hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,738 Commits 1,671 Branches 157 Tags
tausbn/python-add-models-for-zstd-compression
Commit Graph

14042 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
6de612a566 Java: Split SpringWebRequestGetMethod into its own class. 2020-07-03 14:06:54 +02:00
luchua-bc
6d329bce6e Add Apache Commons Logging and debugv method 2020-07-03 01:13:11 +00:00
Arthur Baars
5f2a5f1b55 Java: Collections: add tests 2020-07-02 19:18:02 +02:00
luchua-bc
a61f814b4b Change to ServletResponse type and fix formatting error 2020-07-02 12:49:25 +00:00
Arthur Baars
21a4b8d6c0 Java: remove useless casts 2020-07-02 13:03:15 +02:00
Arthur Baars
d80bf3395f Add Navigable variants and sort method names 2020-07-02 13:02:38 +02:00
Arthur Baars
e7b495e7d3 Java: model Collections::addAll 2020-07-02 12:38:22 +02:00
Arthur Baars
5cf5c77b09 Java: model java.util.Collections 2020-07-02 12:25:55 +02:00
luchua-bc
1d0232b464 Add more servlet methods and fix formatting errors 2020-07-02 03:07:19 +00:00
intrigus-lgtm
cabd275baa Fix typo, add Oxford comma 2020-07-01 14:49:09 +02:00
Anders Schack-Mulligen
7d057598d8 Merge pull request #3857 from jbj/flowthrough-bigstep-perf 
C++: Remove big-step relation in flow-through code
 2020-07-01 14:23:23 +02:00
Anders Schack-Mulligen
38b73ff684 Merge pull request #3854 from hvitved/dataflow/node-type-interface 
Data flow: Replace `getErasedRepr()` and `Node::getTypeBound()` with `getNodeType()`
 2020-07-01 11:37:19 +02:00
Jonas Jensen
cff0f48d34 C++: Work around join-order issue in flow-through 
In this non-linear recursion, a `#prev` relation was joined earlier than
the `#prev_delta` relation. As a result, each iteration of the predicate
processes every tuple from previous iterations.

This quadratic behavior caused severe slowdowns on oneapi-src/oneDNN.
 2020-06-30 21:12:57 +02:00
Jonas Jensen
17beb2d867 C++: Remove big-step relation in flow-through code 
This relation was originally introduced to improve performance but may
no longer be necessary. The `localFlowStepPlus` predicate had an
explosion of tuples on oneapi-src/oneDNN for C++.
 2020-06-30 21:06:45 +02:00
Jonathan Leitschuh
fa8b278332 Add jOOQ methods as SQL Injection Sinks 2020-06-30 11:57:17 -04:00
Mathias Vorreiter Pedersen
286c09183f Merge pull request #3837 from geoffw0/qldoc5 
C++/Java: Update QLDoc and terminology in Encryption.qll
 2020-06-30 17:44:59 +02:00
Tom Hvitved
f1179cc202 Java: Follow-up changes 2020-06-30 17:44:16 +02:00
Tom Hvitved
1fa58bd82d Data flow: Sync files 2020-06-30 17:37:16 +02:00
Geoffrey White
cf75397ef1 Java: Rename tests. 2020-06-30 14:33:05 +01:00
Geoffrey White
5c11c9ee43 Java: Rename additional private predicates. 2020-06-30 13:05:46 +01:00
Geoffrey White
f8425b8a58 Java: Update uses. 2020-06-30 13:02:48 +01:00
Geoffrey White
db0500b9ef Java: Direct port of changes to Java. 2020-06-30 13:02:48 +01:00
luchua-bc
d978f28822 Simplify the query for subtype check 2020-06-30 11:15:18 +00:00
Anders Schack-Mulligen
13cb853af5 Merge pull request #3294 from ggolawski/ognl-injection 
CodeQL query to detect OGNL injections
 2020-06-30 09:46:02 +02:00
Tom Hvitved
b57cfc965a Merge pull request #3804 from aschackmull/dataflow/dispatch-refactor 
Dataflow: Refactor dispatch with call context.
 2020-06-30 08:28:27 +02:00
luchua-bc
382e5a5a7a Revert "Add remote source of Android intent extra" 
This reverts commit 65e76ab18f.
