hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
31,240 Commits 1,671 Branches 157 Tags
codeql-cli-2.7.6
Commit Graph

4152 Commits

Author SHA1 Message Date
Chris Smowton
e9390cb3eb Remove superfluous conjunct 2021-07-14 12:42:28 +01:00
Chris Smowton
3ae99b93ca Merge pull request #6215 from aschackmull/java/fix-csv-subtype-interpretation 
Java: Fix CSV subtype interpretation
 2021-07-14 09:57:21 +01:00
Anders Schack-Mulligen
0ccb213ec5 Dataflow: Sync. 2021-07-14 10:36:09 +02:00
Anders Schack-Mulligen
dbe1ca928b Dataflow: Simplify call context checks. 2021-07-14 10:36:09 +02:00
Anders Schack-Mulligen
c95e78546c Dataflow: Refactor 2021-07-14 10:36:09 +02:00
Sauyon Lee
51211c0394 Add stubs 2021-07-13 10:29:02 -07:00
Sauyon Lee
c2c7fee8df Fix tests 2021-07-13 10:29:02 -07:00
Sauyon Lee
b01e6d49fb Add generated tests 2021-07-13 10:29:01 -07:00
Sauyon Lee
b807757863 Model Spring web.multipart 2021-07-13 10:29:01 -07:00
Chris Smowton
1044049e72 Simplify getInput 2021-07-13 16:36:26 +01:00
Chris Smowton
98b85a481c Improve inline-expectation style 2021-07-13 16:36:08 +01:00
Chris Smowton
a11021991a Improve method documentation 2021-07-13 16:35:44 +01:00
Chris Smowton
b5492056d8 Remove superfluous parens 2021-07-13 16:35:22 +01:00
Chris Smowton
97694bc9a1 Report error even if interpretElement resolves to a non-Callable Element 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-07-13 16:16:01 +01:00
Tom Hvitved
7e9d87055d Data flow: Sync 2021-07-13 16:15:00 +02:00
Anders Schack-Mulligen
9388983e41 Java: Add missing stub. 2021-07-13 15:26:37 +02:00
Anders Schack-Mulligen
0f6f020766 Java: Fix models. 2021-07-13 15:23:19 +02:00
Artem Smotrakov
1b3516ab94 Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-07-13 14:53:45 +02:00
Chris Smowton
78fe0f810a Add models for decode/encodePointer methods 2021-07-13 11:10:46 +01:00
Artem Smotrakov
09ae779b21 Removed fromSource() check in looksLikeResolveClassStep() 2021-07-12 19:56:51 +02:00
Chris Smowton
2bd58d6ba7 Improve header comment 2021-07-12 18:09:23 +01:00
Chris Smowton
cc4401b453 Add models of JsonPointer, JsonMergeDiff and JsonPatchBuilder 2021-07-12 18:08:45 +01:00
Chris Smowton
539859497b Add models of JsonMergePatch, JsonPatchBuilder and JsonPointer 2021-07-12 17:39:51 +01:00
Chris Smowton
6bf931392b Add missing model of JsonObjectBuilder.remove 2021-07-12 17:13:39 +01:00
Tom Hvitved
47d126e681 Data flow: Sync 2021-07-12 12:09:51 +02:00
github-actions[bot]
56419bc74b Add changed framework coverage reports 2021-07-12 00:06:55 +00:00
Artem Smotrakov
c98f1a479e Better taint propagation in UnsafeTypeConfig 2021-07-09 10:24:15 +02:00
Artem Smotrakov
476843a278 Added comments for Jackson in UnsafeDeserialization.qll 2021-07-09 10:24:15 +02:00
Artem Smotrakov
e9731cd212 Minor improvements for Jackson in UnsafeDeserialization.qll 2021-07-09 10:24:15 +02:00
Artem Smotrakov
704cc77bb5 Added a change note for Jackson 2021-07-09 10:24:14 +02:00
Artem Smotrakov
24e4b68b9c Removed getAnAccess() calls for Jackson 2021-07-09 10:24:14 +02:00
Artem Smotrakov
aefd21075b Added tests for UnsafeDeserialization.ql and Jackson 2021-07-09 10:24:10 +02:00
Artem Smotrakov
ea0991c980 Added Jackson to UnsafeDeserialization.qhelp 2021-07-09 10:17:29 +02:00
Artem Smotrakov
97fca620fa Cover attacker-controlled types for deserialization with Jackson 2021-07-09 10:16:04 +02:00
Artem Smotrakov
3eb2af1bc2 First draft of sinks for unsafe deserialization with Jackson 2021-07-09 10:16:01 +02:00
Joe Farebrother
4d459f24d9 Fix up tests and update models 2021-07-02 14:46:33 +01:00
Joe Farebrother
fc017b7934 Use ArrayElement of in flow step specifications 2021-07-02 14:46:31 +01:00
Joe Farebrother
15415931ce Use Argument ranges in CSV rows 2021-07-02 14:46:03 +01:00
Joe Farebrother
5325622813 Convert sql-related flow steps to CSV 2021-07-02 14:46:03 +01:00
Anders Schack-Mulligen
3c6604daa7 Java: Fix subtypes interpretation. 2021-07-02 14:43:56 +02:00
Anders Schack-Mulligen
6813a79423 Java: Add test for override of Map.put highlighting problem. 2021-07-02 14:41:59 +02:00
Anders Schack-Mulligen
55ebbc3e01 Java: Add signature to Map.put. 2021-07-02 14:41:32 +02:00
Chris Smowton
6823855e9c Merge pull request #6203 from smowton/smowton/admin/avoid-config-imports-from-qlls 
Java: Reduce DataFlow Configuration pollution from Random.qll and JexlInjection.qll
 2021-07-02 11:27:27 +01:00
Tamás Vajk
4a5fe75d8c Merge pull request #6207 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2021-07-02 12:00:31 +02:00
Chris Smowton
a51154a8ef Deduplicate Jexl configuration 2021-07-02 10:02:28 +01:00
Chris Smowton
d022c57903 Add change note 2021-07-02 10:02:28 +01:00
Chris Smowton
bbd3ecb768 Add docs to RandomQuery.qll 2021-07-02 10:02:28 +01:00
Chris Smowton
e661fc08d3 Split Android XSS sink defintions out of XSS.qll 
This removes one of the routes by which XSS.qll is always in scope, and so its dataflow configuration is too -- however it is still always in scope because JaxWS.qll imports it.
 2021-07-02 10:02:25 +01:00
Chris Smowton
747a8e4157 Split up JexlInjection.qll 
This avoids a DataFlow2::Configuration being in scope for all queries via the import from ExternalFlow.qll
 2021-07-02 10:01:51 +01:00
Chris Smowton
643f7dfb87 Split up Random.qll 
This prevents bringing a dataflow config into scope from utility libraries.
 2021-07-02 10:00:49 +01:00