hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,161 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.6
Commit Graph

13974 Commits

Author SHA1 Message Date
Max Schaefer
e5e94e3357 Data flow: Add module doc comment for TaintTrackingImpl.qll 
Modelled after the correponding comment for `DataFlowImpl.qll`.
 2020-03-30 10:35:47 +01:00
Anders Schack-Mulligen
b2769b42ed Merge pull request #3117 from adityasharad/java/jackson-taint-steps 
Java: Add taint steps through Jackson serialization methods.
 2020-03-30 10:34:56 +02:00
luchua-bc
000d894d99 Include Gradle Logging 2020-03-28 14:00:28 -04:00
luchua-bc
048a33e143 Remove user ids from the check since they get logged a lot and are less sensitive 2020-03-27 19:40:00 -04:00
Robert Brignull
90fad6f762 add code scanning suites 2020-03-27 17:03:23 +00:00
Peter Stöckli
c6688eb349 Fix OpenStream documentation 2020-03-27 17:08:49 +01:00
Peter Stöckli
3de00443ff Review feeback for OpenStream 2020-03-27 17:06:58 +01:00
Peter Stöckli
5e62a6bebe Move CWE-036 directory to experimental 2020-03-27 15:10:15 +01:00
Peter Stöckli
74fc416a35 Merge branch 'master' into cwe-036 2020-03-27 14:54:41 +01:00
Mathias Vorreiter Pedersen
7890a322c8 C++/C#/Java: Sync identical files 2020-03-27 11:51:38 +01:00
yo-h
0f70da2258 Merge pull request #3105 from aschackmull/java/postupdate-jump 
Java: Fix missing jump step from PostUpdate to capture.
 2020-03-25 22:05:30 -04:00
yo-h
116c13eb18 Merge pull request #3106 from aschackmull/java/getstmtbody-type 
Java: Sharpen return type of LambdaExpr.getStmtBody().
 2020-03-24 19:20:57 -04:00
Aditya Sharad
a6e039b284 Java: Add tests for Jackson taint steps. 
Add stubs for jackson-databind-2.10.
Based on http://fasterxml.github.io/jackson-databind/javadoc/2.10.
Test taint through Jackson serialization APIs.
 2020-03-24 12:59:24 -07:00
Aditya Sharad
7de8b48692 Java: Add taint steps through Jackson serialization methods. 2020-03-24 12:59:14 -07:00
Anders Schack-Mulligen
75523e4eb8 Java: Fix directory structure in experimental. 2020-03-24 16:47:55 +01:00
Anders Schack-Mulligen
d8edae96df Java: Add test. 2020-03-24 15:24:17 +01:00
yo-h
d315864383 Merge pull request #3108 from aschackmull/java/finalizemethod 
Java: Fixup FinalizeMethod definition.
 2020-03-23 18:27:57 -04:00
Anders Schack-Mulligen
f29f0f418f Dataflow: Exclude flow param-param flow through with identical params. 2020-03-23 17:27:53 +01:00
Anders Schack-Mulligen
4bc0cb0d28 Java: Fixup FinalizeMethod definition. 2020-03-23 11:11:00 +01:00
Anders Schack-Mulligen
6d3717cff8 Java: Sharpen return type of LambdaExpr.getStmtBody(). 2020-03-23 10:27:36 +01:00
Anders Schack-Mulligen
c78906500d Java: Fix missing jump step from PostUpdate to capture. 2020-03-23 10:24:25 +01:00
Anders Schack-Mulligen
888c504f55 Merge pull request #2903 from hvitved/dataflow/performance 
Data flow: Refactoring + performance improvements
 2020-03-23 10:01:20 +01:00
yo-h
16f2957029 Merge pull request #3081 from aschackmull/java/urldecoder-step 
Java: Add URLDecoder.decode as taint step.
 2020-03-20 13:53:20 -04:00
luchua-bc
d9327705d2 Fix the issue of mixed tabs and spaces 2020-03-20 08:16:45 -04:00
luchua-bc
dfb42ecf42 Address sensitive info logging 2020-03-20 08:14:48 -04:00
Tom Hvitved
937924571c Data flow: Sync files 2020-03-18 18:16:27 +01:00
Tom Hvitved
3bd6429072 Data flow: Sync files 2020-03-18 13:28:26 +01:00
Anders Schack-Mulligen
396678fd55 Java: Add apache Base64 taint steps. 2020-03-18 10:54:40 +01:00
Tom Hvitved
2e8bd5ccba Data flow: Sync files 2020-03-17 15:16:12 +01:00
Anders Schack-Mulligen
9c9e302a73 Java: Add URLDecoder.decode as taint step. 2020-03-17 10:19:02 +01:00
Tom Hvitved
f935f5eaca Data flow: Sync files 2020-03-13 13:58:05 +01:00
Anders Schack-Mulligen
9fc75f1f92 Merge pull request #2850 from SpaceWhite/CWE-094 
ScriptEngine java code injection
 2020-03-13 13:43:09 +01:00
Anders Schack-Mulligen
2a2484ee0f Merge pull request #2800 from SpaceWhite/CWE-643 
CWE-643 XPathInjection on java
 2020-03-13 13:40:17 +01:00
Anders Schack-Mulligen
99c55b6edb Java: Add taint steps for java.util.Queue methods. 2020-03-12 15:02:06 +01:00
SpaceWhite
300aee39be nit: add dot to qhelp 2020-03-12 20:38:03 +09:00
SpaceWhite
bb1ea94c54 Nit: Fix qhelp and ql autoformat 2020-03-12 20:35:01 +09:00
SpaceWhite
822bfcd36c Nit: fix qhelp 2020-03-12 20:25:23 +09:00
Anders Schack-Mulligen
e1a0c2d846 Java: Add minor test case to typeflow qltest. 2020-03-11 13:13:19 +01:00
Anders Schack-Mulligen
a9d76cbe64 Dataflow: Add consistency checks for toString and location. 2020-03-11 10:29:48 +01:00
Tom Hvitved
bd6c23d165 Merge pull request #3020 from aschackmull/dataflow/type-pruning-bigstep 
Dataflow: Fix bug in type pruning.
 2020-03-10 14:21:21 +01:00
Anders Schack-Mulligen
e97c72cd5d Dataflow: Adjust imports. 2020-03-10 11:34:09 +01:00
Anders Schack-Mulligen
a2bbacf58d Java/C++/C#: Fix performance issue in partial paths exploration. 2020-03-09 11:30:59 +01:00
Anders Schack-Mulligen
4298a3a931 Java: Add test. 2020-03-09 11:16:59 +01:00
Anders Schack-Mulligen
f491fcd5ae Java/C++/C#: Sync. 2020-03-09 11:05:13 +01:00
Anders Schack-Mulligen
7a74634cfd Java/C++/C#: Simplify. 2020-03-09 11:04:28 +01:00
Anders Schack-Mulligen
cf84a53573 Java/C++/C#: Fix bug in type pruning. 2020-03-09 11:04:24 +01:00
SpaceWhite
5e912cbf8e Move directory to experimental 2020-03-07 11:55:32 +09:00
SpaceWhite
8cdc2bb268 Merge branch 'master' into CWE-094 2020-03-07 11:54:31 +09:00
SpaceWhite
b7af1645aa Move directory to experimental 2020-03-07 11:49:33 +09:00
SpaceWhite
2ec107bc2d Merge branch 'master' into CWE-643 2020-03-07 11:47:53 +09:00