codeql

mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00

Author	SHA1	Message	Date
Sauyon Lee	a2c84023d6	Add spring stringutils stub	2021-04-02 01:30:37 -07:00
Anders Schack-Mulligen	a1ccbcdaf1	Merge pull request #5260 from artem-smotrakov/spring-http-invoker Java: Query for detecting unsafe deserialization with Spring exporters	2021-03-24 13:57:17 +01:00
Artem Smotrakov	0a5d58ed8a	Cover more configurations in UnsafeSpringExporterInConfigurationClass.ql	2021-03-10 21:15:19 +03:00
Artem Smotrakov	15a43ffe36	Simplified returnsRemoteInvocationSerializingExporter()	2021-02-27 13:41:20 +01:00
Artem Smotrakov	aac0c27dcd	Added tests for SpringHttpInvokerUnsafeDeserialization.ql	2021-02-24 22:35:20 +01:00
Artem Smotrakov	7d2d27394b	Java: Added a source and a taint step for JexlInjectionConfig - Added TaintedSpringRequestBody source - Added returningTaintedDataFromBean() taint step - Added tests	2021-01-17 22:28:42 +01:00
Porcupiney Hairs	38de9b6433	add request forgery query	2020-11-10 01:19:35 +05:30
Anders Schack-Mulligen	581d496167	Java: Fix LdapInjection qltest	2020-07-08 14:04:01 +02:00
Anders Schack-Mulligen	40b9d34ab9	Java: Consolidate springframework-5.2.3 stubs	2020-07-08 09:57:48 +02:00
Artem Smotrakov	df3adeec36	Java: Add a query for SpEL injections - Added experimental/Security/CWE/CWE-094/SpelInjection.ql and a couple of libraries - Added a qhelp file with a few examples - Added tests and stubs for Spring	2020-05-31 20:52:45 +03:00
Arthur Baars	ae2bab7e9c	Add test case	2020-04-28 16:57:03 +02:00
Anders Schack-Mulligen	9391058363	Java: Add unit test for ldap injection.	2020-01-29 11:37:33 +01:00

12 Commits