hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,738 Commits 1,671 Branches 157 Tags
tausbn/python-add-models-for-zstd-compression
Commit Graph

14042 Commits

Author SHA1 Message Date
Tom Hvitved
8c9f85d04f Data flow: Allow nodes to be hidden from path explanations 2020-06-09 13:53:19 +02:00
luchua-bc
5acfc52087 Add dependent stub classes for the test case 2020-06-08 16:17:40 +00:00
luchua-bc
1e4addb20d Add dependent stub classes for the test case 2020-06-08 16:17:01 +00:00
Bt2018
99aa559ef2 Fix auto-formatting issue 2020-06-08 06:43:00 -04:00
Anders Schack-Mulligen
8513c6981c Merge pull request #3329 from artem-smotrakov/mvel-injection 
Java: Add a query for MVEL injections
 2020-06-08 11:48:00 +02:00
Anders Schack-Mulligen
ad8647f345 Merge pull request #3547 from pwntester/issue_3139 
add support for java.io.StringWriter
 2020-06-08 10:02:23 +02:00
Anders Schack-Mulligen
be862280b2 Update java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll 
Fix trailing whitespace
 2020-06-08 09:18:39 +02:00
Marcono1234
ad1146a23a Fix Java code style of MagicConstants examples 
- Use recommended ordering of modifiers
- Use recommended variable naming scheme
 2020-06-07 01:00:27 +02:00
luchua-bc
cba81eeb97 Fix string/type match and add a test case 2020-06-06 03:56:12 +00:00
Artem Smotrakov
b7c3dd666c Java: Clean up MVEL injection query 2020-06-05 17:22:45 +03:00
Artem Smotrakov
2842aeee72 Java: Simplified MvelInjectionLib 2020-06-05 17:17:43 +03:00
Artem Smotrakov
4a83fb8cc1 Java: Simplified MvelInjection test 2020-06-05 17:17:43 +03:00
Artem Smotrakov
df9d10f2ac Java: Added MVELRuntime.execute() sink for MVEL injections 2020-06-05 17:17:43 +03:00
Artem Smotrakov
fa717b2d86 Java: Added template sinks for MVEL injections 2020-06-05 17:17:43 +03:00
Artem Smotrakov
8fd72659ec Java: Added JSR 223 sinks for MVEL injections 
- Updated MvelInjectionLib.qll
- Added tests and stubs for JSR 223 API
 2020-06-05 17:17:43 +03:00
Artem Smotrakov
6a6c805048 Java: Added Accessor sink for MVEL injections 2020-06-05 17:13:24 +03:00
Artem Smotrakov
12e0234d40 Java: Added CompiledAccExpression sink for MVEL injections 2020-06-05 17:13:24 +03:00
Artem Smotrakov
32ff5ad496 Java: Added CompiledExpression sink for MVEL injections 2020-06-05 17:13:24 +03:00
Artem Smotrakov
c6c4c2c99b Java: Add a query for MVEL injections 
- Added experimental/Security/CWE/CWE-094/MvelInjection.ql
- Added experimental/Security/CWE/CWE-094/MvelInjectionLib.qll
- Added a qhelp file with an example of vulnerable code
- Added tests and stubs for mvel2-2.4.7
 2020-06-05 17:13:24 +03:00
Anders Schack-Mulligen
e4e51b5027 Merge pull request #3291 from artem-smotrakov/spel-injection 
Java: Add a query for SpEL injections
 2020-06-05 15:51:38 +02:00
Anders Schack-Mulligen
64225c31a6 Java: Add test case. 2020-06-04 10:31:08 +02:00
Anders Schack-Mulligen
8d6e39eb18 Java: Add instanceof type bounds for ArrayAccess. 2020-06-03 09:42:37 +02:00
luchua-bc
9affa157b6 Add Log4J 2 and a new search string secret 2020-06-02 03:21:27 +00:00
Robert Brignull
6e0552c074 add more code-scanning suites 2020-06-01 11:45:46 +01:00
Artem Smotrakov
df3adeec36 Java: Add a query for SpEL injections 
- Added experimental/Security/CWE/CWE-094/SpelInjection.ql
  and a couple of libraries
- Added a qhelp file with a few examples
- Added tests and stubs for Spring
 2020-05-31 20:52:45 +03:00
luchua-bc
3d4a5a337d Add check for J2EE server directory listing 2020-05-30 10:58:16 +00:00
yo-h
1fea545160 Merge pull request #3573 from aschackmull/java/private-interface-methods 
Java: Fix for private interface methods.
