hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,275 Commits 1,671 Branches 157 Tags
tausbn/python-refine-location-of-flask-request-sources
Commit Graph

3153 Commits

Author SHA1 Message Date
Jami Cogswell
0d2e9ae469 Java: fix 'matches' false branch 2025-03-17 18:48:44 -04:00
Jami Cogswell
49d37c517d Java: fix replacement char check and add tests 2025-03-17 16:02:13 -04:00
Jami Cogswell
3083360032 Java: remove 'complementary' from qldocs 2025-03-17 15:24:31 -04:00
Jami Cogswell
b9f642f4aa Java: condense '.' matching 2025-03-17 15:20:14 -04:00
Jami Cogswell
9d6a10b601 Java: rename 'isSingleReplaceAll' and 'isDoubleReplaceOrReplaceAll' 2025-03-17 15:07:10 -04:00
Tamas Vajk
9662b47464 Move likely test method logic to library 2025-03-14 11:36:15 +01:00
Jami
ea9b0462bf Merge pull request #18793 from jcogs33/jcogs33/java/spring-boot-actuators-promo 
Java: Promote Spring Boot Actuators query from experimental
 2025-03-11 14:42:14 -04:00
Jami Cogswell
76433a31f7 Java: generalize sanitizer and add tests 2025-03-10 18:56:01 -04:00
Jami Cogswell
ab3690f666 Java: initial sanitizer 2025-03-10 18:55:56 -04:00
Anders Schack-Mulligen
d075466958 Merge pull request #18941 from aschackmull/ssa/refactor4 
Ssa: Extend consistency checks and reduce phi read nodes
 2025-03-07 15:18:02 +01:00
Anders Schack-Mulligen
3508ca89e6 Java: Restrict SSA reads to the reachable CFG. 2025-03-07 11:13:53 +01:00
Anders Schack-Mulligen
da579c27fc Merge pull request #18934 from aschackmull/ssa/refactor5 
SSA: Replace the Guards interface in the SSA data flow integration.
 2025-03-06 15:11:52 +01:00
Lukas Abfalterer
b4c75d832c Merge branch 'main' into cwe-925 2025-03-05 14:15:07 +01:00
Anders Schack-Mulligen
c6761db2fc SSA: Replace the Guards interface in the SSA data flow integration. 2025-03-05 13:29:31 +01:00
Lukas Abfalterer
c9b75afc2a Fix QLL and add change notes with tests 2025-03-05 10:23:35 +01:00
Jami Cogswell
746f022cfa Java: add 'Spring' prefix to public class names 2025-03-04 10:34:16 -05:00
Anders Schack-Mulligen
9e03b12ba0 C#/Java/Ruby/Rust/SSA: Replace DefinitionExt with SourceVariable in data flow integration predicates. 2025-03-04 12:24:21 +01:00
Alex Eyers-Taylor
5e3ccc0cca Java: Simplify interpretOutput 2025-02-26 18:20:46 +00:00
Anders Schack-Mulligen
994a8eea39 Merge pull request #18857 from aschackmull/ssa/refactor-df-integr 
Ssa: Refactor the data flow integration module
 2025-02-25 15:04:11 +01:00
Anders Schack-Mulligen
2c3b48946d Merge pull request #18824 from aschackmull/java/basessa 
Java: Switch BaseSSA to use shared SSA lib.
