Anders Schack-Mulligen
9a367d9293
Java: JumpStmt.getTarget, Stmt.getEnclosingStmt, SwitchExpr.getAResult.
2019-04-30 10:59:05 -04:00
yh-semmle
61324f0bb0
Java 12: enhanced QLDoc for preview features
2019-04-30 10:59:05 -04:00
yh-semmle
d4e013b297
Java 12: deprecate QL constructs for new preview feature (switch exprs)
2019-04-30 10:59:04 -04:00
yh-semmle
38705038a8
Java 12: add QL for switch expressions, etc
2019-04-30 10:59:04 -04:00
yh-semmle
4ede686283
Java: refactor ConstCase and DefaultCase in preparation for Java 12
2019-04-30 10:59:03 -04:00
Tom Hvitved
29e59e6d1e
Address review comments
2019-04-29 20:19:31 +02:00
Sebastian Bauersfeld
2f200d7517
Parameters annotated with Spring's @RequestBody and @PathVariable are remote input sources.
2019-04-17 18:02:00 -04:00
Tom Hvitved
18ced249ab
Java: Generalize data-flow library in preparation for C# adoption
2019-04-10 13:05:31 +02:00
Anders Schack-Mulligen
d144ea2f1c
Java: Exclude slf4j calls in PrintLnArray as it supports array formatting.
2019-04-04 11:09:41 +02:00
Anders Schack-Mulligen
b1e364b56a
Java: Support precondition calls as guards.
2019-04-02 10:58:46 +02:00
Pavel Avgustinov
c26b655956
Merge pull request #1022 from yh-semmle/java/dead-code-override
...
Java: respect override annotations in `java/unused-parameter`
2019-03-01 19:11:46 +00:00
yh-semmle
a4beb03e15
Java: respect override annotations in java/unused-parameter
2019-02-20 15:27:35 -05:00
yh-semmle
b0d9c80ccc
Java: add taint steps for Protobuf framework
2019-02-15 20:01:07 -05:00
yh-semmle
fc4aa16905
Java: add remote user input for Apache Thrift framework
2019-02-15 20:01:07 -05:00
yh-semmle
751bbbf583
Java: add remote user input for Struts 2 ActionSupport
2019-02-15 20:01:06 -05:00
yh-semmle
a436369846
Java: add remote user input and taint step for Guice framework
2019-02-15 20:01:06 -05:00
Anders Schack-Mulligen
63a4dd09ad
Java: Autoformat qlls.
2019-02-12 14:38:08 +01:00
Henning Makholm
b8a03464bf
Fix false positives in java/unused parameter
...
Methods that are mentioned in a member reference expression should count
as rootdefs for the unused parameter query. Such methods have to match
the functional interface of the reference expression, so it is to be
expected that they will sometimes have to declare parameters that they
don't actually use.
2019-02-07 21:14:36 +01:00
yh-semmle
3e8f7a740c
Merge pull request #838 from aschackmull/java/taint-collections
...
Java: Add additional taint steps through collections.
2019-02-05 09:59:24 -05:00
Anders Schack-Mulligen
fe7add77d2
Java: Account for the repo move in NonSecurityTestClass.
2019-02-05 14:31:40 +01:00
james
7cc1442ecb
Update link text
2019-01-30 09:44:07 +00:00
james
9d1a050f35
update links to locations in .qll files
2019-01-30 08:01:49 +00:00
Anders Schack-Mulligen
a29f615da0
Java: Add additional taint steps through collections.
2019-01-28 14:34:09 +01:00
semmle-qlci
65b64c7c05
Merge pull request #645 from sb-semmle/configuration-file-library
...
Approved by yh-semmle
2019-01-26 02:06:16 +00:00
Sebastian Bauersfeld
f56fb6d774
Address review comments.
2019-01-24 16:09:06 -05:00
Sebastian Bauersfeld
1727a0cd1f
Address review comments.
