13974 Commits

Author	SHA1	Message	Date
Tom Hvitved	15ee1e37b9	Java: Follow-up changes	2020-02-04 14:09:12 +01:00
Tom Hvitved	c591719df2	Data flow: Sync files	2020-02-04 14:09:12 +01:00
Anders Schack-Mulligen	2b1723dd88	Java: Move some taint tests.	2020-02-04 13:21:31 +01:00
Anders Schack-Mulligen	3b81c3b95c	Merge pull request #2651 from ggolawski/java-ldap-injection ... Java LDAP Injection (CWE-90)	2020-01-31 16:43:52 +01:00
Anders Schack-Mulligen	18a8c2b220	Java: Add qlpack.yml in upgrades.	2020-01-31 11:39:46 +01:00
yo-h	7ca7bdfc46	Merge pull request #2725 from aschackmull/java/sqlinjection-number-barrier ... Java: Add java.lang.Number as a sanitizer for SQL injection.	2020-01-30 18:25:24 -05:00
yo-h	b542b08c95	Merge pull request #2726 from aschackmull/java/outputstream-write-taint ... Java: Improve taint for OutputStream.write and InputStream.read.	2020-01-30 18:24:00 -05:00
yo-h	563be9f817	Merge pull request #2719 from aschackmull/java/deprecate-parexpr ... Java: Deprecate ParExpr	2020-01-30 18:23:13 -05:00
Grzegorz Golawski	3fd8d9eb5c	Rename CWE-90 into CWE-090	2020-01-30 22:33:20 +01:00
Grzegorz Golawski	db55ec250a	Rename CWE-90 to CWE-090	2020-01-30 22:32:36 +01:00
ggolawski	d065ebddde	Merge pull request #3 from aschackmull/java/pr-2651-unittest ... Java: Add unit test for ldap injection.	2020-01-30 22:23:20 +01:00
Anders Schack-Mulligen	2a0a568cbb	Java: Remove duplicate class.	2020-01-30 17:04:35 +01:00
yo-h	dd517a433a	Merge pull request #2671 from aschackmull/java/null-flow ... Java: Allow null literals as sources in data flow.	2020-01-30 09:47:46 -05:00
Anders Schack-Mulligen	9bea581a23	Java: Improve taint for OutputStream.write and InputStream.read.	2020-01-30 14:29:56 +01:00
Anders Schack-Mulligen	a167577551	Java: Add java.lang.Number as a sanitizer for SQL injection.	2020-01-30 12:01:36 +01:00
Anders Schack-Mulligen	ea3d7b1b2f	Java: Adjust stubs and unit test.	2020-01-30 11:27:33 +01:00
Anders Schack-Mulligen	d8b842298c	Java: Autoformat.	2020-01-30 10:54:54 +01:00
Anders Schack-Mulligen	75c549baa1	Java: Deprecate ParExpr.	2020-01-30 10:52:16 +01:00
ggolawski	ebd2b932e8	Update java/ql/src/Security/CWE/CWE-90/LdapInjection.qhelp ... Co-Authored-By: Felicity Chapman <felicitymay@github.com>	2020-01-29 20:05:20 +01:00
Anders Schack-Mulligen	9b7a728609	Java: Autoformat.	2020-01-29 12:16:25 +01:00
Anders Schack-Mulligen	9391058363	Java: Add unit test for ldap injection.	2020-01-29 11:37:33 +01:00
Grzegorz Golawski	bbcfbd7a28	Apply suggestion from code review	2020-01-28 22:34:01 +01:00
yo-h	97069a7988	Merge pull request #2683 from aschackmull/java/lshift32 ... Java: Add new query for large left shifts and bugfix ConstantExpAppearsNonConstant.	2020-01-28 13:30:26 -05:00
Anders Schack-Mulligen	0b3c90b526	Java: Fix whitespace query.	2020-01-28 10:15:48 +01:00
Anders Schack-Mulligen	34e6679afd	Java: Add upgrade script.	2020-01-28 10:15:48 +01:00
Anders Schack-Mulligen	f8805ebb24	Java: Update 2 queries.	2020-01-28 10:15:48 +01:00
