1740 Commits

Author	SHA1	Message	Date
Anders Schack-Mulligen	74d35f4f37	Java: Add support for value-preserving steps.	2021-02-18 11:26:15 +01:00
Anders Schack-Mulligen	04eeeda2c9	Java: Add documentation for the final column.	2021-02-18 11:23:49 +01:00
Anders Schack-Mulligen	6f583baa90	Java: More documentation and support for field writes.	2021-02-18 11:18:31 +01:00
luchua-bc	e916ce8b9b	Exclude test directories of typical build tools	2021-02-18 00:50:38 +00:00
luchua-bc	5e36eedcb6	Add check for test packages	2021-02-17 18:04:55 +00:00
Jonathan Leitschuh	c43765917f	Fix formatting of MavenPom.qll	2021-02-17 11:55:10 -05:00
Francis Alexander	2baf2aa5c1	Apply suggestions from code review - improved sanitizer checks. ... Co-authored-by: Alvaro Muñoz <pwntester@github.com>	2021-02-17 18:58:32 +05:30
Francis Alexander	40f4e71b86	Merge branch 'main' into cwe-346	2021-02-17 18:55:31 +05:30
Francis Alexander	58971f9f4e	Switch qualified name to available CollectionType	2021-02-17 16:01:27 +05:30
Chris Smowton	c700d004e0	Commons Lang/Text StrBuilder: propagate taint from constructors	2021-02-17 09:51:28 +00:00
Chris Smowton	c243e03133	Lang3 StrBuilder: fix typo and coding style	2021-02-17 09:50:56 +00:00
Chris Smowton	10112c50ab	Add support for StrBuilder and TextStringBuilder in commons-text ... These are identical to the current deprecated StrBuilder in commons-lang3.	2021-02-17 09:36:28 +00:00
Chris Smowton	714611f803	Address review feedback	2021-02-17 09:36:21 +00:00
Chris Smowton	a63f18e49d	Add models for Commons-Lang's StrBuilder class. These exclude its fluent methods for the time being, which will be added in a forthcoming PR.	2021-02-17 09:36:20 +00:00
Francis Alexander	520ba47293	Sanitizer improvements from code review	2021-02-17 08:35:50 +05:30
Jonathan Leitschuh	a8167c6c9c	Add docstring for DeclaredRepository.getUrl	2021-02-16 11:21:19 -05:00
Chris Smowton	a2eeffa9c0	Add support for Apache Commons Lang StringUtils	2021-02-16 14:48:39 +00:00
luchua-bc	e698ee77f7	Update qldoc and test method	2021-02-16 14:11:39 +00:00
Anders Schack-Mulligen	6eafa9d396	Merge pull request #5133 from pwntester/fix_SnakeYaml ... Remove sanitizing condition which does not prevent vulnerability.	2021-02-16 12:58:47 +01:00
Francis Alexander	8e83de1c05	formatting and grammar corrections from code review ... Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2021-02-16 16:13:21 +05:30
Francis Alexander	0f7f465675	Apply suggestions from code review ... Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2021-02-16 15:48:00 +05:30
haby0	2c96e6cf96	Merge remote-tracking branch 'upstream/main' into main	2021-02-16 17:54:01 +08:00
luchua-bc	5ce3af0591	Enhance the query and update qldoc	2021-02-15 21:38:54 +00:00
Francis Alexander	f32c77c266	Qldoc and formatting changes	2021-02-15 22:35:58 +05:30
luchua-bc	2f17943abc	Update qldoc	2021-02-15 16:58:09 +00:00
haby0	92c00cb741	Update java/ql/src/Security/CWE/CWE-652/XQueryInjection.ql ... Co-authored-by: Chris Smowton <smowton@github.com>	2021-02-16 00:09:21 +08:00
haby0	f1e44bce4a	Update java/ql/src/Security/CWE/CWE-652/XQueryInjection.ql ... Co-authored-by: Chris Smowton <smowton@github.com>	2021-02-16 00:07:44 +08:00
Jonathan Leitschuh	d82e8216ed	Merge branch 'main' into feat/JLL/depricated_bintray_usage	2021-02-15 10:48:28 -05:00
Jonathan Leitschuh	73fba3a3c0	Apply suggestions from code review ... Co-authored-by: Felicity Chapman <felicitymay@github.com>	2021-02-15 10:01:03 -05:00
luchua-bc	a03e6faf37	Optimize the query and update qldoc	2021-02-15 14:10:17 +00:00
Anders Schack-Mulligen	b9a479dd31	Merge pull request #5134 from pwntester/ArrayUtils ... Add support for Apache Commons Lang ArrayUtils	2021-02-15 13:50:01 +01:00
Alvaro Muñoz	812884341b	Merge branch 'ArrayUtils' of github.com:pwntester/codeql-1 into ArrayUtils	2021-02-15 10:59:49 +01:00
Alvaro Muñoz	504d119749	adjust max parameter number	2021-02-15 10:58:17 +01:00
Anders Schack-Mulligen	7e83a608a2	Merge pull request #4954 from aschackmull/java/member-hasqualifiedname ... Java: Add Member.hasQualifiedName.	2021-02-15 10:02:13 +01:00
Francis Alexander	409d95c522	Sanitizer checks to decrease FP	2021-02-15 14:01:14 +05:30
luchua-bc	23f620d255	Query to detect insecure LDAP endpoint configuration	2021-02-15 05:31:29 +00:00
luchua-bc	6a6727fc80	Reduce the scope of the query to reduce FPs	2021-02-14 15:01:06 +00:00
Marcono1234	7a6db061b5	Address review feedback	2021-02-12 20:15:10 +01:00
Chris Smowton	402f20c5e2	Merge pull request #5154 from smowton/smowton/admin/deprecate-old-maven-predicate-names ... Java: Re-introduce deprecated versions of old Maven predicate names	2021-02-12 17:22:05 +00:00
Chris Smowton	80978c7c35	Merge pull request #5153 from smowton/smowton/admin/move-misplaced-experimental-query ... Move misplaced experimental query into the conventional directory	2021-02-12 17:21:57 +00:00
Alvaro Muñoz	7d294361dc	Update java/ql/src/semmle/code/java/frameworks/apache/Lang.qll ... Co-authored-by: Joe Farebrother <joefarebrother@github.com>	2021-02-12 15:40:44 +01:00
Alvaro Muñoz	6b80a42913	apply LSP formatter and add missing dot	2021-02-12 15:03:11 +01:00
Alvaro Muñoz	8606386c2c	add bidirectional import	2021-02-12 14:59:28 +01:00
Alvaro Muñoz	49eda8ced6	apply LSP formatter	2021-02-12 14:56:10 +01:00
Anders Schack-Mulligen	085286ab58	Merge pull request #5135 from pwntester/guava_preconditions ... Add support for the Preconditions Class in the Guava framework	2021-02-12 14:15:17 +01:00
Chris Smowton	655cfb3a47	Re-introduce deprecated versions of old Maven predicate names	2021-02-12 12:24:19 +00:00
Chris Smowton	97df60f9d6	Move misplaced experimental query into the conventional directory	2021-02-12 12:12:16 +00:00
Marcono1234	905648e452	Add ConditionalExpr.getBranchExpr(boolean)	2021-02-12 04:50:41 +01:00
haby0	22e741c7a3	*)add XQExpression.executeCommand(0) sink	2021-02-12 11:17:42 +08:00
Marcono1234	e89891fa1f	Address review comments	2021-02-12 01:30:47 +01:00