Tony Torralba
|
d476459727
|
Use InlineExpectationsTest
|
2021-06-02 12:15:26 +02:00 |
|
Tony Torralba
|
b30c92e69e
|
Refactored into MvelInjection.qll using CSV models
|
2021-06-02 11:33:01 +02:00 |
|
Alvaro Muñoz
|
a3a215afea
|
HTTP -> Http
|
2021-06-02 11:12:39 +02:00 |
|
Anders Schack-Mulligen
|
5e96e28792
|
Java: Add missing metadata.
|
2021-06-02 10:24:46 +02:00 |
|
Tony Torralba
|
59e6e1ffac
|
Moved from experimental
|
2021-06-02 09:58:30 +02:00 |
|
Alvaro Muñoz
|
9aba92397d
|
lift XssSink check to InformationLeakSink
|
2021-06-01 17:16:41 +02:00 |
|
Anders Schack-Mulligen
|
650c4f19d2
|
Java: More qldoc.
|
2021-06-01 16:09:17 +02:00 |
|
Alvaro Muñoz
|
970b4e7d6a
|
update java library coverage documentation
|
2021-06-01 14:54:31 +02:00 |
|
Anders Schack-Mulligen
|
922b421a45
|
Java: Add change note.
|
2021-06-01 14:33:52 +02:00 |
|
Anders Schack-Mulligen
|
1c081eeaed
|
Java: Update coverage.
|
2021-06-01 14:00:05 +02:00 |
|
Alvaro Muñoz
|
0fb692400c
|
fix failing test
|
2021-06-01 13:57:13 +02:00 |
|
Tom Hvitved
|
14f9a5c280
|
Java: Move some CSV flow summary code into shared library
|
2021-06-01 13:22:14 +02:00 |
|
Anders Schack-Mulligen
|
fc913e744e
|
Java: Minor model fix.
|
2021-06-01 11:47:52 +02:00 |
|
Anders Schack-Mulligen
|
dbe352f3ff
|
Java: Remove deprecated tests.
|
2021-06-01 11:47:52 +02:00 |
|
Anders Schack-Mulligen
|
901996f9fd
|
Java: Add collection flow test.
|
2021-06-01 11:47:52 +02:00 |
|
Anders Schack-Mulligen
|
43d1b0ab27
|
Java: Update qltests.
|
2021-06-01 11:47:52 +02:00 |
|
Anders Schack-Mulligen
|
a40880af70
|
Java: Add read-as-taint and config-dependent store-as-taint.
|
2021-06-01 11:47:52 +02:00 |
|
Anders Schack-Mulligen
|
2f087e17cb
|
Java: Allow <> in types for now.
|
2021-06-01 11:47:52 +02:00 |
|
Anders Schack-Mulligen
|
3f538e7fac
|
Java: Update some models.
|
2021-06-01 11:47:52 +02:00 |
|
Anders Schack-Mulligen
|
9e313d0cf6
|
Java: Remove container taint steps.
|
2021-06-01 11:47:52 +02:00 |
|
Anders Schack-Mulligen
|
3b6cef4f74
|
Java: Add container flow models.
|
2021-06-01 11:47:52 +02:00 |
|
Anders Schack-Mulligen
|
ffd52bb673
|
Java: Fix bug in matching generic signatures.
|
2021-06-01 11:47:52 +02:00 |
|
Anders Schack-Mulligen
|
1001dd84e6
|
Java: Switch array steps and one containerstep.
|
2021-06-01 11:47:52 +02:00 |
|
Anders Schack-Mulligen
|
ce509eb7e1
|
Merge pull request #5927 from aschackmull/dataflow/flowthrough-dispatch-perf
Dataflow: Improve performance in flow-through pruning
|
2021-06-01 11:46:22 +02:00 |
|
Anders Schack-Mulligen
|
a4661e1aca
|
Merge pull request #5704 from edvraa/regexj
Java: Regex injection
|
2021-06-01 11:45:59 +02:00 |
|
Artem Smotrakov
|
8dc1451d42
|
Better recommendation in UnsafeDeserializationRmi.qhelp
Co-authored-by: Chris Smowton <smowton@github.com>
|
2021-06-01 12:16:09 +03:00 |
|
Anders Schack-Mulligen
|
5d21c64247
|
Dataflow: qldoc fix.
