codeql

mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00

Author	SHA1	Message	Date
Tony Torralba	509fc8a640	Add missing docs to stubs	2021-05-06 09:18:49 +02:00
Tony Torralba	26c3ff2cee	Move from experimental to standard	2021-05-06 09:18:49 +02:00
Tony Torralba	720b5d6da3	Refactored sto use CSV sink model. Also, added more sinks	2021-05-06 09:18:49 +02:00
Tony Torralba	ab62bb66f4	Consider second parameter of Node.selectNodes	2021-05-06 09:18:49 +02:00
Tony Torralba	2bb2baf6f7	Support more methods that evaluate XPath expressions	2021-05-06 09:18:49 +02:00
Tony Torralba	d739a8cac2	Moved configuration from XPath.qll back to XPath Injection query	2021-05-06 09:18:48 +02:00
Tony Torralba	fb3e56eac8	Fix imports and stubs so that tests pass	2021-05-06 09:18:48 +02:00
Tony Torralba	a62997463f	Remove unused imports; use set literals in hasName	2021-05-06 09:18:48 +02:00
Tony Torralba	ed5619498c	WIP: XPath Injection promotion	2021-05-06 09:18:48 +02:00
Tony Torralba	a706046a19	Reestructured test	2021-05-06 09:17:53 +02:00
Jonathan Leitschuh	67e9f06304	[Java] Fix Kryo FP & Kryo 5 Support Closes #4992	2021-05-05 17:38:34 -04:00
Tony Torralba	03ce8d689f	Refactored to use CSV sink model	2021-05-05 16:34:30 +02:00
Tony Torralba	9b78cee37a	Add tests	2021-05-05 11:59:57 +02:00
Tony Torralba	458b89bf5f	Added Android stubs	2021-05-05 11:57:01 +02:00
Timo Mueller	787a4ede85	Fixed file reference in test cases	2021-05-04 15:33:53 +02:00
Timo Mueller	374ed851a0	Fixed file reference in test cases	2021-05-04 15:12:50 +02:00
luchua-bc	703fbf139a	Add more methods and update the library name	2021-05-04 02:54:49 +00:00
Jonathan Leitschuh	dfad1fc740	[Java] Add support for com.google.common.base.MoreObjects#firstNonNull	2021-05-03 12:58:00 -04:00
Tony Torralba	e68c6e66a5	Remove qlref file	2021-05-03 17:53:37 +02:00
Tony Torralba	4d5ec87de9	Use InlineTest	2021-05-03 13:27:24 +02:00
Tony Torralba	4bfd34b1fe	Moved from experimental	2021-05-03 13:15:24 +02:00
Tony Torralba	38e052482c	More csv sinks and sources	2021-05-03 12:44:53 +02:00
luchua-bc	4709e8139d	JPython code injection	2021-05-03 01:43:56 +00:00
Timo Mueller	15a3068f8a	Added query for insecure environment configuration RMI JMX (CVE-2016-8735)	2021-04-30 16:23:17 +02:00
Chris Smowton	b2c0259197	Merge pull request #5631 from haby0/UseOfLessTrustedSource [Java] CWE-348: Using a client-supplied IP address in a security check	2021-04-30 15:20:53 +01:00
haby0	fdcc517b9f	UseOfLessTrustedSource -> ClientSuppliedIpUsedInSecurityCheck"	2021-04-30 17:43:34 +08:00
Chris Smowton	ad9ea40954	Merge pull request #5597 from intrigus-lgtm/java/jwt-insecure-parse [Java] JWT without signature check.	2021-04-29 14:41:11 +01:00
haby0	e813257431	use hardCode	2021-04-29 21:23:52 +08:00
intrigus	a8865e2fa2	Java: Cleanup jwt stubs.	2021-04-28 20:46:09 +02:00
haby0	5be9fbbc5a	Remove LogOperationSink and PrintSink	2021-04-27 14:12:33 +08:00
p0wn4j	3d891f0b39	[Java] CWE-078: Add JSch OS command injection sink	2021-04-26 18:20:32 +04:00
edvraa	ade238307f	Add a test	2021-04-22 10:02:06 +03:00
haby0	454324781d	delete IfStmt	2021-04-22 11:59:33 +08:00
Chris Smowton	6589460357	Add models for Commons ToStringBuilder These don't include support for reflectionToString yet, which is coming up in a subsequent PR.	2021-04-21 15:47:19 +01:00
Tamas Vajk	e25305e3cc	Java: Introduce LoC summary metric query	2021-04-21 14:27:00 +02:00
edvraa	13655b5d80	Add RegExUtils	2021-04-21 13:08:35 +03:00
p0wn4j	f2de440886	[Java] CWE-094: Query to detect Groovy Code Injections	2021-04-20 19:18:24 +04:00
yo-h	cb524b6c19	Merge pull request #5611 from github/yo-h/java16 Java: adjust test `options` for JDK 16 upgrade	2021-04-19 15:12:23 -04:00
haby0	8296abcea8	Fix Modify the ql query (the qhelp part is not modified).	2021-04-19 20:59:47 +08:00
Anders Schack-Mulligen	579c955892	Java: Adjust some tests.	2021-04-19 14:06:27 +02:00
Anders Schack-Mulligen	175c71221a	Java: Adjust some test output with more edges/nodes.	2021-04-19 14:06:27 +02:00
haby0	23b508c5e7	Merge remote-tracking branch 'upstream/main' into UseOfLessTrustedSource	2021-04-19 20:05:49 +08:00
Anders Schack-Mulligen	29aec0d770	Java: Adjust expected output.	2021-04-19 13:16:46 +02:00
Anders Schack-Mulligen	c5193cf03f	Apply suggestions from code review	2021-04-19 13:14:56 +02:00
Anders Schack-Mulligen	06514159be	Java: Add XXE tests.	2021-04-19 10:58:21 +02:00
Anders Schack-Mulligen	daad62c4e0	Java: Add TaintedPath test.	2021-04-19 10:07:03 +02:00
edvraa	29e320627f	Regex injection	2021-04-16 23:29:08 +03:00
Anders Schack-Mulligen	605f28f741	Merge pull request #5686 from smowton/haby0/JsonHijacking Java: JSONP Injection w/cleanups	2021-04-16 11:09:17 +02:00
Chris Smowton	254de76078	Remove unnecessary stubs	2021-04-15 16:20:27 +01:00
Chris Smowton	fa36ba901a	Merge pull request #5471 from artem-smotrakov/el-injection Java: Query for detecting Jakarta Expression Language injections	2021-04-15 12:39:34 +01:00

... 72 73 74 75 76 ...

4345 Commits