021-03-10 16:52:45 +01:00
Tom Hvitved
fc5158c41c Merge pull request #5338 from hvitved/dataflow/performance-tweaks 
Data flow: Performance tweaks
 2021-03-10 13:56:57 +01:00