hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,999 Commits 1,672 Branches 157 Tags
query-help-tests-lgtm
Commit Graph

1399 Commits

Author SHA1 Message Date
Arthur Baars
cf6036f9b4 Java: fix some android database sinks 2020-09-30 14:42:19 +02:00
Arthur Baars
061c2a754f Java: tests for android database flow steps 2020-09-30 12:42:19 +02:00
Arthur Baars
a13e845127 Java: tests for android database sinks 2020-09-30 12:42:19 +02:00
Arthur Baars
39f5284dcc Java: add stubs for some android database classes 2020-09-30 12:33:33 +02:00
Arthur Baars
449fb24ef6 Java: android add taint and SQL sink for ContentProvider/Resolver 2020-09-30 12:33:32 +02:00
Arthur Baars
efd5b6ff66 Java: SQLite: make classes private 2020-09-30 12:32:27 +02:00
Arthur Baars
28c965765b Move query sinks into SQLite.qll 2020-09-30 12:32:27 +02:00
Arthur Baars
b3aae276ba Add types to SQLite.qll 2020-09-30 12:32:24 +02:00
Arthur Baars
6db4f839cb Java: add Android database taint and SQL injection sinks 2020-09-30 12:31:11 +02:00
Joe
be07d27a4c Java: Improve tests 2020-09-29 16:36:34 +01:00
Joe
efc3a25237 Java: Don't pass taint through the format methods of Console 2020-09-29 16:02:51 +01:00
Joe Farebrother
eccfa5d26a Fix documentation typo 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2020-09-29 15:34:05 +01:00
Joe
d184aa7c06 Make FieldRead and FieldWrite extend LValue and RValue 2020-09-29 15:24:51 +01:00
Joe
bea38fcd07 Java: Add taint modelling for string format methods 2020-09-28 16:25:45 +01:00
Tamas Vajk
2bbaa4e173 Handle unsigned types in sign analysis (C# and Java) 2020-09-28 14:46:32 +02:00
Joe Farebrother
274147c87a Merge pull request #4339 from joefarebrother/printAST-java-var-decls 
Java: Add synthetic nodes for `LocalVariableDeclExpr`s in the AST view
 2020-09-28 10:21:25 +01:00
Joe
5256c0ba39 Java: Improve PrintAst tests and rename things 
Add tests for `EnhcancedForStmt`s and `InstanceOfExpr`s.
Rename LocalVarDeclParent to SingleLocalVarDeclParent
 2020-09-25 11:31:56 +01:00
Anders Schack-Mulligen
3ef3e6e140 Merge pull request #4319 from hvitved/python-java-block-precedes-var 
Java/Python: Reduce size of `blockPrecedesVar`
 2020-09-24 16:07:49 +02:00
Joe
9c8a468237 Java: PrintAst: Add synthetic nodes for other declarations 2020-09-24 14:31:24 +01:00
Joe
3e960c1e0b Java: PrintAst: Refactor exceptions to the usual AST of expressions and statements using dispatch 2020-09-24 14:31:24 +01:00
Joe
1f99607624 Java: PrintAst: Improve test 2020-09-24 14:31:24 +01:00
Joe
45651cf123 Java: PrintAst: Add a synthetic node for the initialisers of for statements 2020-09-24 14:31:24 +01:00
Anders Schack-Mulligen
d4d4c0f3f9 Merge pull request #4325 from aibaars/hibernate-changenote 
Java: change note for Hiberate ORM improvements
 2020-09-24 12:58:45 +02:00
Jonathan Leitschuh
17603c8091 Update java/ql/src/Security/CWE/CWE-338/JHipsterGeneratedPRNG.qhelp 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2020-09-23 13:59:49 -04:00
Arthur Baars
5894263671 Java: improve change note 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2020-09-23 15:37:55 +02:00
Jonathan Leitschuh
645d7c8831 Fix documentation in apache/Lang.qll 2020-09-22 15:04:06 -04:00
Jonathan Leitschuh
8578bc5cf0 Update java/ql/src/Security/CWE/CWE-338/JHipsterGeneratedPRNG.qhelp 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2020-09-22 15:02:00 -04:00
Jonathan Leitschuh
24fe3d0663 Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2020-09-22 13:11:11 -04:00
Arthur Baars
252f8aa89d Java: add Spring::MultipartRequest as taint source 2020-09-22 19:01:10 +02:00
Arthur Baars
b382711f14 Java: change note for Hiberate ORM improvements 2020-09-22 18:55:07 +02:00
Tamás Vajk
54c35748f0 Merge pull request #4193 from tamasvajk/feature/sign-analysis 
C#: Sign analysis
 2020-09-22 15:33:33 +02:00
Anders Schack-Mulligen
66e2ed9b65 Merge pull request #4031 from aibaars/hibernate 
Add additional Hibernate SQL sinks
 2020-09-22 15:29:40 +02:00
Anders Schack-Mulligen
47506a859e Merge pull request #4287 from joefarebrother/exectainted-array 
Java: Improve the ExecTainted query
 2020-09-22 13:16:05 +02:00
Tom Hvitved
71da9045e5 Java/Python: Reduce size of blockPrecedesVar 2020-09-22 11:00:26 +02:00
Jonathan Leitschuh
ab618dcf2f Java: QL Query Detector for JHipster Generated CVE-2019-16303 2020-09-21 18:46:13 -04:00
Tamas Vajk
8bf4a4209c C#: Sign analysis 
Synced between Java and C# through `identical-files.json`.
 2020-09-21 16:15:12 +02:00
Tamas Vajk
441fbe3215 Add Java test file for sign analysis 2020-09-21 15:07:09 +02:00
Anders Schack-Mulligen
4a3118b13e Merge pull request #4246 from RasmusWL/java-fix-ssa-varBlockReaches 
Java: Minor fixup for SSA AdjacentUsesImpl::varBlockReaches
 2020-09-21 13:28:20 +02:00
Rasmus Wriedt Larsen
233dd43635 Java: Port varBlockReaches fix to BaseSSA.qll 2020-09-21 12:11:25 +02:00
Joe
9baf2b9eff Fix cartesian product 2020-09-18 15:42:03 +01:00
Joe
abb1731be7 Java: Simplify the implementation of ExecTainted 2020-09-18 15:21:03 +01:00
Anders Schack-Mulligen
b3bf570fb7 Merge pull request #4301 from lcartey/java/update-cwe-claims 
Java: Update some CWE claims
 2020-09-18 16:08:40 +02:00
Joe
3cc38feebc Fix a couple of typos in QLDoc comments 2020-09-18 14:51:38 +01:00
lcartey@github.com
2c6f587ee9 Java: Add coverage claim for CWE 193 (off by one) 2020-09-18 12:51:24 +01:00
lcartey@github.com
39200566c3 Java: Update CWE claims for XXE. 
This matches the claims in the C# equivalent.
 2020-09-18 12:30:52 +01:00
Joe
3258134098 Java: Remove superfluous conjunct 2020-09-18 10:41:06 +01:00
lcartey@github.com
32f43a84be Java: Add CWE 564 (SQL Injection: Hibernate) 2020-09-18 10:20:21 +01:00
Joe
9c643ec1cd Java: Fix formatting 2020-09-17 17:46:05 +01:00
Joe
69fd579dfd Java: Fix QLDoc 2020-09-17 17:37:16 +01:00
Joe
2da6234317 Java: Fix QLDoc 2020-09-17 17:31:24 +01:00