hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
18,252 Commits 1,671 Branches 157 Tags
revert-4653-feature/csharp9-relational-pattern
Commit Graph

387 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
f70072a2db Merge pull request #3454 from porcupineyhairs/javaSSRf 
Java : add request forgery query
 2020-11-26 08:52:15 +01:00
Anders Schack-Mulligen
0450489022 Java: Review fixes. 2020-11-24 11:31:44 +01:00
Anders Schack-Mulligen
4be731d2ab Java: Adjust reference to static method and add test. 2020-11-16 11:47:58 +01:00
Porcupiney Hairs
402a320a55 include suggestions from review. 2020-11-13 18:07:42 +05:30
Porcupiney Hairs
4b25532b9f include suggestions from review. 2020-11-13 17:55:56 +05:30
Porcupiney Hairs
2525cfd786 include suggestions from review. 2020-11-13 00:28:06 +05:30
Porcupiney Hairs
38de9b6433 add request forgery query 2020-11-10 01:19:35 +05:30
Anders Schack-Mulligen
22b4df0f3c Merge pull request #4512 from luchua-bc/sensitive-broadcast 
Java: Sensitive broadcast
 2020-11-04 10:47:48 +01:00
Anders Schack-Mulligen
92494441a7 Merge pull request #4554 from aschackmull/dataflow/reverse-partial 
Dataflow: Add support reverse partial flow exploration.
 2020-11-03 15:34:30 +01:00
Anders Schack-Mulligen
89361a3b75 Merge pull request #3812 from luchua-bc/java-android-remote-source 
Java: Add remote source of Android intent extra
 2020-11-03 09:35:40 +01:00
Anders Schack-Mulligen
7eb64aa998 Dataflow: Code review fixes. 2020-11-03 09:16:20 +01:00
Anders Schack-Mulligen
d5be4d7b92 Dataflow: Add support reverse partial flow exploration. 2020-11-03 09:16:19 +01:00
luchua-bc
864411b4b9 Updates to Android stub classes 2020-11-02 14:06:44 +00:00
luchua-bc
c89ebeeb5e Text changes 2020-11-01 00:39:00 +00:00
luchua-bc
7ac3fb41d5 Clean up query and test files 2020-10-31 13:37:36 +00:00
luchua-bc
5a6339c1af Remove userid from the regex 2020-10-29 15:46:05 +00:00
luchua-bc
2ee9a45e69 Use proper class inheritance 2020-10-28 22:05:30 +00:00
luchua-bc
908d659906 Minor updates 2020-10-28 20:23:22 +00:00
Anders Schack-Mulligen
f3e2bd0fd9 Merge pull request #3141 from pwntester/InsecureBeanValidation 
Insecure Bean Validation query
 2020-10-28 12:04:12 +01:00
luchua-bc
99c79f4aa3 Enhance the dataflow sink and update test cases 2020-10-28 03:07:01 +00:00
luchua-bc
3cc3fe9d37 Switch to TaintPreservingCallable and add test cases 2020-10-28 00:33:07 +00:00
Alvaro Muñoz
3378dd526e remove compiled classes from stubs 2020-10-27 15:56:26 +01:00
Alvaro Muñoz
3dcd8acf97 add expected results 2020-10-27 15:47:54 +01:00
Alvaro Muñoz
671ea2f6c6 add test and stubs 2020-10-27 15:47:54 +01:00
Chris Smowton
3f298f3dc8 Add basic tests for Android intents as flow sources 2020-10-27 12:03:05 +00:00
Joe Farebrother
2050f82553 Merge pull request #4383 from joefarebrother/guava-strings 
Java: Add modelling for Guava
 2020-10-26 10:16:55 +00:00
Tom Hvitved
492b1141ef Merge pull request #4445 from hvitved/csharp/sign-analysis-cfg 
C#: Use CFG nodes instead of AST nodes in sign/modulus analysis
 2020-10-26 09:45:38 +01:00
luchua-bc
d9c140dc6c Enhance the query to use sanitizer and null/empty array flow 2020-10-25 15:33:09 +00:00
luchua-bc
478771ccc5 Fix issues with method signature check 2020-10-21 02:49:53 +00:00
luchua-bc
2c2aab6ffc Sensitive broadcast 2020-10-19 16:16:13 +00:00
Chris Smowton
4fa2a79b41 Fix test data for WebView experimental query 2020-10-19 14:57:18 +01:00
Joe Farebrother
980fdd8dea Java: Update Guava version in test stubs and change note 2020-10-19 11:56:28 +01:00
Chris Smowton
3e03db178f Merge pull request #4483 from smowton/smowton/admin/droid-webview-pr-rebase 
Rebase of #3706
 2020-10-19 09:29:04 +01:00
Anders Schack-Mulligen
a806a4f086 Merge pull request #4312 from JLLeitschuh/feat/JLL/java/jhipster_CVE-2019-16303 
Java: QL Query Detector for JHipster Generated CVE-2019-16303
 2020-10-16 15:47:09 +02:00
Joe Farebrother
8834a8fed6 Java: Make tests less noisy 2020-10-16 10:22:41 +01:00
Joe
28647b20e2 Java: Add tests 2020-10-16 10:22:41 +01:00
Joe Farebrother
388f60f818 Merge pull request #4430 from joefarebrother/tainttrackingutils-refactor 
Java: Refactor part of TaintTrackingUtil.qll
 2020-10-15 16:05:38 +01:00
luchua-bc
b359802dd4 Replace non-ASCII apostrophe in Java stub classes 2020-10-15 14:53:32 +01:00
luchua-bc
6f6ec9d51a Change the source class type and simplify the data-flow step 2020-10-15 14:53:32 +01:00
luchua-bc
c7750fd8c2 Fine tune the query 2020-10-15 14:53:32 +01:00
luchua-bc
5338332648 Enhance the query and add more test cases 2020-10-15 14:53:31 +01:00
luchua-bc
bd0c577ffd Unsafe resource loading in Android webview 2020-10-15 14:53:30 +01:00
Tom Hvitved
2af7e1c213 C#: Use CFG nodes instead of AST nodes in sign/modulus analysis 2020-10-14 13:39:44 +02:00
Jonathan Leitschuh
fc71ca747d Java: Track taint through java.io.File::toPath & java.nio.file.Path::toFile 2020-10-13 21:15:09 -04:00
Joe Farebrother
aa8bacb724 Java: Update test output 2020-10-12 15:50:47 +01:00
Joe Farebrother
eafde05a55 Java: Expand flow step refactoring to Callables 
Also add some missing flow steps for StringBuilder
 2020-10-12 15:50:47 +01:00
Joe Farebrother
91ce02aad4 Java: Fix bug involving varadic parameters 2020-10-12 15:50:46 +01:00
Joe Farebrother
ca60f2cc18 Java: Fix failing tests 2020-10-12 15:48:43 +01:00
Daniel Beck
0c70be145f Track taint through java.io.File constructor and #toURI; URI#toURL 2020-10-10 20:54:55 +02:00
Anders Schack-Mulligen
cb00f8bcc4 Merge pull request #4362 from tamasvajk/feature/sign-analysis-cleanup 
Sign analysis cleanup
 2020-10-08 09:10:04 +02:00