hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,708 Commits 1,671 Branches 157 Tags
henrymercer/js-atm-update-api-graphs-usage
Commit Graph

4061 Commits

Author SHA1 Message Date
Sauyon Lee
d7bfc2eebf Remove redundant model lines 2021-07-14 05:05:17 -07:00
Sauyon Lee
671243c15d Add change note 2021-07-14 05:05:17 -07:00
Sauyon Lee
1f97ac88c8 Fix tests 2021-07-14 05:05:17 -07:00
Sauyon Lee
eaef1c146c Add generated tests 2021-07-14 05:05:16 -07:00
Sauyon Lee
16931e5de8 Add necessary stubs for Spring 
Co-Authored-By: smowton <smowton@github.com>
 2021-07-14 04:57:56 -07:00
Sauyon Lee
fc7e062deb Java: Add models for the Spring cache package 2021-07-14 04:57:56 -07:00
Sauyon Lee
d9fb09d132 Java: Add models for the Spring ui package. 2021-07-14 04:57:56 -07:00
Anders Schack-Mulligen
04244b3c45 Merge pull request #5974 from github/sauyon/java/spring-webmultipart 
Model Spring `web.multipart`
 2021-07-14 13:57:24 +02:00
Anders Schack-Mulligen
3c4cd15738 Merge pull request #5505 from joefarebrother/android-sql-convert 
Java: Convert Android SQL-related flow steps to CSV format
 2021-07-14 13:56:55 +02:00
Chris Smowton
e9390cb3eb Remove superfluous conjunct 2021-07-14 12:42:28 +01:00
Chris Smowton
3ae99b93ca Merge pull request #6215 from aschackmull/java/fix-csv-subtype-interpretation 
Java: Fix CSV subtype interpretation
 2021-07-14 09:57:21 +01:00
Anders Schack-Mulligen
0ccb213ec5 Dataflow: Sync. 2021-07-14 10:36:09 +02:00
Anders Schack-Mulligen
dbe1ca928b Dataflow: Simplify call context checks. 2021-07-14 10:36:09 +02:00
Anders Schack-Mulligen
c95e78546c Dataflow: Refactor 2021-07-14 10:36:09 +02:00
Sauyon Lee
51211c0394 Add stubs 2021-07-13 10:29:02 -07:00
Sauyon Lee
c2c7fee8df Fix tests 2021-07-13 10:29:02 -07:00
Sauyon Lee
b01e6d49fb Add generated tests 2021-07-13 10:29:01 -07:00
Sauyon Lee
b807757863 Model Spring web.multipart 2021-07-13 10:29:01 -07:00
Chris Smowton
1044049e72 Simplify getInput 2021-07-13 16:36:26 +01:00
Chris Smowton
98b85a481c Improve inline-expectation style 2021-07-13 16:36:08 +01:00
Chris Smowton
a11021991a Improve method documentation 2021-07-13 16:35:44 +01:00
Chris Smowton
b5492056d8 Remove superfluous parens 2021-07-13 16:35:22 +01:00
Chris Smowton
97694bc9a1 Report error even if interpretElement resolves to a non-Callable Element 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-07-13 16:16:01 +01:00
Tom Hvitved
7e9d87055d Data flow: Sync 2021-07-13 16:15:00 +02:00
Anders Schack-Mulligen
9388983e41 Java: Add missing stub. 2021-07-13 15:26:37 +02:00
Anders Schack-Mulligen
0f6f020766 Java: Fix models. 2021-07-13 15:23:19 +02:00
Artem Smotrakov
1b3516ab94 Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-07-13 14:53:45 +02:00
Chris Smowton
78fe0f810a Add models for decode/encodePointer methods 2021-07-13 11:10:46 +01:00
Artem Smotrakov
09ae779b21 Removed fromSource() check in looksLikeResolveClassStep() 2021-07-12 19:56:51 +02:00
Chris Smowton
2bd58d6ba7 Improve header comment 2021-07-12 18:09:23 +01:00
Chris Smowton
cc4401b453 Add models of JsonPointer, JsonMergeDiff and JsonPatchBuilder 2021-07-12 18:08:45 +01:00
Chris Smowton
539859497b Add models of JsonMergePatch, JsonPatchBuilder and JsonPointer 2021-07-12 17:39:51 +01:00
Chris Smowton
6bf931392b Add missing model of JsonObjectBuilder.remove 2021-07-12 17:13:39 +01:00
Tom Hvitved
47d126e681 Data flow: Sync 2021-07-12 12:09:51 +02:00
github-actions[bot]
56419bc74b Add changed framework coverage reports 2021-07-12 00:06:55 +00:00
Artem Smotrakov
c98f1a479e Better taint propagation in UnsafeTypeConfig 2021-07-09 10:24:15 +02:00
Artem Smotrakov
476843a278 Added comments for Jackson in UnsafeDeserialization.qll 2021-07-09 10:24:15 +02:00
Artem Smotrakov
e9731cd212 Minor improvements for Jackson in UnsafeDeserialization.qll 2021-07-09 10:24:15 +02:00
Artem Smotrakov
704cc77bb5 Added a change note for Jackson 2021-07-09 10:24:14 +02:00
Artem Smotrakov
24e4b68b9c Removed getAnAccess() calls for Jackson 2021-07-09 10:24:14 +02:00
Artem Smotrakov
aefd21075b Added tests for UnsafeDeserialization.ql and Jackson 2021-07-09 10:24:10 +02:00
Artem Smotrakov
ea0991c980 Added Jackson to UnsafeDeserialization.qhelp 2021-07-09 10:17:29 +02:00
Artem Smotrakov
97fca620fa Cover attacker-controlled types for deserialization with Jackson 2021-07-09 10:16:04 +02:00
Artem Smotrakov
3eb2af1bc2 First draft of sinks for unsafe deserialization with Jackson 2021-07-09 10:16:01 +02:00
Joe Farebrother
4d459f24d9 Fix up tests and update models 2021-07-02 14:46:33 +01:00
Joe Farebrother
fc017b7934 Use ArrayElement of in flow step specifications 2021-07-02 14:46:31 +01:00
Joe Farebrother
15415931ce Use Argument ranges in CSV rows 2021-07-02 14:46:03 +01:00
Joe Farebrother
5325622813 Convert sql-related flow steps to CSV 2021-07-02 14:46:03 +01:00
Anders Schack-Mulligen
3c6604daa7 Java: Fix subtypes interpretation. 2021-07-02 14:43:56 +02:00
Anders Schack-Mulligen
6813a79423 Java: Add test for override of Map.put highlighting problem. 2021-07-02 14:41:59 +02:00