hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 11:46:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,347 Commits 1,672 Branches 157 Tags
hmac/command-injection-from-library-inputs
Commit Graph

374 Commits

Author SHA1 Message Date
Artem Smotrakov
aefd21075b Added tests for UnsafeDeserialization.ql and Jackson 2021-07-09 10:24:10 +02:00
Chris Smowton
8b7db8a8cc Merge pull request #5408 from p0wn4j/urlclassloader-webclient-ssrf-sinks 
Java: Add URLClassLoader, WebClient SSRF sinks
 2021-07-01 16:14:22 +01:00
Anders Schack-Mulligen
cda5c22f6e Merge pull request #5590 from github/sauyon/java-spring-errors 
Add models for Spring validation.Errors
 2021-07-01 14:29:49 +02:00
p0wn4j
0db7496617 Add URLClassLoader and Spring WebClient SSRF sinks 2021-07-01 03:34:14 +04:00
Chris Smowton
753c878f48 Also cover jakarta version of javax.json, and some missed methods 2021-06-30 15:04:15 +01:00
Tony Torralba
0bb9e464b2 Merge branch 'main' into atorralba/spring-beans 2021-06-30 12:55:10 +02:00
Anders Schack-Mulligen
374859efb4 Merge pull request #6156 from smowton/smowton/feature/jax-rs-content-type-sensitivity 
Jax RS XSS Tests
 2021-06-30 09:52:07 +02:00
Chris Smowton
ba5dc3cdbc Add models of the javax.json package 2021-06-29 15:21:01 +01:00
Sauyon Lee
aa0fbce28e Remove unnecessary code from stubs 2021-06-29 05:51:38 -07:00
Sauyon Lee
fe2b73ed72 Stub more of Spring 2021-06-29 05:51:19 -07:00
Chris Smowton
6b3bc42ef2 Add JAX-RS XSS tests 2021-06-28 19:24:18 +01:00
Sauyon Lee
bddc88c010 Add stubs for Spring util tests 2021-06-28 08:26:40 -07:00
Sauyon Lee
60db9e1851 Rename springframework-5.2.3 to 5.3.8 2021-06-28 08:26:39 -07:00
Tony Torralba
8112d723e0 Merge branch 'main' into atorralba/spring-beans 2021-06-28 17:02:31 +02:00
Owen Mansel-Chan
2e670c4050 Manually update automatically generated stubs 2021-06-25 11:17:08 +01:00
Owen Mansel-Chan
5feee9cc17 Add automatically-generated stubs 2021-06-25 11:17:06 +01:00
Artem Smotrakov
14e724bce6 Added sinks for RmiBasedExporter and HessianExporter 2021-06-23 09:53:47 +02:00
Chris Smowton
6302187a5d Merge pull request #5957 from haby0/java/BeanShellInjection 
Java: BeanShell Injection
 2021-06-18 12:38:51 +01:00
Anders Schack-Mulligen
7eb6da3888 Merge pull request #5772 from smowton/smowton/feature/apache-tuple-flow 
Add models for Apache Commons Lang's tuple types
 2021-06-18 11:25:07 +02:00
haby0
0d18e4ff9c BeanShell Injection 2021-06-18 15:54:13 +08:00
Tony Torralba
0c71393171 Merge branch 'main' into atorralba/promote-unsafe-android-webview-fetch 2021-06-17 14:54:25 +02:00
Chris Smowton
472a2a64dd Add models for Apache Commons tuples 2021-06-17 12:25:21 +01:00
Chris Smowton
11b70326fd Add Jakarta WS url-open sink 2021-06-17 11:58:41 +01:00
Chris Smowton
8b080a94e7 Convert request forgery tests to inline expectations; add missing models revealed by this process. 2021-06-17 11:43:32 +01:00
Chris Smowton
ee872f1752 Add missing tests, add additional models revealed missing in the process, and add stubs to support them all. 2021-06-17 11:43:32 +01:00
Chris Smowton
487c1db6ed Promote SSRF query to main query set 2021-06-17 11:41:01 +01:00
Anders Schack-Mulligen
6ca8d69b26 Merge pull request #5881 from haby0/java/UnsafeDeserialization 
Java: CWE-502 Add UnsafeDeserialization sinks
 2021-06-17 12:36:34 +02:00
Anders Schack-Mulligen
8fe2f4a554 Merge pull request #6034 from owen-mc/java/jax-rs 
Improve JAX-WS and JAX-RS models
 2021-06-17 12:35:34 +02:00
Tony Torralba
47fffb04a6 Merge branch 'main' into atorralba/promote-ognl-injection 2021-06-16 15:46:33 +02:00
Tony Torralba
91ba30a781 Merge branch 'main' into atorralba/promote-missing-jwt-signature-check 2021-06-16 15:46:14 +02:00
Tony Torralba
dab33b21fb Merge branch 'main' into atorralba/promote-mvel-injection 2021-06-16 15:44:43 +02:00
Tony Torralba
bf2be6ec7c Merge branch 'main' into atorralba/promote-jndi-injection 2021-06-16 15:34:37 +02:00
Tony Torralba
87dfc92aba Add tests for CompilationUnit's subtypes 2021-06-16 13:01:40 +02:00
Tony Torralba
e324e4e8d1 Remove non-ascii characters added by accident 2021-06-16 13:01:40 +02:00
Tony Torralba
f3ef93fa8a Make sinks more specific, improve tests 2021-06-16 13:01:39 +02:00
Tony Torralba
5d56eb6ea1 Add stubs 2021-06-16 13:01:39 +02:00
Tony Torralba
7883549c25 Use InlineExpectationsTest 2021-06-16 13:01:39 +02:00
Tony Torralba
356601ce15 Moved from experimental 2021-06-16 13:01:38 +02:00
haby0
c1ada6d85b Merge branch 'main' into java/UnsafeDeserialization 2021-06-16 16:37:03 +08:00
Owen Mansel-Chan
8cf47f12b4 Model constructors of classes implementing MultivaluedMap 2021-06-14 10:56:35 +01:00
Joe Farebrother
04ffe80366 Add unit tests 2021-06-11 11:41:27 +01:00
Owen Mansel-Chan
0ad35421f2 Comment out stubs (Jakarta) 2021-06-10 10:43:40 +01:00
Owen Mansel-Chan
318d1ea484 Stubs in javax-ws-rs-api-3.0.0 
Generated using java-autostub
 2021-06-10 10:43:39 +01:00
Owen Mansel-Chan
baa21c5bcf Manually comment out parts of stubs 
This is to avoid having to make more stubs, which we don't really need
 2021-06-10 10:43:34 +01:00
Owen Mansel-Chan
caf96b01e1 Stubs in javax-ws-rs-api-2.1.1 
Generated using java-autostub
 2021-06-10 10:43:34 +01:00
Owen Mansel-Chan
d9cf1aaf39 Add stubs for JAX-WS 2021-06-08 15:12:04 +01:00
Tony Torralba
d77d0c9e10 Added summaries for Spring PropertyValues 2021-06-07 17:35:03 +02:00
Anders Schack-Mulligen
96da85449d Merge pull request #5823 from atorralba/promote-jexl-injection 
Java: Promote JEXL Injection query from experimental
 2021-06-07 10:03:12 +02:00
Anders Schack-Mulligen
30cb80b341 Merge pull request #5181 from smowton/smowton/feature/commons-tostringbuilder 
Java: Add models for Commons ToStringBuilder
 2021-06-04 12:30:36 +02:00
Tony Torralba
56a429a5f9 Merge branch 'main' into promote-jexl-injection 2021-06-03 11:10:56 +02:00