Anders Schack-Mulligen	4bd332ddca	Java: Add Expr.isParenthesized, adjust VarAccess.toString, and fix tests.	2020-01-28 10:15:48 +01:00
Anders Schack-Mulligen	597d8e7d94	Java: Update dbscheme for ParExpr removal.	2020-01-28 10:15:48 +01:00
Anders Schack-Mulligen	dc7e8ad2ff	Java: Reword help according to review comment.	2020-01-28 10:13:35 +01:00
Anders Schack-Mulligen	a99a6f79cd	Apply suggestions from code review ... Co-Authored-By: Felicity Chapman <felicitymay@github.com>	2020-01-28 10:13:35 +01:00
Anders Schack-Mulligen	4cb28d9b1d	Java: Add new query for large left shifts and bugfix ConstantExpAppearsNonConstant.	2020-01-28 10:13:34 +01:00
Grzegorz Golawski	7b2192d2e3	Apply suggestion from code review	2020-01-27 22:34:15 +01:00
ggolawski	408c49a61c	Apply suggestions from code review ... Co-Authored-By: Felicity Chapman <felicitymay@github.com>	2020-01-27 22:31:51 +01:00
Chris Gavin	484333b192	Java: Update help and description of java/suspicious-date-format.	2020-01-27 11:57:59 +00:00
Chris Gavin	0e8d435ca1	Java: Add a test for java/suspicious-date-format.	2020-01-27 11:57:59 +00:00
Chris Gavin	88146295f9	Java: Add a query for suspicious date format patterns.	2020-01-27 11:57:18 +00:00
Anders Schack-Mulligen	816a8d1f9e	Merge pull request #2586 from ggolawski/spring_disable_csrf ... Add check for disabled CSRF protection in Spring	2020-01-27 11:32:39 +01:00
Esben Sparre Andreasen	8deefd60a7	java: fixup whitespace/tabs in test	2020-01-24 11:01:38 +01:00
Esben Sparre Andreasen	57b3a55b48	java: sharpen java/maven/non-https-url to allow localhost URLs	2020-01-24 08:51:54 +01:00
Esben Sparre Andreasen	a5558809f4	java: add more tests for java/maven/non-https-url	2020-01-24 08:49:59 +01:00
Grzegorz Golawski	968c18d208	Query to detect LDAP injections in Java ... Refactoring according to review comments.	2020-01-23 22:51:10 +01:00
yo-h	eb6f8da080	Merge pull request #2679 from aschackmull/java/remove-depr-flow-fwd-back ... Java/C++/C#: Remove the deprecated hasFlowForward/hasFlowBackward.	2020-01-23 14:10:28 -05:00
yo-h	50320c7828	Merge pull request #2628 from aschackmull/java/no-adhoc-testclass ... Java: Replace ad-hoc TestClass detection.	2020-01-23 14:09:11 -05:00
Anders Schack-Mulligen	e7f7c7370a	Java/C++/C#: Remove the deprecated hasFlowForward/hasFlowBackward.	2020-01-23 14:05:18 +01:00
yo-h	9d70358ec4	Merge pull request #2640 from aschackmull/java/nullness-fp-tests ... Java: Document two FPs with unit tests.	2020-01-22 16:28:30 -05:00
yo-h	9a939534c7	Merge pull request #2670 from aschackmull/java/remove-parityanalysis ... Java: Remove the deprecated ParityAnalysis.	2020-01-22 16:22:34 -05:00
Grzegorz Golawski	bed6a9886f	Query to detect LDAP injections in Java ... Autoformat	2020-01-22 21:42:47 +01:00
Grzegorz Golawski	5596944926	Add check for disabled CSRF protection in Spring ... Fix help and correct formatting.	2020-01-22 21:27:34 +01:00
Anders Schack-Mulligen	b92203a87f	Java: Allow null literals as sources in data flow.	2020-01-22 12:04:42 +01:00
Anders Schack-Mulligen	cf004ac9d8	Java: Remove the deprecated ParityAnalysis.	2020-01-22 11:45:18 +01:00