|
2021-06-01 10:49:47 +02:00 |
|
Anders Schack-Mulligen
|
4f9a6c151b
|
Dataflow: Code review fixes.
|
2021-06-01 10:29:17 +02:00 |
|
Anders Schack-Mulligen
|
683f853fa5
|
Dataflow: Fix another bad join order.
|
2021-05-31 15:14:13 +02:00 |
|
haby0
|
d6782767b7
|
Fix typos
|
2021-05-31 11:12:22 +08:00 |
|
Alvaro Muñoz
|
41d034d5a0
|
Attempt to use information-leak sink category
|
2021-05-30 00:22:40 +02:00 |
|
Artem Smotrakov
|
b28d639166
|
Fixed errors in UnsafeDeserializationRmi.qhelp
|
2021-05-29 09:32:08 +02:00 |
|
Artem Smotrakov
|
62c6bee5f8
|
Simplified UnsafeDeserializationRmi.ql
|
2021-05-29 09:21:20 +02:00 |
|
Alvaro Muñoz
|
f60df3b26a
|
Update java/change-notes/2021-05-28-remove-senderror-xss-sink.md
Co-authored-by: Chris Smowton <smowton@github.com>
|
2021-05-28 15:13:19 +02:00 |
|
Alvaro Muñoz
|
5a894ac7f7
|
update java library coverage documentation
|
2021-05-28 15:13:19 +02:00 |
|
Alvaro Muñoz
|
db2f05ac24
|
Updated Java change notes
|
2021-05-28 15:13:18 +02:00 |
|
Alvaro Muñoz
|
735e4e4b7b
|
update failing tests
|
2021-05-28 15:13:18 +02:00 |
|
Alvaro Muñoz
|
706874491b
|
Remove XSS sink for Java
|
2021-05-28 15:13:18 +02:00 |
|
Erik Krogh Kristensen
|
79989cc3f4
|
CPP/Java: Fix getAPrimaryQlClass implementations
|
2021-05-27 21:36:27 +02:00 |
|
Timo Mueller
|
75f6ec1f0d
|
Updated test cases to include test for java10+ CREDENTIALS_FILTER_PATTERN constant
|
2021-05-25 17:08:58 +02:00 |
|
Timo Mueller
|
72901e3724
|
Merge branch 'insecureJmxRmiServerEnvironment' of github.com:mogwailabs/codeql into insecureJmxRmiServerEnvironment
|
2021-05-25 16:41:17 +02:00 |
|
Timo Mueller
|
59ebe08c78
|
Added stup for RMIConnectorServer for valid test case
|
2021-05-25 16:40:41 +02:00 |
|
Tamás Vajk
|
1997f500c2
|
Merge pull request #5832 from tamasvajk/feature/csv-coverage-report
Java: github action for CSV coverage report
|
2021-05-25 14:51:19 +02:00 |
|
Anders Schack-Mulligen
|
d05f524759
|
Merge pull request #5941 from aschackmull/java/virt-disp-perf
Java: Improve performance of virtual dispatch calculation.
|
2021-05-25 14:44:51 +02:00 |
|
Tamas Vajk
|
70b3066bb8
|
Add regenerated CSV reports
|
2021-05-25 13:38:22 +02:00 |
|
Tamas Vajk
|
d4f1cbe8d8
|
Add updated coverage report
|
2021-05-25 13:33:26 +02:00 |
|
Tamas Vajk
|
3db22ba482
|
Add Java coverage report files
|
2021-05-25 13:33:26 +02:00 |
|
Tamas Vajk
|
f1911e338d
|
Move and generate files to documentation folder + clean up after the script is executed
|
2021-05-25 13:33:26 +02:00 |
|
Timo Müller
|
f44b97c1c3
|
Apply suggestions from code review
Improved variable naming in examples and some documentation clearup
Co-authored-by: Chris Smowton <smowton@github.com>
|
2021-05-25 13:03:07 +02:00 |
|
Timo Müller
|
e7021ffbee
|
Apply suggestions from code review
More clear or precise wording within the documentation
Co-authored-by: Chris Smowton <smowton@github.com>
|
2021-05-25 12:53:47 +02:00 |
|