hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,676 Commits 1,671 Branches 157 Tags
yo-h/java15
Commit Graph

370 Commits

Author SHA1 Message Date
Joe
9c8a468237 Java: PrintAst: Add synthetic nodes for other declarations 2020-09-24 14:31:24 +01:00
Joe
1f99607624 Java: PrintAst: Improve test 2020-09-24 14:31:24 +01:00
Arthur Baars
252f8aa89d Java: add Spring::MultipartRequest as taint source 2020-09-22 19:01:10 +02:00
Tamás Vajk
54c35748f0 Merge pull request #4193 from tamasvajk/feature/sign-analysis 
C#: Sign analysis
 2020-09-22 15:33:33 +02:00
Anders Schack-Mulligen
47506a859e Merge pull request #4287 from joefarebrother/exectainted-array 
Java: Improve the ExecTainted query
 2020-09-22 13:16:05 +02:00
Jonathan Leitschuh
ab618dcf2f Java: QL Query Detector for JHipster Generated CVE-2019-16303 2020-09-21 18:46:13 -04:00
Tamas Vajk
8bf4a4209c C#: Sign analysis 
Synced between Java and C# through `identical-files.json`.
 2020-09-21 16:15:12 +02:00
Tamas Vajk
441fbe3215 Add Java test file for sign analysis 2020-09-21 15:07:09 +02:00
Joe
6d0df7cb3a Java: Add a container node for Imports in the PrintAst view 2020-09-17 17:29:36 +01:00
Joe
fcfc836720 Java: Add tests for ExecTainted 2020-09-17 16:47:55 +01:00
Tamás Vajk
5079deb92a Merge pull request #4268 from tamasvajk/feature/java-range-analysis-fn 
Java: Fix range analysis false negative
 2020-09-16 11:08:33 +02:00
Joe
28338eb32e Java: PrintAst: Various minor fixes of typos 
Fix references to C#

Fix getAPrimaryQlClass for JavadocTag

Fix typo for Import

Update test outputs
 2020-09-15 15:02:56 +01:00
Joe
53ab8dac06 Java: PrintAst: Fix failing tests 2020-09-15 14:45:48 +01:00
Joe
e38b583ec4 Java: PrintAst: Add tests 2020-09-15 14:45:48 +01:00
Tamas Vajk
23a9d0764e Java: Fix range analysis false negative 2020-09-15 12:09:05 +02:00
Tamas Vajk
c66473cb8a Java: Add test for range analysis 2020-09-15 12:07:30 +02:00
Jonas Jensen
464d3630a2 Java: Rename Block -> BlockStmt 2020-09-08 08:40:20 +02:00
Rasmus Wriedt Larsen
7a54d0b493 Java: Move files in experiemntal dirs to be consistent 2020-09-02 13:19:21 +02:00
Anders Schack-Mulligen
cc61e6117e Merge pull request #3542 from porcupineyhairs/mongoJava 
Java : add MongoDB injection sinks
 2020-09-01 16:19:17 +02:00
CodeQL CI
311e62f21d Merge pull request #4081 from aschackmull/java/dispatch-ctx-this-param 
Approved by aibaars
 2020-09-01 15:06:47 +01:00
CodeQL CI
b9a6183ec2 Merge pull request #4175 from aschackmull/java/adjust-cwe-089-qltest 
Approved by aibaars
 2020-09-01 12:43:56 +01:00
Arthur Baars
2729d109a5 Merge pull request #4123 from aschackmull/java/records-dataflow 
Java: Add data flow for record getters.
 2020-09-01 13:02:24 +02:00
Anders Schack-Mulligen
e5d7208c12 Java: Adjust a few qltests. 2020-09-01 12:49:09 +02:00
Anders Schack-Mulligen
82692876d8 Java: Add some test cases. 2020-09-01 11:24:30 +02:00
Anders Schack-Mulligen
c25dd4be8c Merge pull request #3363 from ggolawski/xslt-injection 
CodeQL query to detect XSLT injections
 2020-09-01 11:03:19 +02:00
Anders Schack-Mulligen
1dae99e4a5 Merge pull request #3543 from porcupineyhairs/WebsocketReadAsSource 
Java: add websocket reads as remote flow source.
 2020-09-01 10:58:02 +02:00
Grzegorz Golawski
0f555d42ed Fix test 2020-08-30 22:55:17 +02:00
Porcupiney Hairs
441825919c Java : add MongoDB injection sinks 2020-08-31 02:24:23 +05:30
Grzegorz Golawski
5e462a897d Merge branch 'main' into xslt-injection 2020-08-30 22:45:31 +02:00
Grzegorz Golawski
37f4410764 Fix test 2020-08-30 22:32:57 +02:00
Porcupiney Hairs
4f07733b06 remove U+200B 2020-08-30 04:54:02 +05:30
Porcupiney Hairs
3f6eef8437 Java: add websocket reads as remote flow source. 
Currently, JAX-WS reads are considered as untrusted. However, `java.net.http.WebSocket` reads are not marked as such.

This PR adds support for the same.
 2020-08-27 02:45:59 +05:30
Anders Schack-Mulligen
d82fee11b1 Java: Add data flow for record getters. 2020-08-24 11:51:04 +02:00
Anders Schack-Mulligen
bcad18f490 Java: Use the instance argument type in call contexts. 2020-08-20 15:17:04 +02:00
Anders Schack-Mulligen
a5701db3fa Java: Support String.formatted in the format string queries. 2020-08-17 15:01:48 +02:00
Anders Schack-Mulligen
4947e1d817 Java: Temporarily move a qltest. 2020-08-14 09:25:32 +02:00
Arthur Baars
5874ecc28b Merge pull request #3976 from luchua-bc/java-unsecure-basic-auth 
Java: Insecure basic authentication
 2020-08-07 21:39:23 +02:00
Anders Schack-Mulligen
205dd1aead Merge pull request #3881 from intrigus-lgtm/more-pathcreations 
Java: Centralize and model additional path creations.
 2020-08-06 11:21:39 +02:00
luchua-bc
b821f918e5 Address issues with matching empty host and host in a concatenated string 2020-08-06 01:53:29 +00:00
luchua-bc
9a8eed8440 Enhance address match 2020-08-05 19:57:31 +00:00
intrigus
1011325cf7 Accept test changes. 2020-08-05 21:45:41 +02:00
luchua-bc
ff0dacf1d7 Optimize the TaintTracking 2020-08-03 00:52:47 +00:00
luchua-bc
ff58abb7d3 Revamp the sink code 2020-08-01 03:25:02 +00:00
luchua-bc
81de1b14d9 Revamp the source of path query 2020-07-30 19:16:48 +00:00
luchua-bc
5520504658 Update expected results 2020-07-28 15:41:23 +00:00
luchua-bc
7f911f00ee Rename to insecure basic auth 2020-07-28 11:40:21 +00:00
luchua-bc
3a23451395 Enhance the query 2020-07-27 18:50:47 +00:00
luchua-bc
01fb51829c Unsecure basic authentication 2020-07-24 20:35:09 +00:00
intrigus
b705f7f3e9 Improve "PathCreation" Test. 2020-07-19 00:10:39 +02:00
Arthur Baars
67b6018079 Merge pull request #3729 from luchua-bc/java-hardcoded-aws-credentials 
Java: Hardcoded AWS credentials
 2020-07-13 18:04:42 +02:00