hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
31,029 Commits 1,671 Branches 157 Tags
z80coder/query-pack-release-candidate-2
Commit Graph

4135 Commits

Author SHA1 Message Date
haby0
00f13e1e6e Modify isAdditionalTaintStep 2021-07-27 10:59:38 +08:00
intrigus-lgtm
434b36c648 Update broken link 2021-07-26 15:48:47 +02:00
Anders Schack-Mulligen
6c666b49f5 Merge pull request #6366 from smowton/smowton/fiix/junit-nested-classes 
Prevent class-could-be-static alerts regarding JUnit Nested tests
 2021-07-26 12:45:23 +02:00
Joe Farebrother
358a7c1707 Fix issue when building with no pom file 2021-07-26 10:38:16 +01:00
Anders Schack-Mulligen
5d3e8d2add Merge pull request #6365 from Marcono1234/marcono1234/InstanceOfExpr-getCheckedType 
Java: Add `InstanceOfExpr.getCheckedType()`
 2021-07-26 11:20:48 +02:00
Anders Schack-Mulligen
ee13520836 Merge pull request #6364 from Marcono1234/marcono1234/TypeLiteral-getReferencedType 
Java: Add `TypeLiteral.getReferencedType()`
 2021-07-26 11:15:06 +02:00
Chris Smowton
aca905fa36 Prevent class-could-be-static alerts regarding JUnit Nested tests 2021-07-26 09:35:26 +01:00
github-actions[bot]
d51eafbfd5 Add changed framework coverage reports 2021-07-26 00:08:31 +00:00
Marcono1234
606173012a Java: Add InstanceOfExpr.getCheckedType() 
Additionally change `EqualsUsesInstanceOf.ql` to check for all RefTypes
instead of only Class.
 2021-07-26 00:50:11 +02:00
Marcono1234
3569ed56e5 Java: Add TypeLiteral.getReferencedType() 2021-07-26 00:02:08 +02:00
haby0
291ca3830a Modify according to suggestions 2021-07-23 09:28:55 +08:00
intrigus-lgtm
a30005c42e Replace broken link with archive.org link. 2021-07-22 22:14:44 +02:00
Joe Farebrother
6be9c705f0 Update usage text 2021-07-22 16:30:26 +01:00
Chris Smowton
5c917b4a23 Merge pull request #6353 from sauyon/sauyon/java/model-constructors 
Java: Add models for collection constructors
 2021-07-22 16:27:59 +01:00
Sauyon Lee
150f3fd352 improve windows compatibility 2021-07-22 08:00:14 -07:00
Sauyon Lee
5d716b95b1 Allow use of pom.xml to generate stubs 2021-07-22 07:52:35 -07:00
haby0
2a50cf8244 Fix 2021-07-22 22:24:09 +08:00
Sauyon Lee
fd02dcdf2e Java: Add models for collection constructors 2021-07-22 07:23:26 -07:00
haby0
d8f5f6987b Fix 2021-07-22 21:53:41 +08:00
haby0
e160352b38 Fix 2021-07-22 21:48:46 +08:00
haby0
735ab28040 Update java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.qhelp 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-07-22 21:45:30 +08:00
haby0
7cf2e9ed79 Update java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.qhelp 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-07-22 21:45:29 +08:00
haby0
46a212b712 Update java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-07-22 21:45:29 +08:00
haby0
676f0ad817 Update java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-07-22 21:45:29 +08:00
haby0
4ebf0ed7c5 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') 2021-07-22 21:45:29 +08:00
Chris Smowton
40173f7abb Remove stubbing script outputs 2021-07-22 14:33:34 +01:00
Chris Smowton
e2a533c7de Merge pull request #6346 from aschackmull/java/perf-fix 
Java: Fix bad magic.
 2021-07-22 10:15:16 +01:00
Chris Smowton
605f037af8 Merge pull request #6247 from p0wn4j/spring-responseentity-redirect-sink 
[Java] CWE-601: Add Spring URL Redirect ResponseEntity sink
 2021-07-22 09:45:30 +01:00
Anders Schack-Mulligen
dcfc027b5f Java: Fix bad magic. 2021-07-22 10:12:49 +02:00
Chris Smowton
c568a9463a Remove <> qualifier from ResponseEntity name 
This was an extractor bug that was fixed recently
 2021-07-21 17:58:06 +01:00
Tony Torralba
76905c47b4 Formatting 2021-07-21 09:47:45 +02:00
p0wn4j
f0d5520976 Add Spring URL Redirect ResponseEntity sink 
Copyedit qhelp
 2021-07-21 03:16:16 +04:00
Tony Torralba
4622d8590b Fix change note 2021-07-20 17:50:58 +02:00
Tony Torralba
26999c7ac4 Decouple UnsafeAndroidAccess.qll to reuse the taint tracking configuration 2021-07-20 17:46:35 +02:00
Tony Torralba
99e66cffa2 Merge branch 'main' into atorralba/promote-unsafe-android-webview-fetch 2021-07-20 17:30:56 +02:00
Tony Torralba
ed0db7c7b4 Fix release note 2021-07-20 17:24:24 +02:00
Tony Torralba
7a898a04f3 Fix release note 2021-07-20 17:23:47 +02:00
Tony Torralba
3259ead946 Decouple OgnlInjection.qll to reuse the taint tracking configuration 2021-07-20 17:21:10 +02:00
Tony Torralba
b6904a7992 Merge branch 'main' into atorralba/promote-ognl-injection 2021-07-20 17:17:17 +02:00
Tony Torralba
22c9baa462 Refactor JWT.qll 2021-07-20 17:14:34 +02:00
Tony Torralba
430d9f1834 Merge branch 'main' into atorralba/promote-missing-jwt-signature-check 2021-07-20 16:20:35 +02:00
Tony Torralba
8f1ecf529f QLDoc 2021-07-20 15:53:38 +02:00
Tony Torralba
42b6b26c10 Decouple JndiInjection.qll to reuse the taint tracking configuration 2021-07-20 15:38:34 +02:00
Anders Schack-Mulligen
77d53676ba Java: Remove deprecated ParExpr. 2021-07-20 15:27:31 +02:00
Tony Torralba
b8ea833a61 Merge branch 'main' into atorralba/promote-jndi-injection 2021-07-20 15:01:26 +02:00
Tony Torralba
68df8028d2 Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-07-20 14:47:16 +02:00
Artem Smotrakov
158a75e5a1 Import UnsafeDeserializationQuery in unsafeDeserialization.ql 2021-07-20 10:14:50 +02:00
Tony Torralba
0f199601f8 Refactor GroovyInjection.qll 2021-07-20 09:44:37 +02:00
github-actions[bot]
bed08a6f4f Add changed framework coverage reports 2021-07-20 00:06:37 +00:00
Chris Smowton
7819d32784 Make MediaType stub constants actually constant 
This is required to use them in annotations
 2021-07-19 18:28:30 +01:00