hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 02:13:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
22,353 Commits 1,671 Branches 157 Tags
ginsbach/RevertSharedSelect
Commit Graph

2219 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
5bcf810a7c Merge pull request #5821 from JarLob/patch-1 
Update UncaughtServletException.qhelp
 2021-05-04 10:39:02 +02:00
Anders Schack-Mulligen
9ee9186a1a Merge pull request #5825 from github/yo-h/java-diagnostic-queries 
Java: split extractor diagnostics query into two
 2021-05-04 10:12:32 +02:00
yo-h
edf1a90161 Java: split extractor diagnostics query into two 2021-05-03 20:27:07 -04:00
Jaroslav Lobačevski
38bce39baa Update UncaughtServletException.qhelp 
There is no single word in https://cwe.mitre.org/data/definitions/600.html about possible DoS or unexpected state.
 2021-05-03 15:06:57 +03:00
Chris Smowton
b2c0259197 Merge pull request #5631 from haby0/UseOfLessTrustedSource 
[Java] CWE-348: Using a client-supplied IP address in a security check
 2021-04-30 15:20:53 +01:00
haby0
fdcc517b9f UseOfLessTrustedSource -> ClientSuppliedIpUsedInSecurityCheck" 2021-04-30 17:43:34 +08:00
haby0
f41301f8f5 Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.java 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-30 16:55:17 +08:00
haby0
0691cac5ab Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSourceLib.qll 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-30 16:54:41 +08:00
haby0
8142810455 Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.qhelp 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-30 16:54:28 +08:00
haby0
711a74c9c9 Eliminate false positives\ 2021-04-30 10:31:40 +08:00
intrigus
08731fc6cf Fix typo. 2021-04-29 20:26:34 +02:00
Chris Smowton
ad9ea40954 Merge pull request #5597 from intrigus-lgtm/java/jwt-insecure-parse 
[Java] JWT without signature check.
 2021-04-29 14:41:11 +01:00
haby0
e813257431 use hardCode 2021-04-29 21:23:52 +08:00
Anders Schack-Mulligen
404a6c1506 Merge pull request #5805 from smowton/smowton/admin/spring-setter-method-docs 
Document `SpringProperty::getSetterMethod`.
 2021-04-29 15:10:58 +02:00
Anders Schack-Mulligen
c78285e557 Merge pull request #5784 from Marcono1234/marcono1234/switch-expr-stmt-parent 
Java: Add StmtParent as superclass of SwitchExpr
 2021-04-29 15:02:05 +02:00
Chris Smowton
2787c2f874 Document SpringProperty::getSetterMethod. 2021-04-29 12:28:26 +01:00
intrigus
a8865e2fa2 Java: Cleanup jwt stubs. 2021-04-28 20:46:09 +02:00
haby0
b0f745365d Node type restriction 2021-04-28 14:32:25 +08:00
Tom Hvitved
37377644c9 Merge pull request #5781 from hvitved/java/predictable-seed-df6 
Java: Use separate data-flow copy for `PredictableSeedFlowConfiguration`
 2021-04-27 19:01:55 +02:00
Tamás Vajk
4cc88662e2 Merge pull request #5557 from tamasvajk/feature/java-sinks-csv 
Java: convert sinks to CSV
 2021-04-27 15:58:09 +02:00
Marcono1234
05ce49adaf Java: Add StmtParent as superclass of SwitchExpr 
Database type `@stmtparent` already includes `@switchexpr`, this commit merely
changes the class SwitchExpr to also accordingly extend StmtParent.
