hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,161 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.6
Commit Graph

4325 Commits

Author SHA1 Message Date
Artem Smotrakov
34b6ed0a05 Removed commented code from JexlUberspect 2021-02-24 22:31:03 +01:00
haby0
6fe8bafc7d *)update 2021-02-24 20:59:51 +08:00
haby0
872a000a33 *)update to JSONP injection 2021-02-24 20:36:12 +08:00
Anders Schack-Mulligen
add960bc4d Merge pull request #4880 from luchua-bc/java/sensitive-query-with-get 
Java: Sensitive GET Query
 2021-02-24 11:08:47 +01:00
yo-h
1d654febfd Merge pull request #5195 from aschackmull/java/cwe-548-test 
Java: Add empty file to test.
 2021-02-23 21:12:40 -05:00
Joe Farebrother
e13c779f0f Add additional unit tests 2021-02-23 16:17:13 +00:00
Joe Farebrother
a3b8d4ab2d Switch to inline test expectations; fix failing test outputs 2021-02-23 14:26:12 +00:00
Joe Farebrother
7b5961769a Add unit tests for version 5.x 2021-02-23 14:26:12 +00:00
Joe Farebrother
cf58a90d74 Add unit tests for utility methods 2021-02-23 14:26:12 +00:00
Joe Farebrother
5bba7f6df7 Add unit tests 2021-02-23 14:26:11 +00:00
Anders Schack-Mulligen
b1bed2731d Merge pull request #5172 from smowton/smowton/feature/commons-strbuilder 
Java: Add support for commons-lang's StrBuilder class
 2021-02-23 14:39:11 +01:00
yo-h
6213c20bc3 Merge pull request #5136 from aschackmull/java/csv-models 
Java: Add support for framework modelling through csv data.
 2021-02-22 19:00:41 -05:00
Jonathan Leitschuh
ad99aa2d76 Fix typo in test output 2021-02-22 13:26:51 -05:00
luchua-bc
40df01d2cd Update qldoc and method name 2021-02-22 14:15:41 +00:00
Francis Alexander
45bdb22db8 Switch from sanitizer to tainttracking, formatting and qldoc changes 2021-02-21 16:45:48 +05:30
Artem Smotrakov
43a07bb13a Better sink in SandboxedJexlFlowConfig 2021-02-20 11:17:51 +01:00
luchua-bc
3d9ac0d094 Add query for enterprise beans 2021-02-20 02:00:42 +00:00
Chris Smowton
321df82851 Apply review feedback: comment style, bracketing, and use proper MISSING test annotations 2021-02-18 14:56:52 +00:00
Anders Schack-Mulligen
954e0b9496 Java: Add empty file to test. 2021-02-18 13:10:29 +01:00
Anders Schack-Mulligen
6f583baa90 Java: More documentation and support for field writes. 2021-02-18 11:18:31 +01:00
haby0
8119fd2ad1 *)add JsonHijacking ql query 2021-02-18 18:11:10 +08:00
Francis Alexander
40f4e71b86 Merge branch 'main' into cwe-346 2021-02-17 18:55:31 +05:30
Anders Schack-Mulligen
862c41632e Java: Add empty file to test. 2021-02-17 13:23:18 +01:00
Chris Smowton
c700d004e0 Commons Lang/Text StrBuilder: propagate taint from constructors 2021-02-17 09:51:28 +00:00
Chris Smowton
10112c50ab Add support for StrBuilder and TextStringBuilder in commons-text 
These are identical to the current deprecated StrBuilder in commons-lang3.
 2021-02-17 09:36:28 +00:00
Chris Smowton
a63f18e49d Add models for Commons-Lang's StrBuilder class. These exclude its fluent methods for the time being, which will be added in a forthcoming PR. 2021-02-17 09:36:20 +00:00
Chris Smowton
a2eeffa9c0 Add support for Apache Commons Lang StringUtils 2021-02-16 14:48:39 +00:00
Chris Smowton
bf03c0f419 Port InlineExpectationsTest for the Java analysis 2021-02-16 14:48:39 +00:00
Anders Schack-Mulligen
6eafa9d396 Merge pull request #5133 from pwntester/fix_SnakeYaml 
Remove sanitizing condition which does not prevent vulnerability.
 2021-02-16 12:58:47 +01:00
haby0
2c96e6cf96 Merge remote-tracking branch 'upstream/main' into main 2021-02-16 17:54:01 +08:00
luchua-bc
5ce3af0591 Enhance the query and update qldoc 2021-02-15 21:38:54 +00:00
Francis Alexander
dae6771a19 test file name changes 2021-02-15 23:17:08 +05:30
Francis Alexander
c45be91d6f more filename changes 2021-02-15 23:09:11 +05:30
Francis Alexander
0004efc2ac filename changes 2021-02-15 22:43:39 +05:30
Francis Alexander
f32c77c266 Qldoc and formatting changes 2021-02-15 22:35:58 +05:30
luchua-bc
2f17943abc Update qldoc 2021-02-15 16:58:09 +00:00
Jonathan Leitschuh
d82e8216ed Merge branch 'main' into feat/JLL/depricated_bintray_usage 2021-02-15 10:48:28 -05:00
Alvaro Muñoz
00a0b12dad update expected results 2021-02-15 11:23:40 +01:00
Alvaro Muñoz
c7072aef16 update A.java test 2021-02-15 10:34:20 +01:00
Anders Schack-Mulligen
161e756c4b Merge pull request #5141 from github/yo-h/java-flow-check-fix 
Java: prepare to enforce additional compiler checks in test code
 2021-02-15 09:41:03 +01:00
luchua-bc
23f620d255 Query to detect insecure LDAP endpoint configuration 2021-02-15 05:31:29 +00:00
yo-h
1d007b6e72 Java: delete two test cases as per code review 2021-02-14 21:42:58 -05:00
luchua-bc
6a6727fc80 Reduce the scope of the query to reduce FPs 2021-02-14 15:01:06 +00:00
Chris Smowton
97df60f9d6 Move misplaced experimental query into the conventional directory 2021-02-12 12:12:16 +00:00
haby0
22e741c7a3 *)add XQExpression.executeCommand(0) sink 2021-02-12 11:17:42 +08:00
Artem Smotrakov
042c0b005e Covered sandboxes for JEXL 2 
- Updated SandboxedJexlFlowConfig to cover JEXL 2
- Added SandboxedJexl2 test
 2021-02-11 22:57:26 +01:00
Artem Smotrakov
7543df60da Callable.call() should not be a sink in JexlInjection.ql 2021-02-11 20:37:23 +01:00
haby0
a6a0fa28c4 *)add XQExpression.executeQuery(0) sink 2021-02-11 16:05:48 +08:00
Artem Smotrakov
af0f361ac8 Updated JexlInjection.ql to check for sandboxes 
- Added a dataflow config to track setting a sandbox
  on JexlBuilder
- Added SandboxedJexl3.java test
 2021-02-10 22:19:45 +01:00
Anders Schack-Mulligen
b74911204a Merge pull request #4945 from intrigus-lgtm/java/insecure-jxbrowser 
Java: Insecure JXBrowser
 2021-02-10 15:48:17 +01:00