codeql

mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00

Author	SHA1	Message	Date
Andrew Eisenberg	8e750f18ad	Packaging: Java refactoring Split java pack into `codeql/java-all` and `codeql/java-queries`.	2021-08-19 14:09:35 -07:00
Owen Mansel-Chan	714e126088	Merge pull request #6370 from owen-mc/java/model/apache-collections Java: Model more of Apache Commons Collections	2021-08-19 15:09:06 +01:00
Joe Farebrother	9dc28eb9b5	Merge pull request #6387 from joefarebrother/guava-cache Java: Model guava cache package	2021-08-19 10:53:48 +01:00
Chris Smowton	48818ebd6d	Merge pull request #6434 from smowton/smowton/admin/jodd-unsafe-deserialization Java: Unsafe deserialization: add support for Jodd JSON library	2021-08-18 17:26:02 +01:00
Sauyon Lee	17cef3f498	Address review comments	2021-08-17 12:45:47 -07:00
Joe Farebrother	076aeb5d80	Update tests	2021-08-17 16:44:58 +01:00
Benjamin Muskalla	1d3bcdf522	Align tests with new query structure	2021-08-16 21:55:00 +02:00
Owen Mansel-Chan	b23fabe8cb	Fix errors from previous PR	2021-08-16 16:11:17 +01:00
Fosstars	4e69081c22	Support multi-dimensional arrays	2021-08-13 20:52:27 +02:00
Sauyon Lee	814004e63d	Add tests for html escape functions	2021-08-12 11:20:49 -07:00
Sauyon Lee	9c1d5a70e3	Java: Add test for XSS sanitizer	2021-08-12 11:20:49 -07:00
Sauyon Lee	d86dffbb5d	Add tests for Spring web.util	2021-08-12 11:20:48 -07:00
Sauyon Lee	fd0ea15719	Add stubs for Spring web.util tests	2021-08-12 11:20:48 -07:00
Owen Mansel-Chan	1c2476c6a1	Add explanatory comments	2021-08-12 14:51:49 +01:00
Owen Mansel-Chan	fe477ff989	Fix more models based on review comments	2021-08-12 14:51:37 +01:00
Benjamin Muskalla	26ffe6c03d	Add tests for telemetry queries	2021-08-11 15:32:09 +02:00
Joe Farebrother	207c753f6f	Update model for getAll	2021-08-10 15:05:02 +01:00
Owen Mansel-Chan	2000985509	Remove duplicate test	2021-08-10 11:58:28 +01:00
Owen Mansel-Chan	a55a32f50a	Add more missing models And corresponding tests	2021-08-10 11:35:20 +01:00
Owen Mansel-Chan	54fdfe3906	Make helper functions more consistent	2021-08-09 17:18:03 +01:00
Owen Mansel-Chan	2d31bb8d64	Remove toString taint propagation We do not do this for other overrides of toString	2021-08-09 17:18:02 +01:00
Chris Smowton	5ba9347281	Merge pull request #6006 from artem-smotrakov/timing-attacks Java: Timing attacks while comparing results of cryptographic operations	2021-08-09 15:30:47 +01:00
Chris Smowton	171dc26531	Fix test reference and expectations	2021-08-09 13:56:55 +01:00
Owen Mansel-Chan	1997dfbb4a	Remove unnecessary casts	2021-08-08 14:03:57 +01:00
Owen Mansel-Chan	f94e467076	Fixes to models and tests Running the test generator script again showed many missing tests.	2021-08-08 14:03:48 +01:00
Owen Mansel-Chan	377403d525	Remove redundant models and corresponding test Iterator.next is already modelled	2021-08-08 13:57:51 +01:00
Owen Mansel-Chan	5d3f10824e	Fix erroneous treatment of varargs in models	2021-08-08 13:57:50 +01:00
Owen Mansel-Chan	2ba41df2ba	Remove commented line	2021-08-06 07:06:36 +01:00
Owen Mansel-Chan	d1a440a45a	Improve helper functions for Put	2021-08-06 07:06:35 +01:00
Owen Mansel-Chan	51a7018afc	Add stubs	2021-08-06 07:06:16 +01:00
Chris Smowton	0b6c991ac4	Unsafe deserialization: add support for Jodd JSON library	2021-08-05 16:01:14 +01:00
Tony Torralba	0356ed7f9e	Merge pull request #5911 from atorralba/atorralba/promote-missing-jwt-signature-check Java: Promote Missing JWT signature check query from experimental	2021-08-05 09:43:03 +02:00
Anders Schack-Mulligen	1932f604dc	Merge pull request #6419 from smowton/smowton/admin/unsafe-deserialization-jabsorb Add unsafe-deserialization support for Jabsorb	2021-08-05 09:04:23 +02:00
Chris Smowton	1f08c3fe55	Move test files to appropriate package directories	2021-08-04 16:50:03 +01:00
Chris Smowton	69549e9ce3	Add unsafe-deserialization support for Jabsorb This is partly extracted from https://github.com/github/codeql/pull/5954	2021-08-04 15:35:50 +01:00
Anders Schack-Mulligen	6a09a5667d	Merge pull request #5931 from atorralba/atorralba/promote-jndi-injection Java: Promote JNDI Injection query from experimental	2021-08-04 15:48:44 +02:00
Owen Mansel-Chan	2e04319d9f	Manually improve tests	2021-08-04 14:27:01 +01:00
Owen Mansel-Chan	a538699a0a	Add automatically generated tests	2021-08-04 14:27:00 +01:00
Tony Torralba	989afb446e	Apply suggestions from code review Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2021-08-04 14:07:10 +02:00
Tony Torralba	452fd9a8e3	Refactor to path query	2021-08-04 13:05:18 +02:00
Tony Torralba	f4bc4df8c1	Renamed JWTQuery so that it's named after the actual query name	2021-08-04 12:08:08 +02:00
Chris Smowton	eaf3d3cc03	Merge pull request #6162 from smowton/smowton/feature/jax-rs-content-type-sensitivity-fixes Jax-RS: implement content-type tracking	2021-08-03 14:53:31 +01:00
Anders Schack-Mulligen	7fb1e1578e	Merge pull request #5894 from atorralba/atorralba/promote-ognl-injection Java: Promote OGNL Injection query from experimental	2021-08-03 15:31:40 +02:00
Anders Schack-Mulligen	be6fd7c22e	Merge pull request #6382 from bmuskalla/stringValueOfTaint Track taint for String.valueOf(..)	2021-08-03 15:30:30 +02:00
Benjamin Muskalla	8ce841493c	Avoid taint for valueOf(Object)	2021-08-03 14:46:55 +02:00
Anders Schack-Mulligen	c0d76da1a6	Merge pull request #5846 from atorralba/atorralba/promote-unsafe-android-webview-fetch Java: Promote Unsafe resource loading in Android WebView from experimental	2021-08-03 14:24:34 +02:00
Tony Torralba	f5cbec4938	Fix tests affected by Jackson stubs changes	2021-08-03 14:22:55 +02:00
Anders Schack-Mulligen	fb9feabe64	Merge pull request #6062 from atorralba/atorralba/promote-groovy-injection Java: Promote Groovy Code Injection from experimental	2021-08-03 14:19:15 +02:00
Tony Torralba	a33e0bce9d	Fix tests affected by Jackson stubs changes	2021-08-03 13:15:45 +02:00
Chris Smowton	f83f950be6	Merge pull request #6325 from smowton/smowton/feature/org-json-models Java: add models of JSON-java, aka `org.json`	2021-08-03 10:33:49 +01:00

... 6 7 8 9 10 ...

1439 Commits