codeql

mirror of https://github.com/github/codeql.git synced 2025-12-19 02:13:17 +01:00

Author	SHA1	Message	Date
mc	8f1fc9e893	Update MvelInjection.qhelp Minor tweaks	2021-07-29 11:30:19 +01:00
Joe Farebrother	3b430d4925	Use getComponentType	2021-07-29 10:11:22 +01:00
Joe Farebrother	f7099f459f	Java: Test generator: use getComponentType	2021-07-29 10:08:45 +01:00
Artem Smotrakov	83a9b0ee28	Apply suggestions from code review Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2021-07-29 11:04:21 +02:00
mc	ebf004a4df	Update MissingJWTSignatureCheck.qhelp Using same syntax as on other queries for 'BAD' and 'GOOD'.	2021-07-29 09:13:00 +01:00
Benjamin Muskalla	b7b74b51a3	Track taint for String.valueOf(..)	2021-07-29 09:14:03 +02:00
Fosstars	893f84fbf4	Merge branch 'unsafe-jackson-deserialization' of github.com:artem-smotrakov/ql into unsafe-jackson-deserialization	2021-07-28 18:25:53 +02:00
Fosstars	50497eb747	Make imports as private as possible	2021-07-28 18:25:05 +02:00
Joe Farebrother	d900fcaf42	Merge pull request #6374 from joefarebrother/test-gen-improvements Java: Add support for synthetic fields to the test generator	2021-07-28 16:02:47 +01:00
Artem Smotrakov	7fec575df8	Simplify JsonTypeInfo stub Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2021-07-28 14:23:50 +02:00
Joe Farebrother	9ddae3e9f6	Fix spelling Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>	2021-07-28 10:12:17 +01:00
Tony Torralba	3248f458a5	Update java/change-notes/2021-06-14-groovy-code-injection-query.md Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>	2021-07-28 10:45:03 +02:00
haby0	eda3d864f5	Model written using smowton	2021-07-28 15:55:47 +08:00
Joe Farebrother	2d862ef119	Support synthetic fields	2021-07-27 17:28:53 +01:00
Chris Smowton	23de0859ea	Add missing models and other minor improvements per Marcono1234's review	2021-07-27 16:03:39 +01:00
Joe Farebrother	a8cca4ba0e	Merge pull request #6373 from joefarebrother/test-gen-improvements Java: Test generator improvements	2021-07-27 15:44:56 +01:00
Joe Farebrother	309f0e7c26	Fix handling of arrays	2021-07-27 15:05:57 +01:00
Joe Farebrother	9ffcfbcd33	Add --force option	2021-07-27 15:05:57 +01:00
Joe Farebrother	8ab0fd54b4	Improvements to the test generator: - Only reference public methods - Report rows for which test cases could not be generated - Add a blanket `throws Exception` clause to the generated method	2021-07-27 15:05:55 +01:00
Joe Farebrother	2036aa1e4a	Format test generator	2021-07-27 15:04:19 +01:00
mc	10a3dcb188	Update GroovyInjection.qhelp	2021-07-27 14:26:49 +01:00
Chris Smowton	97d603cafb	Add test-case generator check for non-parseable rows	2021-07-27 14:26:22 +01:00
Anders Schack-Mulligen	a5f0a4ea71	Merge pull request #6087 from smowton/smowton/admin/rest-xss-tests Java: Add Spring XSS tests	2021-07-27 14:09:34 +02:00
Anders Schack-Mulligen	aa8fa26a2a	Merge pull request #6355 from intrigus-lgtm/patch-6 Update broken link	2021-07-27 09:05:02 +02:00
haby0	00f13e1e6e	Modify isAdditionalTaintStep	2021-07-27 10:59:38 +08:00
intrigus-lgtm	434b36c648	Update broken link	2021-07-26 15:48:47 +02:00
Anders Schack-Mulligen	6c666b49f5	Merge pull request #6366 from smowton/smowton/fiix/junit-nested-classes Prevent class-could-be-static alerts regarding JUnit Nested tests	2021-07-26 12:45:23 +02:00
Joe Farebrother	358a7c1707	Fix issue when building with no pom file	2021-07-26 10:38:16 +01:00
Anders Schack-Mulligen	5d3e8d2add	Merge pull request #6365 from Marcono1234/marcono1234/InstanceOfExpr-getCheckedType Java: Add `InstanceOfExpr.getCheckedType()`	2021-07-26 11:20:48 +02:00
Anders Schack-Mulligen	ee13520836	Merge pull request #6364 from Marcono1234/marcono1234/TypeLiteral-getReferencedType Java: Add `TypeLiteral.getReferencedType()`	2021-07-26 11:15:06 +02:00
Chris Smowton	aca905fa36	Prevent class-could-be-static alerts regarding JUnit Nested tests	2021-07-26 09:35:26 +01:00
github-actions[bot]	d51eafbfd5	Add changed framework coverage reports	2021-07-26 00:08:31 +00:00
Marcono1234	606173012a	Java: Add `InstanceOfExpr.getCheckedType()` Additionally change `EqualsUsesInstanceOf.ql` to check for all RefTypes instead of only Class.	2021-07-26 00:50:11 +02:00
Marcono1234	3569ed56e5	Java: Add `TypeLiteral.getReferencedType()`	2021-07-26 00:02:08 +02:00
haby0	291ca3830a	Modify according to suggestions	2021-07-23 09:28:55 +08:00
intrigus-lgtm	a30005c42e	Replace broken link with archive.org link.	2021-07-22 22:14:44 +02:00
Joe Farebrother	6be9c705f0	Update usage text	2021-07-22 16:30:26 +01:00
Chris Smowton	5c917b4a23	Merge pull request #6353 from sauyon/sauyon/java/model-constructors Java: Add models for collection constructors	2021-07-22 16:27:59 +01:00
Sauyon Lee	150f3fd352	improve windows compatibility	2021-07-22 08:00:14 -07:00
Sauyon Lee	5d716b95b1	Allow use of `pom.xml` to generate stubs	2021-07-22 07:52:35 -07:00
haby0	2a50cf8244	Fix	2021-07-22 22:24:09 +08:00
Sauyon Lee	fd02dcdf2e	Java: Add models for collection constructors	2021-07-22 07:23:26 -07:00
haby0	d8f5f6987b	Fix	2021-07-22 21:53:41 +08:00
haby0	e160352b38	Fix	2021-07-22 21:48:46 +08:00
haby0	735ab28040	Update java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.qhelp Co-authored-by: Chris Smowton <smowton@github.com>	2021-07-22 21:45:30 +08:00
haby0	7cf2e9ed79	Update java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.qhelp Co-authored-by: Chris Smowton <smowton@github.com>	2021-07-22 21:45:29 +08:00
haby0	46a212b712	Update java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.ql Co-authored-by: Chris Smowton <smowton@github.com>	2021-07-22 21:45:29 +08:00
haby0	676f0ad817	Update java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.ql Co-authored-by: Chris Smowton <smowton@github.com>	2021-07-22 21:45:29 +08:00
haby0	4ebf0ed7c5	Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')	2021-07-22 21:45:29 +08:00
Chris Smowton	40173f7abb	Remove stubbing script outputs	2021-07-22 14:33:34 +01:00

... 19 20 21 22 23 ...

4059 Commits