codeql

mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00

Author	SHA1	Message	Date
intrigus	4a00670b68	Java: Reduce long comment.	2021-06-25 16:47:24 +02:00
intrigus	45cec3df1c	Java: Use `this` consistently in QL classes.	2021-06-25 16:47:24 +02:00
intrigus	0c1ce74135	Java: Switch from tabs to spaces.	2021-06-25 16:47:24 +02:00
intrigus	6d09db6fd6	Java: Explicitly list custom flow steps.	2021-06-25 16:47:23 +02:00
intrigus	e4775e0fae	Java: Remove "intention-guessing" sanitizer & simplify. This removes the sanitizer part that classified some results as FP if the results were in methods with certain names, like `disableVerification()`. I now think that it's a bad idea to filter based on the method name. The custom flow steps in `flagFlowStep` are now listed explicitly. Simplified check whether a method throws an exception.	2021-06-25 16:47:23 +02:00
intrigus	8a7f6b72e9	Java: Apply suggestions for QHelp	2021-06-25 16:47:23 +02:00
intrigus	d37d922e8f	Java: Fix Typos	2021-06-25 16:47:22 +02:00
intrigus-lgtm	030c286902	Java: Use machine-in-the-middle consistently	2021-06-25 16:47:22 +02:00
intrigus-lgtm	f52e438f3e	Java: Apply suggestions from code review Co-authored-by: Chris Smowton <smowton@github.com>	2021-06-25 16:47:22 +02:00
intrigus	1b96d0ac54	Java: Remove overlapping code	2021-06-25 16:47:22 +02:00
intrigus	87554a78d4	Java: Add insecure trust manager query.	2021-06-25 16:47:22 +02:00
Timo Mueller	b969b9b5e7	Merge branch 'insecureJmxRmiServerEnvironment' of github.com:mogwailabs/codeql into insecureJmxRmiServerEnvironment	2021-06-25 16:11:47 +02:00
Timo Mueller	72ef4983db	Fixed wrong match for symbolic constant	2021-06-25 16:11:37 +02:00
Timo Müller	328b69f46c	Update java/ql/src/experimental/Security/CWE/CWE-665/InsecureRmiJmxEnvironmentConfiguration.ql	2021-06-25 16:10:20 +02:00
Owen Mansel-Chan	bad32716e8	Import Apache Collections models in ExternalFlow	2021-06-25 14:51:09 +01:00
Timo Mueller	5aeeb3a801	Fixed and validated qhelp	2021-06-25 15:37:47 +02:00
Owen Mansel-Chan	eb469c0811	Duplicate models for old package name The package name was org.apache.commons.collection until release 4.0.	2021-06-25 11:17:09 +01:00
Owen Mansel-Chan	224fd343f3	Fix models (addressing PR review comments)	2021-06-25 11:17:03 +01:00
Owen Mansel-Chan	e78d56e7e9	Model MapUtils class and keyvalue package	2021-06-25 11:17:02 +01:00
Owen Mansel-Chan	213f5d6a37	Model and use isEmpty from Apache Collections	2021-06-25 11:17:01 +01:00
Owen Mansel-Chan	492f6ebc7c	Model isNotEmpty from Apache Commons Collections	2021-06-25 11:17:00 +01:00
Anders Schack-Mulligen	2d24387e9e	Merge pull request #6149 from edoardopirovano/fix-java-regression Performance: Fix bad join order in Java dataflow library	2021-06-25 10:42:05 +02:00
Timo Müller	d0478eac95	XML validation and spelling/ordering changes * XML validation and summary changes in qhelp file ; * Encode entities within <code> snippet * Updated minor descriptions and examples * Implemented spelling review	2021-06-25 09:45:46 +02:00
