hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,991 Commits 1,672 Branches 157 Tags
codeql-cli-2.7.4
Commit Graph

4119 Commits

Author SHA1 Message Date
Tamas Vajk
55dd6ed3d1 Allow space separated package patterns in framework-aggregated reports 2021-06-10 10:54:12 +02:00
Tamas Vajk
74c00383d2 Update java framework coverage reports 2021-06-10 10:26:34 +02:00
Tamas Vajk
3605b9f720 Update java framework data 2021-06-10 10:11:24 +02:00
Owen Mansel-Chan
2cb76fe407 Test JAX-WS endpoints 2021-06-08 15:12:04 +01:00
Owen Mansel-Chan
d9cf1aaf39 Add stubs for JAX-WS 2021-06-08 15:12:04 +01:00
Chris Smowton
55d584b044 Add doc comment for JaxWS file 2021-06-08 15:12:03 +01:00
Chris Smowton
f71897d166 Rename JAX-WS -> JAX-RS where necessary. Improve change note and fix missing QLDoc. 2021-06-08 15:12:03 +01:00
Chris Smowton
ca684bea0e Jax-WS: support jakarta.ws.rs package everywhere 
Releases since Java EE 9 use this.
 2021-06-08 15:12:02 +01:00
Chris Smowton
adb5764aac Add URL redirect sinks relating to JAX-WS 2021-06-08 15:12:02 +01:00
Chris Smowton
260a228367 Add change note 2021-06-08 15:12:02 +01:00
Chris Smowton
314980c64c Model taint-propagating methods in the core JAX-WS library. 2021-06-08 15:11:57 +01:00
Chris Smowton
9335e095a9 MIME type -> content type 
This matches the terminology used elsewhere
 2021-06-08 15:05:28 +01:00
Chris Smowton
5f7165efbb Add JaxWS XSS sink 
Based on d44e4d0e63 by @lcartey
 2021-06-08 15:05:27 +01:00
lcartey@github.com
cc497bf213 Java: Improve JaxRS modelling 
- Handle inherited annotations
 - Fix `ResponseBuilder` charpred.
 - Model `@Produces` annotations.
 2021-06-08 15:05:14 +01:00
Tony Torralba
498c2250c7 Add missing QLDoc 2021-06-08 11:25:53 +02:00
Tony Torralba
afab13e7ee Add missing QLDoc 2021-06-08 11:09:59 +02:00
Tony Torralba
9024788a92 Add change note 2021-06-08 10:42:07 +02:00
Tony Torralba
48b0df4a3e Add tests, minor bugfixes 2021-06-08 10:35:18 +02:00
Tony Torralba
d77d0c9e10 Added summaries for Spring PropertyValues 2021-06-07 17:35:03 +02:00
Tony Torralba
52f1930e1d Add key-read-steps as local additional taint steps 2021-06-07 11:37:05 +02:00
Anders Schack-Mulligen
96da85449d Merge pull request #5823 from atorralba/promote-jexl-injection 
Java: Promote JEXL Injection query from experimental
 2021-06-07 10:03:12 +02:00
Chris Smowton
4ddf4558a7 Merged simplified query 2021-06-04 16:07:15 +02:00
Tom Hvitved
3c7c10a424 Merge pull request #5991 from hvitved/java/shared-external-source-sink 
Java: Move common CSV logic for sources and sinks into shared library
 2021-06-04 16:04:25 +02:00
Tom Hvitved
42202402a4 Address review comments 2021-06-04 14:32:37 +02:00
Anders Schack-Mulligen
f73960da8f Merge pull request #5788 from Marcono1234/marcono1234/stmt-toString 
Java: Override toString() for statements
 2021-06-04 12:41:03 +02:00
Anders Schack-Mulligen
60377a8f86 Merge pull request #5383 from smowton/smowton/feature/strbuilder-fluent-methods 
Java: Add models for StrBuilder's fluent methods
 2021-06-04 12:33:24 +02:00
Anders Schack-Mulligen
30cb80b341 Merge pull request #5181 from smowton/smowton/feature/commons-tostringbuilder 
Java: Add models for Commons ToStringBuilder
 2021-06-04 12:30:36 +02:00
Tony Torralba
58aa25ddc2 Fix QLDocs 2021-06-04 09:32:00 +02:00
Marcono1234
6003b6edd2 Java: Adjust change note for statement toString() changes 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-06-03 17:17:00 +02:00
Marcono1234
485b0be805 Java: Fix expected test output 2021-06-03 17:15:00 +02:00
Marcono1234
2889f94128 Java: Add change note for statement toString() changes 2021-06-03 16:27:37 +02:00
Marcono1234
e0a45507f8 Java: Adjust toString() for statements 2021-06-03 16:27:36 +02:00
Marcono1234
7e778bc008 Java: Override toString() for statements 
Additionally remove redundant QLDoc which is inherited anyways.
 2021-06-03 16:27:35 +02:00
Anders Schack-Mulligen
bd9e3d0fa9 Merge pull request #5751 from aschackmull/java/collection-flow 
Java: Convert all collection and array steps from taint flow to value flow.
 2021-06-03 15:29:14 +02:00
Tom Hvitved
d0b6808299 Java: Move common CSV logic for sources and sinks into shared library 2021-06-03 13:54:51 +02:00
Tony Torralba
56a429a5f9 Merge branch 'main' into promote-jexl-injection 2021-06-03 11:10:56 +02:00
Tony Torralba
607dcd4a27 Don't use CSV models for private flow configs 2021-06-03 11:05:13 +02:00
Tony Torralba
00836c4bac Fix QLDocs 2021-06-03 10:52:52 +02:00
Tony Torralba
2833f8daa4 Change predicate isUnsafeEngine -> isSafeEngine to improve performance 2021-06-03 10:42:41 +02:00
Tony Torralba
34a8383c1a Unused import 2021-06-03 10:22:53 +02:00
Tony Torralba
9cb0e3371c Bidirectional import in ExternalFlow.qll 2021-06-03 10:22:42 +02:00
Tony Torralba
56d6fc951c Fixed some QLDoc 2021-06-03 10:22:15 +02:00
Tony Torralba
ae0a00e30a Added change note 2021-06-03 10:21:59 +02:00
Anders Schack-Mulligen
e86c534c48 Revert "Java: Update coverage." 
This reverts commit 1c081eeaed.
 2021-06-03 09:02:49 +02:00
Anders Schack-Mulligen
acca26f1d6 Merge pull request #5992 from hvitved/java/is-unreachable-perf 
Java: Improve performance of `isUnreachableInCall()`
 2021-06-03 08:49:51 +02:00
Tom Hvitved
daf2cc3d53 Java: Improve performance of isUnreachableInCall() 2021-06-02 20:39:05 +02:00
Anders Schack-Mulligen
8e6dd51f50 Merge pull request #5868 from Marcono1234/marcono1234/ignore-not-closing-char-array-closeable 
Java: Ignore char array based closeables for CloseReader.ql and CloseWriter.ql
 2021-06-02 15:00:59 +02:00
Chris Smowton
7382b349c2 Merge pull request #5987 from aschackmull/java/query-metadata 
Java: Add missing metadata.
 2021-06-02 12:40:34 +01:00
Anders Schack-Mulligen
8a20395857 Merge pull request #5940 from pwntester/main 
Remove XSS sink for Java
 2021-06-02 12:30:20 +02:00
Anders Schack-Mulligen
c0e562de21 Merge pull request #5979 from hvitved/java/shared-external-summaries 
Java: Move some CSV flow summary code into shared library
 2021-06-02 12:28:45 +02:00