codeql

mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00

Author	SHA1	Message	Date
Anders Schack-Mulligen	2561ba82db	Merge pull request #3215 from aibaars/validating-object-input Java: teach UnsafeDeserialization about ValidatingObjectInputStream	2020-05-07 14:57:50 +02:00
Arthur Baars	797721cd31	Test	2020-05-06 12:15:27 +02:00
Anders Schack-Mulligen	3b3ca6d41e	Merge pull request #3214 from aibaars/base64 Java: Add org.apache.commons.codec.(De\|En)coder to TaintTrackingUtil	2020-05-06 09:21:18 +02:00
Anders Schack-Mulligen	b7458091a9	Merge pull request #3110 from hvitved/dataflow/no-more-summaries Data flow: No more flow summaries	2020-05-05 13:27:07 +02:00
Anders Schack-Mulligen	b6a7ab8bf4	Merge pull request #3372 from aibaars/spring-multipart Java: add `org.springframework.web.multipart.MultipartFile::getX` as RemoteFlowSource	2020-04-29 11:35:04 +02:00
Arthur Baars	ae2bab7e9c	Add test case	2020-04-28 16:57:03 +02:00
Arthur Baars	31e284a707	Add test case	2020-04-28 11:26:43 +02:00
Arthur Baars	59869ace63	Java: teach Encryption.qll about MessageDigest.getInstance We already modelled usage of the protected `MessageDigest(String algo)` constructor as a crypto algorithm specification. For some reason we did not model the more commonly used public `MessageDigest.getInstance` method.	2020-04-25 00:41:10 +02:00
Tom Hvitved	05ec75558d	Java: Update test	2020-04-17 13:49:08 +02:00
yo-h	697b273e32	Java 14: update expected test output	2020-04-07 22:22:10 -04:00
yo-h	9d2f76849b	Java 14: switch expressions are no longer in preview	2020-04-07 22:22:07 -04:00
Anders Schack-Mulligen	b2769b42ed	Merge pull request #3117 from adityasharad/java/jackson-taint-steps Java: Add taint steps through Jackson serialization methods.	2020-03-30 10:34:56 +02:00
Aditya Sharad	a6e039b284	Java: Add tests for Jackson taint steps. Add stubs for jackson-databind-2.10. Based on http://fasterxml.github.io/jackson-databind/javadoc/2.10. Test taint through Jackson serialization APIs.	2020-03-24 12:59:24 -07:00
Anders Schack-Mulligen	d8edae96df	Java: Add test.	2020-03-24 15:24:17 +01:00
Anders Schack-Mulligen	e1a0c2d846	Java: Add minor test case to typeflow qltest.	2020-03-11 13:13:19 +01:00
Anders Schack-Mulligen	4298a3a931	Java: Add test.	2020-03-09 11:16:59 +01:00
yo-h	f8bf055fe1	Merge pull request #2927 from aschackmull/java/taintgettersetter-tests Java: Add some more taint-getter-setter tests.	2020-02-27 22:12:25 -05:00
Anders Schack-Mulligen	33f6392be5	Java: Add some more taint-getter-setter tests.	2020-02-27 10:47:25 +01:00
Anders Schack-Mulligen	0c30d7cced	Java: Update test output.	2020-02-27 10:28:12 +01:00
semmle-qlci	ecad925101	Merge pull request #2631 from hvitved/dataflow/generalize-flow-summaries Approved by aschackmull	2020-02-17 18:22:46 +00:00
Anders Schack-Mulligen	75f7671e75	Java: Fix .expected	2020-02-06 10:27:44 +01:00
Anders Schack-Mulligen	ba86dea657	Java: Improve taint step modeling to use postupdate nodes.	2020-02-05 15:33:29 +01:00
Tom Hvitved	15ee1e37b9	Java: Follow-up changes	2020-02-04 14:09:12 +01:00
Anders Schack-Mulligen	2b1723dd88	Java: Move some taint tests.	2020-02-04 13:21:31 +01:00
yo-h	b542b08c95	Merge pull request #2726 from aschackmull/java/outputstream-write-taint Java: Improve taint for OutputStream.write and InputStream.read.	2020-01-30 18:24:00 -05:00
yo-h	563be9f817	Merge pull request #2719 from aschackmull/java/deprecate-parexpr Java: Deprecate ParExpr	2020-01-30 18:23:13 -05:00
