codeql

mirror of https://github.com/github/codeql.git synced 2026-02-28 04:43:42 +01:00

Author	SHA1	Message	Date
Anders Schack-Mulligen	dcfc027b5f	Java: Fix bad magic.	2021-07-22 10:12:49 +02:00
Tony Torralba	76905c47b4	Formatting	2021-07-21 09:47:45 +02:00
Tony Torralba	26999c7ac4	Decouple UnsafeAndroidAccess.qll to reuse the taint tracking configuration	2021-07-20 17:46:35 +02:00
Tony Torralba	99e66cffa2	Merge branch 'main' into atorralba/promote-unsafe-android-webview-fetch	2021-07-20 17:30:56 +02:00
Tony Torralba	3259ead946	Decouple OgnlInjection.qll to reuse the taint tracking configuration	2021-07-20 17:21:10 +02:00
Tony Torralba	b6904a7992	Merge branch 'main' into atorralba/promote-ognl-injection	2021-07-20 17:17:17 +02:00
Tony Torralba	22c9baa462	Refactor JWT.qll	2021-07-20 17:14:34 +02:00
Tony Torralba	430d9f1834	Merge branch 'main' into atorralba/promote-missing-jwt-signature-check	2021-07-20 16:20:35 +02:00
Tony Torralba	8f1ecf529f	QLDoc	2021-07-20 15:53:38 +02:00
Tony Torralba	42b6b26c10	Decouple JndiInjection.qll to reuse the taint tracking configuration	2021-07-20 15:38:34 +02:00
Anders Schack-Mulligen	77d53676ba	Java: Remove deprecated ParExpr.	2021-07-20 15:27:31 +02:00
Tony Torralba	b8ea833a61	Merge branch 'main' into atorralba/promote-jndi-injection	2021-07-20 15:01:26 +02:00
Tony Torralba	68df8028d2	Apply suggestions from code review Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2021-07-20 14:47:16 +02:00
Artem Smotrakov	158a75e5a1	Import UnsafeDeserializationQuery in unsafeDeserialization.ql	2021-07-20 10:14:50 +02:00
Tony Torralba	0f199601f8	Refactor GroovyInjection.qll	2021-07-20 09:44:37 +02:00
Chris Smowton	34a4b71891	Add models of JSON-java, aka `org.json`	2021-07-19 17:57:27 +01:00
Tony Torralba	70081b6a1e	Refactor MvelInjection.qll	2021-07-19 15:36:35 +02:00
Artem Smotrakov	47e4cf4180	Make UnsafeDeserializationSink public	2021-07-19 15:34:33 +02:00
Tony Torralba	46faf68d64	Decouple MvelInjection.qll to reuse the taint tracking configuration	2021-07-19 13:50:03 +02:00
Tony Torralba	5ca8b380e9	Merge branch 'main' into atorralba/promote-mvel-injection	2021-07-19 13:45:10 +02:00
Artem Smotrakov	035f7ac669	Refactored libs for unsafe deserialization	2021-07-19 13:19:36 +02:00
Tony Torralba	1c91e74269	Rename sink models class	2021-07-19 13:05:37 +02:00
Tony Torralba	441e8afe81	Decouple GrovyInjection.qll to reuse the taint tracking configuration	2021-07-19 12:53:37 +02:00
Anders Schack-Mulligen	db76b12f3f	Merge pull request #6313 from aschackmull/java/fix-csv-dispatch Java: Fix a bug in call-context-sensitve dispatch to SummarizedCallable.	2021-07-19 12:49:31 +02:00
Tony Torralba	b08f417a1e	Merge branch 'main' into atorralba/promote-groovy-injection	2021-07-19 12:44:03 +02:00
Artem Smotrakov	e02530749b	Apply suggestions from code review Co-authored-by: Chris Smowton <smowton@github.com>	2021-07-19 11:52:12 +02:00
Anders Schack-Mulligen	0b89f96055	Merge pull request #6318 from Marcono1234/patch-1 Java: Fix documentation mistake for `ProtoPom`	2021-07-19 11:25:06 +02:00