 2020-06-30 00:55:05 +00:00
luchua-bc
3e8e9f9969 Revert "Add method access qualifier as source" 
This reverts commit 87668bf075.
 2020-06-30 00:54:27 +00:00
luchua-bc
065b90ab6b Revert "text changes" 
This reverts commit 0f8dd7c328.
 2020-06-30 00:53:03 +00:00
luchua-bc
ede9cec4a9 Uncaught Servlet Exception 2020-06-29 20:07:53 +00:00
Anders Schack-Mulligen
d297ce2279 Merge pull request #3436 from artem-smotrakov/revocation-checking 
Java: Added a query for disabled certificate revocation checking
 2020-06-29 16:42:36 +02:00
Anders Schack-Mulligen
b53b90501b Merge pull request #3550 from luchua-bc/java-unsafe-cert-trust 
Java: CWE-273 Unsafe certificate trust
 2020-06-29 16:39:39 +02:00
Anders Schack-Mulligen
0bd81eb4b8 Dataflow: Fix reference to viableCallable. 2020-06-29 16:22:58 +02:00
luchua-bc
0f8dd7c328 text changes 2020-06-27 22:56:00 +00:00
Bt2018
87668bf075 Add method access qualifier as source 2020-06-27 18:00:52 -04:00
Grzegorz Golawski
aff0e0eb25 Cleanup according to review comments. 2020-06-27 18:30:36 +02:00
Artem Smotrakov
f5f30ce25e Java: Simplified the query for disabled certificate revocation checking 
Removed a dataflow cofiguration for setting a revocation checker.
Instead, the query just checks if addCertPathChecker() or setCertPathCheckers()
methods are called.
 2020-06-27 11:37:20 +03:00
Artem Smotrakov
a2fa03e4f5 Java: Improved the query for disabled certificate revocation checking 
- Added a taint propagation step for List.of() methods
- Added a testcase with one of the List.of() method
- Simplified conditions
- Fixed typos
 2020-06-27 11:37:20 +03:00
Artem Smotrakov
06e3f101ce Java: Added a query for disabled certificate revocation checking 
- Added experimental/Security/CWE/CWE-299/DisabledRevocationChecking.ql
  The query looks for PKIXParameters.setRevocationEnabled(false) calls.
- Added RevocationCheckingLib.qll
- Added a qhelp file with examples
- Added tests in java/ql/test/experimental/Security/CWE/CWE-299
 2020-06-27 11:37:20 +03:00
luchua-bc
65e76ab18f Add remote source of Android intent extra 2020-06-25 20:20:18 +00:00
Anders Schack-Mulligen
6c679c328d Dataflow: Refactor dispatch with call context. 2020-06-25 14:28:35 +02:00
luchua-bc
0779aab28f Clean up the QL code 2020-06-24 15:02:16 +00:00
Anders Schack-Mulligen
791f31fa65 Merge pull request #3595 from luchua-bc/j2ee-server-directory-listing 
Java: Add check for J2EE server directory listing
 2020-06-24 16:45:34 +02:00
Anders Schack-Mulligen
941177ee25 Merge pull request #3762 from hvitved/dataflow/clear-contents 
Data flow: Model field clearing
 2020-06-24 10:19:50 +02:00
Anders Schack-Mulligen
3b62bd254c Merge pull request #3723 from JLLeitschuh/fix/JLL/gitignore_vs_code_generated_files 
Add .gitignore for VS Code Generated maven project files
 2020-06-24 09:35:01 +02:00
Tom Hvitved
a3e7fd60f2 Data flow: Enable syntax highlighting in QLDoc snippets 2020-06-23 16:54:34 +02:00
Bt2018
fffc88ea5b Metadata update 2020-06-23 10:34:28 -04:00
luchua-bc
f8c494716f Fix ending line error 2020-06-23 12:48:07 +00:00
luchua-bc
89260d6f8a Fix ending line error 2020-06-23 12:36:07 +00:00
luchua-bc
deabfe6e5c Adjust id tag and fix ending line error 2020-06-23 12:24:03 +00:00
luchua-bc
7642b43990 Adjust id tag and fix ending line error 2020-06-23 12:10:07 +00:00