Chris Smowton	2acb4de2cb	Merge pull request #5955 from haby0/java/JShellCodeInjection Java: JShell Injection	2021-06-24 17:03:30 +01:00
Anders Schack-Mulligen	95ad8b55fe	Merge pull request #6107 from aschackmull/dataflow/implicit-reads Dataflow: Add support for implicit reads	2021-06-24 15:38:35 +02:00
Anders Schack-Mulligen	cd0efbe7ce	Dataflow: Sync.	2021-06-24 14:19:17 +02:00
Anders Schack-Mulligen	1c1d11a4a4	DataFlow: Address review comments.	2021-06-24 14:18:45 +02:00
Anders Schack-Mulligen	1e511c0a9e	Merge pull request #6137 from smowton/smowton/feature/java-util-optional Java: Model java.util.Optional	2021-06-24 13:21:36 +02:00
Edoardo Pirovano	0909c9ff22	Performance: Fix bad join order in dataflow library	2021-06-24 08:24:17 +01:00
yo-h	ffdc752720	Merge pull request #6059 from smowton/smowton/fix/qualified-name-generic-types Adapt to static methods and nested types returning unbound declaring types	2021-06-23 14:45:51 -04:00
Chris Smowton	74feaf2893	Adapt to static methods and nested types returning unbound declaring types Previously these returned raw declaring types instead	2021-06-23 16:03:18 +01:00
Chris Smowton	b34448af87	{Generic,Parameterized,Raw}Type: implement getAPrimaryQlClass An aid to debugging	2021-06-23 15:58:31 +01:00
Anders Schack-Mulligen	6374914053	Java: Fix bad magic.	2021-06-23 14:39:18 +02:00
Artem Smotrakov	0dfb869c5b	Apply suggestions from code review Co-authored-by: Chris Smowton <smowton@github.com>	2021-06-23 13:23:54 +02:00
Artem Smotrakov	14e724bce6	Added sinks for RmiBasedExporter and HessianExporter	2021-06-23 09:53:47 +02:00
Chris Smowton	9fd1606238	Model java.util.Optional	2021-06-22 21:17:22 +01:00
Anders Schack-Mulligen	38fc8a750c	Java: Improve test and fix a few missing cases.	2021-06-22 11:16:02 +02:00
Anders Schack-Mulligen	27c973e157	Java: Fix some qltests.	2021-06-21 16:08:52 +02:00
Anders Schack-Mulligen	d383c0f69b	Java: Remove temporary store-as-taint.	2021-06-21 14:42:47 +02:00
Anders Schack-Mulligen	65ac8be5ac	Java: Add defaultImplicitTaintRead and sync.	2021-06-21 14:42:47 +02:00
Anders Schack-Mulligen	aa82d0b815	Java: Make Content public as DataFlow::Content.	2021-06-21 14:42:47 +02:00
Anders Schack-Mulligen	80880320d5	Dataflow: Sync.	2021-06-21 14:42:47 +02:00
Anders Schack-Mulligen	b7ac329ba1	DataFlow: Add support for configuration-specific implicit reads.	2021-06-21 14:41:19 +02:00
Anders Schack-Mulligen	9110dfaeb3	Merge pull request #6095 from hvitved/dataflow/local-cc-join Data flow: Fix `getLocalCallContext` join-order	2021-06-21 12:53:38 +02:00
haby0	2b77f7d1bc	Modify isAdditionalTaintStep	2021-06-18 21:36:44 +08:00
haby0	a71757f0f4	Update java/ql/src/experimental/Security/CWE/CWE-094/JShellInjection.qhelp Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>	2021-06-18 21:36:44 +08:00
haby0	bfe0d40987	using isAdditionalTaintStep	2021-06-18 21:36:44 +08:00
haby0	3a2a99e289	Fix 1	2021-06-18 21:36:44 +08:00
haby0	ed0aabef46	add isAdditionalTaintStep	2021-06-18 21:36:44 +08:00
haby0	921b8e80a2	Jshell Injection	2021-06-18 21:36:44 +08:00

... 71 72 73 74 75 ...

5917 Commits