hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,999 Commits 1,671 Branches 157 Tags
query-help-tests-lgtm
Commit Graph

1399 Commits

Author SHA1 Message Date
Jonathan Leitschuh
48f4b6c058 Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2020-10-12 11:16:21 -04:00
Jonathan Leitschuh
895f4d0ea6 JHipster Vuln: Add GOOD/BAD & release note links 2020-10-12 11:00:05 -04:00
Joe Farebrother
aa8bacb724 Java: Update test output 2020-10-12 15:50:47 +01:00
Joe Farebrother
3416911ac6 Java: Refector out StringBuilder and Number taint preserving callables 2020-10-12 15:50:47 +01:00
Joe Farebrother
eafde05a55 Java: Expand flow step refactoring to Callables 
Also add some missing flow steps for StringBuilder
 2020-10-12 15:50:47 +01:00
Joe Farebrother
7e2c49fadd Java: Fix a couple of flow step issues 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2020-10-12 15:50:47 +01:00
Joe Farebrother
4a8b7f64e8 Java: Rename returnsTaint to returnsTaintFrom 2020-10-12 15:50:47 +01:00
Joe Farebrother
ca9038350c Java: Add this. and fix mistake 2020-10-12 15:50:46 +01:00
Joe Farebrother
5d487b97da Java: Merge TaintPreservingMethod with TaintTransferringMethod 2020-10-12 15:50:46 +01:00
Joe Farebrother
a510f58865 Java: Implement code review changes 2020-10-12 15:50:46 +01:00
Joe Farebrother
91ce02aad4 Java: Fix bug involving varadic parameters 2020-10-12 15:50:46 +01:00
Joe Farebrother
79209af9c0 Java: Refactor out flow steps for more frameworks. 2020-10-12 15:50:41 +01:00
Joe Farebrother
92fd8c4128 Java: Move new definitions to new file 2020-10-12 15:48:43 +01:00
Joe Farebrother
60a7666105 Java: Refactor Android SQLite flow steps 2020-10-12 15:48:43 +01:00
Joe Farebrother
ca60f2cc18 Java: Fix failing tests 2020-10-12 15:48:43 +01:00
Joe Farebrother
ff6c5c219c Java: Start TaintTrackingUtils refactor 2020-10-12 15:48:43 +01:00
Joe Farebrother
551d86c6ea Java: Define classes for taint propagation methods 2020-10-12 15:48:43 +01:00
Arthur Baars
fc4a3426ac Merge pull request #4457 from daniel-beck/file-taint 
Java: Track taint through java.io.File constructor and #toURI; URI#toURL
 2020-10-12 16:42:11 +02:00
Anders Schack-Mulligen
725194a3b8 Merge pull request #4447 from aschackmull/dataflow/postupdate-flow-consistency 
Dataflow: Introduce consistency check for flow targeting PostUpdateNodes
 2020-10-12 08:56:19 +02:00
Daniel Beck
0c70be145f Track taint through java.io.File constructor and #toURI; URI#toURL 2020-10-10 20:54:55 +02:00
Anders Schack-Mulligen
1c043447e8 Dataflow: Introduce consistency check for flow targeting PostUpdateNodes. 2020-10-09 14:29:52 +02:00
Anders Schack-Mulligen
cb00f8bcc4 Merge pull request #4362 from tamasvajk/feature/sign-analysis-cleanup 
Sign analysis cleanup
 2020-10-08 09:10:04 +02:00
Tamás Vajk
06f1c898dc Merge pull request #4349 from tamasvajk/feature/modulus-analysis 
ModulusAnalysis shared between C# and Java
 2020-10-07 21:21:20 +02:00
Tamas Vajk
4df6a41616 ModulusAnalysis shared between C# and Java 2020-10-07 16:12:24 +02:00
Tamas Vajk
d2d8d009eb Sync Bound between C# and Java 2020-10-07 11:43:30 +02:00
Tamas Vajk
40a7f5aa1f Java: Minor fix to modulus analysis to handle constant expressions and not only compile time constants 2020-10-07 11:42:42 +02:00
Tamas Vajk
5688210249 Java: add test for modulus analysis 2020-10-07 11:41:55 +02:00
Tamas Vajk
94dc11c45a Revert getNonIntegerValue unification 2020-10-07 10:56:01 +02:00
Anders Schack-Mulligen
021435292b Merge pull request #4341 from joefarebrother/location-tostring 
Java: Include column numbers in Location.toString
 2020-10-06 14:42:35 +02:00
Joe
8e82687ab6 Java: Include column numbers in Location.toString 2020-10-06 11:16:06 +01:00
Arthur Baars
89710928c8 Merge branch 'main' into android-database 2020-10-06 10:48:22 +02:00
Jonathan Leitschuh
8272d591b6 Apply suggestions from code review 
https://github.com/github/codeql/pull/4312

