hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,161 Commits 1,672 Branches 157 Tags
codeql-cli-2.23.6
Commit Graph

13974 Commits

Author SHA1 Message Date
Artem Smotrakov
df60268023 Split qhelp files 2021-03-10 10:49:47 +03:00
luchua-bc
48975fa7d2 Replace sanitizers 2021-03-10 00:17:26 +00:00
Chris Smowton
fa51af5be1 NBSP -> original-flavour space 2021-03-09 15:40:45 +00:00
Chris Smowton
189b2215c5 Remove useless value from inline test expectations 2021-03-09 15:11:39 +00:00
Chris Smowton
e8f81c4f30 Improve change note 2021-03-09 15:11:13 +00:00
Chris Smowton
074d73e325 Add change note 2021-03-09 15:11:13 +00:00
Chris Smowton
9163893879 Add models for Commons-Lang's RegExUtils class 2021-03-09 15:11:13 +00:00
Tom Hvitved
fe6efde449 Address review comments 2021-03-09 14:30:12 +01:00
Taus
19b74e6e01 Merge pull request #5367 from tausbn/mergeback-rc/3.1-to-main 
Merge rc/3.1 into main
 2021-03-09 12:46:24 +01:00
Tamas Vajk
5480a31b68 Java: Remove MultipartFile.getSize/isEmpty from remote flow sources 2021-03-09 12:23:47 +01:00
Tamas Vajk
0d405c293a Java: Convert PlayRequestGetMethod to CSV based flow source 2021-03-09 12:20:35 +01:00
Joe Farebrother
7a4ce83169 Merge pull request #5310 from joefarebrother/guava-io 
Java: Add modelling for Guava IO utilities
 2021-03-09 11:19:44 +00:00
Joe Farebrother
bd4a414abd Remove CSV data from query 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-03-09 10:50:15 +00:00
Tamas Vajk
e0b1a86038 Java: Convert WebSocketMessageParameterSource to CSV based flow source 2021-03-09 11:49:59 +01:00
Tamas Vajk
193458eb3d Java: Convert SpringRestTemplateResponseEntityMethod to CSV based flow source 2021-03-09 11:49:59 +01:00
Tamas Vajk
e0c51b510f Java: Convert WebViewGetUrlMethod to CSV based flow source 2021-03-09 11:42:40 +01:00
Tamas Vajk
8ba820cae1 Java: Convert android XML get* methods to CSV based flow source 2021-03-09 11:42:13 +01:00
Tamas Vajk
09b0d824b4 Java: Convert org.apache.http.Http*.get* methods to CSV based flow source 2021-03-09 11:41:33 +01:00
Tamas Vajk
3c8ac5c789 Java: Convert Cookie.get* methods to CSV based flow source 2021-03-09 11:41:33 +01:00
Tamas Vajk
86cf143029 Java: Convert ServletRequestGetBodyMethod to CSV based flow source 2021-03-09 11:41:32 +01:00
Tamas Vajk
b05a9043b5 Java: Convert SpringWebRequestGetMethod to CSV based flow source 2021-03-09 11:41:32 +01:00
Tamas Vajk
09bcf878f7 Java: Convert HttpServletRequest.get* methods to CSV based flow source 2021-03-09 11:40:59 +01:00
Tamas Vajk
f2448cc921 Java: Convert SpringMultipartFileSource to CSV based flow source 2021-03-09 11:40:18 +01:00
Tamas Vajk
80b4d63d4b Java: Convert SpringMultipartRequestSource to CSV based flow source 2021-03-09 11:39:47 +01:00
Tamas Vajk
06fdd64dab Java: Remove already modelled BeanValidationSource 2021-03-09 11:35:42 +01:00
Tamas Vajk
3dfc236bbe Java: Remove already modelled RemoteTaintedMethods 2021-03-09 11:35:42 +01:00
Taus Brock-Nannestad
3d0d280972 Merge remote-tracking branch 'upstream/rc/3.1' into mergeback-rc/3.1-to-main 2021-03-08 22:15:10 +01:00
Artem Smotrakov
a78f2115f2 Split SpringExporterUnsafeDeserialization.ql 2021-03-09 00:06:38 +03:00
Chris Smowton
f9f143d62c Merge pull request #5347 from Marcono1234/marcono1234/simplify-tests 
Java: Simplify tests using InlineExpectationsTest
 2021-03-08 14:47:28 +00:00
Joe Farebrother
ed228cbcef Add sinks for URL Open Stream query 2021-03-08 14:07:53 +00:00
Anders Schack-Mulligen
e63f81171c Merge pull request #5349 from p0wn4j/fix-nashorn-engine-1 
Java: Fix NashornScriptEngine detection in ScriptEngine query
 2021-03-08 13:23:36 +01:00
Chris Smowton
6cf15f49bb Replace hasTaintFlow=y with hasTaintFlow everywhere 2021-03-08 11:57:35 +00:00
Marcono1234
b7353f0bb0 Java: Simplify tests using InlineExpectationsTest 2021-03-08 11:49:52 +00:00
Chris Smowton
790fb7829a Improve comment and change-note accuracy 2021-03-08 11:00:05 +00:00
Chris Smowton
4a4f4b01a1 Add support for java.util.concurrent.ThreadLocalRandom 2021-03-08 10:59:53 +00:00
Rasmus Lerchedahl Petersen
cc9a938054 InlineExpectationTest: clarify the nedd for an 
empty `.expected` file
 2021-03-08 09:18:47 +01:00
luchua-bc
0ef3eee4ed Revamp the source and the sink of the query 2021-03-06 22:41:54 +00:00
Artem Smotrakov
891b975899 Use correct file names in SpringExporterUnsafeDeserialization.qhelp 2021-03-06 22:07:43 +01:00
Artem Smotrakov
bda223771b Added another example for SpringExporterUnsafeDeserialization.ql 2021-03-06 22:05:00 +01:00
Artem Smotrakov
82cb4a8d68 Renamed SpringHttpInvokerUnsafeDeserialization.ql 2021-03-06 21:48:35 +01:00
Artem Smotrakov
dcabce679a Cover beans from XML configs in SpringHttpInvokerUnsafeDeserialization.ql 2021-03-06 21:40:35 +01:00
p0wn4j
6841f5f7c4 Java: Add NashornScriptEngine detection in ScriptEngine query 
Java: Add NashornScriptEngine detection in ScriptEngine query

