Anders Schack-Mulligen
531d30f048
Java: Add SwitchExpr to Nullness::dereference.
2019-05-15 13:20:55 +02:00
Anders Schack-Mulligen
3eb3cd345d
Java: Update qldoc and add callsImpl convenience wrapper.
2019-05-14 16:31:56 +02:00
Anders Schack-Mulligen
f9e4512f32
Java: Update polyCalls to use virtual dispatch.
2019-05-14 15:36:12 +02:00
Anders Schack-Mulligen
b71acd2ff9
Java: Deprecate RemoteUserInput
2019-05-14 12:33:36 +02:00
Anders Schack-Mulligen
14cad57960
Java: Improve joinorder for GuardsLogic::conditionalAssign.
2019-05-14 11:28:18 +02:00
Anders Schack-Mulligen
ebb63c8141
Java: Refactor Guard.controls in terms of dominating edges.
2019-05-13 16:35:30 +02:00
Max Schaefer
79e01a2de5
Merge pull request #1305 from aschackmull/java/abstract-flowsources
...
Java: Introduce an abstract class RemoteFlowSource to ease customization.
2019-05-10 11:42:15 +01:00
Anders Schack-Mulligen
66813a91ef
Java: Postpone deprecation to separate PR.
2019-05-09 13:40:25 +02:00
Jonas Jensen
639d715d03
Merge pull request #1226 from hvitved/dataflow/prepare-for-csharp
...
Generalize data-flow library in preparation for C# adoption
2019-05-06 14:42:46 +02:00
Anders Schack-Mulligen
f367427fb8
Java: Deprecate RemoteUserInput.
2019-05-06 13:43:58 +02:00
Anders Schack-Mulligen
10a6362357
Java: Introduce an abstract class RemoteFlowSource to ease customization.
2019-05-03 15:48:22 +02:00
Tom Hvitved
d9bf0a670e
Data flow: Address review comments
2019-05-03 15:00:48 +02:00
Tom Hvitved
b6206d7370
Data flow: Introduce ReturnKind
2019-05-02 20:30:50 +02:00
yh-semmle
3a988d0312
Java 12: revert addition of deprecated annotations for preview features
2019-04-30 10:59:08 -04:00
yh-semmle
6d59b4e049
Java 12: tweak queries to preserve behavior
...
This accounts for the changes in af8faee1.
2019-04-30 10:59:08 -04:00
yh-semmle
de47f25141
Java 12: remove deprecated annotation from Stmt::getEnclosingStmt
2019-04-30 10:59:07 -04:00
yh-semmle
3f132f45d9
Java 12: add dbscheme stats for switch expressions
2019-04-30 10:59:07 -04:00
yh-semmle
f22084e18a
Java 12: add more QL deprecated annotations
2019-04-30 10:59:06 -04:00
Anders Schack-Mulligen
0a569f6c1a
Java: Change TCs of Stmt.getParent to Stmt.getEnclosingStmt.
2019-04-30 10:59:06 -04:00
Anders Schack-Mulligen
6ecf46ce85
Java: Add CFG edges for switch expressions.
2019-04-30 10:59:05 -04:00
Anders Schack-Mulligen
9a367d9293
Java: JumpStmt.getTarget, Stmt.getEnclosingStmt, SwitchExpr.getAResult.
2019-04-30 10:59:05 -04:00
yh-semmle
61324f0bb0
Java 12: enhanced QLDoc for preview features
2019-04-30 10:59:05 -04:00
yh-semmle
d4e013b297
Java 12: deprecate QL constructs for new preview feature (switch exprs)
2019-04-30 10:59:04 -04:00
yh-semmle
38705038a8
Java 12: add QL for switch expressions, etc
2019-04-30 10:59:04 -04:00
yh-semmle
6ac1ee5fad
Java 12: add switch expressions to dbscheme
2019-04-30 10:59:04 -04:00
yh-semmle
4ede686283
Java: refactor ConstCase and DefaultCase in preparation for Java 12
2019-04-30 10:59:03 -04:00
Tom Hvitved
29e59e6d1e
Address review comments
2019-04-29 20:19:31 +02:00
Sebastian Bauersfeld
2f200d7517
Parameters annotated with Spring's @RequestBody and @PathVariable are remote input sources.
2019-04-17 18:02:00 -04:00
Tom Hvitved
18ced249ab
Java: Generalize data-flow library in preparation for C# adoption
2019-04-10 13:05:31 +02:00
Anders Schack-Mulligen
dec31a3dd6
Java: Use range analysis in IntMultToLong.
2019-04-05 10:42:23 +02:00
Anders Schack-Mulligen
d144ea2f1c
Java: Exclude slf4j calls in PrintLnArray as it supports array formatting.
2019-04-04 11:09:41 +02:00
yh-semmle
b226cb64cd
Merge pull request #1189 from aschackmull/java/preconditions
...
Java: Support precondition calls as guards (ODASA-7796).
2019-04-03 21:36:08 -04:00
Felicity Chapman
ffeb61c698
Fix typo in query description
2019-04-03 10:46:48 +01:00
Anders Schack-Mulligen
b1e364b56a
Java: Support precondition calls as guards.
2019-04-02 10:58:46 +02:00
Pavel Avgustinov
c26b655956
Merge pull request #1022 from yh-semmle/java/dead-code-override
...
Java: respect override annotations in `java/unused-parameter`
2019-03-01 19:11:46 +00:00
yh-semmle
a4beb03e15
Java: respect override annotations in java/unused-parameter
2019-02-20 15:27:35 -05:00
yh-semmle
64b2d331ae
Java: add test for Guice framework support
2019-02-15 20:01:08 -05:00
yh-semmle
b0d9c80ccc
Java: add taint steps for Protobuf framework
2019-02-15 20:01:07 -05:00
yh-semmle
fc4aa16905
Java: add remote user input for Apache Thrift framework
2019-02-15 20:01:07 -05:00
yh-semmle
751bbbf583
Java: add remote user input for Struts 2 ActionSupport
2019-02-15 20:01:06 -05:00
yh-semmle
a436369846
Java: add remote user input and taint step for Guice framework
2019-02-15 20:01:06 -05:00
Anders Schack-Mulligen
25469637db
Java: Autoformat qls.
2019-02-12 14:38:08 +01:00
Anders Schack-Mulligen
63a4dd09ad
Java: Autoformat qlls.
2019-02-12 14:38:08 +01:00
Anders Schack-Mulligen
52ad816074
Merge pull request #904 from rneatherway/zipslip-fix
...
Java: Add a flow step for `Path::toFile` in ZipSlip
2019-02-11 13:08:38 +01:00
Robin Neatherway
409733838b
Java: Add a flow step for Path::toFile in ZipSlip
2019-02-11 10:33:44 +00:00
Henning Makholm
b8a03464bf
Fix false positives in java/unused parameter
...
Methods that are mentioned in a member reference expression should count
as rootdefs for the unused parameter query. Such methods have to match
the functional interface of the reference expression, so it is to be
expected that they will sometimes have to declare parameters that they
don't actually use.
2019-02-07 21:14:36 +01:00
yh-semmle
3e8f7a740c
Merge pull request #838 from aschackmull/java/taint-collections
...
Java: Add additional taint steps through collections.
2019-02-05 09:59:24 -05:00
Anders Schack-Mulligen
fe7add77d2
Java: Account for the repo move in NonSecurityTestClass.
2019-02-05 14:31:40 +01:00
Joshua Hale
707f75f7ba
doc: remove - from command arguments
2019-01-30 11:36:48 +00:00
james
7cc1442ecb
Update link text
2019-01-30 09:44:07 +00:00
