hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
12,009 Commits 1,671 Branches 157 Tags
0c8786f94126df285bc0c996dd752329a43d4785
Commit Graph

689 Commits

Author SHA1 Message Date
Pavel Avgustinov
6737e99d65 Merge pull request #3209 from hmakholm/baselib-extractor 
Add extractor field in base language QL packs
 2020-04-09 15:24:49 +01:00
yo-h
9a79e3be2c Java 14: add PREVIEW FEATURE notes to QLDoc 2020-04-07 22:22:10 -04:00
yo-h
697b273e32 Java 14: update expected test output 2020-04-07 22:22:10 -04:00
yo-h
e12de3b021 Java 14: add dbscheme upgrade script for records 2020-04-07 22:22:09 -04:00
yo-h
70e09ddb88 Java 14: add dbscheme stats for records 2020-04-07 22:22:08 -04:00
yo-h
662cff8316 Java 14: add class Record to Type.qll 2020-04-07 22:22:08 -04:00
yo-h
e1787f58aa Java 14: add isRecord relation to dbscheme 2020-04-07 22:22:08 -04:00
yo-h
b763342277 Java 14: account for instanceof pattern matching 2020-04-07 22:22:07 -04:00
yo-h
9d2f76849b Java 14: switch expressions are no longer in preview 2020-04-07 22:22:07 -04:00
Henning Makholm
d1ff3211ef Add extractor fields to test qlpack.yml files. 2020-04-06 19:21:41 +02:00
Henning Makholm
bf579dedd4 Add extractor field in base language QL packs 2020-04-06 18:48:01 +02:00
Robert
1096e5d947 Merge pull request #3163 from robertbrignull/code_scanning_suites 
Add code-scanning suites
 2020-04-06 08:45:40 +01:00
Anders Schack-Mulligen
01157e43e3 Merge pull request #2899 from p-/cwe-036 
Java: Calling openStream on URLs created from remote source can lead to file disclosure
 2020-04-02 13:55:06 +02:00
Peter Stöckli
ca80bfda4f Fix tags 2020-04-02 07:43:55 +02:00
Peter Stöckli
36c351dc68 Add input from documentation review 2020-04-01 17:59:45 +02:00
Tom Hvitved
42e180d6c4 Merge pull request #3060 from aschackmull/dataflow/no-param-to-same-param-flow 
Dataflow: Exclude param-param flow through with identical params.
 2020-04-01 09:42:12 +02:00
Peter Stöckli
60d5ed9c79 Input from Review 2020-03-31 18:30:00 +02:00
Peter Stöckli
40c3b5468f Fix QHelp/XML syntax 2020-03-30 18:55:14 +02:00
Tom Hvitved
9fa9c10361 Merge pull request #2921 from aschackmull/dataflow/consistency-checks 
Java: Add data-flow consistency checks.
 2020-03-30 12:47:41 +02:00
Anders Schack-Mulligen
caf0d1528f Merge pull request #3155 from max-schaefer/add-module-comment 
Data flow: Add module doc comment for `TaintTrackingImpl.qll`
 2020-03-30 12:07:08 +02:00
Max Schaefer
e5e94e3357 Data flow: Add module doc comment for TaintTrackingImpl.qll 
Modelled after the correponding comment for `DataFlowImpl.qll`.
 2020-03-30 10:35:47 +01:00
Anders Schack-Mulligen
b2769b42ed Merge pull request #3117 from adityasharad/java/jackson-taint-steps 
Java: Add taint steps through Jackson serialization methods.
