codeql

mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00

Author	SHA1	Message	Date
Tamas Vajk	01de550ef8	Make predicates private	2020-10-02 09:12:13 +02:00
Tamas Vajk	f52cf264ec	Refactor specificSubExprSign	2020-10-02 09:12:13 +02:00
Tamas Vajk	f03146d12f	Refactor fieldSign	2020-10-02 09:12:13 +02:00
Tamas Vajk	21ff1a0445	Address some of the PR review findings	2020-10-02 09:12:13 +02:00
Tamas Vajk	638d0399a8	Java, C#: Refactor explicitSsaDefSign in sign analysis	2020-10-02 09:09:23 +02:00
Tamas Vajk	7545fe74e3	Java, C#: Refactor implicitSsaDefSign in sign analysis	2020-10-02 09:09:23 +02:00
Tamas Vajk	37fc1d6f0f	Java, C#: cleanup sign analysis Add missing QL doc, improve readability	2020-10-02 09:09:23 +02:00
Jonathan Leitschuh	ab3772eaeb	Update JHipster CodeQL query from code review	2020-10-01 15:38:56 -04:00
Joe	ca4781eb78	Java: Remove use of StringFormatMethod in TaintTrackingUtils	2020-10-01 15:58:32 +01:00
Anders Schack-Mulligen	c027f3bd2b	Merge pull request #4324 from tamasvajk/feature/unsigned-sign-analysis Handle unsigned types in sign analysis (C# and Java)	2020-10-01 15:11:49 +02:00
Chris Smowton	578ea1ae43	Fix OWASP broken links	2020-10-01 13:09:52 +01:00
Arthur Baars	cf6036f9b4	Java: fix some android database sinks	2020-09-30 14:42:19 +02:00
Arthur Baars	061c2a754f	Java: tests for android database flow steps	2020-09-30 12:42:19 +02:00
Arthur Baars	a13e845127	Java: tests for android database sinks	2020-09-30 12:42:19 +02:00
Arthur Baars	39f5284dcc	Java: add stubs for some android database classes	2020-09-30 12:33:33 +02:00
Arthur Baars	449fb24ef6	Java: android add taint and SQL sink for ContentProvider/Resolver	2020-09-30 12:33:32 +02:00
Arthur Baars	efd5b6ff66	Java: SQLite: make classes private	2020-09-30 12:32:27 +02:00
Arthur Baars	28c965765b	Move query sinks into SQLite.qll	2020-09-30 12:32:27 +02:00
Arthur Baars	b3aae276ba	Add types to SQLite.qll	2020-09-30 12:32:24 +02:00
Arthur Baars	6db4f839cb	Java: add Android database taint and SQL injection sinks	2020-09-30 12:31:11 +02:00
Joe	be07d27a4c	Java: Improve tests	2020-09-29 16:36:34 +01:00
Joe	efc3a25237	Java: Don't pass taint through the format methods of `Console`	2020-09-29 16:02:51 +01:00
Joe Farebrother	eccfa5d26a	Fix documentation typo Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>	2020-09-29 15:34:05 +01:00
Joe	d184aa7c06	Make `FieldRead` and `FieldWrite` extend `LValue` and `RValue`	2020-09-29 15:24:51 +01:00
Joe	bea38fcd07	Java: Add taint modelling for string format methods	2020-09-28 16:25:45 +01:00
Tamas Vajk	2bbaa4e173	Handle unsigned types in sign analysis (C# and Java)	2020-09-28 14:46:32 +02:00
Joe Farebrother	274147c87a	Merge pull request #4339 from joefarebrother/printAST-java-var-decls Java: Add synthetic nodes for `LocalVariableDeclExpr`s in the AST view	2020-09-28 10:21:25 +01:00
Joe	5256c0ba39	Java: Improve PrintAst tests and rename things Add tests for `EnhcancedForStmt`s and `InstanceOfExpr`s. Rename LocalVarDeclParent to SingleLocalVarDeclParent	2020-09-25 11:31:56 +01:00