Anders Schack-Mulligen	d1f21a854a	Merge pull request #6042 from joefarebrother/spring-http [Java] Model spring `http` package	2021-07-19 11:24:41 +02:00
Anders Schack-Mulligen	c32a75a1b3	Merge pull request #6183 from smowton/smowton/feature/javax-json-models Add models of the jakarta/javax.json package	2021-07-19 11:19:21 +02:00
Marcono1234	87d6b9ca5a	Java: Fix documentation mistake for `ProtoPom`	2021-07-18 02:49:43 +02:00
Artem Smotrakov	c367c7e33b	Merge branch 'unsafe-jackson-deserialization' of github.com:artem-smotrakov/ql into unsafe-jackson-deserialization	2021-07-16 18:26:38 +02:00
Artem Smotrakov	6d7cb48054	Refactored the query for unsafe deserialization	2021-07-16 18:25:41 +02:00
Anders Schack-Mulligen	effca4495f	Java: Fix a bug in call-context-sensitve dispatch to SummarizedCallable.	2021-07-16 14:31:29 +02:00
Chris Smowton	7b984cc2b0	Add models for Apache Commons Lang's Mutable container	2021-07-15 14:58:25 +01:00
Anders Schack-Mulligen	5b7c2d133f	Merge pull request #6291 from aschackmull/java/csv-synthfield Java: Add support for synthetic fields in csv rows.	2021-07-15 13:43:56 +02:00
Anders Schack-Mulligen	8ccdd4fb9f	Merge pull request #6211 from aschackmull/dataflow/refactor-call-context-check Dataflow: Refactor call context check	2021-07-15 12:27:23 +02:00
Anders Schack-Mulligen	7339bd89ba	Java: Add support for synthetic fields in csv rows.	2021-07-15 12:19:34 +02:00
Joe Farebrother	e7e432d7fd	Fix incorrect row	2021-07-15 10:39:05 +01:00
Joe Farebrother	f3ab295f0f	Fix up tests	2021-07-15 10:34:21 +01:00
Joe Farebrother	df74a142dd	Update for collection flow and add more tests	2021-07-15 10:33:33 +01:00
Joe Farebrother	8f89d748fe	Add spring tests	2021-07-15 10:33:33 +01:00
Joe Farebrother	c1555b36a1	Add additional HTTP flow steps	2021-07-15 10:32:13 +01:00
Joe Farebrother	9b6213dbf0	Convert existing spring http steps to csv	2021-07-15 10:32:10 +01:00
Chris Smowton	0b2750828e	Add models for org.springframework.jdbc.object Also add tests for the existing Spring JDBC SQL injection sinks in the process	2021-07-14 17:25:00 +01:00
Anders Schack-Mulligen	11fc23ba09	Merge pull request #6030 from smowton/smowton/admin/test-generator Add test-generator script + add generated models for Spring summary steps	2021-07-14 14:44:07 +02:00
Sauyon Lee	d7bfc2eebf	Remove redundant model lines	2021-07-14 05:05:17 -07:00
Sauyon Lee	fc7e062deb	Java: Add models for the Spring `cache` package	2021-07-14 04:57:56 -07:00
Sauyon Lee	d9fb09d132	Java: Add models for the Spring `ui` package.	2021-07-14 04:57:56 -07:00
Anders Schack-Mulligen	04244b3c45	Merge pull request #5974 from github/sauyon/java/spring-webmultipart Model Spring `web.multipart`	2021-07-14 13:57:24 +02:00
Anders Schack-Mulligen	3c4cd15738	Merge pull request #5505 from joefarebrother/android-sql-convert Java: Convert Android SQL-related flow steps to CSV format	2021-07-14 13:56:55 +02:00

1 2 3 4 5 ...

1587 Commits