 2020-03-30 10:34:56 +02:00
Robert Brignull
90fad6f762 add code scanning suites 2020-03-27 17:03:23 +00:00
Peter Stöckli
c6688eb349 Fix OpenStream documentation 2020-03-27 17:08:49 +01:00
Peter Stöckli
3de00443ff Review feeback for OpenStream 2020-03-27 17:06:58 +01:00
Peter Stöckli
5e62a6bebe Move CWE-036 directory to experimental 2020-03-27 15:10:15 +01:00
Peter Stöckli
74fc416a35 Merge branch 'master' into cwe-036 2020-03-27 14:54:41 +01:00
Mathias Vorreiter Pedersen
7890a322c8 C++/C#/Java: Sync identical files 2020-03-27 11:51:38 +01:00
yo-h
0f70da2258 Merge pull request #3105 from aschackmull/java/postupdate-jump 
Java: Fix missing jump step from PostUpdate to capture.
 2020-03-25 22:05:30 -04:00
yo-h
116c13eb18 Merge pull request #3106 from aschackmull/java/getstmtbody-type 
Java: Sharpen return type of LambdaExpr.getStmtBody().
 2020-03-24 19:20:57 -04:00
Aditya Sharad
a6e039b284 Java: Add tests for Jackson taint steps. 
Add stubs for jackson-databind-2.10.
Based on http://fasterxml.github.io/jackson-databind/javadoc/2.10.
Test taint through Jackson serialization APIs.
 2020-03-24 12:59:24 -07:00
Aditya Sharad
7de8b48692 Java: Add taint steps through Jackson serialization methods. 2020-03-24 12:59:14 -07:00
Anders Schack-Mulligen
75523e4eb8 Java: Fix directory structure in experimental. 2020-03-24 16:47:55 +01:00
Anders Schack-Mulligen
d8edae96df Java: Add test. 2020-03-24 15:24:17 +01:00
yo-h
d315864383 Merge pull request #3108 from aschackmull/java/finalizemethod 
Java: Fixup FinalizeMethod definition.
 2020-03-23 18:27:57 -04:00
Anders Schack-Mulligen
f29f0f418f Dataflow: Exclude flow param-param flow through with identical params. 2020-03-23 17:27:53 +01:00
Anders Schack-Mulligen
4bc0cb0d28 Java: Fixup FinalizeMethod definition. 2020-03-23 11:11:00 +01:00
Anders Schack-Mulligen
6d3717cff8 Java: Sharpen return type of LambdaExpr.getStmtBody(). 2020-03-23 10:27:36 +01:00
Anders Schack-Mulligen
c78906500d Java: Fix missing jump step from PostUpdate to capture. 2020-03-23 10:24:25 +01:00
Anders Schack-Mulligen
888c504f55 Merge pull request #2903 from hvitved/dataflow/performance 
Data flow: Refactoring + performance improvements
 2020-03-23 10:01:20 +01:00
yo-h
16f2957029 Merge pull request #3081 from aschackmull/java/urldecoder-step 
Java: Add URLDecoder.decode as taint step.
 2020-03-20 13:53:20 -04:00
Tom Hvitved
937924571c Data flow: Sync files 2020-03-18 18:16:27 +01:00
Tom Hvitved
3bd6429072 Data flow: Sync files 2020-03-18 13:28:26 +01:00
Anders Schack-Mulligen
396678fd55 Java: Add apache Base64 taint steps. 2020-03-18 10:54:40 +01:00
Tom Hvitved
2e8bd5ccba Data flow: Sync files 2020-03-17 15:16:12 +01:00
Anders Schack-Mulligen
9c9e302a73 Java: Add URLDecoder.decode as taint step. 2020-03-17 10:19:02 +01:00
Tom Hvitved
f935f5eaca Data flow: Sync files 2020-03-13 13:58:05 +01:00
Anders Schack-Mulligen
9fc75f1f92 Merge pull request #2850 from SpaceWhite/CWE-094 
ScriptEngine java code injection
 2020-03-13 13:43:09 +01:00
Anders Schack-Mulligen
2a2484ee0f Merge pull request #2800 from SpaceWhite/CWE-643 
CWE-643 XPathInjection on java
 2020-03-13 13:40:17 +01:00
Anders Schack-Mulligen
99c55b6edb Java: Add taint steps for java.util.Queue methods. 2020-03-12 15:02:06 +01:00