hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
31,029 Commits 1,671 Branches 157 Tags
z80coder/query-pack-release-candidate-2
Commit Graph

4135 Commits

Author SHA1 Message Date
Chris Smowton
b9b34eb0ee Move Spring XSS sink definition into SpringHttp.qll 2021-09-10 16:10:45 +01:00
Chris Smowton
3b6cc97557 Sanitize Spring bodies directly associated with an XSS-safe Content-Type 2021-09-10 16:10:44 +01:00
Chris Smowton
29028c5d46 Update test expectations to account for dataflow subpaths changes 2021-09-10 13:53:41 +01:00
Chris Smowton
2d03840fde Add experimental variants of java/xxe, incorporating new sinks and a version that uses local sources. 
Originally authored by @haby0, squashed to clean up a tangled commit history.
 2021-09-10 13:49:31 +01:00
Tom Hvitved
649c2ce188 Merge pull request #6586 from hvitved/dataflow/stage2-precise-call-ctx-take2 
Data flow: Add precise call contexts to stage 2
 2021-09-10 11:34:35 +02:00
Tom Hvitved
296d10fe2a Data flow: Adjust callMayFlowThroughFwd pragmas 2021-09-10 09:21:24 +02:00
Anders Schack-Mulligen
3e17fdcaa3 Merge pull request #6407 from bmuskalla/charSeqSubSeq 
Java: Track taint for CharSequence#subSequence
 2021-09-10 09:01:29 +02:00
Chris Smowton
5b8b27a2aa Merge pull request #6651 from smowton/smowton/admin/functional-interface-tests 
Add tests for functional interfaces
 2021-09-09 22:02:16 +01:00
Anders Schack-Mulligen
13c4b93d3d Merge pull request #6648 from aschackmull/java/func-interface 
Java: Fix FunctionalInterface.
 2021-09-09 16:14:14 +02:00
Benjamin Muskalla
9d5e48430e Merge branch 'main' into charSeqSubSeq 2021-09-09 16:04:36 +02:00
Chris Smowton
a0bf170d02 Add test for functional interfaces 2021-09-09 15:00:42 +01:00
Anders Schack-Mulligen
ec3990c619 Java: Fix FunctionalInterface. 2021-09-09 15:04:22 +02:00
Benjamin Muskalla
c0e65e71b4 Revert "Java: Fix external flow perofrmance with future optimiser." 
This reverts commit be1d4c04f2.
 2021-09-09 13:06:23 +02:00
Benjamin Muskalla
eef044f4d0 Add test to capture expected parameter format 2021-09-09 13:05:15 +02:00
Benjamin Muskalla
a1b7437f8d Merge branch 'main' into thirdpartyapitelemtry 2021-09-09 11:11:42 +02:00
Marcono1234
a173d9593b Java: Detect spurious param Javadoc tag of generic classes 2021-09-09 00:11:02 +02:00
Benjamin Muskalla
96a34b6165 Fix value flow for fluent api 2021-09-08 16:12:52 +02:00
Benjamin Muskalla
b47507293a Minor fixes for fluent apis 2021-09-08 15:32:41 +02:00
Benjamin Muskalla
67eaa1b735 Fix qldoc 2021-09-08 13:08:28 +02:00
Anders Schack-Mulligen
1af39f0776 Dataflow: Sync. 2021-09-08 13:02:07 +02:00
Anders Schack-Mulligen
2e9876f58f Dataflow: Only calculate fastTC for the relevant part of edges. 2021-09-08 13:01:29 +02:00
Anders Schack-Mulligen
2b7882e6e5 Merge pull request #5032 from aschackmull/dataflow/subpaths 
Dataflow: Add subpaths query predicate.
 2021-09-08 11:52:41 +02:00
alexet
81f4822b8d Java: Fix performance with future optimiser by caching a predicate 2021-09-07 16:38:40 +01:00
alexet
be1d4c04f2 Java: Fix external flow perofrmance with future optimiser. 2021-09-07 16:38:39 +01:00
alexet
726feb3f4d Java: Fix magic in TC with future optimiser. 2021-09-07 16:38:39 +01:00
Benjamin Muskalla
9e66ee1da0 Add example to inline flow test docs 2021-09-07 16:47:02 +02:00
Benjamin Muskalla
3641b28c3e Convert javax-json to InlineFlowTest 2021-09-07 16:47:01 +02:00
Benjamin Muskalla
a6b47208e1 Convert optional to InlineFlowTest 2021-09-07 16:47:01 +02:00
Benjamin Muskalla
2d9b4b33d4 Convert spring to InlineFlowTest 2021-09-07 16:47:01 +02:00
Benjamin Muskalla
da3b7a2b69 Convert json-java to InlineFlowTest 2021-09-07 16:47:00 +02:00
Benjamin Muskalla
ff73e46c95 Convert jackson to InlineFlowTest 2021-09-07 16:47:00 +02:00
Benjamin Muskalla
1ead522705 Convert guava-cache to InlineFlowTest 2021-09-07 16:47:00 +02:00
Benjamin Muskalla
efd5dc94e6 Convert apache-commons-lang3 to InlineFlowTest 2021-09-07 16:47:00 +02:00
Benjamin Muskalla
eba414e31b Convert apache-collections to InlineFlowTest 2021-09-07 16:46:59 +02:00
Benjamin Muskalla
3bc70f0ce6 Convert containerflow to inline flow test 2021-09-07 16:46:59 +02:00
Benjamin Muskalla
7a0fc6ae61 Migrate jaxson to inline test 2021-09-07 16:46:59 +02:00
Benjamin Muskalla
41891959a3 Fix apache test 2021-09-07 16:46:58 +02:00
Benjamin Muskalla
2d13906e0e Simplify jaxrs setup 2021-09-07 16:46:58 +02:00
Benjamin Muskalla
24d43689b2 Simplify test setup 2021-09-07 16:46:58 +02:00
Benjamin Muskalla
8830f1531f Convert some tests to use InlineFlowTest 2021-09-07 16:46:58 +02:00
Benjamin Muskalla
acb055400d Extract inline flow test 2021-09-07 16:46:57 +02:00
Benjamin Muskalla
d1a1f57e77 Convert taint-format test into inline test 2021-09-07 16:46:56 +02:00
Benjamin Muskalla
f7ad894495 Fix name of api filter predicate 2021-09-07 14:28:58 +02:00
Benjamin Muskalla
22df141761 Rename API name predicate 2021-09-07 14:17:13 +02:00
Anders Schack-Mulligen
f6541811d2 Dataflow: Update more tests. 2021-09-07 13:02:20 +02:00
Anders Schack-Mulligen
f30dad7705 Dataflow: Update test expected outputs. 2021-09-07 13:02:20 +02:00
Anders Schack-Mulligen
7ec1fa2ebe Dataflow: Sync. 2021-09-07 12:51:42 +02:00
Anders Schack-Mulligen
2d7d45a8ac Dataflow: Account for hidden nodes. 2021-09-07 12:51:42 +02:00
Anders Schack-Mulligen
3c3d71d4a0 Dataflow: Sync 2021-09-07 12:51:42 +02:00
Anders Schack-Mulligen
81ed3e7176 Dataflow: Add subpaths query predicate. 2021-09-07 12:51:42 +02:00