5940 Commits

Author	SHA1	Message	Date
luchua-bc	eeac7e322a	Query to detect insecure configuration of Spring Boot Actuator	2021-03-11 13:46:32 +00:00
Artem Smotrakov	4b7c57c077	Added a comment for getBeanIdentifier() ... Co-authored-by: Chris Smowton <smowton@github.com>	2021-03-11 11:52:07 +01:00
Anders Schack-Mulligen	87e4dec86a	Merge pull request #5300 from tamasvajk/feature/external-remote-flow-sources ... Java: Convert remote flow sources to use new CSV format	2021-03-11 10:44:17 +01:00
Artem Smotrakov	0a5d58ed8a	Cover more configurations in UnsafeSpringExporterInConfigurationClass.ql	2021-03-10 21:15:19 +03:00
luchua-bc	a0a1ddee86	Update class name	2021-03-10 17:07:31 +00:00
Anders Schack-Mulligen	674886a17d	Dataflow: Sync.	2021-03-10 16:53:51 +01:00
Anders Schack-Mulligen	667dab28d4	Dataflow: Switch from unbind to pragma[only_bind_into].	2021-03-10 16:52:45 +01:00
Tom Hvitved	fc5158c41c	Merge pull request #5338 from hvitved/dataflow/performance-tweaks ... Data flow: Performance tweaks	2021-03-10 13:56:57 +01:00
luchua-bc	f0ddfc9283	Minor qldoc changes	2021-03-10 12:18:55 +00:00
luchua-bc	72f28513eb	Move test check to the sink	2021-03-10 12:12:27 +00:00
Anders Schack-Mulligen	4941d9b7bf	Java: Add query for CSV framework coverage.	2021-03-10 12:03:44 +01:00
Chris Smowton	410f21cd55	Fix comment describing two-arg nextInt/nextLong ... Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>	2021-03-10 08:43:37 +00:00
Artem Smotrakov	df60268023	Split qhelp files	2021-03-10 10:49:47 +03:00
luchua-bc	48975fa7d2	Replace sanitizers	2021-03-10 00:17:26 +00:00
Chris Smowton	fa51af5be1	NBSP -> original-flavour space	2021-03-09 15:40:45 +00:00
Chris Smowton	9163893879	Add models for Commons-Lang's RegExUtils class	2021-03-09 15:11:13 +00:00
Tom Hvitved	fe6efde449	Address review comments	2021-03-09 14:30:12 +01:00
Tamas Vajk	5480a31b68	Java: Remove MultipartFile.getSize/isEmpty from remote flow sources	2021-03-09 12:23:47 +01:00
Tamas Vajk	0d405c293a	Java: Convert PlayRequestGetMethod to CSV based flow source	2021-03-09 12:20:35 +01:00
Joe Farebrother	7a4ce83169	Merge pull request #5310 from joefarebrother/guava-io ... Java: Add modelling for Guava IO utilities	2021-03-09 11:19:44 +00:00
Joe Farebrother	bd4a414abd	Remove CSV data from query ... Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2021-03-09 10:50:15 +00:00
Tamas Vajk	e0b1a86038	Java: Convert WebSocketMessageParameterSource to CSV based flow source	2021-03-09 11:49:59 +01:00
Tamas Vajk	193458eb3d	Java: Convert SpringRestTemplateResponseEntityMethod to CSV based flow source	2021-03-09 11:49:59 +01:00
Tamas Vajk	e0c51b510f	Java: Convert WebViewGetUrlMethod to CSV based flow source	2021-03-09 11:42:40 +01:00
Tamas Vajk	8ba820cae1	Java: Convert android XML get* methods to CSV based flow source	2021-03-09 11:42:13 +01:00
Tamas Vajk	09b0d824b4	Java: Convert org.apache.http.Http*.get* methods to CSV based flow source	2021-03-09 11:41:33 +01:00
Tamas Vajk	3c8ac5c789	Java: Convert Cookie.get* methods to CSV based flow source	2021-03-09 11:41:33 +01:00
Tamas Vajk	86cf143029	Java: Convert ServletRequestGetBodyMethod to CSV based flow source	2021-03-09 11:41:32 +01:00
Tamas Vajk	b05a9043b5	Java: Convert SpringWebRequestGetMethod to CSV based flow source	2021-03-09 11:41:32 +01:00
Tamas Vajk	09bcf878f7	Java: Convert HttpServletRequest.get* methods to CSV based flow source	2021-03-09 11:40:59 +01:00
Tamas Vajk	f2448cc921	Java: Convert SpringMultipartFileSource to CSV based flow source	2021-03-09 11:40:18 +01:00
Tamas Vajk	80b4d63d4b	Java: Convert SpringMultipartRequestSource to CSV based flow source	2021-03-09 11:39:47 +01:00
Tamas Vajk	06fdd64dab	Java: Remove already modelled BeanValidationSource	2021-03-09 11:35:42 +01:00
Tamas Vajk	3dfc236bbe	Java: Remove already modelled RemoteTaintedMethods	2021-03-09 11:35:42 +01:00
Artem Smotrakov	a78f2115f2	Split SpringExporterUnsafeDeserialization.ql	2021-03-09 00:06:38 +03:00
Joe Farebrother	ed228cbcef	Add sinks for URL Open Stream query	2021-03-08 14:07:53 +00:00
Chris Smowton	790fb7829a	Improve comment and change-note accuracy	2021-03-08 11:00:05 +00:00
Chris Smowton	4a4f4b01a1	Add support for java.util.concurrent.ThreadLocalRandom	2021-03-08 10:59:53 +00:00
luchua-bc	0ef3eee4ed	Revamp the source and the sink of the query	2021-03-06 22:41:54 +00:00
Artem Smotrakov	891b975899	Use correct file names in SpringExporterUnsafeDeserialization.qhelp	2021-03-06 22:07:43 +01:00
Artem Smotrakov	bda223771b	Added another example for SpringExporterUnsafeDeserialization.ql	2021-03-06 22:05:00 +01:00
Artem Smotrakov	82cb4a8d68	Renamed SpringHttpInvokerUnsafeDeserialization.ql	2021-03-06 21:48:35 +01:00
Artem Smotrakov	dcabce679a	Cover beans from XML configs in SpringHttpInvokerUnsafeDeserialization.ql	2021-03-06 21:40:35 +01:00
p0wn4j	6841f5f7c4	Java: Add NashornScriptEngine detection in ScriptEngine query ... Java: Add NashornScriptEngine detection in ScriptEngine query Java: Add NashornScriptEngine detection in ScriptEngine query Java: Add NashornScriptEngine detection in ScriptEngine query	2021-03-06 16:19:07 +04:00
luchua-bc	31eaa80f5b	Revamp the source	2021-03-06 00:56:15 +00:00
Anders Schack-Mulligen	cf4f55d9ab	Merge pull request #5223 from smowton/smowton/feature/backward-dataflow-for-modelled-fluent-methods ... Java: Add backward dataflow edges through modelled function invocations	2021-03-05 15:11:43 +01:00
Tom Hvitved	6e5af1a9f8	Data flow: Sync files	2021-03-05 14:56:40 +01:00
Chris Smowton	012058a866	Apply review suggestions: use ArgumentNode.argumentOf, and change more uses of ValuePreservingCallable -> ValuePreservingMethod	2021-03-05 13:34:13 +00:00
Chris Smowton	eed357dc93	ValuePreservingCallable -> ValuePreservingMethod ... Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2021-03-05 13:28:35 +00:00
Chris Smowton	a37b98ca27	Value-preserving methods: handle generics in DataFlowUtil.qll ... Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2021-03-05 13:15:06 +00:00