hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,738 Commits 1,672 Branches 157 Tags
tausbn/python-add-models-for-zstd-compression
Commit Graph

510 Commits

Author SHA1 Message Date
Owen Mansel-Chan
2e670c4050 Manually update automatically generated stubs 2021-06-25 11:17:08 +01:00
Owen Mansel-Chan
5feee9cc17 Add automatically-generated stubs 2021-06-25 11:17:06 +01:00
Artem Smotrakov
14e724bce6 Added sinks for RmiBasedExporter and HessianExporter 2021-06-23 09:53:47 +02:00
Chris Smowton
6302187a5d Merge pull request #5957 from haby0/java/BeanShellInjection 
Java: BeanShell Injection
 2021-06-18 12:38:51 +01:00
Anders Schack-Mulligen
7eb6da3888 Merge pull request #5772 from smowton/smowton/feature/apache-tuple-flow 
Add models for Apache Commons Lang's tuple types
 2021-06-18 11:25:07 +02:00
haby0
0d18e4ff9c BeanShell Injection 2021-06-18 15:54:13 +08:00
Tony Torralba
0c71393171 Merge branch 'main' into atorralba/promote-unsafe-android-webview-fetch 2021-06-17 14:54:25 +02:00
Chris Smowton
472a2a64dd Add models for Apache Commons tuples 2021-06-17 12:25:21 +01:00
Chris Smowton
11b70326fd Add Jakarta WS url-open sink 2021-06-17 11:58:41 +01:00
Chris Smowton
8b080a94e7 Convert request forgery tests to inline expectations; add missing models revealed by this process. 2021-06-17 11:43:32 +01:00
Chris Smowton
ee872f1752 Add missing tests, add additional models revealed missing in the process, and add stubs to support them all. 2021-06-17 11:43:32 +01:00
Chris Smowton
487c1db6ed Promote SSRF query to main query set 2021-06-17 11:41:01 +01:00
Anders Schack-Mulligen
6ca8d69b26 Merge pull request #5881 from haby0/java/UnsafeDeserialization 
Java: CWE-502 Add UnsafeDeserialization sinks
 2021-06-17 12:36:34 +02:00
Anders Schack-Mulligen
8fe2f4a554 Merge pull request #6034 from owen-mc/java/jax-rs 
Improve JAX-WS and JAX-RS models
 2021-06-17 12:35:34 +02:00
Tony Torralba
47fffb04a6 Merge branch 'main' into atorralba/promote-ognl-injection 2021-06-16 15:46:33 +02:00
Tony Torralba
91ba30a781 Merge branch 'main' into atorralba/promote-missing-jwt-signature-check 2021-06-16 15:46:14 +02:00
Tony Torralba
dab33b21fb Merge branch 'main' into atorralba/promote-mvel-injection 2021-06-16 15:44:43 +02:00
Tony Torralba
bf2be6ec7c Merge branch 'main' into atorralba/promote-jndi-injection 2021-06-16 15:34:37 +02:00
Tony Torralba
87dfc92aba Add tests for CompilationUnit's subtypes 2021-06-16 13:01:40 +02:00
Tony Torralba
e324e4e8d1 Remove non-ascii characters added by accident 2021-06-16 13:01:40 +02:00
Tony Torralba
f3ef93fa8a Make sinks more specific, improve tests 2021-06-16 13:01:39 +02:00
Tony Torralba
5d56eb6ea1 Add stubs 2021-06-16 13:01:39 +02:00
Tony Torralba
7883549c25 Use InlineExpectationsTest 2021-06-16 13:01:39 +02:00
Tony Torralba
356601ce15 Moved from experimental 2021-06-16 13:01:38 +02:00
haby0
c1ada6d85b Merge branch 'main' into java/UnsafeDeserialization 2021-06-16 16:37:03 +08:00
Owen Mansel-Chan
8cf47f12b4 Model constructors of classes implementing MultivaluedMap 2021-06-14 10:56:35 +01:00
Joe Farebrother
04ffe80366 Add unit tests 2021-06-11 11:41:27 +01:00
Owen Mansel-Chan
0ad35421f2 Comment out stubs (Jakarta) 2021-06-10 10:43:40 +01:00
Owen Mansel-Chan
318d1ea484 Stubs in javax-ws-rs-api-3.0.0 
Generated using java-autostub
 2021-06-10 10:43:39 +01:00
Owen Mansel-Chan
baa21c5bcf Manually comment out parts of stubs 
This is to avoid having to make more stubs, which we don't really need
 2021-06-10 10:43:34 +01:00
Owen Mansel-Chan
caf96b01e1 Stubs in javax-ws-rs-api-2.1.1 
Generated using java-autostub
 2021-06-10 10:43:34 +01:00
Owen Mansel-Chan
d9cf1aaf39 Add stubs for JAX-WS 2021-06-08 15:12:04 +01:00
Tony Torralba
d77d0c9e10 Added summaries for Spring PropertyValues 2021-06-07 17:35:03 +02:00
Anders Schack-Mulligen
96da85449d Merge pull request #5823 from atorralba/promote-jexl-injection 
Java: Promote JEXL Injection query from experimental
 2021-06-07 10:03:12 +02:00
Anders Schack-Mulligen
30cb80b341 Merge pull request #5181 from smowton/smowton/feature/commons-tostringbuilder 
Java: Add models for Commons ToStringBuilder
 2021-06-04 12:30:36 +02:00
Tony Torralba
56a429a5f9 Merge branch 'main' into promote-jexl-injection 2021-06-03 11:10:56 +02:00
Tony Torralba
59e6e1ffac Moved from experimental 2021-06-02 09:58:30 +02:00
Tony Torralba
7dbdba28cc Consider search methods with unsafe SearchControls 2021-05-21 15:21:04 +02:00
Sebastian Bauersfeld
28f597440f Add method invocations of Spring's SavedRequest as a remote sources. 2021-05-20 20:00:14 +07:00
Tony Torralba
1351516e9a Moved JNDI injection related files from experimental to standard 2021-05-19 11:32:51 +02:00
Tony Torralba
e58746508d Merge branch 'main' into atorralba/promote-ognl-injection 2021-05-19 10:41:08 +02:00
luchua-bc
d664aa6d6a Include more scenarios and update qldoc 2021-05-18 16:12:22 +00:00
Chris Smowton
4230869ee2 Merge pull request #5819 from luchua-bc/java/jpython-injection 
Java: CWE-094 Jython code injection
 2021-05-18 16:38:40 +01:00
Chris Smowton
71f540a755 Merge pull request #5844 from haby0/SpringRedirects 
[Java] CWE-601 Spring url redirection detect
 2021-05-18 16:37:40 +01:00
Tony Torralba
34a55e77ef Add missing subtype test 2021-05-18 09:38:35 +02:00
Anders Schack-Mulligen
9b0e3b1950 Merge pull request #5814 from JLLeitschuh/feat/JLL/jackson_as_taint_step 
[Java] Add taint tracking through Jackson deserialization
 2021-05-18 09:31:16 +02:00
Tony Torralba
3e4ccaf9a8 Move from experimental to standard 2021-05-17 10:41:54 +02:00
haby0
effa2b162a Add spring url redirection detect 2021-05-13 09:55:37 +08:00
Tony Torralba
09b40601a7 Consider ExpressionAccessor 2021-05-12 12:32:38 +02:00
Anders Schack-Mulligen
a247ae4357 Merge pull request #5843 from JLLeitschuh/feat/JLL/improve_kryo_support 
[Java] Fix Kryo FP & Kryo 5 Support
 2021-05-12 09:52:24 +02:00