Java: Add NashornScriptEngine detection in ScriptEngine query

Java: Add NashornScriptEngine detection in ScriptEngine query
 2021-03-06 16:19:07 +04:00
luchua-bc
31eaa80f5b Revamp the source 2021-03-06 00:56:15 +00:00
Anders Schack-Mulligen
cf4f55d9ab Merge pull request #5223 from smowton/smowton/feature/backward-dataflow-for-modelled-fluent-methods 
Java: Add backward dataflow edges through modelled function invocations
 2021-03-05 15:11:43 +01:00
Tom Hvitved
6e5af1a9f8 Data flow: Sync files 2021-03-05 14:56:40 +01:00
Chris Smowton
012058a866 Apply review suggestions: use ArgumentNode.argumentOf, and change more uses of ValuePreservingCallable -> ValuePreservingMethod 2021-03-05 13:34:13 +00:00
Chris Smowton
eed357dc93 ValuePreservingCallable -> ValuePreservingMethod 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-03-05 13:28:35 +00:00
Chris Smowton
a37b98ca27 Value-preserving methods: handle generics in DataFlowUtil.qll 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-03-05 13:15:06 +00:00
Chris Smowton
ca86925a45 Update java/ql/src/semmle/code/java/dataflow/FlowSteps.qll 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-03-05 13:02:19 +00:00
Chris Smowton
45f3365d06 Apply suggestions from code review 
Note value-preserving functions can't be constructors

Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-03-05 12:52:38 +00:00