hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
32,907 Commits 1,672 Branches 157 Tags
codeql-cli-2.8.2
Commit Graph

1576 Commits

Author SHA1 Message Date
Owen Mansel-Chan
d9cf1aaf39 Add stubs for JAX-WS 2021-06-08 15:12:04 +01:00
Tony Torralba
48b0df4a3e Add tests, minor bugfixes 2021-06-08 10:35:18 +02:00
Tony Torralba
d77d0c9e10 Added summaries for Spring PropertyValues 2021-06-07 17:35:03 +02:00
Anders Schack-Mulligen
96da85449d Merge pull request #5823 from atorralba/promote-jexl-injection 
Java: Promote JEXL Injection query from experimental
 2021-06-07 10:03:12 +02:00
Chris Smowton
4ddf4558a7 Merged simplified query 2021-06-04 16:07:15 +02:00
Anders Schack-Mulligen
f73960da8f Merge pull request #5788 from Marcono1234/marcono1234/stmt-toString 
Java: Override toString() for statements
 2021-06-04 12:41:03 +02:00
Anders Schack-Mulligen
60377a8f86 Merge pull request #5383 from smowton/smowton/feature/strbuilder-fluent-methods 
Java: Add models for StrBuilder's fluent methods
 2021-06-04 12:33:24 +02:00
Anders Schack-Mulligen
30cb80b341 Merge pull request #5181 from smowton/smowton/feature/commons-tostringbuilder 
Java: Add models for Commons ToStringBuilder
 2021-06-04 12:30:36 +02:00
Marcono1234
485b0be805 Java: Fix expected test output 2021-06-03 17:15:00 +02:00
Marcono1234
e0a45507f8 Java: Adjust toString() for statements 2021-06-03 16:27:36 +02:00
Marcono1234
7e778bc008 Java: Override toString() for statements 
Additionally remove redundant QLDoc which is inherited anyways.
 2021-06-03 16:27:35 +02:00
Anders Schack-Mulligen
bd9e3d0fa9 Merge pull request #5751 from aschackmull/java/collection-flow 
Java: Convert all collection and array steps from taint flow to value flow.
 2021-06-03 15:29:14 +02:00
Tony Torralba
56a429a5f9 Merge branch 'main' into promote-jexl-injection 2021-06-03 11:10:56 +02:00
Tony Torralba
34a8383c1a Unused import 2021-06-03 10:22:53 +02:00
Anders Schack-Mulligen
8e6dd51f50 Merge pull request #5868 from Marcono1234/marcono1234/ignore-not-closing-char-array-closeable 
Java: Ignore char array based closeables for CloseReader.ql and CloseWriter.ql
 2021-06-02 15:00:59 +02:00
Anders Schack-Mulligen
8a20395857 Merge pull request #5940 from pwntester/main 
Remove XSS sink for Java
 2021-06-02 12:30:20 +02:00
Tony Torralba
d476459727 Use InlineExpectationsTest 2021-06-02 12:15:26 +02:00
Tony Torralba
59e6e1ffac Moved from experimental 2021-06-02 09:58:30 +02:00
Anders Schack-Mulligen
dbe352f3ff Java: Remove deprecated tests. 2021-06-01 11:47:52 +02:00
Anders Schack-Mulligen
901996f9fd Java: Add collection flow test. 2021-06-01 11:47:52 +02:00
Anders Schack-Mulligen
43d1b0ab27 Java: Update qltests. 2021-06-01 11:47:52 +02:00
Anders Schack-Mulligen
a4661e1aca Merge pull request #5704 from edvraa/regexj 
Java: Regex injection
 2021-06-01 11:45:59 +02:00
Alvaro Muñoz
735e4e4b7b update failing tests 2021-05-28 15:13:18 +02:00
Timo Mueller
75f6ec1f0d Updated test cases to include test for java10+ CREDENTIALS_FILTER_PATTERN constant 2021-05-25 17:08:58 +02:00
Timo Mueller
59ebe08c78 Added stup for RMIConnectorServer for valid test case 2021-05-25 16:40:41 +02:00
Artem Smotrakov
c837605c85 Added test cases with sanitizers for UnsafeDeserializationRmi.ql 2021-05-23 13:01:22 +02:00
Artem Smotrakov
d2e29fc72c Renamed RmiUnsafeDeserialization.ql -> UnsafeDeserializationRmi.ql 2021-05-23 10:21:05 +02:00
Artem Smotrakov
e28f919f3d Look for remote callable method only in RmiUnsafeDeserialization.ql 2021-05-23 10:21:05 +02:00
Artem Smotrakov
5ffe04d6a5 Updated expected output for RmiUnsafeDeserialization.java test 2021-05-23 10:21:04 +02:00
Artem Smotrakov
3d20330a92 More tests for RmiUnsafeDeserialization 2021-05-23 10:21:04 +02:00
Artem Smotrakov
ec6186a1c5 Draft of tests for RmiUnsafeDeserialization.ql 2021-05-23 10:21:04 +02:00
Tony Torralba
7dbdba28cc Consider search methods with unsafe SearchControls 2021-05-21 15:21:04 +02:00
Sebastian Bauersfeld
28f597440f Add method invocations of Spring's SavedRequest as a remote sources. 2021-05-20 20:00:14 +07:00
Tony Torralba
c1e71b60b4 Use InlineExpectationsTest 2021-05-20 12:00:11 +02:00
Tony Torralba
1351516e9a Moved JNDI injection related files from experimental to standard 2021-05-19 11:32:51 +02:00
Tony Torralba
e58746508d Merge branch 'main' into atorralba/promote-ognl-injection 2021-05-19 10:41:08 +02:00
luchua-bc
e4699f7fa9 Optimize the query 2021-05-18 16:12:22 +00:00
luchua-bc
d664aa6d6a Include more scenarios and update qldoc 2021-05-18 16:12:22 +00:00
luchua-bc
852bcfb5c7 Refactor the ScriptEngine query and the Rhino code injection query into one 2021-05-18 16:12:22 +00:00
luchua-bc
b0b5338359 Rhino code injection 2021-05-18 16:12:22 +00:00
Chris Smowton
4230869ee2 Merge pull request #5819 from luchua-bc/java/jpython-injection 
Java: CWE-094 Jython code injection
 2021-05-18 16:38:40 +01:00
Chris Smowton
71f540a755 Merge pull request #5844 from haby0/SpringRedirects 
[Java] CWE-601 Spring url redirection detect
 2021-05-18 16:37:40 +01:00
Tony Torralba
34a55e77ef Add missing subtype test 2021-05-18 09:38:35 +02:00
Anders Schack-Mulligen
9b0e3b1950 Merge pull request #5814 from JLLeitschuh/feat/JLL/jackson_as_taint_step 
[Java] Add taint tracking through Jackson deserialization
 2021-05-18 09:31:16 +02:00
haby0
a0cd551bae Add filtering of String.format 2021-05-18 11:05:10 +08:00
Tony Torralba
bc2370ae1d Use InlineExpectationsTest for tests 2021-05-17 15:58:33 +02:00
Tony Torralba
3e4ccaf9a8 Move from experimental to standard 2021-05-17 10:41:54 +02:00
haby0
60fc607449 Modify ql 2021-05-14 18:17:05 +08:00
haby0
498c99e26c Add left value, Add return expression tracing flow 2021-05-14 16:31:59 +08:00
Tony Torralba
db732918af Add taint step for setExpression 2021-05-13 15:01:36 +02:00