codeql

mirror of https://github.com/github/codeql.git synced 2026-01-13 14:34:45 +01:00

Author	SHA1	Message	Date
erik-krogh	ce9f69a639	rename all occurrences of XML to Xml	2022-08-22 14:08:31 +02:00
Erik Krogh Kristensen	69353bb014	patch upper-case acronyms to be PascalCase	2022-03-11 11:10:33 +01:00
Erik Krogh Kristensen	f500bccbe4	add explicit this to member call	2022-01-21 11:46:33 +01:00
haby0	1d321c692b	Refactor isMybatisXmlOrAnnotationSqlInjection	2021-12-08 18:59:55 +08:00
haby0	6c6113b85b	Partial modification	2021-12-03 18:59:24 +08:00
haby0	08be8edbce	Modify according to suggestions	2021-12-01 11:57:57 +08:00
haby0	db04a0dadf	New model: SQL injection in MyBatis annotations	2021-11-28 14:43:57 +08:00
haby0	b8732859de	Add isSanitizerGuard, verify file path	2021-11-25 15:47:31 +08:00
haby0	31400df0d4	Modify sink and improve SQL injection detection	2021-11-25 15:47:30 +08:00
haby0	4438f8c58c	Add MyBatis Mapper Sql Injection	2021-11-25 15:47:29 +08:00
Andrew Eisenberg	8e750f18ad	Packaging: Java refactoring Split java pack into `codeql/java-all` and `codeql/java-queries`.	2021-08-19 14:09:35 -07:00
Owen Mansel-Chan	714e126088	Merge pull request #6370 from owen-mc/java/model/apache-collections Java: Model more of Apache Commons Collections	2021-08-19 15:09:06 +01:00
Joe Farebrother	9dc28eb9b5	Merge pull request #6387 from joefarebrother/guava-cache Java: Model guava cache package	2021-08-19 10:53:48 +01:00
Chris Smowton	48818ebd6d	Merge pull request #6434 from smowton/smowton/admin/jodd-unsafe-deserialization Java: Unsafe deserialization: add support for Jodd JSON library	2021-08-18 17:26:02 +01:00
Chris Smowton	cc4fe7375c	Merge pull request #5953 from github/sauyon/java/spring-webutil Java: Add models for the Spring `web.util` package	2021-08-18 15:07:28 +01:00
Sauyon Lee	17cef3f498	Address review comments	2021-08-17 12:45:47 -07:00
Joe Farebrother	076aeb5d80	Update tests	2021-08-17 16:44:58 +01:00
Sauyon Lee	390e48fdd2	Remove more redundant models	2021-08-17 02:17:36 -07:00
Chris Smowton	ff3f85be49	Autoformat	2021-08-16 18:09:40 +01:00
Owen Mansel-Chan	b23fabe8cb	Fix errors from previous PR	2021-08-16 16:11:17 +01:00
Joe Farebrother	48c61fc4b4	Update models for `Cache.getAllPresent` and `LoadingCache.getAll`	2021-08-16 13:50:54 +01:00
Marcono1234	48872b4588	Java: Improve Callable.getStringSignature() documentation	2021-08-14 19:58:55 +02:00
Sauyon Lee	ed1d855025	Java: Remove redundant models from Spring web.util and fix typo	2021-08-12 11:20:49 -07:00
Sauyon Lee	9a5c0f6c73	Java: Add HTML escapes as XSS sanitizers Co-Authored-By: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2021-08-12 11:20:49 -07:00
Sauyon Lee	25649a61c4	Java: Add models for the Spring `web.util` package	2021-08-12 11:20:48 -07:00
Owen Mansel-Chan	1c2476c6a1	Add explanatory comments	2021-08-12 14:51:49 +01:00
Owen Mansel-Chan	fe477ff989	Fix more models based on review comments	2021-08-12 14:51:37 +01:00
Joe Farebrother	207c753f6f	Update model for getAll	2021-08-10 15:05:02 +01:00
Owen Mansel-Chan	a55a32f50a	Add more missing models And corresponding tests	2021-08-10 11:35:20 +01:00
Owen Mansel-Chan	2d31bb8d64	Remove toString taint propagation We do not do this for other overrides of toString	2021-08-09 17:18:02 +01:00
Owen Mansel-Chan	487a46ae77	Improve treatment of new and old package name	2021-08-09 16:25:11 +01:00
Chris Smowton	5ba9347281	Merge pull request #6006 from artem-smotrakov/timing-attacks Java: Timing attacks while comparing results of cryptographic operations	2021-08-09 15:30:47 +01:00
Owen Mansel-Chan	f94e467076	Fixes to models and tests Running the test generator script again showed many missing tests.	2021-08-08 14:03:48 +01:00
Owen Mansel-Chan	377403d525	Remove redundant models and corresponding test Iterator.next is already modelled	2021-08-08 13:57:51 +01:00
Owen Mansel-Chan	5d3f10824e	Fix erroneous treatment of varargs in models	2021-08-08 13:57:50 +01:00
Owen Mansel-Chan	9533f12e24	Add explanatory commented for MapIterator model	2021-08-06 07:06:36 +01:00
Owen Mansel-Chan	b922d7c6f3	Duplicate models for old package name The package name was org.apache.commons.collection until release 4.0.	2021-08-06 07:06:34 +01:00
Chris Smowton	0b6c991ac4	Unsafe deserialization: add support for Jodd JSON library	2021-08-05 16:01:14 +01:00
Tony Torralba	0356ed7f9e	Merge pull request #5911 from atorralba/atorralba/promote-missing-jwt-signature-check Java: Promote Missing JWT signature check query from experimental	2021-08-05 09:43:03 +02:00
Anders Schack-Mulligen	1932f604dc	Merge pull request #6419 from smowton/smowton/admin/unsafe-deserialization-jabsorb Add unsafe-deserialization support for Jabsorb	2021-08-05 09:04:23 +02:00
Chris Smowton	5a42448888	Code review suggestions - Remove unneeded import - Remove unnecessary `toLowerCase` call	2021-08-04 16:08:07 +01:00
Chris Smowton	69549e9ce3	Add unsafe-deserialization support for Jabsorb This is partly extracted from https://github.com/github/codeql/pull/5954	2021-08-04 15:35:50 +01:00
Anders Schack-Mulligen	5f9f857c34	Update java/ql/src/semmle/code/java/security/JWT.qll	2021-08-04 16:23:21 +02:00
Anders Schack-Mulligen	78998d0ca1	Update java/ql/src/semmle/code/java/security/JWT.qll	2021-08-04 16:22:56 +02:00
Anders Schack-Mulligen	6a09a5667d	Merge pull request #5931 from atorralba/atorralba/promote-jndi-injection Java: Promote JNDI Injection query from experimental	2021-08-04 15:48:44 +02:00
Owen Mansel-Chan	b82389088b	Model interfaces in Apache Commons Collections main package	2021-08-04 14:26:59 +01:00
Owen Mansel-Chan	39ea0a989a	Model *Utils classes	2021-08-04 14:26:58 +01:00
Tony Torralba	bc9563c073	Apply suggestions from code review Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2021-08-04 14:40:32 +02:00
Tony Torralba	989afb446e	Apply suggestions from code review Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2021-08-04 14:07:10 +02:00
Tony Torralba	a046d75ea6	Apply suggestions from code review	2021-08-04 13:15:49 +02:00

1 2 3 4 5 ...

1585 Commits