hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,738 Commits 1,672 Branches 157 Tags
tausbn/python-add-models-for-zstd-compression
Commit Graph

14042 Commits

Author SHA1 Message Date
Joe Farebrother
41b7db144d Allow for array types in model signatures 2021-02-25 11:40:48 +00:00
haby0
0521ef87da Merge remote-tracking branch 'upstream/main' into JsonHijacking 2021-02-25 16:31:14 +08:00
Anders Schack-Mulligen
f0d3841369 Merge pull request #5105 from JLLeitschuh/feat/JLL/depricated_bintray_usage 
CWE-1104: Maven POM dependence upon Bintray/JCenter
 2021-02-25 09:08:31 +01:00
Artem Smotrakov
e02b51f42b Improved SpringHttpInvokerUnsafeDeserialization.qhelp 2021-02-24 22:35:20 +01:00
Artem Smotrakov
aac0c27dcd Added tests for SpringHttpInvokerUnsafeDeserialization.ql 2021-02-24 22:35:20 +01:00
Artem Smotrakov
95284ad71d Added SpringHttpInvokerUnsafeDeserialization.qhelp and example 2021-02-24 22:35:20 +01:00
Artem Smotrakov
476309af6d Added SpringHttpInvokerUnsafeDeserialization.ql 2021-02-24 22:35:20 +01:00
Artem Smotrakov
34b6ed0a05 Removed commented code from JexlUberspect 2021-02-24 22:31:03 +01:00
luchua-bc
e34a203731 Refactor the check of a main method in a test program to improve maintainability 2021-02-24 17:15:08 +00:00
Joe Farebrother
caa6f00292 Switch to CSV based modelling 2021-02-24 16:59:49 +00:00
Jonathan Leitschuh
237fefbcf1 Add release notes 2021-02-24 11:19:20 -05:00
haby0
6fe8bafc7d *)update 2021-02-24 20:59:51 +08:00
haby0
872a000a33 *)update to JSONP injection 2021-02-24 20:36:12 +08:00
Anders Schack-Mulligen
add960bc4d Merge pull request #4880 from luchua-bc/java/sensitive-query-with-get 
Java: Sensitive GET Query
 2021-02-24 11:08:47 +01:00
yo-h
1d654febfd Merge pull request #5195 from aschackmull/java/cwe-548-test 
Java: Add empty file to test.
 2021-02-23 21:12:40 -05:00
Joe Farebrother
e13c779f0f Add additional unit tests 2021-02-23 16:17:13 +00:00
luchua-bc
56e3b301e9 Resolve ambiguous method access 2021-02-23 15:18:07 +00:00
luchua-bc
45f9125bfa Update test program 2021-02-23 14:41:44 +00:00
luchua-bc
9eb8ec7da5 Create a separate file for EJB check 2021-02-23 14:38:15 +00:00
Joe Farebrother
ee651da23f Remove TODO comment 2021-02-23 14:27:11 +00:00
Joe Farebrother
459c0afc55 Add change note 2021-02-23 14:26:12 +00:00
Joe Farebrother
a3b8d4ab2d Switch to inline test expectations; fix failing test outputs 2021-02-23 14:26:12 +00:00
Joe Farebrother
7b5961769a Add unit tests for version 5.x 2021-02-23 14:26:12 +00:00
Joe Farebrother
cf58a90d74 Add unit tests for utility methods 2021-02-23 14:26:12 +00:00
Joe Farebrother
e5d624d1e8 Add open redirect sinks 2021-02-23 14:26:12 +00:00
Joe Farebrother
e3fe635004 Add support for httpcomponents 5.x 2021-02-23 14:26:11 +00:00
Joe Farebrother
5bba7f6df7 Add unit tests 2021-02-23 14:26:11 +00:00
Joe Farebrother
da6e9492a0 Model XSS sinks and utility methods 2021-02-23 14:26:11 +00:00
Joe Farebrother
561679611e Java: Model flow source for apache http requests, 
Model flow steps for associated getters

Fix rebase conflict
 2021-02-23 14:26:11 +00:00
Joe Farebrother
4184ebd091 Java: Add HttpRequestHandler as a remote flow source 2021-02-23 14:26:11 +00:00
Anders Schack-Mulligen
b1bed2731d Merge pull request #5172 from smowton/smowton/feature/commons-strbuilder 
Java: Add support for commons-lang's StrBuilder class
 2021-02-23 14:39:11 +01:00
yo-h
6213c20bc3 Merge pull request #5136 from aschackmull/java/csv-models 
Java: Add support for framework modelling through csv data.
 2021-02-22 19:00:41 -05:00
Jonathan Leitschuh
ad99aa2d76 Fix typo in test output 2021-02-22 13:26:51 -05:00
luchua-bc
40df01d2cd Update qldoc and method name 2021-02-22 14:15:41 +00:00
Francis Alexander
45bdb22db8 Switch from sanitizer to tainttracking, formatting and qldoc changes 2021-02-21 16:45:48 +05:30
Artem Smotrakov
43a07bb13a Better sink in SandboxedJexlFlowConfig 2021-02-20 11:17:51 +01:00
luchua-bc
dc799019d0 Add query for Struts and Spring actions 2021-02-20 03:36:21 +00:00
luchua-bc
3d9ac0d094 Add query for enterprise beans 2021-02-20 02:00:42 +00:00
Anders Schack-Mulligen
dae65f687a Merge pull request #5150 from Marcono1234/marcono1234/conditional-expr-branch 
Java: Add ConditionalExpr.getBranchExpr(boolean)
 2021-02-19 10:12:43 +01:00
Chris Smowton
321df82851 Apply review feedback: comment style, bracketing, and use proper MISSING test annotations 2021-02-18 14:56:52 +00:00
Anders Schack-Mulligen
954e0b9496 Java: Add empty file to test. 2021-02-18 13:10:29 +01:00
Anders Schack-Mulligen
74d35f4f37 Java: Add support for value-preserving steps. 2021-02-18 11:26:15 +01:00
Anders Schack-Mulligen
04eeeda2c9 Java: Add documentation for the final column. 2021-02-18 11:23:49 +01:00
Anders Schack-Mulligen
6f583baa90 Java: More documentation and support for field writes. 2021-02-18 11:18:31 +01:00
haby0
8119fd2ad1 *)add JsonHijacking ql query 2021-02-18 18:11:10 +08:00
luchua-bc
e916ce8b9b Exclude test directories of typical build tools 2021-02-18 00:50:38 +00:00
luchua-bc
5e36eedcb6 Add check for test packages 2021-02-17 18:04:55 +00:00
Jonathan Leitschuh
c43765917f Fix formatting of MavenPom.qll 2021-02-17 11:55:10 -05:00
Francis Alexander
2baf2aa5c1 Apply suggestions from code review - improved sanitizer checks. 
Co-authored-by: Alvaro Muñoz <pwntester@github.com>
 2021-02-17 18:58:32 +05:30
Francis Alexander
40f4e71b86 Merge branch 'main' into cwe-346 2021-02-17 18:55:31 +05:30