hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,275 Commits 1,672 Branches 157 Tags
tausbn/python-refine-location-of-flask-request-sources
Commit Graph

3153 Commits

Author SHA1 Message Date
Chris Smowton
29e93edf90 Dataflow: restrict pattern-case flow to unique patterns. 2024-03-25 16:31:37 +00:00
Chris Smowton
00c7dd5f92 Fix a stray use of getPattern 2024-03-25 16:31:36 +00:00
Chris Smowton
e59487a324 Don't regard cases with multiple patterns as conducting a type test 2024-03-25 16:31:36 +00:00
Chris Smowton
c7cb885e71 Add missing javadoc and getUniquePattern predicate 2024-03-25 16:31:36 +00:00
Chris Smowton
f44becea7f Implement multiple pattern case and fall-through pattern case support 2024-03-25 16:31:36 +00:00
Chris Smowton
c283894b4b Fix typo 2024-03-25 16:31:36 +00:00
Chris Smowton
33b807f3bb Parameters and local variables: add isAnonymous predicate 2024-03-25 16:31:36 +00:00
Owen Mansel-Chan
f2db9ce312 Merge pull request #16028 from owen-mc/java/sensitive-log-whitelist-tokenimage 
Java: whitelist variable name `tokenImage` for `java/sensitive-log` as it's used in code generated by JavaCC
 2024-03-25 10:02:19 +00:00
Owen Mansel-Chan
ac6c4add14 Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2024-03-24 20:20:37 +00:00
Owen Mansel-Chan
4832dc51ed Whitelist variable name tokenImage 2024-03-23 21:33:02 +00:00
Michael Nebel
6619be3137 Merge pull request #15940 from michaelnebel/csharp/sourcesinktests 
C#: Source- and sink tests.
 2024-03-21 08:12:16 +01:00
Mathias Vorreiter Pedersen
ebac171b2b Java/Shared: Rename 'joinStep0' to 'joinStep'. 2024-03-20 14:40:16 +00:00
Mathias Vorreiter Pedersen
6a65c46b2e Java/Shared: Share more 'isNull' computations. 2024-03-20 14:36:12 +00:00
Mathias Vorreiter Pedersen
90fbacc7bf Java/Shared: Use getLocation instead of hasLocationInfo. 2024-03-20 14:29:48 +00:00
Michael Nebel
70c6744944 Java/Go/Swift: Sync changes. 2024-03-19 14:20:43 +01:00
Tom Hvitved
a6c147134a Java: Switch to shared XML.qll implementation 2024-03-19 13:15:45 +01:00
Tom Hvitved
fc55567d90 Merge pull request #15853 from hvitved/dataflow/get-location 
Data flow: Replace `hasLocationInfo` with `getLocation`
 2024-03-18 20:21:46 +01:00
Jami Cogswell
55f7369df0 Java: performance fix 2024-03-15 14:06:36 -04:00
Jami Cogswell
1b01f26d09 Java: adjust BarrierPrefix to handle prepended chars 2024-03-13 16:28:45 -04:00
Jami Cogswell
04d27f2d65 Java: adjust prefix barriers 2024-03-13 16:28:44 -04:00
Jami Cogswell
e99cea340b Java: update UrlPathBarrier to include FollowsBarrierPrefix 2024-03-13 16:28:44 -04:00
Jami Cogswell
c5a59d6c51 Java: add QLDoc 2024-03-13 16:28:44 -04:00
Jami Cogswell
7310c155e2 Java: rename SpringUrlForwardSink 2024-03-13 16:28:44 -04:00
Jami Cogswell
a8075969d8 Java: add QLDocs to UrlPathBarrier code 2024-03-13 16:28:44 -04:00
Jami Cogswell
042dcf9cd9 Java: some updates to UrlPathBarrier code 2024-03-13 16:28:44 -04:00
Jami Cogswell
052452b186 Java: create UrlDecodeMethod 2024-03-13 16:28:44 -04:00
Jami Cogswell
d220b3a298 Java: some updates to test cases 2024-03-13 16:28:43 -04:00
Jami Cogswell
43b49628fc Java: use new 'SimpleTypeSanitizer', and update some non-extending subtype relationships 2024-03-13 16:28:43 -04:00
Jami Cogswell
2708e53c7f Java: remove redundant imports 2024-03-13 16:28:43 -04:00
Jami Cogswell
911a61df22 Java: initial update of barrier and test cases to remove FN 2024-03-13 16:28:42 -04:00
Jami Cogswell
5fa63ab5c2 Java: update/add some TODO comments 2024-03-13 16:28:41 -04:00
Jami Cogswell
09bc21dbd3 Java: rename 'UnsafeUrlForward' to 'UrlForward' 2024-03-13 16:28:41 -04:00
Jami Cogswell
5a9d7552b3 Java: add some comments and minor code reorg 2024-03-13 16:28:41 -04:00
Jami Cogswell
1da1e896cb Java: convert SpringModelAndViewSink to MaD 2024-03-13 16:28:41 -04:00
Jami Cogswell
8d66097483 Java: switch StaplerResponse.forward from request-forgery sink to url-forward sink 2024-03-13 16:28:41 -04:00
Jami Cogswell
42e3825ea3 Java: convert RequestDispatcherSink to MaD 2024-03-13 16:28:40 -04:00
Jami Cogswell
4ff884e26c Java: remove more path-injection related classes (will maybe add some of these back in a separate PR) 2024-03-13 16:28:40 -04:00
Jami Cogswell
915e106ab3 Java: remove path-injection related models and tests for now 2024-03-13 16:28:40 -04:00
Jami Cogswell
2793f28428 Java: move config to Query.qll file 2024-03-13 16:28:40 -04:00
Tom Hvitved
02ae2d1520 Java: Implement new data flow interface 2024-03-13 14:41:57 +01:00
Erik Krogh Kristensen
863e3f79e5 Merge pull request #15731 from erik-krogh/java-url 
Java: More sanitizers for request-forgery
 2024-03-12 19:31:52 +01:00
erik-krogh
f613823047 add explicit QLDoc that any method named "contains" is matched 2024-03-12 15:25:27 +01:00
erik-krogh
52f71e4553 small fixes based on review 2024-03-12 15:07:29 +01:00
Tom Hvitved
da66281fef Sync files 2024-03-11 13:02:04 +01:00
Owen Mansel-Chan
279605b486 Merge pull request #15786 from owen-mc/java/sensitive-logging-query-exclude-null-in-variable-name 
Java: sensitive logging query exclude null in variable name
 2024-03-04 12:14:42 +00:00
Owen Mansel-Chan
c7efde3b7a Remove variables with "null" in their name as sources 2024-03-03 20:55:04 +00:00
Owen Mansel-Chan
114c17ad57 Add more methods of java.util.Comparator 2024-03-02 20:55:30 +00:00
Owen Mansel-Chan
bb97df1d71 do not generate models for lambda flow methods 2024-03-01 12:11:40 +00:00
Owen Mansel-Chan
bbf3fa7506 do not generate models for toString 2024-03-01 09:59:27 +00:00
Chris Smowton
051d63a5a9 Merge pull request #15740 from smowton/smowton/feature/call-and-type-telemetry 
Java: add extraction quality telemetry; improve stringification of some erroneous expressions
 2024-02-29 16:51:51 +00:00