1740 Commits

Author	SHA1	Message	Date
Anders Schack-Mulligen	45d117b68e	Merge pull request #4603 from pwntester/new_deser_sink ... New UnsafeDeserialization sink and improvements to SnakeYaml sink	2020-11-05 13:09:15 +01:00
Alvaro Muñoz	f103955f38	change qldoc formating according to LSP suggestion	2020-11-05 11:48:26 +01:00
Alvaro Muñoz	6fef63306e	add qldoc	2020-11-04 18:58:41 +01:00
Porcupiney Hairs	0a028dcb47	Java : Refactor all instances of java.net.URI into TypeUri	2020-11-04 18:23:26 +05:30
Anders Schack-Mulligen	22b4df0f3c	Merge pull request #4512 from luchua-bc/sensitive-broadcast ... Java: Sensitive broadcast	2020-11-04 10:47:48 +01:00
Alvaro Muñoz	6f78b725e6	Apply suggestions from code review ... Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2020-11-04 10:43:37 +01:00
Anders Schack-Mulligen	26495225e0	Update java/ql/src/experimental/Security/CWE/CWE-927/SensitiveBroadcast.qhelp ... Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>	2020-11-04 10:05:55 +01:00
luchua-bc	3f0cdb6a1a	Update qldoc and comments	2020-11-03 19:40:28 +00:00
luchua-bc	fa54c23a83	Handle the edge case that an exception is rethrown in a catch clause	2020-11-03 16:31:12 +00:00
Anders Schack-Mulligen	92494441a7	Merge pull request #4554 from aschackmull/dataflow/reverse-partial ... Dataflow: Add support reverse partial flow exploration.	2020-11-03 15:34:30 +01:00
luchua-bc	f8fd2ea821	Add qldoc and autoformat query	2020-11-03 12:23:40 +00:00
Anders Schack-Mulligen	89361a3b75	Merge pull request #3812 from luchua-bc/java-android-remote-source ... Java: Add remote source of Android intent extra	2020-11-03 09:35:40 +01:00
Anders Schack-Mulligen	2971784f9c	Dataflow: Add missing qldoc and sync.	2020-11-03 09:21:48 +01:00
Anders Schack-Mulligen	7eb64aa998	Dataflow: Code review fixes.	2020-11-03 09:16:20 +01:00
Anders Schack-Mulligen	1ae76a80aa	Dataflow: Fix qldoc.	2020-11-03 09:16:20 +01:00
Anders Schack-Mulligen	d5be4d7b92	Dataflow: Add support reverse partial flow exploration.	2020-11-03 09:16:19 +01:00
luchua-bc	6a8ce37428	Add query for initCause and addSuppressed	2020-11-02 11:59:14 +00:00
luchua-bc	8da9b9d3ea	Add documentation to new library method and use the singular form	2020-11-02 10:53:46 +00:00
luchua-bc	78d7fe2fbb	Detect rethrowing unprocessed exceptions in catch clause	2020-11-01 02:13:50 +00:00
luchua-bc	7ac3fb41d5	Clean up query and test files	2020-10-31 13:37:36 +00:00
luchua-bc	756db4c03a	Simplify the query and add more test cases	2020-10-31 01:33:24 +00:00
luchua-bc	93d1393ded	Add error-page check	2020-10-30 16:45:56 +00:00
luchua-bc	5a6339c1af	Remove userid from the regex	2020-10-29 15:46:05 +00:00
Anders Schack-Mulligen	0d926dcf70	Java: Tweak qhelp to make it markdown-compatible.	2020-10-29 14:39:01 +01:00
luchua-bc	90d11812be	Update the regex to be the original one	2020-10-29 13:04:15 +00:00
luchua-bc	b1d6bc5ba9	Use getDeclaringType() for getIntent() method call	2020-10-29 12:55:03 +00:00
luchua-bc	2ee9a45e69	Use proper class inheritance	2020-10-28 22:05:30 +00:00
luchua-bc	908d659906	Minor updates	2020-10-28 20:23:22 +00:00
Alvaro Muñoz	a57308a519	Fix SnakeYaml query to account for Yaml subclasses and compose methods	2020-10-28 14:52:14 +01:00
Alvaro Muñoz	c28856d3dc	remove wicket taintstep from TaintTrackingUtil	2020-10-28 14:51:44 +01:00
Anders Schack-Mulligen	f3e2bd0fd9	Merge pull request #3141 from pwntester/InsecureBeanValidation ... Insecure Bean Validation query	2020-10-28 12:04:12 +01:00
Anders Schack-Mulligen	34ae6e0576	Apply suggestions from code review ... Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>	2020-10-28 09:15:08 +01:00
luchua-bc	99c79f4aa3	Enhance the dataflow sink and update test cases	2020-10-28 03:07:01 +00:00
luchua-bc	3cc3fe9d37	Switch to TaintPreservingCallable and add test cases	2020-10-28 00:33:07 +00:00
Alvaro Muñoz	77b551b693	Update java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.qhelp ... Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>	2020-10-27 21:12:17 +01:00
Alvaro Muñoz	b9c75ea462	Update java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.qhelp ... Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>	2020-10-27 21:12:00 +01:00
Alvaro Muñoz	ac116da0dc	Update java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.qhelp ... Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>	2020-10-27 21:11:48 +01:00
Alvaro Muñoz	d5b470ea0c	Update java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.qhelp ... Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>	2020-10-27 21:11:27 +01:00
Alvaro Muñoz	9785013c29	Update java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.qhelp ... Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>	2020-10-27 21:11:15 +01:00
Alvaro Muñoz	d221930c81	Update java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.qhelp ... Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>	2020-10-27 21:10:56 +01:00
Alvaro Muñoz	1fdf0556d2	more fixes to make qlhelp linter happy	2020-10-27 17:05:00 +01:00
Alvaro Muñoz	aa981caea5	more fixes to make qlhelp linter happy	2020-10-27 16:32:13 +01:00
Alvaro Muñoz	8974f252ac	fix format and qlhelp errors blocking the merge	2020-10-27 16:19:39 +01:00
Alvaro Muñoz	11e57bd2f8	add change note for new Insecure Bean Validation query	2020-10-27 16:11:51 +01:00
Alvaro Muñoz	99044fc6ab	remove experimental query forr bean validation	2020-10-27 15:55:19 +01:00
Alvaro Muñoz	40a2007497	Apply suggestions from code review ... Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2020-10-27 15:52:25 +01:00
Alvaro Muñoz	8b5aed2fe1	move md links to <a>	2020-10-27 15:52:25 +01:00
Alvaro Muñoz	8904411fe6	address review comments	2020-10-27 15:52:24 +01:00
Alvaro Muñoz	debfc686d1	Insecure Bean Validation query	2020-10-27 15:52:24 +01:00
Alvaro Muñoz	7d7933a054	move query out of experimental	2020-10-27 15:52:20 +01:00