codeql

mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00

Author	SHA1	Message	Date
Jonas Jensen	ad4b2beafa	Merge pull request #4727 from criemen/remove-abstract-classes C++/C#/JS/Python/Java XML.qll: Remove abstract from class hierarchy.	2020-11-27 08:17:21 +01:00
Anders Schack-Mulligen	2234d665ce	Add manual magic	2020-11-26 13:55:20 -05:00
yo-h	9bb949a8b1	Java: make some SMAP predicates `private` and add QLDoc	2020-11-26 13:55:19 -05:00
yo-h	f9e78085ac	Java: add dbscheme stats for SMAP relations	2020-11-26 13:55:18 -05:00
yo-h	edb41655b4	Java: incorporate SMAP locations into `Top.hasLocationInfo`	2020-11-26 13:55:17 -05:00
yo-h	e2419e8fed	Java: add SMAP relations to dbscheme	2020-11-26 13:55:17 -05:00
Anders Schack-Mulligen	f70072a2db	Merge pull request #3454 from porcupineyhairs/javaSSRf Java : add request forgery query	2020-11-26 08:52:15 +01:00
Cornelius Riemenschneider	3bfb398516	Autoformat XML.qll.	2020-11-25 18:20:50 +01:00
Cornelius Riemenschneider	7eec988fb5	XML.qll: Remove abstract from class hierarchy.	2020-11-25 17:22:03 +01:00
Anders Schack-Mulligen	3f04099c25	Update java/ql/src/experimental/CWE-918/RequestForgery.ql Co-authored-by: Chris Smowton <smowton@github.com>	2020-11-24 13:18:58 +01:00
Anders Schack-Mulligen	0450489022	Java: Review fixes.	2020-11-24 11:31:44 +01:00
Anders Schack-Mulligen	2cf10a7658	Merge pull request #4427 from aschackmull/java/fastjson Java: Add support for FastJson in unsafe deserialization.	2020-11-23 14:40:14 +01:00
Porcupiney Hairs	ebc6c49555	include suggestions from review.	2020-11-19 03:37:00 +05:30
Aditya Sharad	b9b6a35564	Merge pull request #4629 from pwntester/improve_bean_validation_query Java: add some improvements to the bean validation query	2020-11-17 08:35:49 -08:00
Anders Schack-Mulligen	4be731d2ab	Java: Adjust reference to static method and add test.	2020-11-16 11:47:58 +01:00
Anders Schack-Mulligen	80ee92ae97	Java: Add support for FastJson in unsafe deserialization.	2020-11-16 11:47:58 +01:00
Porcupiney Hairs	402a320a55	include suggestions from review.	2020-11-13 18:07:42 +05:30
Porcupiney Hairs	4b25532b9f	include suggestions from review.	2020-11-13 17:55:56 +05:30
Porcupiney Hairs	eb6d6113d9	minor nit.	2020-11-13 00:39:09 +05:30
Porcupiney Hairs	f8de94e906	refactor SpringWebClient	2020-11-13 00:32:27 +05:30
Porcupiney Hairs	2525cfd786	include suggestions from review.	2020-11-13 00:28:06 +05:30
Alvaro Muñoz	30d8dce389	check that either there are no custom message interpolator configured, or there is at least one that is insecure	2020-11-11 12:53:54 +01:00
Alvaro Muñoz	c3bc0d6c15	Apply formatting	2020-11-11 12:06:39 +01:00
Alvaro Muñoz	5b1858a514	Do not report the issue only if all message interpolators are secure	2020-11-11 11:50:15 +01:00
Jonas Jensen	fc764db8e1	Merge pull request #4643 from nickrolfe/getFileBySourceArchiveName Replace getEncodedFile with shared getFileBySourceArchiveName predicate	2020-11-10 17:36:29 +01:00
Nick Rolfe	ac4a1f1d9b	Update comment to be a QLDoc comment	2020-11-10 14:14:27 +00:00
Nick Rolfe	1e1eb7ee33	Replace getEncodedFile with shared getFileBySourceArchiveName predicate While also making it work with paths for databases created on Windows.	2020-11-10 13:55:27 +00:00
Anders Schack-Mulligen	89ef6ea4eb	C++/C#/Java/JavaScript/Python: Autoformat set literals.	2020-11-10 13:32:27 +01:00
Alvaro Muñoz	02cf49a773	apply codeql formatting	2020-11-10 11:46:42 +01:00
Alvaro Muñoz	24a47fbb0f	additional qldoc commentes	2020-11-10 10:48:47 +01:00
Alvaro Muñoz	3545edb92c	address code review suggestions	2020-11-10 10:45:14 +01:00
Porcupiney Hairs	38de9b6433	add request forgery query	2020-11-10 01:19:35 +05:30
Anders Schack-Mulligen	31ec79819e	Merge pull request #4631 from luchua-bc/java-nfe-library Java: Factor NumberFormatException out into a library file	2020-11-09 13:50:31 +01:00
luchua-bc	d765c7bbb2	Update qldoc	2020-11-09 11:23:48 +00:00
luchua-bc	d568eb635f	Update qldoc	2020-11-06 15:33:26 +00:00
luchua-bc	450ff26694	Convert the query to a library	2020-11-06 13:25:00 +00:00
Alvaro Muñoz	9db340c9ca	add some improvements to the bean validation query	2020-11-06 13:08:45 +01:00
Anders Schack-Mulligen	cb77e460ae	Merge pull request #4600 from porcupineyhairs/urirefactor Java : Refactor all instances of `java.net.URI` into TypeUri	2020-11-06 09:35:09 +01:00
Anders Schack-Mulligen	45d117b68e	Merge pull request #4603 from pwntester/new_deser_sink New UnsafeDeserialization sink and improvements to SnakeYaml sink	2020-11-05 13:09:15 +01:00
Alvaro Muñoz	f103955f38	change qldoc formating according to LSP suggestion	2020-11-05 11:48:26 +01:00
Alvaro Muñoz	6fef63306e	add qldoc	2020-11-04 18:58:41 +01:00
Porcupiney Hairs	0a028dcb47	Java : Refactor all instances of `java.net.URI` into TypeUri	2020-11-04 18:23:26 +05:30
Anders Schack-Mulligen	22b4df0f3c	Merge pull request #4512 from luchua-bc/sensitive-broadcast Java: Sensitive broadcast	2020-11-04 10:47:48 +01:00
Alvaro Muñoz	6f78b725e6	Apply suggestions from code review Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2020-11-04 10:43:37 +01:00
Anders Schack-Mulligen	26495225e0	Update java/ql/src/experimental/Security/CWE/CWE-927/SensitiveBroadcast.qhelp Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>	2020-11-04 10:05:55 +01:00
Anders Schack-Mulligen	92494441a7	Merge pull request #4554 from aschackmull/dataflow/reverse-partial Dataflow: Add support reverse partial flow exploration.	2020-11-03 15:34:30 +01:00
luchua-bc	f8fd2ea821	Add qldoc and autoformat query	2020-11-03 12:23:40 +00:00
Anders Schack-Mulligen	89361a3b75	Merge pull request #3812 from luchua-bc/java-android-remote-source Java: Add remote source of Android intent extra	2020-11-03 09:35:40 +01:00
Anders Schack-Mulligen	2971784f9c	Dataflow: Add missing qldoc and sync.	2020-11-03 09:21:48 +01:00
Anders Schack-Mulligen	7eb64aa998	Dataflow: Code review fixes.	2020-11-03 09:16:20 +01:00

1 2 3 4 5 ...

1396 Commits