hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
31,029 Commits 1,672 Branches 157 Tags
z80coder/query-pack-release-candidate-2
Commit Graph

4135 Commits

Author SHA1 Message Date
haby0
3cf71c50b8 Mobile stubs 2021-06-24 19:24:38 +08:00
Anders Schack-Mulligen
1e511c0a9e Merge pull request #6137 from smowton/smowton/feature/java-util-optional 
Java: Model java.util.Optional
 2021-06-24 13:21:36 +02:00
Edoardo Pirovano
0909c9ff22 Performance: Fix bad join order in dataflow library 2021-06-24 08:24:17 +01:00
yo-h
ffdc752720 Merge pull request #6059 from smowton/smowton/fix/qualified-name-generic-types 
Adapt to static methods and nested types returning unbound declaring types
 2021-06-23 14:45:51 -04:00
Chris Smowton
4c777eb04a Add change note 2021-06-23 18:54:27 +01:00
Chris Smowton
9c91d1a965 Add change note 2021-06-23 16:09:29 +01:00
Chris Smowton
74feaf2893 Adapt to static methods and nested types returning unbound declaring types 
Previously these returned raw declaring types instead
 2021-06-23 16:03:18 +01:00
Chris Smowton
b34448af87 {Generic,Parameterized,Raw}Type: implement getAPrimaryQlClass 
An aid to debugging
 2021-06-23 15:58:31 +01:00
Anders Schack-Mulligen
6374914053 Java: Fix bad magic. 2021-06-23 14:39:18 +02:00
Artem Smotrakov
0dfb869c5b Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-06-23 13:23:54 +02:00
Artem Smotrakov
14e724bce6 Added sinks for RmiBasedExporter and HessianExporter 2021-06-23 09:53:47 +02:00
Chris Smowton
9fd1606238 Model java.util.Optional 2021-06-22 21:17:22 +01:00
Anders Schack-Mulligen
206a37cf08 Merge pull request #6130 from aschackmull/java/collection-test 
Java: Improve test and fix a few missing cases.
 2021-06-22 11:56:44 +02:00
Anders Schack-Mulligen
38fc8a750c Java: Improve test and fix a few missing cases. 2021-06-22 11:16:02 +02:00
Anders Schack-Mulligen
c06e152e90 Java: Remove outdated test. 2021-06-21 16:08:59 +02:00
Anders Schack-Mulligen
27c973e157 Java: Fix some qltests. 2021-06-21 16:08:52 +02:00
Anders Schack-Mulligen
d383c0f69b Java: Remove temporary store-as-taint. 2021-06-21 14:42:47 +02:00
Anders Schack-Mulligen
65ac8be5ac Java: Add defaultImplicitTaintRead and sync. 2021-06-21 14:42:47 +02:00
Anders Schack-Mulligen
aa82d0b815 Java: Make Content public as DataFlow::Content. 2021-06-21 14:42:47 +02:00
Anders Schack-Mulligen
80880320d5 Dataflow: Sync. 2021-06-21 14:42:47 +02:00
Anders Schack-Mulligen
b7ac329ba1 DataFlow: Add support for configuration-specific implicit reads. 2021-06-21 14:41:19 +02:00
Chris Smowton
e2aaae8181 Increase test fieldFlowBranchLimit to 1000 
Might as well head off future failures in this test

Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-06-21 12:51:37 +01:00
Chris Smowton
c5eef7be8c Increase field flow branch limit in Jax-RS tests 
This fixes apparently-missing results by allowing the dataflow library to persist even when there are many Map implementations possibly available.
 2021-06-21 12:46:13 +01:00
Anders Schack-Mulligen
9110dfaeb3 Merge pull request #6095 from hvitved/dataflow/local-cc-join 
Data flow: Fix `getLocalCallContext` join-order
 2021-06-21 12:53:38 +02:00
haby0
1750efad2a fix 2021-06-18 21:46:48 +08:00
haby0
dca737190b Modify JShellInjection.expected 2021-06-18 21:36:45 +08:00
haby0
2b77f7d1bc Modify isAdditionalTaintStep 2021-06-18 21:36:44 +08:00
haby0
a71757f0f4 Update java/ql/src/experimental/Security/CWE/CWE-094/JShellInjection.qhelp 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-06-18 21:36:44 +08:00
haby0
bfe0d40987 using isAdditionalTaintStep 2021-06-18 21:36:44 +08:00
haby0
3a2a99e289 Fix 1 2021-06-18 21:36:44 +08:00
haby0
ed0aabef46 add isAdditionalTaintStep 2021-06-18 21:36:44 +08:00
haby0
921b8e80a2 Jshell Injection 2021-06-18 21:36:44 +08:00
Chris Smowton
6302187a5d Merge pull request #5957 from haby0/java/BeanShellInjection 
Java: BeanShell Injection
 2021-06-18 12:38:51 +01:00
Anders Schack-Mulligen
7eb6da3888 Merge pull request #5772 from smowton/smowton/feature/apache-tuple-flow 
Add models for Apache Commons Lang's tuple types
 2021-06-18 11:25:07 +02:00
haby0
a73cb3f04a Fix error 2021-06-18 17:22:26 +08:00
Calum Grant
32f6a465b0 Merge pull request #6080 from github/calumgrant/security-severities 
Update security-severity scores
 2021-06-18 09:40:40 +01:00
Tom Hvitved
eb86bceb4d Address review comments 2021-06-18 10:18:47 +02:00
haby0
0d18e4ff9c BeanShell Injection 2021-06-18 15:54:13 +08:00
Tony Torralba
1014400a08 Fix test comments 2021-06-17 15:03:45 +02:00
Tony Torralba
3ec2c1308e Add RequestForgerySanitizer 2021-06-17 14:58:27 +02:00
Tony Torralba
0c71393171 Merge branch 'main' into atorralba/promote-unsafe-android-webview-fetch 2021-06-17 14:54:25 +02:00
Chris Smowton
64001cc02c Merge pull request #5587 from smowton/smowton/admin/promote-ssrf-query 
Promote SSRF query from experimental
 2021-06-17 13:02:33 +01:00
Chris Smowton
d28c95d16c Field foo of -> Field[foo] of 2021-06-17 12:49:25 +01:00
Chris Smowton
74b2a2c7a6 Improve style of interpretField 2021-06-17 12:45:44 +01:00
Chris Smowton
5cf0243dd0 Add change note 2021-06-17 12:34:40 +01:00
Chris Smowton
2cc1f46871 Model constructors for (Imm|M)utable(Pair|Triple) 2021-06-17 12:34:40 +01:00
Chris Smowton
fbaa382158 Add tests for Pair.of and Triple.of 2021-06-17 12:34:40 +01:00
Chris Smowton
eebaab8fe9 Order left and right consistently 2021-06-17 12:34:40 +01:00
Chris Smowton
472a2a64dd Add models for Apache Commons tuples 2021-06-17 12:25:21 +01:00
Chris Smowton
73fa680224 Add support for CSV-specified flow to or from fields. 2021-06-17 12:24:28 +01:00