hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,294 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.3
Commit Graph

5839 Commits

Author SHA1 Message Date
Jonathan Leitschuh
0e2c5db7b1 Netty Response Splitting use CompileTimeConstantExpr 
Co-Authored-By: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2020-01-03 07:51:55 -05:00
Anders Schack-Mulligen
7e987c570f Merge pull request #2413 from JLLeitschuh/feature/JLL/maven_insecure_artifact_resolution 
Java: Use of HTTP/FTP to download/upload Maven artifacts
 2020-01-02 14:47:30 +01:00
Tom Hvitved
29cd6a9e30 Sync XML.qll 2019-12-19 10:29:30 +01:00
Jonathan Leitschuh
75939afe9c Update java/ql/src/Security/CWE/CWE-829/InsecureDependencyResolution.qhelp 
Co-Authored-By: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2019-12-18 09:53:36 -05:00
Jonathan Leitschuh
b218374772 Add io.netty.handler.codec.http.DefaultHttpResponse to Netty Response Splitting Detection 
Related: #2185
Related: https://github.com/github/security-lab/issues/22
 2019-12-17 12:12:04 -05:00
Anders Schack-Mulligen
ca08097b56 Java/C++/C#: Fix Java Content.getType and getContainerType to match C# and fix C# tests. 2019-12-17 11:51:58 +01:00
Max Schaefer
09ee106333 Java/JavaScript: Add two deprecated predicates to XML.qll. 
This makes XML.qll identical across C++, Java, JavaScript and Python.
 2019-12-17 10:15:43 +00:00
Max Schaefer
923e36ba4f C++/Java/JavaScript/Python: Make qldoc consistent. 2019-12-17 10:15:43 +00:00
Max Schaefer
a2fe678464 C++/Java/JavaScript/Python: Unify imports in XML.qll. 2019-12-17 10:15:43 +00:00
yo-h
69a2632806 Merge pull request #2341 from aschackmull/java/cached-tostring-perf-fixes 
Java: Fix a number of performance issues when toString is cached.
 2019-12-16 22:01:35 -05:00
Anders Schack-Mulligen
a97e7bd3b2 Java/C++/C#: Some review fixes. 2019-12-16 16:17:19 +01:00
Anders Schack-Mulligen
a1a875e3e1 Java/C++/C#: Fix autoformat. 2019-12-16 16:15:48 +01:00
Anders Schack-Mulligen
02068ecdcd Java/C++/C#: Sync. 2019-12-16 16:15:48 +01:00
Anders Schack-Mulligen
bca79cd4d6 Java/C++/C#: Add support for taint-getter/setter summaries. 2019-12-16 16:15:48 +01:00
Anders Schack-Mulligen
13f12c5332 Java: Fix characteristic predicate of XMLParent. 2019-12-13 15:20:52 +01:00
Jonathan Leitschuh
0c2da8af40 Update java/ql/src/Security/CWE/CWE-829/InsecureDependencyResolution.ql 2019-12-12 14:10:11 -05:00
Jonathan Leitschuh
229622459c Update InsecureDependencyResolution with code review comments 2019-12-09 20:37:53 -05:00
Jonathan Leitschuh
f341234edb Apply suggestions from code review 
Co-Authored-By: Felicity Chapman <felicitymay@github.com>
Co-Authored-By: yo-h <55373593+yo-h@users.noreply.github.com>
 2019-12-09 19:17:23 -05:00
yo-h
ed97be459f Merge pull request #2454 from aschackmull/java/explicit-mul-zero 
Java: Allow explicit zero multiplication in java/evaluation-to-constant.
 2019-12-06 18:13:43 -05:00
Jonas Jensen
57917bec17 Merge pull request #2480 from hvitved/dataflow/performance-tweaks 
Data flow: Various performance tweaks
 2019-12-03 18:44:11 +01:00
Tom Hvitved
b3990c5a1d Data flow: Revert reordering changes in flowStore and flowRead 2019-12-02 14:25:59 +01:00
Tom Hvitved
5baa133e6c Data flow: Sync files 2019-12-02 13:41:17 +01:00
Jonas Jensen
5b24b1efc3 Merge remote-tracking branch 'upstream/rc/1.23' into mergeback-20191202 
Conflicts solved:
	javascript/extractor/src/com/semmle/js/extractor/Main.java
	javascript/ql/test/query-tests/Statements/UseOfReturnlessFunction/tst.js
 2019-12-02 09:57:34 +01:00
Anders Schack-Mulligen
333d0a69d2 Java/C++/C#: Bugfix for field flow through reverse read. 2019-11-29 09:38:24 +01:00
Anders Schack-Mulligen
2c3a6d7359 Java: Allow explicit zero multiplication in java/evaluation-to-constant. 2019-11-27 11:49:43 +01:00
Anders Schack-Mulligen
3d0e3aa1fd Java: Fix a number of performance issues when toString is cached. 2019-11-27 09:06:15 +01:00
yo-h
8a8b795696 Merge pull request #2447 from aschackmull/java/cache-perf 
Java: Improve performance by normalizing import order to reduce cache invalidation.
