hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,738 Commits 1,672 Branches 157 Tags
tausbn/python-add-models-for-zstd-compression
Commit Graph

14042 Commits

Author SHA1 Message Date
luchua-bc
02aa9c6fc7 Optimize the sink and update qldoc 2021-05-18 16:12:23 +00:00
luchua-bc
d4323a4a54 Update qldoc 2021-05-18 16:12:23 +00:00
luchua-bc
9d392263a5 Refactor inconsistent method names 2021-05-18 16:12:23 +00:00
luchua-bc
2fa249a8eb Update method name and qldoc 2021-05-18 16:12:23 +00:00
luchua-bc
2c1374bdcf Use inline implementation for ScriptEngineFactory 2021-05-18 16:12:23 +00:00
luchua-bc
0ac8453398 Allow all arguments of methods in ScriptEngineFactory 2021-05-18 16:12:23 +00:00
luchua-bc
e4699f7fa9 Optimize the query 2021-05-18 16:12:22 +00:00
luchua-bc
d664aa6d6a Include more scenarios and update qldoc 2021-05-18 16:12:22 +00:00
luchua-bc
852bcfb5c7 Refactor the ScriptEngine query and the Rhino code injection query into one 2021-05-18 16:12:22 +00:00
luchua-bc
b0b5338359 Rhino code injection 2021-05-18 16:12:22 +00:00
Chris Smowton
4230869ee2 Merge pull request #5819 from luchua-bc/java/jpython-injection 
Java: CWE-094 Jython code injection
 2021-05-18 16:38:40 +01:00
Chris Smowton
71f540a755 Merge pull request #5844 from haby0/SpringRedirects 
[Java] CWE-601 Spring url redirection detect
 2021-05-18 16:37:40 +01:00
luchua-bc
2a0721b2ae Optimize the sink and update method name 2021-05-18 12:18:14 +00:00
haby0
e46de44473 Solve errors caused by private ownership 2021-05-18 19:56:32 +08:00
haby0
caf5f4d605 modified comment 2021-05-18 19:10:03 +08:00
Tony Torralba
34a55e77ef Add missing subtype test 2021-05-18 09:38:35 +02:00
Anders Schack-Mulligen
9b0e3b1950 Merge pull request #5814 from JLLeitschuh/feat/JLL/jackson_as_taint_step 
[Java] Add taint tracking through Jackson deserialization
 2021-05-18 09:31:16 +02:00
haby0
a0cd551bae Add filtering of String.format 2021-05-18 11:05:10 +08:00
luchua-bc
e652d8771c Update method name and qldoc 2021-05-17 20:36:15 +00:00
Chris Smowton
ef410b9984 Update java/change-notes/2021-05-14-close-resource-leaks-improvements.md 2021-05-17 19:27:10 +01:00
Tony Torralba
347bd2ebc2 Added change note 2021-05-17 17:51:07 +02:00
Tony Torralba
1815656a02 Use set literals for OGNL packages 2021-05-17 16:56:37 +02:00
Tony Torralba
8d682000b4 Fix QLDocs 2021-05-17 16:53:30 +02:00
Tony Torralba
ed13c17ea8 Fix qhelp file 2021-05-17 16:52:08 +02:00
Tony Torralba
bc2370ae1d Use InlineExpectationsTest for tests 2021-05-17 15:58:33 +02:00
Tony Torralba
cfb38c43b3 QLDocs 2021-05-17 15:04:50 +02:00
Tony Torralba
897cd5384f Created JWT.qll and refactored to use CSV models 2021-05-17 14:44:33 +02:00
luchua-bc
7af1984348 Update the change note 2021-05-17 11:35:35 +00:00
haby0
689c28a178 modified JsonIoSafeOptionalArgs 2021-05-17 19:00:59 +08:00
haby0
95c33a240f Update java/change-notes/2021-05-17-add-unsafe-deserialization-sinks.md 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-05-17 18:49:16 +08:00
Tony Torralba
3e4ccaf9a8 Move from experimental to standard 2021-05-17 10:41:54 +02:00
Anders Schack-Mulligen
77c93dcf26 Make private 2021-05-17 10:35:04 +02:00
haby0
58d774ae85 add change notes 2021-05-17 14:52:05 +08:00
luchua-bc
1a072f3bb9 Move APIs from predicates flagged auto-generated to the other section 2021-05-14 20:38:23 +00:00
Marcono1234
e205e4bbce Java: Add change note for close resource query changes 2021-05-14 22:31:14 +02:00
Marcono1234
73c7e15580 Java: Add back StringInputStream to CloseReader.ql 2021-05-14 22:25:00 +02:00
luchua-bc
1497fba6f2 Remove the isAdditionalTaintStep predicate 2021-05-14 11:43:49 +00:00
luchua-bc
9ef58e378c Remove the sample Java file in the src folder 2021-05-14 11:01:25 +00:00
Robin Neatherway
f378513ea3 Add lines-of-code tags 
This is a proposed method for advertising which queries are measuring
the lines of code in a project in a more robust manner than inspecting
the rule id.

Note that the python "LinesOfUserCode" query should _not_ have this
property, as otherwise the results of the two queries will be summed.
 2021-05-14 11:20:43 +01:00
haby0
60fc607449 Modify ql 2021-05-14 18:17:05 +08:00
haby0
498c99e26c Add left value, Add return expression tracing flow 2021-05-14 16:31:59 +08:00
Tony Torralba
132a187586 Add missing QLDoc 2021-05-13 16:29:29 +02:00
Tony Torralba
50e1b42581 Add missing QLDoc 2021-05-13 15:37:16 +02:00
Tony Torralba
1fbdf6ecd0 Add change note 2021-05-13 15:13:25 +02:00
Tony Torralba
db732918af Add taint step for setExpression 2021-05-13 15:01:36 +02:00
haby0
02e415045f Delete RedirectBuilderFlowConfig 2021-05-13 15:48:15 +08:00
haby0
effa2b162a Add spring url redirection detect 2021-05-13 09:55:37 +08:00
luchua-bc
4d014717b6 Add a change note and reset the qhelp file 2021-05-12 15:50:40 +00:00
Jonathan Leitschuh
48b50f93c2 Update java/ql/src/semmle/code/java/frameworks/jackson/JacksonSerializability.qll 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2021-05-12 08:58:01 -04:00
Tony Torralba
09b40601a7 Consider ExpressionAccessor 2021-05-12 12:32:38 +02:00