hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
31,029 Commits 1,672 Branches 157 Tags
z80coder/query-pack-release-candidate-2
Commit Graph

4135 Commits

Author SHA1 Message Date
Alvaro Muñoz
5a894ac7f7 update java library coverage documentation 2021-05-28 15:13:19 +02:00
Alvaro Muñoz
db2f05ac24 Updated Java change notes 2021-05-28 15:13:18 +02:00
Alvaro Muñoz
735e4e4b7b update failing tests 2021-05-28 15:13:18 +02:00
Alvaro Muñoz
706874491b Remove XSS sink for Java 2021-05-28 15:13:18 +02:00
Erik Krogh Kristensen
79989cc3f4 CPP/Java: Fix getAPrimaryQlClass implementations 2021-05-27 21:36:27 +02:00
Timo Mueller
75f6ec1f0d Updated test cases to include test for java10+ CREDENTIALS_FILTER_PATTERN constant 2021-05-25 17:08:58 +02:00
Timo Mueller
72901e3724 Merge branch 'insecureJmxRmiServerEnvironment' of github.com:mogwailabs/codeql into insecureJmxRmiServerEnvironment 2021-05-25 16:41:17 +02:00
Timo Mueller
59ebe08c78 Added stup for RMIConnectorServer for valid test case 2021-05-25 16:40:41 +02:00
Tamás Vajk
1997f500c2 Merge pull request #5832 from tamasvajk/feature/csv-coverage-report 
Java: github action for CSV coverage report
 2021-05-25 14:51:19 +02:00
Anders Schack-Mulligen
d05f524759 Merge pull request #5941 from aschackmull/java/virt-disp-perf 
Java: Improve performance of virtual dispatch calculation.
 2021-05-25 14:44:51 +02:00
Tamas Vajk
70b3066bb8 Add regenerated CSV reports 2021-05-25 13:38:22 +02:00
Tamas Vajk
d4f1cbe8d8 Add updated coverage report 2021-05-25 13:33:26 +02:00
Tamas Vajk
3db22ba482 Add Java coverage report files 2021-05-25 13:33:26 +02:00
Tamas Vajk
f1911e338d Move and generate files to documentation folder + clean up after the script is executed 2021-05-25 13:33:26 +02:00
Timo Müller
f44b97c1c3 Apply suggestions from code review 
Improved variable naming in examples and some documentation clearup

Co-authored-by: Chris Smowton <smowton@github.com>
 2021-05-25 13:03:07 +02:00
Timo Müller
e7021ffbee Apply suggestions from code review 
More clear or precise wording within the documentation

Co-authored-by: Chris Smowton <smowton@github.com>
 2021-05-25 12:53:47 +02:00
Anders Schack-Mulligen
4884da363f Java: Bugfix. 2021-05-25 11:48:35 +02:00
Anders Schack-Mulligen
017bf68906 Dataflow: Fix bad join order. 2021-05-25 11:40:53 +02:00
Artem Smotrakov
1b51dd47ec Added an example with deserialization filter to UnsafeDeserializationRmi.qhelp 2021-05-23 13:24:42 +02:00
Artem Smotrakov
c837605c85 Added test cases with sanitizers for UnsafeDeserializationRmi.ql 2021-05-23 13:01:22 +02:00
Artem Smotrakov
d2e29fc72c Renamed RmiUnsafeDeserialization.ql -> UnsafeDeserializationRmi.ql 2021-05-23 10:21:05 +02:00
Artem Smotrakov
2d93eeae33 Covered deserialization filters in RmiUnsafeDeserialization.ql 2021-05-23 10:21:05 +02:00
Artem Smotrakov
e28f919f3d Look for remote callable method only in RmiUnsafeDeserialization.ql 2021-05-23 10:21:05 +02:00
Artem Smotrakov
0182dfe1c0 Added RmiUnsafeDeserialization.qhelp 2021-05-23 10:21:04 +02:00
Artem Smotrakov
5ffe04d6a5 Updated expected output for RmiUnsafeDeserialization.java test 2021-05-23 10:21:04 +02:00
Artem Smotrakov
3d20330a92 More tests for RmiUnsafeDeserialization 2021-05-23 10:21:04 +02:00
Artem Smotrakov
ec6186a1c5 Draft of tests for RmiUnsafeDeserialization.ql 2021-05-23 10:21:04 +02:00
Artem Smotrakov
efa4b4f414 Cover Registry in RmiUnsafeDeserialization.ql 2021-05-23 10:21:04 +02:00
Artem Smotrakov
8b96ff9601 First draft of RmiUnsafeDeserialization.ql 2021-05-23 10:21:04 +02:00
Tony Torralba
7dbdba28cc Consider search methods with unsafe SearchControls 2021-05-21 15:21:04 +02:00
Anders Schack-Mulligen
d00618f4f4 Java: Improve performance of virtual dispatch calculation. 2021-05-21 15:04:08 +02:00
Sebastian Bauersfeld
ffcca4d5e9 Add change note. 2021-05-20 20:07:14 +07:00
Sebastian Bauersfeld
28f597440f Add method invocations of Spring's SavedRequest as a remote sources. 2021-05-20 20:00:14 +07:00
Tony Torralba
2613e58916 Remove duplicated class 2021-05-20 12:49:02 +02:00
Tony Torralba
0589dd7e54 Move Jndi.qll from experimental 2021-05-20 12:30:28 +02:00
Tony Torralba
0c1fe9be4f Add change note 2021-05-20 12:00:11 +02:00
Tony Torralba
c1e71b60b4 Use InlineExpectationsTest 2021-05-20 12:00:11 +02:00
Tony Torralba
3f0b803796 Refactored to use CSV sink models 2021-05-20 12:00:05 +02:00
Anders Schack-Mulligen
4406b8e339 Dataflow: Sync. 2021-05-19 19:22:36 +02:00
Anders Schack-Mulligen
bb258813a1 Dataflow: Improve performance for dispatch-join in flow-through. 2021-05-19 19:20:57 +02:00
Tony Torralba
1351516e9a Moved JNDI injection related files from experimental to standard 2021-05-19 11:32:51 +02:00
Tony Torralba
43d4575359 Add createParser as taint preserving callable 2021-05-19 11:20:54 +02:00
Tony Torralba
e58746508d Merge branch 'main' into atorralba/promote-ognl-injection 2021-05-19 10:41:08 +02:00
luchua-bc
02aa9c6fc7 Optimize the sink and update qldoc 2021-05-18 16:12:23 +00:00
luchua-bc
d4323a4a54 Update qldoc 2021-05-18 16:12:23 +00:00
luchua-bc
9d392263a5 Refactor inconsistent method names 2021-05-18 16:12:23 +00:00
luchua-bc
2fa249a8eb Update method name and qldoc 2021-05-18 16:12:23 +00:00
luchua-bc
2c1374bdcf Use inline implementation for ScriptEngineFactory 2021-05-18 16:12:23 +00:00
luchua-bc
0ac8453398 Allow all arguments of methods in ScriptEngineFactory 2021-05-18 16:12:23 +00:00
luchua-bc
e4699f7fa9 Optimize the query 2021-05-18 16:12:22 +00:00