codeql

mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00

Author	SHA1	Message	Date
yo-h	eedc385b37	Java 15: adjust test `options`	2020-11-26 00:14:24 -05:00
Anders Schack-Mulligen	89361a3b75	Merge pull request #3812 from luchua-bc/java-android-remote-source Java: Add remote source of Android intent extra	2020-11-03 09:35:40 +01:00
luchua-bc	7ac3fb41d5	Clean up query and test files	2020-10-31 13:37:36 +00:00
Tom Hvitved	492b1141ef	Merge pull request #4445 from hvitved/csharp/sign-analysis-cfg C#: Use CFG nodes instead of AST nodes in sign/modulus analysis	2020-10-26 09:45:38 +01:00
Joe Farebrother	388f60f818	Merge pull request #4430 from joefarebrother/tainttrackingutils-refactor Java: Refactor part of TaintTrackingUtil.qll	2020-10-15 16:05:38 +01:00
Tom Hvitved	2af7e1c213	C#: Use CFG nodes instead of AST nodes in sign/modulus analysis	2020-10-14 13:39:44 +02:00
Jonathan Leitschuh	fc71ca747d	Java: Track taint through java.io.File::toPath & java.nio.file.Path::toFile	2020-10-13 21:15:09 -04:00
Joe Farebrother	eafde05a55	Java: Expand flow step refactoring to Callables Also add some missing flow steps for StringBuilder	2020-10-12 15:50:47 +01:00
Joe Farebrother	91ce02aad4	Java: Fix bug involving varadic parameters	2020-10-12 15:50:46 +01:00
Joe Farebrother	ca60f2cc18	Java: Fix failing tests	2020-10-12 15:48:43 +01:00
Daniel Beck	0c70be145f	Track taint through java.io.File constructor and #toURI; URI#toURL	2020-10-10 20:54:55 +02:00
Anders Schack-Mulligen	cb00f8bcc4	Merge pull request #4362 from tamasvajk/feature/sign-analysis-cleanup Sign analysis cleanup	2020-10-08 09:10:04 +02:00
Tamas Vajk	40a7f5aa1f	Java: Minor fix to modulus analysis to handle constant expressions and not only compile time constants	2020-10-07 11:42:42 +02:00
Tamas Vajk	5688210249	Java: add test for modulus analysis	2020-10-07 11:41:55 +02:00
Anders Schack-Mulligen	30f29e0ba7	Merge pull request #4320 from aibaars/multipart-request Java: add Spring::MultipartRequest as taint source	2020-10-05 13:45:06 +02:00
Anders Schack-Mulligen	e660ac54da	Merge pull request #4358 from joefarebrother/format-taint Java: Add taint steps through string formatting methods	2020-10-05 13:25:54 +02:00
Tamas Vajk	1cf3196b61	Fix additional PR review findings	2020-10-02 09:12:13 +02:00
Tamas Vajk	21ff1a0445	Address some of the PR review findings	2020-10-02 09:12:13 +02:00
Joe	be07d27a4c	Java: Improve tests	2020-09-29 16:36:34 +01:00
Joe	bea38fcd07	Java: Add taint modelling for string format methods	2020-09-28 16:25:45 +01:00
Tamas Vajk	2bbaa4e173	Handle unsigned types in sign analysis (C# and Java)	2020-09-28 14:46:32 +02:00
Arthur Baars	252f8aa89d	Java: add Spring::MultipartRequest as taint source	2020-09-22 19:01:10 +02:00
Tamas Vajk	8bf4a4209c	C#: Sign analysis Synced between Java and C# through `identical-files.json`.	2020-09-21 16:15:12 +02:00
Tamas Vajk	441fbe3215	Add Java test file for sign analysis	2020-09-21 15:07:09 +02:00
Tamas Vajk	23a9d0764e	Java: Fix range analysis false negative	2020-09-15 12:09:05 +02:00
Tamas Vajk	c66473cb8a	Java: Add test for range analysis	2020-09-15 12:07:30 +02:00
CodeQL CI	311e62f21d	Merge pull request #4081 from aschackmull/java/dispatch-ctx-this-param Approved by aibaars	2020-09-01 15:06:47 +01:00
Anders Schack-Mulligen	82692876d8	Java: Add some test cases.	2020-09-01 11:24:30 +02:00
Anders Schack-Mulligen	d82fee11b1	Java: Add data flow for record getters.	2020-08-24 11:51:04 +02:00
Anders Schack-Mulligen	bcad18f490	Java: Use the instance argument type in call contexts.	2020-08-20 15:17:04 +02:00
Anders Schack-Mulligen	a1d272e870	Merge pull request #3918 from aibaars/organise-container-flow Java: Clean up ContainerFlow, consider more methods	2020-07-10 14:19:44 +02:00
Arthur Baars	43b61038e9	Drop Map.merge as taint step	2020-07-10 13:00:14 +02:00
Arthur Baars	0d33a77ee3	Fix modelling of Stack.push Stack.push(E) returns its argument, it does not propagate taint from the stack to the return value.	2020-07-09 16:16:29 +02:00
Anders Schack-Mulligen	879551fc6a	Merge pull request #3936 from aibaars/object-clone Java: model Object.clone	2020-07-09 16:09:01 +02:00
Arthur Baars	e183171fea	Java: model Object.clone	2020-07-09 14:50:29 +02:00
Arthur Baars	0bd103ac05	Java: add tests for Container taint steps	2020-07-09 12:15:38 +02:00
Anders Schack-Mulligen	777dc6305c	Merge pull request #3893 from aibaars/set-map-list-copy-of Java: model some new Set,List,Map methods	2020-07-09 10:18:12 +02:00
Arthur Baars	e8f216c761	Merge remote-tracking branch 'upstream/master' into set-map-list-copy-of	2020-07-08 15:11:13 +02:00
Anders Schack-Mulligen	bf5c5297d3	Merge pull request #3897 from aibaars/util-objects Java: data flow for `java.util.Objects`	2020-07-08 15:07:50 +02:00
Arthur Baars	72a24972e7	Apply suggestions from code review Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2020-07-08 13:30:24 +02:00
Arthur Baars	940fec5669	Drop taint tracking for Arrays.{deepToString,toString}	2020-07-07 17:26:49 +02:00
Arthur Baars	583f7f914e	Drop taint tracking for Arrays.{setAll, parallelSetAll, parallelPrefix}	2020-07-07 17:22:30 +02:00
Arthur Baars	9cf6601d02	Java: Data flow for `java.util.Objects`	2020-07-07 16:58:22 +02:00
Arthur Baars	19a481f809	Java: Arrays: add tests	2020-07-03 17:15:17 +02:00
Arthur Baars	1485f7c876	Java: model some new Set,List,Map methods Models the taint propagation for the copyOf(..), of(..), ofEntries(..) and entry(..) methods	2020-07-03 17:14:53 +02:00
Arthur Baars	c629f6b13a	Merge pull request #3869 from aibaars/util-collections Java: model java.util.Collections	2020-07-03 17:09:14 +02:00
Arthur Baars	5fff41f35b	Don't track taint on Map keys	2020-07-03 14:47:25 +02:00
Arthur Baars	5f2a5f1b55	Java: Collections: add tests	2020-07-02 19:18:02 +02:00
Tom Hvitved	c01f570d9e	Java: Implement `clearsContent()`	2020-06-23 10:55:12 +02:00
Tom Hvitved	e578827626	Java: Add more field-flow tests	2020-06-23 10:55:11 +02:00

1 2

95 Commits