2019-01-23 18:01:35 -05:00
yh-semmle
b8f53b5c6a
Merge pull request #733 from aschackmull/java/remove-old-dataflow
...
Java: Remove old dataflow library.
2019-01-08 14:59:27 -05:00
Anders Schack-Mulligen
51f5198404
Java: Remove old dataflow library.
2019-01-08 13:52:24 +01:00
Anders Schack-Mulligen
9530eb6cdb
Java: Switch to built-in gcd.
2019-01-08 10:07:51 +01:00
Sebastian Bauersfeld
c35fc82218
Remove a duplicated predicate.
2018-12-14 12:59:49 -05:00
Aditya Sharad
f92456fcad
Merge master into next.
...
Conflict in `cpp/ql/test/library-tests/sideEffects/functions/sideEffects.expected`,
resolved by accepting test output (combining changes).
2018-12-12 17:26:18 +00:00
Sebastian Bauersfeld
6c756c5e6a
Rename ConfigLine to ConfigPair. Make ConfigFiles.ql a library, as intended
2018-12-10 14:08:27 -05:00
Sebastian Bauersfeld
3379e71e01
Add ConfigFiles library for working with configuration files.
2018-12-07 15:11:54 -05:00
Anders Schack-Mulligen
f09eb67af0
Java: Add org.apache.commons.lang3.StringUtils.isBlank as a nullguard.
2018-12-07 16:18:32 +01:00
yh-semmle
bc78219653
Java: account for change to field annotation extraction
2018-12-06 23:06:14 -05:00
Anders Schack-Mulligen
ae44b90456
Java: Normalize parentheses.
2018-11-28 15:01:25 +01:00
Anders Schack-Mulligen
fe8dfeec0d
Java: Add some this-qualifiers.
2018-11-13 14:58:25 +01:00
Anders Schack-Mulligen
411891c303
Java: Don't inherit methods from co-/contra-variant supertypes.
2018-11-13 14:56:22 +01:00
Anders Schack-Mulligen
fa3fa33c51
Java: Don't construct nonsense SSA for unreachable code.
2018-11-06 16:43:08 +01:00
Anders Schack-Mulligen
41c89475fe
Java: Rerun autoformat.
2018-11-01 17:01:12 +01:00
Anders Schack-Mulligen
bf6b7c4734
Java: Add ZipSlip query.
2018-10-31 11:38:27 +01:00
Anders Schack-Mulligen
3d81328c41
Java: Improve array length bounds on array phi nodes that may be null.
2018-10-26 11:18:31 +02:00
semmle-qlci
cbc2d9e257
Merge pull request #361 from aschackmull/java/springweb-servlet-sources
...
Approved by yh-semmle
2018-10-26 02:06:11 +01:00
Anders Schack-Mulligen
1d716ae461
Java: Add remote user input sources for Spring servlets.
2018-10-24 15:00:15 +02:00
Anders Schack-Mulligen
263de5219a
Java: Add additional SQL injection sinks.
2018-10-24 13:58:21 +02:00
semmle-qlci
c78f3f8edf
Merge pull request #336 from aschackmull/java/dataflow-cleanup
...
Approved by yh-semmle
2018-10-20 03:43:49 +01:00
Anders Schack-Mulligen
0b46ffa7d7
Java/CPP: Sync files.
2018-10-18 15:10:23 +02:00
Anders Schack-Mulligen
bf58b6c9ab
Java: Remove self-ref tracking; improve AccessPath.toString on numbers.
2018-10-18 15:05:04 +02:00
Anders Schack-Mulligen
187918396c
Java: Autoformat the last 5 files (RangeAnalysis).
2018-10-18 10:03:08 +02:00
semmle-qlci
3af91d5d0a
Merge pull request #301 from aschackmull/java/modulus-analysis
...
Approved by yh-semmle
2018-10-18 08:24:32 +01:00
