hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-20 06:07:07 +02:00
Code Issues Packages Projects Releases Wiki Activity
87,316 Commits 1,759 Branches 167 Tags
yoff/python-use-shared-control-flow
Commit Graph

4463 Commits

Author SHA1 Message Date
Tony Torralba
35b4c438ff Fix Gson's JsonArray.add models 
When the type of the argument isn't JsonElement, the summary must be taint flow instead of value flow
 2023-06-07 14:12:20 +02:00
yoff
911835c30e Merge pull request #13392 from yoff/java/test-type-tracking-through-flow-summaries 
java: test type tracking through flow summaries
 2023-06-07 14:10:23 +02:00
Tony Torralba
46b30453e3 Merge pull request #13386 from github/java/update-mad-decls-after-triage-2023-06-06T14-38-29 
Java: Update MaD Declarations after Triage
 2023-06-07 12:33:26 +02:00
Rasmus Lerchedahl Petersen
aec1e4a713 java: address ql alert 2023-06-07 11:40:50 +02:00
Rasmus Lerchedahl Petersen
76e1c6f76f java: test type tracking through flow summaries 2023-06-07 11:18:53 +02:00
Tony Torralba
416d3d587d Accept test changes 
An uncovered test case is now correctly covered
 2023-06-07 10:33:17 +02:00
Tony Torralba
72af634575 Kotlin: Add flow through use and with 2023-06-06 11:22:16 +02:00
Nick Rolfe
6c5c338e6b Merge pull request #13348 from github/nickrolfe/java-location-tostring 
Java: avoid call to `Location.toString()`
 2023-06-06 09:55:42 +01:00
Jeroen Ketema
5f64354a70 Merge pull request #13353 from jketema/expecation 
Fix typo in spelling of expectation
 2023-06-02 12:29:49 +02:00
Tony Torralba
ad2f558002 Add Hudson models 
Includes models-as-data rows, flow sources, and XSS sanitizers.

