hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
18,459 Commits 1,671 Branches 157 Tags
revert-4738-feature/revert-relational-pattern
Commit Graph

1475 Commits

Author SHA1 Message Date
yo-h
54d7cac46d Merge pull request #4718 from aschackmull/java/cleanup-deprecated 
Java: Remove some deprecated classes.
 2020-12-04 11:17:14 -05:00
yo-h
a5393b4661 Merge pull request #4746 from aschackmull/java/ssa-perf 
Java: Improve performance of SSA.
 2020-12-04 11:16:39 -05:00
Anders Schack-Mulligen
0cc324b715 Merge pull request #3839 from luchua-bc/uncaught-servlet-exception 
Java: Uncaught servlet exception
 2020-12-02 15:12:59 +01:00
Anders Schack-Mulligen
0175a596ef Update java/ql/src/experimental/Security/CWE/CWE-600/UncaughtServletException.ql 2020-12-02 13:33:59 +01:00
yo-h
cdeeefc235 Merge commit '8f2094f' into yo-h/java15-merge 2020-12-01 17:47:58 -05:00
Anders Schack-Mulligen
8f2094f0bf Autoformat. 2020-11-30 14:42:38 +01:00
Anders Schack-Mulligen
88e0759365 Java: Change RemoteUserInput to private instead of removing. 2020-11-30 13:40:53 +01:00
Anders Schack-Mulligen
5a66d6ab93 Java: Improve performance of SSA. 2020-11-30 11:26:03 +01:00
Anders Schack-Mulligen
931322e4c5 Merge pull request #4668 from aschackmull/dataflow/refactor-pruning 
Dataflow: Refactor pruning stages.
 2020-11-30 09:37:04 +01:00
yo-h
7e8bc4a61b Merge commit '2fa9037' into yo-h/java15-merge 2020-11-29 18:42:20 -05:00
Anders Schack-Mulligen
028a72bcdd Merge pull request #4610 from luchua-bc/java-nfe-local-android-dos 
Java: Query to detect Local Android DoS caused by NFE
 2020-11-27 14:20:23 +01:00
Anders Schack-Mulligen
fec9758252 Dataflow: Sync. 2020-11-27 12:16:43 +01:00
Anders Schack-Mulligen
8f4fce185b Dataflow: Review fixes. 2020-11-27 12:16:28 +01:00
Jonas Jensen
ad4b2beafa Merge pull request #4727 from criemen/remove-abstract-classes 
C++/C#/JS/Python/Java XML.qll: Remove abstract from class hierarchy.
 2020-11-27 08:17:21 +01:00
Anders Schack-Mulligen
2234d665ce Add manual magic 2020-11-26 13:55:20 -05:00
yo-h
9bb949a8b1 Java: make some SMAP predicates private and add QLDoc 2020-11-26 13:55:19 -05:00
yo-h
f9e78085ac Java: add dbscheme stats for SMAP relations 2020-11-26 13:55:18 -05:00
yo-h
edb41655b4 Java: incorporate SMAP locations into Top.hasLocationInfo 2020-11-26 13:55:17 -05:00
yo-h
e2419e8fed Java: add SMAP relations to dbscheme 2020-11-26 13:55:17 -05:00
Anders Schack-Mulligen
f70072a2db Merge pull request #3454 from porcupineyhairs/javaSSRf 
Java : add request forgery query
 2020-11-26 08:52:15 +01:00
yo-h
eedc385b37 Java 15: adjust test options 2020-11-26 00:14:24 -05:00
Cornelius Riemenschneider
3bfb398516 Autoformat XML.qll. 2020-11-25 18:20:50 +01:00
Cornelius Riemenschneider
7eec988fb5 XML.qll: Remove abstract from class hierarchy. 2020-11-25 17:22:03 +01:00
Anders Schack-Mulligen
b192f6dfe0 Java: Remove some deprecated classes. 2020-11-24 14:04:01 +01:00
Anders Schack-Mulligen
3f04099c25 Update java/ql/src/experimental/CWE-918/RequestForgery.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2020-11-24 13:18:58 +01:00
Anders Schack-Mulligen
0450489022 Java: Review fixes. 2020-11-24 11:31:44 +01:00
Anders Schack-Mulligen
2cf10a7658 Merge pull request #4427 from aschackmull/java/fastjson 
Java: Add support for FastJson in unsafe deserialization.
