codeql

mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00

Author	SHA1	Message	Date
Chris Smowton	a0297d51e5	Note fixed test result the Optional type has now been modelled	2021-07-19 18:28:06 +01:00
Chris Smowton	82ea2592ad	Spring HTTP: Fix test mistakes Classes without RestController and methods without GetMapping or similar were never going to be detected.	2021-07-19 18:21:13 +01:00
Chris Smowton	392e405f5d	Add Spring-XSS test This covers the cases currently exercised in https://github.com/github/codeql-securitylab/blob/main/java/ql/src/pwntester/security/RestXSS.ql	2021-07-19 18:21:11 +01:00
Chris Smowton	16c5952167	Add and improve Spring-web stubs	2021-07-19 18:20:37 +01:00
Chris Smowton	8051a7cd83	Add change note	2021-07-19 18:11:05 +01:00
Chris Smowton	34a4b71891	Add models of JSON-java, aka `org.json`	2021-07-19 17:57:27 +01:00
Tony Torralba	70081b6a1e	Refactor MvelInjection.qll	2021-07-19 15:36:35 +02:00
Artem Smotrakov	47e4cf4180	Make UnsafeDeserializationSink public	2021-07-19 15:34:33 +02:00
Tony Torralba	45a72ff6eb	Fix InsecureBasicAuth test expectations	2021-07-19 13:56:31 +02:00
Tony Torralba	46faf68d64	Decouple MvelInjection.qll to reuse the taint tracking configuration	2021-07-19 13:50:03 +02:00
Tony Torralba	5ca8b380e9	Merge branch 'main' into atorralba/promote-mvel-injection	2021-07-19 13:45:10 +02:00
Artem Smotrakov	035f7ac669	Refactored libs for unsafe deserialization	2021-07-19 13:19:36 +02:00
Tony Torralba	1c91e74269	Rename sink models class	2021-07-19 13:05:37 +02:00
Tony Torralba	441e8afe81	Decouple GrovyInjection.qll to reuse the taint tracking configuration	2021-07-19 12:53:37 +02:00
Anders Schack-Mulligen	db76b12f3f	Merge pull request #6313 from aschackmull/java/fix-csv-dispatch Java: Fix a bug in call-context-sensitve dispatch to SummarizedCallable.	2021-07-19 12:49:31 +02:00
Tony Torralba	b08f417a1e	Merge branch 'main' into atorralba/promote-groovy-injection	2021-07-19 12:44:03 +02:00
Artem Smotrakov	e02530749b	Apply suggestions from code review Co-authored-by: Chris Smowton <smowton@github.com>	2021-07-19 11:52:12 +02:00
Anders Schack-Mulligen	0b89f96055	Merge pull request #6318 from Marcono1234/patch-1 Java: Fix documentation mistake for `ProtoPom`	2021-07-19 11:25:06 +02:00
Anders Schack-Mulligen	d1f21a854a	Merge pull request #6042 from joefarebrother/spring-http [Java] Model spring `http` package	2021-07-19 11:24:41 +02:00
Anders Schack-Mulligen	c32a75a1b3	Merge pull request #6183 from smowton/smowton/feature/javax-json-models Add models of the jakarta/javax.json package	2021-07-19 11:19:21 +02:00
github-actions[bot]	9b7616bea4	Add changed framework coverage reports	2021-07-19 00:07:04 +00:00
Marcono1234	87d6b9ca5a	Java: Fix documentation mistake for `ProtoPom`	2021-07-18 02:49:43 +02:00
Artem Smotrakov	cfe74b527a	Use inline-expectation tests for StaticInitializationVector.ql	2021-07-17 01:04:52 +02:00
Artem Smotrakov	218731ca0a	Added a query for static initialization vectors in encryption - Added StaticInitializationVector.ql - Added StaticInitializationVector.qhelp - Added tests	2021-07-16 19:06:44 +02:00
Artem Smotrakov	c367c7e33b	Merge branch 'unsafe-jackson-deserialization' of github.com:artem-smotrakov/ql into unsafe-jackson-deserialization	2021-07-16 18:26:38 +02:00
Artem Smotrakov	3856527d14	Refactored tests for unsafe deserialization	2021-07-16 18:26:06 +02:00
Artem Smotrakov	6d7cb48054	Refactored the query for unsafe deserialization	2021-07-16 18:25:41 +02:00
Anders Schack-Mulligen	effca4495f	Java: Fix a bug in call-context-sensitve dispatch to SummarizedCallable.	2021-07-16 14:31:29 +02:00
Anders Schack-Mulligen	68b3c28202	Merge pull request #6310 from github/workflow/coverage/update Update CSV framework coverage reports	2021-07-16 14:10:33 +02:00
Chris Smowton	9cde13bf82	Note spurious results that stem from weak updates to synthetic fields.	2021-07-16 09:44:36 +01:00
github-actions[bot]	e61702c281	Add changed framework coverage reports	2021-07-16 00:07:10 +00:00
Joe Farebrother	f7de2e64c5	Fix failing test caused by an imprecission in the stubber	2021-07-15 15:15:37 +01:00
Chris Smowton	1bbac748fe	Add change note	2021-07-15 14:58:25 +01:00
Chris Smowton	7b984cc2b0	Add models for Apache Commons Lang's Mutable container	2021-07-15 14:58:25 +01:00
Chris Smowton	712b0d866e	Merge pull request #6297 from aschackmull/java/query-metadata4 Java: More missing metadata.	2021-07-15 14:32:47 +01:00
Anders Schack-Mulligen	5b7c2d133f	Merge pull request #6291 from aschackmull/java/csv-synthfield Java: Add support for synthetic fields in csv rows.	2021-07-15 13:43:56 +02:00
Anders Schack-Mulligen	9b2b593cb4	Java: More missing metadata.	2021-07-15 13:41:12 +02:00
Anders Schack-Mulligen	8ccdd4fb9f	Merge pull request #6211 from aschackmull/dataflow/refactor-call-context-check Dataflow: Refactor call context check	2021-07-15 12:27:23 +02:00
Anders Schack-Mulligen	7339bd89ba	Java: Add support for synthetic fields in csv rows.	2021-07-15 12:19:34 +02:00
Joe Farebrother	0e8dd9f335	Use generated stubs	2021-07-15 11:03:51 +01:00
Joe Farebrother	af78b99475	Include stubs for javax	2021-07-15 10:58:12 +01:00
Joe Farebrother	f59ab527b4	Fix issue with nested types	2021-07-15 10:57:32 +01:00
Joe Farebrother	65ce8aa798	Fix issue with circular type bounds	2021-07-15 10:49:14 +01:00
Joe Farebrother	0577e12b97	Add consistency checks	2021-07-15 10:49:13 +01:00
Joe Farebrother	ecf130f7ae	Move stubber to utils folder for consistency with test generator	2021-07-15 10:49:13 +01:00
Joe Farebrother	ddb93e8829	Fix a bug with type bounds + a few other bugs	2021-07-15 10:49:13 +01:00
Joe Farebrother	036e83a247	Fix error with implementing interfaces	2021-07-15 10:49:13 +01:00
Joe Farebrother	06d6ddc1b9	Fix issue with reporting javac output	2021-07-15 10:49:13 +01:00
Joe Farebrother	8f40a6e21e	Use shlex for printing commands	2021-07-15 10:49:13 +01:00
Joe Farebrother	c850c7d079	Fix typo in comment	2021-07-15 10:49:13 +01:00

... 22 23 24 25 26 ...

4135 Commits