hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,517 Commits 1,671 Branches 157 Tags
sauyon/java-spring-stringutils
Commit Graph

596 Commits

Author SHA1 Message Date
Grzegorz Golawski
0f555d42ed Fix test 2020-08-30 22:55:17 +02:00
Porcupiney Hairs
441825919c Java : add MongoDB injection sinks 2020-08-31 02:24:23 +05:30
Grzegorz Golawski
5e462a897d Merge branch 'main' into xslt-injection 2020-08-30 22:45:31 +02:00
Grzegorz Golawski
37f4410764 Fix test 2020-08-30 22:32:57 +02:00
Porcupiney Hairs
4f07733b06 remove U+200B 2020-08-30 04:54:02 +05:30
Porcupiney Hairs
3f6eef8437 Java: add websocket reads as remote flow source. 
Currently, JAX-WS reads are considered as untrusted. However, `java.net.http.WebSocket` reads are not marked as such.

This PR adds support for the same.
 2020-08-27 02:45:59 +05:30
Anders Schack-Mulligen
d82fee11b1 Java: Add data flow for record getters. 2020-08-24 11:51:04 +02:00
Anders Schack-Mulligen
bcad18f490 Java: Use the instance argument type in call contexts. 2020-08-20 15:17:04 +02:00
Anders Schack-Mulligen
a5701db3fa Java: Support String.formatted in the format string queries. 2020-08-17 15:01:48 +02:00
Anders Schack-Mulligen
4947e1d817 Java: Temporarily move a qltest. 2020-08-14 09:25:32 +02:00
Arthur Baars
5874ecc28b Merge pull request #3976 from luchua-bc/java-unsecure-basic-auth 
Java: Insecure basic authentication
 2020-08-07 21:39:23 +02:00
Anders Schack-Mulligen
205dd1aead Merge pull request #3881 from intrigus-lgtm/more-pathcreations 
Java: Centralize and model additional path creations.
 2020-08-06 11:21:39 +02:00
luchua-bc
b821f918e5 Address issues with matching empty host and host in a concatenated string 2020-08-06 01:53:29 +00:00
luchua-bc
9a8eed8440 Enhance address match 2020-08-05 19:57:31 +00:00
intrigus
1011325cf7 Accept test changes. 2020-08-05 21:45:41 +02:00
luchua-bc
ff0dacf1d7 Optimize the TaintTracking 2020-08-03 00:52:47 +00:00
luchua-bc
ff58abb7d3 Revamp the sink code 2020-08-01 03:25:02 +00:00
luchua-bc
81de1b14d9 Revamp the source of path query 2020-07-30 19:16:48 +00:00
luchua-bc
5520504658 Update expected results 2020-07-28 15:41:23 +00:00
luchua-bc
7f911f00ee Rename to insecure basic auth 2020-07-28 11:40:21 +00:00
luchua-bc
3a23451395 Enhance the query 2020-07-27 18:50:47 +00:00
luchua-bc
01fb51829c Unsecure basic authentication 2020-07-24 20:35:09 +00:00
intrigus
b705f7f3e9 Improve "PathCreation" Test. 2020-07-19 00:10:39 +02:00
Arthur Baars
67b6018079 Merge pull request #3729 from luchua-bc/java-hardcoded-aws-credentials 
Java: Hardcoded AWS credentials
 2020-07-13 18:04:42 +02:00
luchua-bc
12803f1f53 Merge Hardcoded AWS Credentials check into the mail source folder 2020-07-13 12:22:34 +00:00
Anders Schack-Mulligen
a1d272e870 Merge pull request #3918 from aibaars/organise-container-flow 
Java: Clean up ContainerFlow, consider more methods
 2020-07-10 14:19:44 +02:00
Arthur Baars
43b61038e9 Drop Map.merge as taint step 2020-07-10 13:00:14 +02:00
Arthur Baars
0d33a77ee3 Fix modelling of Stack.push 
Stack.push(E) returns its argument, it does not propagate taint from
the stack to the return value.
 2020-07-09 16:16:29 +02:00
Anders Schack-Mulligen
879551fc6a Merge pull request #3936 from aibaars/object-clone 
Java: model Object.clone
 2020-07-09 16:09:01 +02:00
Arthur Baars
e183171fea Java: model Object.clone 2020-07-09 14:50:29 +02:00
intrigus
641c5df79f Centralize and model additional path creations. 2020-07-09 14:48:47 +02:00
Arthur Baars
0bd103ac05 Java: add tests for Container taint steps 2020-07-09 12:15:38 +02:00
Anders Schack-Mulligen
777dc6305c Merge pull request #3893 from aibaars/set-map-list-copy-of 
Java: model some new Set,List,Map methods
 2020-07-09 10:18:12 +02:00
Arthur Baars
e8f216c761 Merge remote-tracking branch 'upstream/master' into set-map-list-copy-of 2020-07-08 15:11:13 +02:00
Anders Schack-Mulligen
bf5c5297d3 Merge pull request #3897 from aibaars/util-objects 
Java: data flow for `java.util.Objects`
 2020-07-08 15:07:50 +02:00
Anders Schack-Mulligen
b88ebd69c1 Java: Fix OgnlInjection qltest 2020-07-08 14:12:27 +02:00
Anders Schack-Mulligen
a4fe4f41b9 Java: Fix JndiInjection qltest 2020-07-08 14:09:08 +02:00
Anders Schack-Mulligen
581d496167 Java: Fix LdapInjection qltest 2020-07-08 14:04:01 +02:00
Arthur Baars
72a24972e7 Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2020-07-08 13:30:24 +02:00
semmle-qlci
6ef7288848 Merge pull request #3922 from aschackmull/java/stub-cleanup 
Approved by aibaars
 2020-07-08 12:04:39 +01:00
Anders Schack-Mulligen
6eac8e82a3 Java: Consolidate spring-ldap-2.3.2 stubs. 2020-07-08 10:08:44 +02:00
Anders Schack-Mulligen
40b9d34ab9 Java: Consolidate springframework-5.2.3 stubs 2020-07-08 09:57:48 +02:00
Arthur Baars
940fec5669 Drop taint tracking for Arrays.{deepToString,toString} 2020-07-07 17:26:49 +02:00
Arthur Baars
583f7f914e Drop taint tracking for Arrays.{setAll, parallelSetAll, parallelPrefix} 2020-07-07 17:22:30 +02:00
Arthur Baars
9cf6601d02 Java: Data flow for java.util.Objects 2020-07-07 16:58:22 +02:00
Arthur Baars
19a481f809 Java: Arrays: add tests 2020-07-03 17:15:17 +02:00
Arthur Baars
1485f7c876 Java: model some new Set,List,Map methods 
Models the taint propagation for the copyOf(..),
of(..), ofEntries(..) and entry(..) methods
 2020-07-03 17:14:53 +02:00
Arthur Baars
c629f6b13a Merge pull request #3869 from aibaars/util-collections 
Java: model java.util.Collections
 2020-07-03 17:09:14 +02:00
Arthur Baars
5fff41f35b Don't track taint on Map keys 2020-07-03 14:47:25 +02:00
Arthur Baars
5f2a5f1b55 Java: Collections: add tests 2020-07-02 19:18:02 +02:00