 2020-11-23 14:40:14 +01:00
Porcupiney Hairs
ebc6c49555 include suggestions from review. 2020-11-19 03:37:00 +05:30
Aditya Sharad
b9b6a35564 Merge pull request #4629 from pwntester/improve_bean_validation_query 
Java: add some improvements to the bean validation query
 2020-11-17 08:35:49 -08:00
Anders Schack-Mulligen
f74fc0ff26 Dataflow: Fix bad join-orders. 2020-11-17 14:28:25 +01:00
Anders Schack-Mulligen
4be731d2ab Java: Adjust reference to static method and add test. 2020-11-16 11:47:58 +01:00
Anders Schack-Mulligen
80ee92ae97 Java: Add support for FastJson in unsafe deserialization. 2020-11-16 11:47:58 +01:00
Anders Schack-Mulligen
9e45f10c5d Dataflow: Remove headUsesContent. 2020-11-13 15:12:39 +01:00
Anders Schack-Mulligen
e0a6a485df Dataflow: Sync. 2020-11-13 15:12:16 +01:00
Anders Schack-Mulligen
d324cd1844 Dataflow: Some qldoc. 2020-11-13 15:09:30 +01:00
Anders Schack-Mulligen
293429f821 Dataflow: Make a bunch of the interface predicates private. 2020-11-13 15:09:30 +01:00
Anders Schack-Mulligen
d028e6b334 Dataflow: Change some headUsesContent to getHead. 2020-11-13 15:09:30 +01:00
Anders Schack-Mulligen
aa66b9bb48 Dataflow: Align more predicates. 2020-11-13 15:09:30 +01:00
Anders Schack-Mulligen
6e6e5d6414 Dataflow: Renamings. 2020-11-13 15:09:29 +01:00
Anders Schack-Mulligen
786edbf045 Dataflow: Align on parameterMayFlowThrough. 
This actually provides a decent pruning improvement in stages 3 and 4.
 2020-11-13 15:09:29 +01:00
Anders Schack-Mulligen
15bf1b1026 Dataflow: Rename some stage 1 predicates. 2020-11-13 15:09:29 +01:00
Anders Schack-Mulligen
af54afa24b Dataflow: Add stage statistics. 2020-11-13 15:09:29 +01:00
Anders Schack-Mulligen
8b5e452728 Dataflow: Improve cons-cand relation. 
Post-recursion we can filter the forward cons-candidates to only include
those that met a read step, and similarly restrict the reverse flow
cons-candidates to those that met a store step.
 2020-11-13 15:09:29 +01:00
Anders Schack-Mulligen
e4fb41507b Dataflow: Reshuffle some predicates. 2020-11-13 15:09:29 +01:00
Anders Schack-Mulligen
5a1c0e9ec4 Dataflow: Get rid of early filter. 
This constructs a few more tuples in Stage3::fwdFlow0, which are then
filtered in Stage3::fwdFlow. This is cleaner and appears faster.
 2020-11-13 15:09:29 +01:00
Anders Schack-Mulligen
3e18e02d2c Dataflow: Refactor step predicate in fwdFlowRead. 2020-11-13 15:09:29 +01:00
Anders Schack-Mulligen
c5a2c261dc Dataflow: Refactor forward store step relation. 2020-11-13 15:09:29 +01:00
Anders Schack-Mulligen
b6f1ab6429 Dataflow: Refactor step relation in revFlowStore. 2020-11-13 15:09:29 +01:00
Anders Schack-Mulligen
12fe38bcb6 Dataflow: Reorder, rename, and add columns to store-flow. 2020-11-13 15:09:29 +01:00
Anders Schack-Mulligen
aa28fdb83d Dataflow: Align some qldoc. 2020-11-13 15:09:29 +01:00