yo-h	dd517a433a	Merge pull request #2671 from aschackmull/java/null-flow Java: Allow null literals as sources in data flow.	2020-01-30 09:47:46 -05:00
Anders Schack-Mulligen	9bea581a23	Java: Improve taint for OutputStream.write and InputStream.read.	2020-01-30 14:29:56 +01:00
Anders Schack-Mulligen	75c549baa1	Java: Deprecate ParExpr.	2020-01-30 10:52:16 +01:00
Anders Schack-Mulligen	4bd332ddca	Java: Add Expr.isParenthesized, adjust VarAccess.toString, and fix tests.	2020-01-28 10:15:48 +01:00
Anders Schack-Mulligen	b92203a87f	Java: Allow null literals as sources in data flow.	2020-01-22 12:04:42 +01:00
Anders Schack-Mulligen	bca79cd4d6	Java/C++/C#: Add support for taint-getter/setter summaries.	2019-12-16 16:15:48 +01:00
Anders Schack-Mulligen	333d0a69d2	Java/C++/C#: Bugfix for field flow through reverse read.	2019-11-29 09:38:24 +01:00
yh-semmle	e232f538e9	Java 13: update test options	2019-11-02 16:09:32 -04:00
Anders Schack-Mulligen	38aba7bfc1	Java: Fix qltest.	2019-10-07 15:51:42 +02:00
Cornelius Riemenschneider	9ef61bd43c	Address more parts of Anders review.	2019-10-07 15:19:20 +02:00
Cornelius Riemenschneider	0f5dd5d7c7	Add one more test with a more complicated guard.	2019-10-07 15:14:42 +02:00
Cornelius Riemenschneider	d79eaffd3a	Prune unreachable paths in the Java dataflow library based on call context. We now detect patterns like f(bool cond){ if(cond) then A else B and prune branches for calls like f(true) or f(false). This pruning is done both in the local (bigstep) flow graph as well as in the inter-procedural dataflow graph.	2019-10-07 15:10:54 +02:00
Cornelius Riemenschneider	dba93b30e7	Add tests exhibiting false positives in the dataflow library, where call context is not used to prune branches.	2019-10-07 14:59:55 +02:00
Tom Hvitved	7f6e253425	Java: Update expected test output	2019-10-04 11:09:44 +02:00
Anders Schack-Mulligen	f87cb4d6ac	Java/C++/C#: Address review comments and fix test.	2019-10-02 14:32:17 +02:00
Jonas Jensen	a98992f0f9	C#/C++/Java: distinguish toString of nil from cons	2019-09-02 14:22:03 +02:00
Jonas Jensen	cdede8744f	C#/C++/Java: Prettier PartialAccessPath.toString	2019-09-02 14:05:50 +02:00
Jonas Jensen	c3bc9f8575	C#/C++/Java: Unbreak partial data flow support Partial data flow had a semantic merge conflict with this branch. The problem is that partial data flow doesn't (and shouldn't) cause the initial pruning steps to run, but the length-2 access paths depend on the `consCand` information that comes from that initial pruning. The solution is to restore the old `AccessPath` class, now called `PartialAccessPath` for use only by partial data flow. With this change, partial data flow will in some cases allow more field flow than non-partial data flow.	2019-09-02 14:02:39 +02:00
Jonas Jensen	6c96a8d339	Java: Accept test changes Note: the results in `partial` have regressed and will need to be fixed in a follow-up commit.	2019-09-02 13:14:17 +02:00
Anders Schack-Mulligen	8a318ce4e7	Java: Extend test with graph.	2019-08-30 14:35:21 +02:00
Anders Schack-Mulligen	6582734733	Java: Add test.	2019-08-30 14:32:55 +02:00
Anders Schack-Mulligen	629c19e719	Java: Autoformat.	2019-08-21 14:38:17 +02:00
Anders Schack-Mulligen	6ff4fe38ec	Java/C++/C#: Add field flow support for stores in nested fields.	2019-08-19 14:41:06 +02:00
Anders Schack-Mulligen	f8804943ee	Java: Change in/out barriers to be explicit in the configuration.	2019-08-05 12:05:12 +02:00

... 21 22 23 24 25

1223 Commits