hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,161 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.6
Commit Graph

13974 Commits

Author SHA1 Message Date
Bt2018
632cb8b666 Simplify CredentialExpr as the AddExpr step is included by TaintTracking::localTaintStep(node1, node2) 2020-05-13 07:55:32 -04:00
Bt2018
d9cc3c6f8d Add a comment for reasoning in why debug and trace are included and other variations are excluded 2020-05-13 07:46:44 -04:00
Anders Schack-Mulligen
f5e491caf0 Merge pull request #3448 from yo-h/java-qldoc-add 
Java: improve QLDoc completeness
 2020-05-13 08:26:02 +02:00
Bt2018
ffd442a17a Fine tuning criteria 
1. Change the regex pattern from variable contains "url" to variable starts with "url"
2. Add the logging trace method to sink
 2020-05-12 23:24:55 -04:00
Bt2018
491b67e658 Change string concatenation in the source to TaintTracking::Configuration 2020-05-12 22:57:07 -04:00
Bt2018
106c181ab1 Formatting with auto-format 2020-05-12 15:53:29 -04:00
yo-h
a884538238 Update java/ql/src/semmle/code/java/frameworks/javaee/ejb/EJBRestrictions.qll 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2020-05-12 14:14:26 -04:00
yo-h
facd429d0a Update java/ql/src/semmle/code/java/frameworks/javaee/ejb/EJBJarXML.qll 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2020-05-12 14:14:14 -04:00
Bt2018
d75841d6a7 Add sample usage and remove unused imports 2020-05-12 13:42:17 -04:00
jcreedcmu
3c233c762c Merge pull request #3431 from jcreedcmu/jcreed/jump-to-def-langs 
Java, Javascript, Csharp: Add jump-to-definition queries
 2020-05-12 10:54:11 -04:00
yo-h
1d55dffb98 Java: add missing QLDoc for J2ObjC.qll 2020-05-11 20:01:48 -04:00
yo-h
c55d01318c Java: add missing QLDoc for JavaServerFaces.qll and JSFAnnotations.qll 2020-05-11 20:01:48 -04:00
yo-h
53ccbeed6d Java: add missing QLDoc for JavadocCommon.qll 2020-05-11 20:01:47 -04:00
yo-h
e33ebdc803 Java: add missing QLDoc for NamingConventionsCommon.qll 2020-05-11 20:01:47 -04:00
yo-h
0e1ca44dfd Java: add missing QLDoc for UnusedMavenDependencies.qll 2020-05-11 20:01:46 -04:00
yo-h
1c9c87241f Java: add missing QLDoc for JdkInternals*.qll 2020-05-11 20:01:46 -04:00
yo-h
20a8438109 Java: add missing QLDoc for default.qll 2020-05-11 20:01:46 -04:00
yo-h
6c8a016ca6 Java: add missing QLDoc for JacksonSerializability.qll 2020-05-11 20:01:45 -04:00
yo-h
45b502a82f Java: add missing QLDoc for GWT.qll, GwtUiBinder.qll, GwtXml.qll 2020-05-11 20:01:45 -04:00
yo-h
0d8d5773b7 Java: add missing QLDoc for Clover.qll 2020-05-11 20:01:44 -04:00
yo-h
6e64f3dd05 Java: add missing QLDoc for JavaxAnnotations.qll 2020-05-11 20:01:44 -04:00
yo-h
537c657b19 Java: add missing QLDoc for EJBRestrictions.qll 2020-05-11 20:01:44 -04:00
yo-h
4594b51dfc Java: add missing QLDoc for EJB.qll 2020-05-11 20:01:43 -04:00
yo-h
3a82090087 Java: add missing QLDoc for EJBJarXML.qll 2020-05-11 20:01:42 -04:00
yo-h
8fe093c854 Java: add missing QLDoc for PersistenceXML.qll 2020-05-11 20:01:42 -04:00
yo-h
5b962c1add Java: add missing QLDoc for Persistence.qll 2020-05-11 20:01:42 -04:00
Jason Reed
66da91fe59 Java, Javascript, Csharp: Restrict definitions predicates 
Only expose definition-use relation itself, and getEncodedFile.
