hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
31,240 Commits 1,672 Branches 157 Tags
codeql-cli-2.7.6
Commit Graph

4152 Commits

Author SHA1 Message Date
haby0
9badd7aa27 change name 2021-06-16 11:29:37 +08:00
Calum Grant
771e686946 Update security-severity scores 2021-06-15 13:25:17 +01:00
Anders Schack-Mulligen
19305a217a Merge pull request #5374 from joefarebrother/guava-base 
Java: Model additional flow steps for the package `com.google.common.base` of the Guava framwork.
 2021-06-15 10:58:48 +02:00
Joe Farebrother
36cb207600 Increase precision of tests to test value flow 2021-06-14 11:20:07 +01:00
Owen Mansel-Chan
5e89fce734 Avoid strange bug by commenting out two tests 2021-06-14 10:57:28 +01:00
Owen Mansel-Chan
8cf47f12b4 Model constructors of classes implementing MultivaluedMap 2021-06-14 10:56:35 +01:00
Calum Grant
85467adc5e Merge pull request #5839 from github/security-severities5 
Add security-severity scores
 2021-06-11 15:56:20 +01:00
Joe Farebrother
678597f3f9 Update CSV rows for collection flow 2021-06-11 15:08:27 +01:00
Chris Smowton
76838809bb Merge pull request #5818 from artem-smotrakov/rmi-deserialization 
Java: Unsafe RMI deserialization
 2021-06-11 13:43:07 +01:00
Joe Farebrother
dc19d1db35 Add change note 2021-06-11 11:41:30 +01:00
Joe Farebrother
04ffe80366 Add unit tests 2021-06-11 11:41:27 +01:00
Joe Farebrother
153e0c4ac3 Add modelling for more com.google.common.base methods 2021-06-11 11:40:37 +01:00
Tony Torralba
c828c7031f Add change note 2021-06-11 12:04:11 +02:00
Calum Grant
a594afb828 Add security-severity metadata 2021-06-10 20:11:08 +01:00
Owen Mansel-Chan
e0130a932e Update experimental query using NewCookie 2021-06-10 13:33:20 +01:00
Owen Mansel-Chan
c173b89529 Model NewCookie 2021-06-10 13:32:39 +01:00
Owen Mansel-Chan
ee6019a2d8 Fix tests for experimental httponly query 2021-06-10 13:31:28 +01:00
Owen Mansel-Chan
d5d27d5ccf Duplicate tests for Jakarta 2021-06-10 10:43:40 +01:00
Owen Mansel-Chan
0ad35421f2 Comment out stubs (Jakarta) 2021-06-10 10:43:40 +01:00
Owen Mansel-Chan
318d1ea484 Stubs in javax-ws-rs-api-3.0.0 
Generated using java-autostub
 2021-06-10 10:43:39 +01:00
Owen Mansel-Chan
e6a6a8898b Move Jax XSS sinks to JaxWS.qll and add tests 2021-06-10 10:43:39 +01:00
Owen Mansel-Chan
d1fe62d4d5 (Minor) Update comments to match ExternalFlow docs 2021-06-10 10:43:38 +01:00
Owen Mansel-Chan
1ae9d68409 Move and convert URL redirect sinks 
Adds for them as well
 2021-06-10 10:43:37 +01:00
Owen Mansel-Chan
f2ff2aa3e1 Add flow tests for JAX-RS 2021-06-10 10:43:37 +01:00
Owen Mansel-Chan
155d63d5f7 Add tests for JAX-RS 2021-06-10 10:43:36 +01:00
Owen Mansel-Chan
f63fd68bfb Fix models to work with collection flow 
And also removal of `Argument` with indices
 2021-06-10 10:43:36 +01:00
Owen Mansel-Chan
e929de98ec Delete duplicated taint summary rows 2021-06-10 10:43:35 +01:00
Owen Mansel-Chan
2b8bb5c231 Fix JAX-RS models 2021-06-10 10:43:35 +01:00
Owen Mansel-Chan
baa21c5bcf Manually comment out parts of stubs 
This is to avoid having to make more stubs, which we don't really need
 2021-06-10 10:43:34 +01:00
Owen Mansel-Chan
caf96b01e1 Stubs in javax-ws-rs-api-2.1.1 
Generated using java-autostub
 2021-06-10 10:43:34 +01:00
Owen Mansel-Chan
7b3acd8b45 (Minor) Add missing this. 2021-06-10 10:43:33 +01:00
Owen Mansel-Chan
07f7fd0342 Add missing QLDocs in JaxWS.qll 
And correct one QLDoc
 2021-06-10 10:43:15 +01:00
Tamas Vajk
b067309909 Change artifact names 2021-06-10 11:26:07 +02:00
Tamas Vajk
55dd6ed3d1 Allow space separated package patterns in framework-aggregated reports 2021-06-10 10:54:12 +02:00
Tamas Vajk
74c00383d2 Update java framework coverage reports 2021-06-10 10:26:34 +02:00
Tamas Vajk
3605b9f720 Update java framework data 2021-06-10 10:11:24 +02:00
Owen Mansel-Chan
2cb76fe407 Test JAX-WS endpoints 2021-06-08 15:12:04 +01:00
Owen Mansel-Chan
d9cf1aaf39 Add stubs for JAX-WS 2021-06-08 15:12:04 +01:00
Chris Smowton
55d584b044 Add doc comment for JaxWS file 2021-06-08 15:12:03 +01:00
Chris Smowton
f71897d166 Rename JAX-WS -> JAX-RS where necessary. Improve change note and fix missing QLDoc. 2021-06-08 15:12:03 +01:00
Chris Smowton
ca684bea0e Jax-WS: support jakarta.ws.rs package everywhere 
Releases since Java EE 9 use this.
 2021-06-08 15:12:02 +01:00
Chris Smowton
adb5764aac Add URL redirect sinks relating to JAX-WS 2021-06-08 15:12:02 +01:00
Chris Smowton
260a228367 Add change note 2021-06-08 15:12:02 +01:00
Chris Smowton
314980c64c Model taint-propagating methods in the core JAX-WS library. 2021-06-08 15:11:57 +01:00
Chris Smowton
9335e095a9 MIME type -> content type 
This matches the terminology used elsewhere
 2021-06-08 15:05:28 +01:00
Chris Smowton
5f7165efbb Add JaxWS XSS sink 
Based on d44e4d0e63 by @lcartey
 2021-06-08 15:05:27 +01:00
lcartey@github.com
cc497bf213 Java: Improve JaxRS modelling 
- Handle inherited annotations
 - Fix `ResponseBuilder` charpred.
 - Model `@Produces` annotations.
 2021-06-08 15:05:14 +01:00
Tony Torralba
498c2250c7 Add missing QLDoc 2021-06-08 11:25:53 +02:00
Tony Torralba
afab13e7ee Add missing QLDoc 2021-06-08 11:09:59 +02:00
Tony Torralba
9024788a92 Add change note 2021-06-08 10:42:07 +02:00