 2021-04-27 15:17:55 +02:00
Tamas Vajk
5b79094f34 Fix naming in HTTPS URL check 2021-04-27 14:59:52 +02:00
Tamas Vajk
e08b629cb5 Add documentation for URL opening sinks 2021-04-27 10:32:41 +02:00
Tom Hvitved
017beb6786 Java: Use separate data-flow copy for PredictableSeedFlowConfiguration 2021-04-27 10:07:33 +02:00
haby0
5be9fbbc5a Remove LogOperationSink and PrintSink 2021-04-27 14:12:33 +08:00
intrigus
b1a3633495 Java: Remove redundant condition + docs. 2021-04-23 22:06:04 +02:00
Chris Smowton
455b840712 Fix all dead qhelp links 
For those documents with no obvious new home I've pointed the links to the Internet Archive.
 2021-04-23 15:20:21 +01:00
Anders Schack-Mulligen
bc8c55836a Merge pull request #5743 from aschackmull/java/flow-summary-tweaks 
Java/C#: Move a couple of flow summary tweaks to the shared implementation.
 2021-04-23 13:46:04 +02:00
Tamás Vajk
43dc9bbc94 Merge pull request #5744 from tamasvajk/feature/java-loc 
Java: Introduce LoC summary metric query
 2021-04-23 11:39:42 +02:00
intrigus
98dcd4e52b Java: Tighten definition of sink. 2021-04-23 00:14:48 +02:00
intrigus
a385b30c29 Java: Factor common expr into class. 2021-04-22 23:51:27 +02:00
intrigus-lgtm
958e2fab05 Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-22 23:36:17 +02:00
haby0
407dcea751 add String type startsWith 2021-04-22 19:20:54 +08:00
haby0
9b4442be8b Fix some errors 2021-04-22 19:01:55 +08:00
Tamás Vajk
cb28bc80b7 Merge branch 'main' into feature/java-sinks-csv 2021-04-22 11:41:18 +02:00
Tamas Vajk
7134eb9079 Improve documentation of csv sink models 2021-04-22 11:37:41 +02:00
Tamas Vajk
1caa5c4780 Adjust hostname verifier sink identifier name 2021-04-22 11:22:18 +02:00
Tamas Vajk
6c78a247f2 Revert erroneous refactoring in header splitting sink base class 2021-04-22 11:20:39 +02:00
Tamas Vajk
9b1c54e81b Add argument indices to HTTP header splitting sinks 2021-04-22 11:17:25 +02:00
Tamas Vajk
180904e9f6 Revert "Java: Convert Google HTTP client API parseAs sink to CSV format" 
This reverts commit 3e53484bb3.
 2021-04-22 11:14:51 +02:00
Owen Mansel-Chan
fea9f5f431 Merge pull request #5746 from owen-mc/java/refactor-exec-tainted 
Make ExecTainted easier to extend
 2021-04-22 10:14:28 +01:00
Owen Mansel-Chan
8a01799fb8 Make imports private 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-04-22 09:46:49 +01:00
Owen Mansel-Chan
4b8d4f5bbd Update docs 2021-04-22 09:30:50 +01:00
Owen Mansel-Chan
e448dcb725 Avoid bad join order 
We want to avoid joining on `i` first.
 2021-04-22 09:30:49 +01:00
Owen Mansel-Chan
9f1704560b Include constructors in abstract class 2021-04-22 09:30:48 +01:00
Tamás Vajk
9c936867fa Exclude code from XML files 
Co-authored-by: yo-h <55373593+yo-h@users.noreply.github.com>
 2021-04-22 09:00:31 +02:00
haby0
454324781d delete IfStmt 2021-04-22 11:59:33 +08:00
Chris Smowton
94f0a1532d Merge pull request #5682 from smowton/smowton/docs/fix-has-modifier-comment 
Fix documentation of Modifier.qll
 2021-04-21 15:41:29 +01:00
Owen Mansel-Chan
9c72e73a82 Make ExecTainted easier to extend 
To add a method that executes a command, you can now define a class
extending ExecMethod.
 2021-04-21 14:55:37 +01:00
Tamas Vajk
e25305e3cc Java: Introduce LoC summary metric query 2021-04-21 14:27:00 +02:00