Co-authored-by: Felicity Chapman <felicitymay@github.com>
Co-authored-by: Arthur Baars <aibaars@github.com>
 2020-10-05 14:12:03 -04:00
Anders Schack-Mulligen
30f29e0ba7 Merge pull request #4320 from aibaars/multipart-request 
Java: add Spring::MultipartRequest as taint source
 2020-10-05 13:45:06 +02:00
Anders Schack-Mulligen
e660ac54da Merge pull request #4358 from joefarebrother/format-taint 
Java: Add taint steps through string formatting methods
 2020-10-05 13:25:54 +02:00
Alexander Eyers-Taylor
30ed6a0dac Merge pull request #4385 from aibaars/drop-queries 
Drop 'tech-inventory' and 'code duplication' queries from the standard query suites
 2020-10-02 18:31:25 +01:00
Arthur Baars
daa1bcc06e Also mark 'tech inventory' queries as deprecated 2020-10-02 17:23:11 +02:00
Arthur Baars
fc45b6cd3c Drop 'tech-inventory' and 'code duplication' queries from the standard query suites 2020-10-02 17:22:04 +02:00
Chris Smowton
aa707e9370 Merge pull request #4381 from smowton/smowton/admin/fix-owasp-broken-links 
Fix OWASP broken links
 2020-10-02 08:51:36 +01:00
Tamas Vajk
1cf3196b61 Fix additional PR review findings 2020-10-02 09:12:13 +02:00
Tamas Vajk
01de550ef8 Make predicates private 2020-10-02 09:12:13 +02:00
Tamas Vajk
f52cf264ec Refactor specificSubExprSign 2020-10-02 09:12:13 +02:00
Tamas Vajk
f03146d12f Refactor fieldSign 2020-10-02 09:12:13 +02:00
Tamas Vajk
21ff1a0445 Address some of the PR review findings 2020-10-02 09:12:13 +02:00
Tamas Vajk
638d0399a8 Java, C#: Refactor explicitSsaDefSign in sign analysis 2020-10-02 09:09:23 +02:00
Tamas Vajk
7545fe74e3 Java, C#: Refactor implicitSsaDefSign in sign analysis 2020-10-02 09:09:23 +02:00
Tamas Vajk
37fc1d6f0f Java, C#: cleanup sign analysis 
Add missing QL doc, improve readability
 2020-10-02 09:09:23 +02:00
Jonathan Leitschuh
ab3772eaeb Update JHipster CodeQL query from code review 2020-10-01 15:38:56 -04:00
Joe
ca4781eb78 Java: Remove use of StringFormatMethod in TaintTrackingUtils 2020-10-01 15:58:32 +01:00
Anders Schack-Mulligen
c027f3bd2b Merge pull request #4324 from tamasvajk/feature/unsigned-sign-analysis 
Handle unsigned types in sign analysis (C# and Java)
 2020-10-01 15:11:49 +02:00
Chris Smowton
578ea1ae43 Fix OWASP broken links 2020-10-01 13:09:52 +01:00