hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-26 13:46:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,334 Commits 1,673 Branches 157 Tags
ginsbach/OverlayLocalJava
Commit Graph

11714 Commits

Author SHA1 Message Date
Chris Smowton
b1dd3c2d84 Model java.util.Properties.getProperty 2022-07-13 13:59:28 +01:00
Erik Krogh Kristensen
595875ff98 remove redundant not-equals check 2022-07-13 12:06:12 +02:00
Erik Krogh Kristensen
a4262f8d91 add some more references to the overly-large-range qhelp 2022-07-13 11:20:24 +02:00
Raul Garcia
0dbb03f732 Adding CVE information. 2022-07-12 21:49:19 -07:00
Raul Garcia
a4adf06713 Addressing feedback for the qhelp file. 2022-07-12 13:51:12 -07:00
Raul Garcia
64343e00f4 Update java/ql/src/experimental/Security/CWE/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-07-12 08:14:25 -07:00
Raul Garcia
8a48708014 Update java/ql/src/experimental/Security/CWE/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-07-12 08:14:13 -07:00
Raul Garcia
2bac181094 Update java/ql/src/experimental/Security/CWE/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-07-12 08:13:53 -07:00
Raul Garcia
a4e35a97ea Update java/ql/src/experimental/Security/CWE/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-07-12 08:13:38 -07:00
Raul Garcia
a51d713925 Update java/ql/src/experimental/Security/CWE/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-07-12 08:13:12 -07:00
Erik Krogh Kristensen
8e52fc97fc changes based on review by Shack 2022-07-12 16:02:50 +02:00
Erik Krogh Kristensen
220ff3cb2e convert tabs to spaces in qhelp 2022-07-12 16:02:50 +02:00
Erik Krogh Kristensen
aae3e2ddde other changes based on Esbens review 2022-07-12 16:02:50 +02:00
Erik Krogh Kristensen
ff25451699 rename query to overly-large-range, and rewrite the @description 2022-07-12 16:02:46 +02:00
Ian Lynagh
a0636ff843 Merge pull request #9545 from igfoo/igfoo/type_cycles 
Java: Fix RefType.getAStrictAncestor() in the presence of type hierarchy cycles
 2022-07-12 14:28:54 +01:00
Ian Lynagh
d0bf424b19 Merge pull request #9806 from igfoo/igfoo/useType 
Kotlin: Extract an ErrorType if we fail to correctly extract a type
 2022-07-12 13:45:04 +01:00
Ian Lynagh
1bcb17b760 Update java/ql/lib/change-notes/2022-07-12-errortype.md 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2022-07-12 12:16:24 +01:00
Ian Lynagh
965f5a980a Java/Kotlin: Add changenote for ErrorType 2022-07-12 10:58:16 +01:00
Shyam Mehta
65b9947428 Incorporate jksco's feedback 2022-07-12 02:02:31 -04:00
smehta23
781a2a73d3 Merge branch 'main' into feat/SM/java_partial_path_traversal_vulnerability 2022-07-12 01:48:12 -04:00
Raul Garcia
d5791e2d56 Addressing feedback from the PR 2022-07-11 15:45:15 -07:00
Raul Garcia
ac05577966 Making various changes based on the feedback. Pending: 2 non-trivial fixes for Java & Python. 2022-07-11 13:25:35 -07:00
Ian Lynagh
28a8999b74 Java: Add an upgrade script 2022-07-11 12:09:48 +01:00
Ian Lynagh
aa07600f5a Java: Update stats 2022-07-11 12:09:48 +01:00
Chris Smowton
74641ccfee Simplify test for no-arg constructor 2022-07-11 11:01:19 +01:00
Raul Garcia
01da877d0e Moving the new query to experimental. It was added to the wrong folder initially. 2022-07-06 14:07:14 -07:00
Raul Garcia
f5c6b45014 Update UnsafeUsageOfClientSideEncryptionVersion.qhelp 2022-07-05 13:58:11 -07:00
Raul Garcia
e43e5810cf New queries to detect unsafe client side encryption in Azure Storage 2022-07-01 17:08:35 -07:00
Shyam Mehta
39f885413f Change log 2022-07-01 11:34:56 -04:00
Ian Lynagh
1730ec22d9 Kotlin: Extract an ErrorType if we fail to correctly extract a type 2022-07-01 16:33:43 +01:00
smehta23
391dd5b38d Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversalGood.java 
Co-authored-by: Jonathan Leitschuh <jonathan.leitschuh@gmail.com>
 2022-07-01 10:55:58 -04:00
smehta23
ebe48ec30a Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.qhelp 
Co-authored-by: Jonathan Leitschuh <jonathan.leitschuh@gmail.com>
 2022-07-01 10:53:43 -04:00
smehta23
48e16e52b5 Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.qhelp 
Co-authored-by: Jonathan Leitschuh <jonathan.leitschuh@gmail.com>
 2022-07-01 10:52:41 -04:00
Shyam Mehta
1a41d4c379 Add CVE number 2022-07-01 10:51:33 -04:00
Chris Smowton
b499ba5aa8 Kotlin: don't extract private setters of external classes 
Previously these would get extracted unlike other private methods even if the class was a standard library or other external class. This could cause inconsistencies because if we also compiled the class from source we could end up deciding different names for the property's setter: setXyz$private when seen from source, and setXyz without a
suffix when seen as an external .class file. Avoiding extracting these functions from the external perspective both restores consistency with other kinds of method and avoids these consistency problems.
 2022-07-01 15:44:17 +01:00
Shyam Mehta
300a14c35c Add ESAPI reference 2022-07-01 10:43:59 -04:00
smehta23
209a21655a Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversalGood.java 
Co-authored-by: Jonathan Leitschuh <jonathan.leitschuh@gmail.com>
 2022-07-01 10:40:38 -04:00
smehta23
c6f2f61bfb Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversalBad.java 
Co-authored-by: Jonathan Leitschuh <jonathan.leitschuh@gmail.com>
 2022-07-01 10:39:46 -04:00
Chris Smowton
4c6a9772af Merge pull request #9768 from smowton/smowton/fix/internal-method-name-mangling 
Kotlin: Mangle names of internal functions to match JVM symbols
 2022-07-01 14:33:32 +01:00
Chris Smowton
14aef792e0 Accept test changes 2022-07-01 10:35:17 +01:00
Chris Smowton
b9eec13466 Accept integration test changes 2022-06-30 22:21:04 +01:00
Chris Smowton
dd93062101 Kotlin: Mangle names of internal functions to match JVM symbols 2022-06-30 21:56:25 +01:00
Chris Smowton
570e418b22 Fix ordering PrintAst nodes 2022-06-30 16:07:32 +01:00
Chris Smowton
ec95cbace4 PrintAst: Tie-break multiple class members created at the same source location 
Otherwise Kotlin introducing a getter, setter and field declaration based on the same property tied in the sort order, and so could be output in different orders on different machines.
 2022-06-30 15:29:56 +01:00
Chris Smowton
0d0d240fd4 Accept test changes re: new compiler-generated nodes 2022-06-30 15:29:20 +01:00
Chris Smowton
8214c3b78e Add AST dump for JvmStatic annotation test 2022-06-30 13:11:43 +01:00
Chris Smowton
5a47e1dd95 Annotate generated static proxy methods as compiler-generated 2022-06-30 12:48:11 +01:00
Chris Smowton
466cf7573b Autoformat 2022-06-30 12:42:39 +01:00
Chris Smowton
b4124ac553 Add test 2022-06-30 12:42:39 +01:00
Chris Smowton
ab52a020fa Add test 2022-06-30 10:22:56 +01:00