Anders Schack-Mulligen	3ef3e6e140	Merge pull request #4319 from hvitved/python-java-block-precedes-var Java/Python: Reduce size of `blockPrecedesVar`	2020-09-24 16:07:49 +02:00
Joe	9c8a468237	Java: PrintAst: Add synthetic nodes for other declarations	2020-09-24 14:31:24 +01:00
Joe	3e960c1e0b	Java: PrintAst: Refactor exceptions to the usual AST of expressions and statements using dispatch	2020-09-24 14:31:24 +01:00
Joe	1f99607624	Java: PrintAst: Improve test	2020-09-24 14:31:24 +01:00
Joe	45651cf123	Java: PrintAst: Add a synthetic node for the initialisers of for statements	2020-09-24 14:31:24 +01:00
Anders Schack-Mulligen	d4d4c0f3f9	Merge pull request #4325 from aibaars/hibernate-changenote Java: change note for Hiberate ORM improvements	2020-09-24 12:58:45 +02:00
Jonathan Leitschuh	17603c8091	Update java/ql/src/Security/CWE/CWE-338/JHipsterGeneratedPRNG.qhelp Co-authored-by: Felicity Chapman <felicitymay@github.com>	2020-09-23 13:59:49 -04:00
Arthur Baars	5894263671	Java: improve change note Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2020-09-23 15:37:55 +02:00
Jonathan Leitschuh	645d7c8831	Fix documentation in `apache/Lang.qll`	2020-09-22 15:04:06 -04:00
Jonathan Leitschuh	8578bc5cf0	Update java/ql/src/Security/CWE/CWE-338/JHipsterGeneratedPRNG.qhelp Co-authored-by: Felicity Chapman <felicitymay@github.com>	2020-09-22 15:02:00 -04:00
Jonathan Leitschuh	24fe3d0663	Apply suggestions from code review Co-authored-by: Felicity Chapman <felicitymay@github.com>	2020-09-22 13:11:11 -04:00
Arthur Baars	252f8aa89d	Java: add Spring::MultipartRequest as taint source	2020-09-22 19:01:10 +02:00
Arthur Baars	b382711f14	Java: change note for Hiberate ORM improvements	2020-09-22 18:55:07 +02:00
Tamás Vajk	54c35748f0	Merge pull request #4193 from tamasvajk/feature/sign-analysis C#: Sign analysis	2020-09-22 15:33:33 +02:00
Anders Schack-Mulligen	66e2ed9b65	Merge pull request #4031 from aibaars/hibernate Add additional Hibernate SQL sinks	2020-09-22 15:29:40 +02:00
Anders Schack-Mulligen	47506a859e	Merge pull request #4287 from joefarebrother/exectainted-array Java: Improve the ExecTainted query	2020-09-22 13:16:05 +02:00
Tom Hvitved	71da9045e5	Java/Python: Reduce size of `blockPrecedesVar`	2020-09-22 11:00:26 +02:00
Jonathan Leitschuh	ab618dcf2f	Java: QL Query Detector for JHipster Generated CVE-2019-16303	2020-09-21 18:46:13 -04:00
Tamas Vajk	8bf4a4209c	C#: Sign analysis Synced between Java and C# through `identical-files.json`.	2020-09-21 16:15:12 +02:00
Tamas Vajk	441fbe3215	Add Java test file for sign analysis	2020-09-21 15:07:09 +02:00
Anders Schack-Mulligen	4a3118b13e	Merge pull request #4246 from RasmusWL/java-fix-ssa-varBlockReaches Java: Minor fixup for SSA AdjacentUsesImpl::varBlockReaches	2020-09-21 13:28:20 +02:00
Rasmus Wriedt Larsen	233dd43635	Java: Port varBlockReaches fix to BaseSSA.qll	2020-09-21 12:11:25 +02:00

... 2 3 4 5 6 ...

1360 Commits