 2019-11-26 16:26:53 -05:00
Anders Schack-Mulligen
deb6a6e5c6 Java: Improve performance by normalizing import order to reduce cache invalidation. 2019-11-26 17:20:01 +01:00
Anders Schack-Mulligen
18e1708036 Merge pull request #2412 from Cornelius-Riemenschneider/nullness-corr-cond 
Java: Nullness library: track instanceof expressions in correlated conditions
 2019-11-26 10:33:34 +01:00
Cornelius Riemenschneider
37f162106a Fix formatting of file. 2019-11-25 17:04:38 +01:00
Cornelius Riemenschneider
3368169df8 Address review. 2019-11-25 14:54:50 +01:00
Tom Hvitved
a26efdf4c1 Java/C++/C#: Rename DataFlowErasedType back to DataFlowType 2019-11-25 11:43:58 +01:00
Cornelius Riemenschneider
0e7a08201f Address review by Anders. 2019-11-22 12:19:06 +01:00
Jonathan Leitschuh
21193bd780 Java: Use of HTTP/FTP to download/upload Maven artifacts 
This adds a security alert for the use of HTTP or FTP to download or upload
artifacts using Maven.
 2019-11-21 13:35:29 -05:00
Cornelius Riemenschneider
5d4b6c3a8c Nullness: Track correlated conditions of equality tests of variables. 2019-11-21 19:24:40 +01:00
Cornelius Riemenschneider
3e5324e772 More precise Nullness tracking by taking correlated instanceof expressions into account. 
Fixes #2238.
 2019-11-21 18:38:27 +01:00
Tom Hvitved
acc7d5298d Data flow: Sync files 2019-11-20 14:10:02 +01:00
Tom Hvitved
6c0dbcfca2 Java/C++: Add DataFlowErasedType aliases 2019-11-20 14:09:53 +01:00
yh-semmle
de65f023d6 Merge pull request #2167 from aschackmull/java/dataflow-out-of-arg-refactor 
Java/C++/C#: Refactor dataflow to simplify return flow.
 2019-11-15 11:10:06 -05:00
Anders Schack-Mulligen
81a90943c0 Java: Fix range analysis bug where int was assumed. 2019-11-15 15:08:14 +01:00
Anders Schack-Mulligen
106b8cfbca Java/C++/C#: Fix bad magic and bad join-order. 2019-11-14 13:17:17 +01:00
Anders Schack-Mulligen
6a2edce040 Merge pull request #2205 from rneatherway/java/hamcrest-nullness 
Java: Respect Hamcrest assertThat(X, notNullValue())
 2019-11-14 13:09:56 +01:00
yh-semmle
429c307832 Merge pull request #2304 from aschackmull/java/rangeanalysis-integral-fix 
Java: Fix range analysis bug in integral inequality bounds.
 2019-11-12 16:33:12 -05:00
Anders Schack-Mulligen
7619275c8b Java: Fix range analysis bug in integral inequality bounds. 2019-11-12 17:28:40 +01:00
Anders Schack-Mulligen
8cd6b51763 Java: Add ConditionalExpr to overflow candidate pattern. 2019-11-12 17:27:18 +01:00
Anders Schack-Mulligen
e6d0a2eca5 Merge pull request #2215 from yh-semmle/java-remove-obsolete-queries 
Java: remove some obsolete metric queries
 2019-11-12 10:14:55 +01:00
Anders Schack-Mulligen
b0fecbce28 Merge pull request #2230 from yh-semmle/java-move-cwe502-lib 
Java: move `UnsafeDeserialization.qll` to standard library location
 2019-11-11 10:44:52 +01:00
Sauyon Lee
0040c9fb4c Update links to OWASP cheat sheet 2019-11-06 20:21:47 -08:00
Robin Neatherway
7850d67a78 Remove TODO comment 
I've checked Hamcrest versions 1.3, 2.0, 2.1 and 2.2
 2019-11-06 17:47:02 +00:00
yh-semmle
e8a65101bc Java 13: add db stats for @yieldstmt 2019-11-02 16:09:32 -04:00