hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,517 Commits 1,671 Branches 157 Tags
sauyon/java-spring-stringutils
Commit Graph

1938 Commits

Author SHA1 Message Date
Francis Alexander
8e83de1c05 formatting and grammar corrections from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-02-16 16:13:21 +05:30
Francis Alexander
0f7f465675 Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-02-16 15:48:00 +05:30
haby0
2c96e6cf96 Merge remote-tracking branch 'upstream/main' into main 2021-02-16 17:54:01 +08:00
luchua-bc
5ce3af0591 Enhance the query and update qldoc 2021-02-15 21:38:54 +00:00
Francis Alexander
dae6771a19 test file name changes 2021-02-15 23:17:08 +05:30
Francis Alexander
c45be91d6f more filename changes 2021-02-15 23:09:11 +05:30
Francis Alexander
0004efc2ac filename changes 2021-02-15 22:43:39 +05:30
Francis Alexander
f32c77c266 Qldoc and formatting changes 2021-02-15 22:35:58 +05:30
luchua-bc
2f17943abc Update qldoc 2021-02-15 16:58:09 +00:00
haby0
92c00cb741 Update java/ql/src/Security/CWE/CWE-652/XQueryInjection.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-02-16 00:09:21 +08:00
haby0
f1e44bce4a Update java/ql/src/Security/CWE/CWE-652/XQueryInjection.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-02-16 00:07:44 +08:00
Jonathan Leitschuh
d82e8216ed Merge branch 'main' into feat/JLL/depricated_bintray_usage 2021-02-15 10:48:28 -05:00
Jonathan Leitschuh
73fba3a3c0 Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2021-02-15 10:01:03 -05:00
luchua-bc
a03e6faf37 Optimize the query and update qldoc 2021-02-15 14:10:17 +00:00
Anders Schack-Mulligen
b9a479dd31 Merge pull request #5134 from pwntester/ArrayUtils 
Add support for Apache Commons Lang ArrayUtils
 2021-02-15 13:50:01 +01:00
Alvaro Muñoz
00a0b12dad update expected results 2021-02-15 11:23:40 +01:00
Alvaro Muñoz
812884341b Merge branch 'ArrayUtils' of github.com:pwntester/codeql-1 into ArrayUtils 2021-02-15 10:59:49 +01:00
Alvaro Muñoz
504d119749 adjust max parameter number 2021-02-15 10:58:17 +01:00
Alvaro Muñoz
c7072aef16 update A.java test 2021-02-15 10:34:20 +01:00
Anders Schack-Mulligen
7e83a608a2 Merge pull request #4954 from aschackmull/java/member-hasqualifiedname 
Java: Add Member.hasQualifiedName.
 2021-02-15 10:02:13 +01:00
Anders Schack-Mulligen
161e756c4b Merge pull request #5141 from github/yo-h/java-flow-check-fix 
Java: prepare to enforce additional compiler checks in test code
 2021-02-15 09:41:03 +01:00
Francis Alexander
409d95c522 Sanitizer checks to decrease FP 2021-02-15 14:01:14 +05:30
luchua-bc
23f620d255 Query to detect insecure LDAP endpoint configuration 2021-02-15 05:31:29 +00:00
yo-h
1d007b6e72 Java: delete two test cases as per code review 2021-02-14 21:42:58 -05:00
luchua-bc
6a6727fc80 Reduce the scope of the query to reduce FPs 2021-02-14 15:01:06 +00:00
Marcono1234
7a6db061b5 Address review feedback 2021-02-12 20:15:10 +01:00
Chris Smowton
402f20c5e2 Merge pull request #5154 from smowton/smowton/admin/deprecate-old-maven-predicate-names 
Java: Re-introduce deprecated versions of old Maven predicate names
 2021-02-12 17:22:05 +00:00
Chris Smowton
80978c7c35 Merge pull request #5153 from smowton/smowton/admin/move-misplaced-experimental-query 
Move misplaced experimental query into the conventional directory
 2021-02-12 17:21:57 +00:00
Alvaro Muñoz
7d294361dc Update java/ql/src/semmle/code/java/frameworks/apache/Lang.qll 
Co-authored-by: Joe Farebrother <joefarebrother@github.com>
 2021-02-12 15:40:44 +01:00
Alvaro Muñoz
6b80a42913 apply LSP formatter and add missing dot 2021-02-12 15:03:11 +01:00
Alvaro Muñoz
8606386c2c add bidirectional import 2021-02-12 14:59:28 +01:00
Alvaro Muñoz
49eda8ced6 apply LSP formatter 2021-02-12 14:56:10 +01:00
Anders Schack-Mulligen
085286ab58 Merge pull request #5135 from pwntester/guava_preconditions 
Add support for the Preconditions Class in the Guava framework
 2021-02-12 14:15:17 +01:00
Chris Smowton
655cfb3a47 Re-introduce deprecated versions of old Maven predicate names 2021-02-12 12:24:19 +00:00
Chris Smowton
97df60f9d6 Move misplaced experimental query into the conventional directory 2021-02-12 12:12:16 +00:00
Marcono1234
905648e452 Add ConditionalExpr.getBranchExpr(boolean) 2021-02-12 04:50:41 +01:00
haby0
22e741c7a3 *)add XQExpression.executeCommand(0) sink 2021-02-12 11:17:42 +08:00
Marcono1234
e89891fa1f Address review comments 2021-02-12 01:30:47 +01:00
Artem Smotrakov
042c0b005e Covered sandboxes for JEXL 2 
- Updated SandboxedJexlFlowConfig to cover JEXL 2
- Added SandboxedJexl2 test
 2021-02-11 22:57:26 +01:00
Artem Smotrakov
7543df60da Callable.call() should not be a sink in JexlInjection.ql 2021-02-11 20:37:23 +01:00
Jonathan Leitschuh
35e2ceba13 Update java/ql/src/semmle/code/xml/MavenPom.qll 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-02-11 08:59:02 -05:00
haby0
a6a0fa28c4 *)add XQExpression.executeQuery(0) sink 2021-02-11 16:05:48 +08:00
Marcono1234
2a1c11b517 Improve MavenPom documentation, rename inconsistent predicates 2021-02-10 23:56:45 +01:00
Artem Smotrakov
af0f361ac8 Updated JexlInjection.ql to check for sandboxes 
- Added a dataflow config to track setting a sandbox
  on JexlBuilder
- Added SandboxedJexl3.java test
 2021-02-10 22:19:45 +01:00
Jonathan Leitschuh
3b92f97967 Refactor DeclaredRepository to library 2021-02-10 11:41:50 -05:00
Anders Schack-Mulligen
e9bfbb677d Java: Connect the external sources and steps to the defaults. 2021-02-10 17:06:21 +01:00
Anders Schack-Mulligen
5a391ab6c0 Java: Add qldoc. 2021-02-10 16:54:48 +01:00
Jonathan Leitschuh
21b6f35ddc Update java/ql/src/Security/CWE/CWE-1104/MavenPomDependsOnBintray.qhelp 2021-02-10 10:52:27 -05:00
Jonathan Leitschuh
49985a77e3 Apply suggestions from code review 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2021-02-10 10:51:37 -05:00
Anders Schack-Mulligen
b74911204a Merge pull request #4945 from intrigus-lgtm/java/insecure-jxbrowser 
Java: Insecure JXBrowser
 2021-02-10 15:48:17 +01:00