 2020-05-11 15:14:16 -04:00
Dave Bartolomeo
b39d4bc4bd Java: Rename sanity -> consistency 2020-05-11 13:37:01 -04:00
Artem Smotrakov
bab6f3788e Java: Added a query for unsafe TLS versions 
- Added experimental/Security/CWE/CWE-327/UnsafeTlsVersion.ql
- Added SslLib.qll
- Added a qhelp file with examples
- Added tests in java/ql/test/experimental/Security/CWE/CWE-327
 2020-05-10 19:14:52 +02:00
Grzegorz Golawski
a16295ebc0 Fix typos 2020-05-08 20:13:50 +02:00
yo-h
c54f8d8128 Merge pull request #3383 from aschackmull/java/printast 
Java: Library for pretty-printing AST in linear time.
 2020-05-08 13:01:39 -04:00
Grzegorz Golawski
afea9330b7 Fix the case where user-controlled input is passed as URL to env Hashtable 2020-05-08 00:44:22 +02:00
Grzegorz Golawski
df9921f870 Update according to the review comments 2020-05-07 23:19:13 +02:00
Jason Reed
01eeebc068 Java: Refactor definitions query, add queries for ide search 
This enables jump-to-definition and find-references in the VS Code
extension, for Java source archives.
 2020-05-07 12:44:36 -04:00
Anders Schack-Mulligen
2561ba82db Merge pull request #3215 from aibaars/validating-object-input 
Java: teach UnsafeDeserialization about ValidatingObjectInputStream
 2020-05-07 14:57:50 +02:00
Anders Schack-Mulligen
f7410739d9 Java: Fix bug in qldoc. 2020-05-06 14:06:49 +02:00
Anders Schack-Mulligen
8c5e89c160 Java: Add PrintAst. 2020-05-06 14:06:40 +02:00
Arthur Baars
39e652b26b Java: teach UnsafeDeserialization about ValidatingObjectInputStream 
The class org.apache.commons.io.serialization.ValidatingObjectInputStream
is an implementation of ObjectInputStream that validates the deserialized
classes against a white list. Therefore, this class should not be considered an
unsafe deserialization sink.
 2020-05-06 12:15:30 +02:00
Arthur Baars
797721cd31 Test 2020-05-06 12:15:27 +02:00
Anders Schack-Mulligen
3b3ca6d41e Merge pull request #3214 from aibaars/base64 
Java: Add org.apache.commons.codec.(De|En)coder to TaintTrackingUtil
 2020-05-06 09:21:18 +02:00
Jonas Jensen
63f04afa8d Merge pull request #3312 from hvitved/dataflow/impl-no-postupdate 
Data flow: Support stores into nodes that are not `PostUpdateNode`s
 2020-05-06 09:09:31 +02:00
Anders Schack-Mulligen
11ffcc4378 Merge pull request #2912 from Mithrilwoodrat/master 
Add check for disabled HTTPOnly setting in Tomcat
 2020-05-05 14:39:32 +02:00
Tom Hvitved
e95cc24b3f Data flow: Support stores into nodes that are not PostUpdateNodes 2020-05-05 14:01:04 +02:00
Anders Schack-Mulligen
b7458091a9 Merge pull request #3110 from hvitved/dataflow/no-more-summaries 
Data flow: No more flow summaries
 2020-05-05 13:27:07 +02:00
Geoffrey White
a70f534458 Sync identical files. 2020-05-05 09:18:05 +01:00
Bt2018
3b1dad84b3 The query help builder will interpret and automatically add the reference so this isn't needed here. And one typo is corrected. 2020-05-04 07:39:45 -04:00
Bt2018
5c803b70c5 The query help builder will interpret and automatically add this reference so this isn't needed here. 2020-05-04 07:05:15 -04:00
Bt2018
a6c9c5117f Update java/ql/src/experimental/CWE-532/SensitiveInfoLog.ql 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2020-05-04 06:58:34 -04:00
Bt2018
a2560656d5 Update java/ql/src/experimental/CWE-532/SensitiveInfoLog.qhelp 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2020-05-04 06:57:42 -04:00
Mithrilwoodrat
a7960c3385 Update java/ql/src/experimental/Security/CWE/CWE-1004/InsecureTomcatConfig.qhelp 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2020-05-04 17:48:41 +08:00