codeql

mirror of https://github.com/github/codeql.git synced 2025-12-21 03:06:31 +01:00

Author	SHA1	Message	Date
Artem Smotrakov	67579dd1d8	Added tests for NotConstantTimeCryptoComparison.ql	2021-08-01 09:47:01 +02:00
Artem Smotrakov	c2c85d32da	Java: Added a query for timing attacks	2021-08-01 09:47:01 +02:00
Artem Smotrakov	7959e76da8	Better qldoc in UnsafeDeserializationQuery.qll Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2021-07-30 09:30:59 +02:00
Fosstars	a4b0041120	Better looksLikeResolveClassStep() predicate	2021-07-30 09:28:03 +02:00
Fosstars	1d3eb570bf	hasJsonTypeInfoAnnotation() should check fields recursively Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2021-07-30 08:30:40 +02:00
yo-h	6a18b33616	Java: update `frameworks.rst` with Jackson Updating manually maintained list with coverage in `JacksonSerializability.qll`	2021-07-29 17:35:06 -04:00
Aditya Sharad	cb686ea802	Merge pull request #6388 from github/geoffw0-patch-2 Update query-metadata-style-guide.md	2021-07-29 10:20:26 -07:00
Geoffrey White	5e6e176f32	Update query-metadata-style-guide.md Add a note about the `@security-severity` tag.	2021-07-29 17:53:31 +01:00
Mathias Vorreiter Pedersen	b1e5fbe2de	Merge pull request #6377 from sashabu/sashabu/virtual C++: Allow querying virtual, override, and final declaration specifiers.	2021-07-29 17:51:14 +02:00
Joe Farebrother	227818adb4	Add change note	2021-07-29 16:41:33 +01:00
Joe Farebrother	e23f666f67	Replace get and newWith methods with real implementations	2021-07-29 16:39:50 +01:00
Tony Torralba	29490e5872	Add suggestion from code review	2021-07-29 17:07:18 +02:00
Joe Farebrother	f1ca29a846	Add more stubs	2021-07-29 15:58:42 +01:00
Tony Torralba	3fcc9fae79	Refactor sinks to reuse code	2021-07-29 16:48:47 +02:00
Geoffrey White	417edab126	C++: Simplify out the 'effect' string.	2021-07-29 15:44:53 +01:00
Geoffrey White	7f621bc737	C++: Repair the tests that use subtraction so that the thing they're testing is preserved, and add two new explicit tests of behaviour on subtraction.	2021-07-29 15:36:43 +01:00
Tony Torralba	6e3b6dcb98	Imporve qhelp	2021-07-29 16:36:38 +02:00
Tony Torralba	bdf0f582a4	QLDoc improvements from code review Co-authored-by: Felicity Chapman <felicitymay@github.com> Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2021-07-29 16:34:21 +02:00
Tony Torralba	90b5e02b6e	Improve qhelp	2021-07-29 16:28:10 +02:00
Geoffrey White	13823df5a1	C++: Remove underflow detection.	2021-07-29 15:22:18 +01:00
Geoffrey White	9e0411238b	C++: Add some more test cases.	2021-07-29 15:15:26 +01:00
Tony Torralba	4ea6729c53	Update java/ql/src/Security/CWE/CWE-347/MissingJWTSignatureCheck.ql Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>	2021-07-29 16:10:49 +02:00
mc	0a986ad0e8	Update JndiInjection.qhelp Improve negation	2021-07-29 15:10:32 +01:00
Joe Farebrother	096509b9aa	Generate tests and stubs	2021-07-29 15:01:50 +01:00
Joe Farebrother	3bcb46f875	Model guava cache package	2021-07-29 14:52:26 +01:00
Mathias Vorreiter Pedersen	bbb38fd2aa	C++: Accept more test changes.	2021-07-29 15:49:50 +02:00
Tony Torralba	2628d3dc39	Improve csv sink models	2021-07-29 15:36:18 +02:00
Tony Torralba	3edc8bc679	Doc improvements	2021-07-29 15:35:39 +02:00
Tony Torralba	d9fb650dfb	JacksonCreateParserMethod converted to CSV summay model	2021-07-29 15:19:30 +02:00
Tony Torralba	b20d53cfd4	Update java/ql/src/semmle/code/java/security/OgnlInjection.qll Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2021-07-29 15:08:27 +02:00
Alexandre Boulgakov	e55bd4fb64	C++: Allow querying virtual, override, and final declaration specifiers.	2021-07-29 14:02:03 +01:00
Mathias Vorreiter Pedersen	41d233f086	C++: Make the 'definition by reference'-node in 'foo(a.b);' a source in the 'FieldConfiguration' configuration.	2021-07-29 14:49:59 +02:00
Mathias Vorreiter Pedersen	a082172422	C++: Add testcase demonstrating missing local flow out of fields that are defined by reference.	2021-07-29 14:46:32 +02:00
mc	8f1fc9e893	Update MvelInjection.qhelp Minor tweaks	2021-07-29 11:30:19 +01:00
Joe Farebrother	143b302eef	Merge pull request #6384 from joefarebrother/test-gen-improvements Java: Test generator: use getComponentType	2021-07-29 10:47:37 +01:00
Joe Farebrother	3b430d4925	Use getComponentType	2021-07-29 10:11:22 +01:00
Joe Farebrother	f7099f459f	Java: Test generator: use getComponentType	2021-07-29 10:08:45 +01:00
Artem Smotrakov	83a9b0ee28	Apply suggestions from code review Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2021-07-29 11:04:21 +02:00
mc	ebf004a4df	Update MissingJWTSignatureCheck.qhelp Using same syntax as on other queries for 'BAD' and 'GOOD'.	2021-07-29 09:13:00 +01:00
Benjamin Muskalla	b7b74b51a3	Track taint for String.valueOf(..)	2021-07-29 09:14:03 +02:00
Geoffrey White	ae35ae10e6	C++: Fix readlink FPs.	2021-07-28 17:45:18 +01:00
Fosstars	893f84fbf4	Merge branch 'unsafe-jackson-deserialization' of github.com:artem-smotrakov/ql into unsafe-jackson-deserialization	2021-07-28 18:25:53 +02:00
Fosstars	50497eb747	Make imports as private as possible	2021-07-28 18:25:05 +02:00
ihsinme	2d5a263799	Update FindIncorrectlyUsedExceptions.ql	2021-07-28 18:46:49 +03:00
Geoffrey White	c2ef58d29d	C++: Support 'readlinkat'.	2021-07-28 16:15:28 +01:00
Geoffrey White	358d89f3ce	C++: Add tests.	2021-07-28 16:15:16 +01:00
Joe Farebrother	d900fcaf42	Merge pull request #6374 from joefarebrother/test-gen-improvements Java: Add support for synthetic fields to the test generator	2021-07-28 16:02:47 +01:00
Artem Smotrakov	7fec575df8	Simplify JsonTypeInfo stub Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2021-07-28 14:23:50 +02:00
Joe Farebrother	9ddae3e9f6	Fix spelling Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>	2021-07-28 10:12:17 +01:00
Tony Torralba	3248f458a5	Update java/change-notes/2021-06-14-groovy-code-injection-query.md Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>	2021-07-28 10:45:03 +02:00

... 26 27 28 29 30 ...

26405 Commits