hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 02:13:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,010 Commits 1,671 Branches 157 Tags
updateExterns
Commit Graph

1566 Commits

Author SHA1 Message Date
Joe Farebrother
2fd5d26b1b Add FP as a test case 2020-12-08 16:37:53 +00:00
yo-h
54d7cac46d Merge pull request #4718 from aschackmull/java/cleanup-deprecated 
Java: Remove some deprecated classes.
 2020-12-04 11:17:14 -05:00
yo-h
a5393b4661 Merge pull request #4746 from aschackmull/java/ssa-perf 
Java: Improve performance of SSA.
 2020-12-04 11:16:39 -05:00
Anders Schack-Mulligen
0cc324b715 Merge pull request #3839 from luchua-bc/uncaught-servlet-exception 
Java: Uncaught servlet exception
 2020-12-02 15:12:59 +01:00
Anders Schack-Mulligen
0175a596ef Update java/ql/src/experimental/Security/CWE/CWE-600/UncaughtServletException.ql 2020-12-02 13:33:59 +01:00
yo-h
cdeeefc235 Merge commit '8f2094f' into yo-h/java15-merge 2020-12-01 17:47:58 -05:00
Anders Schack-Mulligen
8f2094f0bf Autoformat. 2020-11-30 14:42:38 +01:00
Anders Schack-Mulligen
88e0759365 Java: Change RemoteUserInput to private instead of removing. 2020-11-30 13:40:53 +01:00
Anders Schack-Mulligen
5a66d6ab93 Java: Improve performance of SSA. 2020-11-30 11:26:03 +01:00
Anders Schack-Mulligen
931322e4c5 Merge pull request #4668 from aschackmull/dataflow/refactor-pruning 
Dataflow: Refactor pruning stages.
 2020-11-30 09:37:04 +01:00
yo-h
7e8bc4a61b Merge commit '2fa9037' into yo-h/java15-merge 2020-11-29 18:42:20 -05:00
luchua-bc
ad0ac5b874 Change kind to problem 2020-11-27 16:43:57 +00:00
Anders Schack-Mulligen
028a72bcdd Merge pull request #4610 from luchua-bc/java-nfe-local-android-dos 
Java: Query to detect Local Android DoS caused by NFE
 2020-11-27 14:20:23 +01:00
Anders Schack-Mulligen
fec9758252 Dataflow: Sync. 2020-11-27 12:16:43 +01:00
Anders Schack-Mulligen
8f4fce185b Dataflow: Review fixes. 2020-11-27 12:16:28 +01:00
Jonas Jensen
ad4b2beafa Merge pull request #4727 from criemen/remove-abstract-classes 
C++/C#/JS/Python/Java XML.qll: Remove abstract from class hierarchy.
 2020-11-27 08:17:21 +01:00
Anders Schack-Mulligen
2234d665ce Add manual magic 2020-11-26 13:55:20 -05:00
yo-h
9bb949a8b1 Java: make some SMAP predicates private and add QLDoc 2020-11-26 13:55:19 -05:00
yo-h
c077ca3fc9 Java: add dbscheme upgrade script for SMAP relations 2020-11-26 13:55:19 -05:00
yo-h
f9e78085ac Java: add dbscheme stats for SMAP relations 2020-11-26 13:55:18 -05:00
yo-h
edb41655b4 Java: incorporate SMAP locations into Top.hasLocationInfo 2020-11-26 13:55:17 -05:00
yo-h
e2419e8fed Java: add SMAP relations to dbscheme 2020-11-26 13:55:17 -05:00
luchua-bc
a83ddd66eb Add comments about how the future promotion should go 2020-11-26 17:41:46 +00:00
luchua-bc
7ad031ca70 Move to experimental and update qldoc 2020-11-26 17:09:53 +00:00
Anders Schack-Mulligen
f70072a2db Merge pull request #3454 from porcupineyhairs/javaSSRf 
Java : add request forgery query
 2020-11-26 08:52:15 +01:00
yo-h
eedc385b37 Java 15: adjust test options 2020-11-26 00:14:24 -05:00
Cornelius Riemenschneider
3bfb398516 Autoformat XML.qll. 2020-11-25 18:20:50 +01:00
Cornelius Riemenschneider
7eec988fb5 XML.qll: Remove abstract from class hierarchy. 2020-11-25 17:22:03 +01:00
luchua-bc
a49160423b Enhance the query and add more test cases 2020-11-25 04:33:26 +00:00
Anders Schack-Mulligen
b192f6dfe0 Java: Remove some deprecated classes. 2020-11-24 14:04:01 +01:00
Anders Schack-Mulligen
3f04099c25 Update java/ql/src/experimental/CWE-918/RequestForgery.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2020-11-24 13:18:58 +01:00
Anders Schack-Mulligen
0450489022 Java: Review fixes. 2020-11-24 11:31:44 +01:00
Anders Schack-Mulligen
2cf10a7658 Merge pull request #4427 from aschackmull/java/fastjson 
Java: Add support for FastJson in unsafe deserialization.
 2020-11-23 14:40:14 +01:00
luchua-bc
a311462791 Move to query-test folder and update qldoc 2020-11-19 13:12:42 +00:00
Porcupiney Hairs
ebc6c49555 include suggestions from review. 2020-11-19 03:37:00 +05:30
luchua-bc
85434ca410 Format the source code and update qldoc 2020-11-17 21:20:53 +00:00
Aditya Sharad
b9b6a35564 Merge pull request #4629 from pwntester/improve_bean_validation_query 
Java: add some improvements to the bean validation query
 2020-11-17 08:35:49 -08:00
Anders Schack-Mulligen
f74fc0ff26 Dataflow: Fix bad join-orders. 2020-11-17 14:28:25 +01:00
luchua-bc
0bd6255c41 Query for cleartext storage using Android SharedPreferences 2020-11-16 17:23:01 +00:00
Anders Schack-Mulligen
4be731d2ab Java: Adjust reference to static method and add test. 2020-11-16 11:47:58 +01:00
Anders Schack-Mulligen
80ee92ae97 Java: Add support for FastJson in unsafe deserialization. 2020-11-16 11:47:58 +01:00
Anders Schack-Mulligen
9e45f10c5d Dataflow: Remove headUsesContent. 2020-11-13 15:12:39 +01:00
Anders Schack-Mulligen
e0a6a485df Dataflow: Sync. 2020-11-13 15:12:16 +01:00
Anders Schack-Mulligen
d324cd1844 Dataflow: Some qldoc. 2020-11-13 15:09:30 +01:00
Anders Schack-Mulligen
293429f821 Dataflow: Make a bunch of the interface predicates private. 2020-11-13 15:09:30 +01:00
Anders Schack-Mulligen
d028e6b334 Dataflow: Change some headUsesContent to getHead. 2020-11-13 15:09:30 +01:00
Anders Schack-Mulligen
aa66b9bb48 Dataflow: Align more predicates. 2020-11-13 15:09:30 +01:00
Anders Schack-Mulligen
6e6e5d6414 Dataflow: Renamings. 2020-11-13 15:09:29 +01:00
Anders Schack-Mulligen
786edbf045 Dataflow: Align on parameterMayFlowThrough. 
This actually provides a decent pruning improvement in stages 3 and 4.
 2020-11-13 15:09:29 +01:00
Anders Schack-Mulligen
15bf1b1026 Dataflow: Rename some stage 1 predicates. 2020-11-13 15:09:29 +01:00