Pavel Avgustinov
c26b655956
Merge pull request #1022 from yh-semmle/java/dead-code-override
...
Java: respect override annotations in `java/unused-parameter`
2019-03-01 19:11:46 +00:00
yh-semmle
a4beb03e15
Java: respect override annotations in java/unused-parameter
2019-02-20 15:27:35 -05:00
yh-semmle
64b2d331ae
Java: add test for Guice framework support
2019-02-15 20:01:08 -05:00
yh-semmle
b0d9c80ccc
Java: add taint steps for Protobuf framework
2019-02-15 20:01:07 -05:00
yh-semmle
fc4aa16905
Java: add remote user input for Apache Thrift framework
2019-02-15 20:01:07 -05:00
yh-semmle
751bbbf583
Java: add remote user input for Struts 2 ActionSupport
2019-02-15 20:01:06 -05:00
yh-semmle
a436369846
Java: add remote user input and taint step for Guice framework
2019-02-15 20:01:06 -05:00
Anders Schack-Mulligen
25469637db
Java: Autoformat qls.
2019-02-12 14:38:08 +01:00
Anders Schack-Mulligen
63a4dd09ad
Java: Autoformat qlls.
2019-02-12 14:38:08 +01:00
Anders Schack-Mulligen
52ad816074
Merge pull request #904 from rneatherway/zipslip-fix
...
Java: Add a flow step for `Path::toFile` in ZipSlip
2019-02-11 13:08:38 +01:00
Robin Neatherway
409733838b
Java: Add a flow step for Path::toFile in ZipSlip
2019-02-11 10:33:44 +00:00
Henning Makholm
b8a03464bf
Fix false positives in java/unused parameter
...
Methods that are mentioned in a member reference expression should count
as rootdefs for the unused parameter query. Such methods have to match
the functional interface of the reference expression, so it is to be
expected that they will sometimes have to declare parameters that they
don't actually use.
2019-02-07 21:14:36 +01:00
yh-semmle
3e8f7a740c
Merge pull request #838 from aschackmull/java/taint-collections
...
Java: Add additional taint steps through collections.
2019-02-05 09:59:24 -05:00
Anders Schack-Mulligen
fe7add77d2
Java: Account for the repo move in NonSecurityTestClass.
2019-02-05 14:31:40 +01:00
Joshua Hale
707f75f7ba
doc: remove - from command arguments
2019-01-30 11:36:48 +00:00
james
7cc1442ecb
Update link text
2019-01-30 09:44:07 +00:00
james
81137aa7b4
update links to locations in .ql files
2019-01-30 08:02:02 +00:00
james
9d1a050f35
update links to locations in .qll files
2019-01-30 08:01:49 +00:00
Anders Schack-Mulligen
a29f615da0
Java: Add additional taint steps through collections.
2019-01-28 14:34:09 +01:00
semmle-qlci
65b64c7c05
Merge pull request #645 from sb-semmle/configuration-file-library
...
Approved by yh-semmle
2019-01-26 02:06:16 +00:00
Sebastian Bauersfeld
f56fb6d774
Address review comments.
2019-01-24 16:09:06 -05:00
Sebastian Bauersfeld
170acd539c
Add tests for ConfigFiles library.
2019-01-23 19:35:20 -05:00
Sebastian Bauersfeld
1727a0cd1f
Address review comments.
2019-01-23 18:01:35 -05:00
yh-semmle
23e94c23e3
Merge pull request #786 from aschackmull/java/double-checked-locking
...
Java: Fix FP in DoubleCheckedLocking.ql
2019-01-22 17:39:54 -05:00
Anders Schack-Mulligen
15e18013c8
Java: Fix qhelp.
2019-01-18 11:47:43 +01:00
Anders Schack-Mulligen
d8fe21be7e
Java: Update qhelp as per review.
2019-01-18 11:42:34 +01:00
Anders Schack-Mulligen
17b4276699
Java: Fix bug in qltest and query for immutable types.
2019-01-18 11:37:38 +01:00
Henning Makholm
fda08181c1
fix ODASA-6859
2019-01-18 00:08:36 +01:00
Henning Makholm
26b6581bdb
test example for ODASA-6859
2019-01-17 23:30:39 +01:00
Anders Schack-Mulligen
944c082a8d
Java: Fix FP in DoubleCheckedLocking.ql
2019-01-17 16:38:25 +01:00
yh-semmle
b8f53b5c6a
Merge pull request #733 from aschackmull/java/remove-old-dataflow
...
Java: Remove old dataflow library.
2019-01-08 14:59:27 -05:00
yh-semmle
d4f2a07a77
Merge pull request #732 from aschackmull/java/conditional-bypass-precision
...
Java: Reduce precision of java/user-controlled-bypass.
2019-01-08 14:58:58 -05:00
yh-semmle
b0364e3592
Merge pull request #729 from aschackmull/java/intmulttolong
...
Java: Restrict attention to integral types in IntMultToLong.
2019-01-08 14:40:22 -05:00
yh-semmle
a09394da1b
Merge pull request #730 from aschackmull/java/gcd
...
Java: Switch to built-in gcd.
2019-01-08 14:38:05 -05:00
Anders Schack-Mulligen
51f5198404
Java: Remove old dataflow library.
2019-01-08 13:52:24 +01:00
Anders Schack-Mulligen
ab44e5603c
Java: Reduce precision of java/user-controlled-bypass.
2019-01-08 13:07:34 +01:00
Anders Schack-Mulligen
06e48ca19f
Java: Update test.
2019-01-08 11:57:54 +01:00
Anders Schack-Mulligen
9530eb6cdb
Java: Switch to built-in gcd.
2019-01-08 10:07:51 +01:00
Anders Schack-Mulligen
203c9fb9d8
Java: Restrict attention to integral types in IntMultToLong.
2019-01-07 14:27:52 +01:00
Anders Schack-Mulligen
e0d3be7dbc
Java: Add .qlpath to the test dir.
2019-01-07 13:25:20 +01:00
Max Schaefer
b4f400fb23
Merge remote-tracking branch 'upstream/next' into qlucie/master
2019-01-04 10:35:57 +00:00
yh-semmle
0e0ff565d5
Merge pull request #686 from aschackmull/java/rm-metrics-queries-xml
...
Java: Remove `Metrics/queries.xml`
2019-01-03 13:36:17 -05:00
Anders Schack-Mulligen
d3f6362ba2
Java: Add missing override annotations.
2018-12-17 15:40:46 +01:00
Sebastian Bauersfeld
c35fc82218
Remove a duplicated predicate.
2018-12-14 12:59:49 -05:00
Anders Schack-Mulligen
7656936cad
Java: Remove Metrics/queries.xml
2018-12-13 17:43:26 +00:00
Aditya Sharad
f92456fcad
Merge master into next.
...
Conflict in `cpp/ql/test/library-tests/sideEffects/functions/sideEffects.expected`,
resolved by accepting test output (combining changes).
2018-12-12 17:26:18 +00:00
Sebastian Bauersfeld
6c756c5e6a
Rename ConfigLine to ConfigPair. Make ConfigFiles.ql a library, as intended
2018-12-10 14:08:27 -05:00
Anders Schack-Mulligen
bfc7fb7c8a
Java: Change alert location for ConstantLoopCondition.
2018-12-10 12:37:11 +00:00
Sebastian Bauersfeld
3379e71e01
Add ConfigFiles library for working with configuration files.
2018-12-07 15:11:54 -05:00
Anders Schack-Mulligen
f09eb67af0
Java: Add org.apache.commons.lang3.StringUtils.isBlank as a nullguard.
2018-12-07 16:18:32 +01:00