 2020-05-28 20:31:55 -04:00
yo-h
c2de08ca51 Merge pull request #3499 from aschackmull/java/instanceof-pattern-cfg 
Java: Add CFG edges for Java 14 pattern-matching instanceof.
 2020-05-28 20:24:39 -04:00
luchua-bc
104f1c3197 Add validation query for SSL Engine/Socket and com.rabbitmq.client.ConnectionFactory 2020-05-28 03:34:29 +00:00
Anders Schack-Mulligen
a858a8cd42 Java: Fix for private interface methods. 2020-05-27 11:05:41 +02:00
Anders Schack-Mulligen
796eac108f Java: Autoformat 2020-05-27 09:19:59 +02:00
yo-h
f952293ba0 Merge pull request #3526 from aschackmull/java/qltest-fps-nullness-rangeanalyis 
Java: Add a few qltest cases for nullness and range analysis FPs.
 2020-05-26 14:09:27 -04:00
Jonas Jensen
5deeda0337 Merge pull request #3387 from geoffw0/tostringperf 
C++: Eliminate recursion from toString().
 2020-05-26 13:24:43 +02:00
Anders Schack-Mulligen
6bc9624a4c Merge pull request #3236 from luchua-bc/java-improper-url-validation 
Java: Improper url validation
 2020-05-26 09:48:44 +02:00
Jonas Jensen
3d58e6f7af Merge pull request #3515 from hvitved/dataflow/remove-deprecated 
Data flow: Remove deprecated predicates
 2020-05-25 15:08:28 +02:00
Bt2018
2a654af983 Correct the select statement in the query 2020-05-25 08:24:38 -04:00
Anders Schack-Mulligen
0d75c6a5f1 Merge pull request #3506 from ggolawski/spring-actuators-fix 
Fixes FPs in SpringBootActuators query
 2020-05-25 13:09:56 +02:00
luchua-bc
6d1ba3f899 Java: CWE-273 Unsafe certificate trust 2020-05-24 16:43:15 +00:00
Alvaro Muñoz
0b20785cce add support for java.io.StringWriter 2020-05-22 18:13:28 +02:00
Bt2018
74ab6981eb Fix HTML tag issue 2020-05-20 10:23:40 -04:00
Anders Schack-Mulligen
8cbc01d49b Java: Add a few qltest cases for nullness and range analysis FPs. 2020-05-20 10:44:15 +02:00
yo-h
bfeaeccf60 Merge pull request #3507 from aschackmull/java/cleanup-deprecated-overrides 
Java: Clean up deprecated overrides.
 2020-05-19 09:47:57 -04:00
Tom Hvitved
431403f5db Data flow: Remove deprecated predicates 2020-05-19 15:42:59 +02:00
Bt2018
19d2a404c9 Add AndroidRString RefType to clarify the Android query 2020-05-19 08:44:26 -04:00
Anders Schack-Mulligen
6f03a0bc39 Merge pull request #3487 from luchua-bc/java-sensitive-jboss-logging 
Add JBoss logging
 2020-05-19 11:04:18 +02:00
Anders Schack-Mulligen
c36e6213f1 Merge pull request #3288 from ggolawski/jndi-injection 
CodeQL query to detect JNDI injections
 2020-05-19 11:03:29 +02:00
Anders Schack-Mulligen
9d7329de30 Java: Clean up deprecated overrides. 2020-05-19 10:41:41 +02:00
Grzegorz Golawski
73e736b47a Enhanced comments according to the review comment 2020-05-18 23:37:48 +02:00
Grzegorz Goławski
0075d35346 Update java/ql/src/experimental/Security/CWE/CWE-074/JndiInjectionLib.qll 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2020-05-18 23:18:16 +02:00
Grzegorz Golawski
ac329e81f8 Fixes FPs in SpringBootActuators query 
No evidence that Spring Actuators are being used, e.g. `http.authorizeRequests().anyRequest().permitAll()`
Only safe Actuators are enabled, e.g. `EndpointRequest.to("health", "info")`
 2020-05-18 22:55:33 +02:00