Tests for models-as-data rows not included.
 2023-06-02 11:06:24 +02:00
Jeroen Ketema
7b17b92aca Fix typo in spelling of expectation 2023-06-02 10:36:11 +02:00
Tony Torralba
527fe523a8 Add PathCreation.qll sinks to models-as-data 
The old PathCreation sinks can't be removed because doing so would cause alert wobble in the path injection queries. See their getReportingNode predicates.
 2023-06-02 09:14:35 +02:00
Tony Torralba
c3b1ef2cdf Merge branch 'main' into atorralba/java/command-injection-mad-sinks 2023-06-02 08:57:24 +02:00
Jami
617107de35 Merge pull request #12916 from jcogs33/jcogs33/revamp-java-sink-kinds 
Java: revamp MaD sink kinds
 2023-06-01 12:48:30 -04:00
Nick Rolfe
7290e2bfd9 Java: avoid call to Location.toString() 2023-06-01 17:06:34 +01:00
Jami
10bab71c60 Merge pull request #12249 from jcogs33/jcogs33/add-heuristic-neutral-models 
Java: add some neutral models discovered with heuristics
 2023-06-01 07:51:55 -04:00
Jami Cogswell
82f208ca7a Java: add isNeutralSink test case 2023-05-31 17:47:36 -04:00
Jami Cogswell
e28ce959a3 Java: update CaptureSinkModels test case 2023-05-31 15:51:07 -04:00
Jami Cogswell
5dbb698481 Java: update open/jdbc-url sink kinds to request-forgery 2023-05-31 15:50:31 -04:00
Tony Torralba
482bb94ad9 Merge pull request #13179 from pwntester/java_gson 
[Java] Add basic support for Google's Gson library
 2023-05-31 11:16:19 +02:00
Tony Torralba
6f302a43ea Merge pull request #13297 from atorralba/atorralba/java/playmvc-models 
Java: Add models for the Play Framework
 2023-05-31 09:02:17 +02:00
Tony Torralba
d3d67f0fb0 Add tests & stubs 2023-05-30 17:52:00 +02:00
Andrew Eisenberg
2d81e30d81 Fix addsTo.pack references 
This change is a prerequisite for a CLI change where there will be
strict testing of the `addsTo.pack` values. It must resolve to a pack
reference that is a transitive dependency of the current query's pack.
 2023-05-29 13:45:41 -07:00
Jami Cogswell
24fc4ba2d4 Java: add tests 2023-05-26 18:55:13 -04:00
Tony Torralba
8e16a0d144 Add tests and stubs for the summaries 2023-05-26 12:43:58 +02:00
Tony Torralba
903fdb0cb8 Java: Add models for the Play Framework 2023-05-26 10:23:43 +02:00
Tony Torralba
a276cc3094 Convert all command injection sinks to MaD format 2023-05-25 11:41:32 +02:00
Tony Torralba
7d0b02e267 Merge pull request #13248 from atorralba/atorralba/java/nio-files-copy-models-fix 
Java: Tweak java.nio.file.Files.copy models
 2023-05-24 10:55:15 +02:00
Tony Torralba
654bb00946 Java: Tweak java.nio.files.Files.copy models 2023-05-23 10:27:19 +02:00
Ed Minnix
774baead60 Add test case based on missing result 2023-05-22 15:57:15 -04:00
Tony Torralba
b58eb3a92c Java: Add TemplateEngine.createTemplate as a groovy injection sink 2023-05-19 17:45:47 +02:00
Tony Torralba
a8afa4785e Merge pull request #13140 from atorralba/atorralba/java/spring-jdbc-namedparam-models 
Java: Add SQLi sinks for Spring JDBC
 2023-05-18 14:49:28 +02:00
Tony Torralba
2c54996499 Apply @jcogs33's suggestions from code review 2023-05-18 08:51:19 +02:00
Tony Torralba
770099f210 Merge branch 'main' into atorralba/java/promote-xxe-experimental-sinks 2023-05-16 09:49:34 +02:00
Tony Torralba
7d79d87d48 Add XPath.evaluate as XXE sink 2023-05-15 17:39:35 +02:00
Kasper Svendsen
d40cd0f275 Java: Make implicit this receivers explicit 2023-05-12 12:47:21 +02:00
Tony Torralba
a48fa652ce Java: Add SQLi sinks for Spring JDBC 2023-05-12 10:57:49 +02:00
Kasper Svendsen
0de6e4138f Merge pull request #13037 from kaspersv/kaspersv/java-enable-implicit-this-warnings 
Java: Enable implicit this receiver warnings
 2023-05-09 10:24:31 +02:00
Michael Nebel
f2f9944a1c Merge pull request #12931 from michaelnebel/neutralkinds 
Java/C#: Introduce kind for neutrals.
 2023-05-09 08:42:38 +02:00
Kasper Svendsen
b0714904c0 Java: Enable implicit this receiver warnings 2023-05-09 08:25:40 +02:00
Edward Minnix III
05b1bd881e Merge pull request #12852 from egregius313/egregius313/java/webgoat/model-jwsheader 
Java: Model `io.jsonwebtoken.SigningKeyResolverAdapter` and `io.jsonwebtoken.JwsHeader`
 2023-05-08 10:57:34 -04:00
Michael Nebel
c30f080ff0 Java: Update expected test out for the model generator. 2023-05-08 16:18:59 +02:00
Ed Minnix
5c10d42915 More test cases for io.jsonwebtoken.SigningKeyResolverAdapter 2023-05-04 16:52:40 -04:00
Ed Minnix
a4fa1ec768 Test case for modeling io.jsonwebtoken.SigningKeyResolverAdapter 2023-05-04 16:52:40 -04:00
Ed Minnix
3d0147765c Add missing methods to jwtk-jjwt stubs 2023-05-04 16:52:40 -04:00
Ed Minnix
5f3c8fef3f Privacy markers and fixed imports 2023-05-04 10:25:17 -04:00
Ed Minnix
c2b6a3f4e0 Add XPathInjectionQuery 2023-05-04 10:14:59 -04:00
Kasper Svendsen
081085e128 Java: Make implicit this receivers explicit 2023-05-03 13:37:35 +02:00
Anders Schack-Mulligen
246d904712 Merge pull request #12948 from aschackmull/dataflow/pathnode-type-tostring 
Dataflow: Add type to PathNode.toString.
 2023-04-27 14:14:10 +02:00
Anders Schack-Mulligen
f685ae1fa7 Java: Update one more expected output. 2023-04-27 12:00:32 +02:00