 2025-02-25 14:23:46 +01:00
Owen Mansel-Chan
74a249597a Merge pull request #18607 from owen-mc/java/xss-content-type-sanitizer 
Java: Add XSS Sanitizer for `HttpServletResponse.setContentType` with safe values
 2025-02-24 23:39:18 +00:00
Jami Cogswell
6fe7c7a233 Java: some refactoring 2025-02-24 18:33:29 -05:00
Jami Cogswell
9e51b014d2 Java: handle example in Spring docs 2025-02-24 18:27:43 -05:00
Jami Cogswell
b2469ff8ba Java: add APIs and tests for more recent Spring versions: authorizeHttpRequests, AuthorizeHttpRequestsConfigurer, securityMatcher(s) 2025-02-24 18:26:02 -05:00
Jami Cogswell
8dfb920e05 Java: refactor QL, move code to libraries 2025-02-24 18:24:48 -05:00
Jami Cogswell
8064e8f1f9 Java: convert tests to inline expectations 2025-02-24 18:24:26 -05:00
Anders Schack-Mulligen
db7ec4a781 Java: Remove getDefinitionExt reference 2025-02-24 13:50:08 +01:00
Anders Schack-Mulligen
6932e000c6 Java: Switch BaseSSA to use shared SSA lib. 2025-02-21 08:57:23 +01:00
Anders Schack-Mulligen
1c616d10d4 Merge pull request #18819 from aschackmull/ssa/refactor-phiread3 
Ssa: Refactor shared SSA in preparation for eliminating phi-read definitions
 2025-02-21 08:56:38 +01:00
Anders Schack-Mulligen
5379506464 Java: Use firstUse and adjacentUseUse predicates. 2025-02-19 16:17:22 +01:00
Anders Schack-Mulligen
194afbb7f8 Java: Simplify SSA for variable capture. 2025-02-18 14:01:20 +01:00
Jami
d94dc5aa40 Merge pull request #18504 from jcogs33/jcogs33/java/file-constructor-path-sanitizer 
Java: `File` constructor path sanitizer
 2025-02-18 08:00:32 -05:00
Jami Cogswell
9bb5fe837d Java: address review comments 2025-02-17 15:47:45 -05:00
Jami Cogswell
2bb6a3914b Java: update tests 2025-02-14 15:16:08 -05:00
Jami Cogswell
c0ebeb9c7b Java: use AdditionalTaintStep 2025-02-14 13:52:43 -05:00
Jami
2a8cc00284 Merge pull request #18288 from jcogs33/jcogs33/csrf-unprotected-request-type 
Java: add CSRF query
 2025-02-11 15:32:56 -05:00
Jonas Jensen
76440120d1 Merge pull request #18737 from jbj/NumericCastTaintedQuery-selectedLocation 
Java: precise diff-informed NumericCastTainted
 2025-02-11 15:33:28 +01:00
Jonas Jensen
71c078dbdd Java: precise diff-informed NumericCastTainted 
It was discovered by the upcoming support for exact locations matching
in diff-informed testing that this data-flow configuration did not
correspond exactly to the query.
 2025-02-11 13:49:15 +01:00
Tom Hvitved
e5e88435bc Java: Remove ExitBasicBlock from SsaInput 2025-02-11 10:07:18 +01:00
Tom Hvitved
6fbb1e2571 Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2025-02-11 10:06:50 +01:00
Anders Schack-Mulligen
e955f58eb1 Java: Bugfix for samevar in useReaches. 2025-02-11 10:06:49 +01:00
Anders Schack-Mulligen
ed284353ef Java: Bugfix for qualifier-of-qualifier update in hasExplicitQualifierUpdate. 2025-02-11 10:06:47 +01:00
Anders Schack-Mulligen
284e48cfbe Java: Fixup private 2025-02-11 10:06:45 +01:00
Tom Hvitved
75137a0f4c Java: Adopt shared SSA library 2025-02-11 10:06:43 +01:00
Jami Cogswell
d21c8d789b Java: restrict sink to first arg of two-arg constructor call 2025-02-05 21:19:59 -05:00
Jami Cogswell
bd47dcc87d Java: check first arg for taint 2025-02-05 16:56:16 -05:00
Jami Cogswell
e8724ab220 Java: sanitize constructor call instead and update test cases 2025-02-05 15:46:10 -05:00
Jami Cogswell
4a4585a526 Java: move comment 2025-02-05 11:36:58 -05:00
Jami Cogswell
59d454771d Java: add FileConstructorSanitizer and tests 2025-02-04 17:51:23 -05:00
Jonas Jensen
0584aee72a Merge pull request #18636 from jbj/diff-informed-java-location-fixups 
Java: make diff-informed queries exact
 2025-02-03 15:22:43 +01:00