hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-23 16:06:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
24,676 Commits 1,712 Branches 163 Tags
1d3bcdf522186bbf40cc863e000c84578076f804
Commit Graph

2965 Commits

Author SHA1 Message Date
Joe Farebrother
2036aa1e4a Format test generator 2021-07-27 15:04:19 +01:00
Chris Smowton
97d603cafb Add test-case generator check for non-parseable rows 2021-07-27 14:26:22 +01:00
Anders Schack-Mulligen
a5f0a4ea71 Merge pull request #6087 from smowton/smowton/admin/rest-xss-tests 
Java: Add Spring XSS tests
 2021-07-27 14:09:34 +02:00
Anders Schack-Mulligen
aa8fa26a2a Merge pull request #6355 from intrigus-lgtm/patch-6 
Update broken link
 2021-07-27 09:05:02 +02:00
haby0
00f13e1e6e Modify isAdditionalTaintStep 2021-07-27 10:59:38 +08:00
intrigus-lgtm
434b36c648 Update broken link 2021-07-26 15:48:47 +02:00
Anders Schack-Mulligen
6c666b49f5 Merge pull request #6366 from smowton/smowton/fiix/junit-nested-classes 
Prevent class-could-be-static alerts regarding JUnit Nested tests
 2021-07-26 12:45:23 +02:00
Anders Schack-Mulligen
5d3e8d2add Merge pull request #6365 from Marcono1234/marcono1234/InstanceOfExpr-getCheckedType 
Java: Add `InstanceOfExpr.getCheckedType()`
 2021-07-26 11:20:48 +02:00
Anders Schack-Mulligen
ee13520836 Merge pull request #6364 from Marcono1234/marcono1234/TypeLiteral-getReferencedType 
Java: Add `TypeLiteral.getReferencedType()`
 2021-07-26 11:15:06 +02:00
Chris Smowton
aca905fa36 Prevent class-could-be-static alerts regarding JUnit Nested tests 2021-07-26 09:35:26 +01:00
github-actions[bot]
d51eafbfd5 Add changed framework coverage reports 2021-07-26 00:08:31 +00:00
Marcono1234
606173012a Java: Add InstanceOfExpr.getCheckedType() 
Additionally change `EqualsUsesInstanceOf.ql` to check for all RefTypes
instead of only Class.
 2021-07-26 00:50:11 +02:00
Marcono1234
3569ed56e5 Java: Add TypeLiteral.getReferencedType() 2021-07-26 00:02:08 +02:00
haby0
291ca3830a Modify according to suggestions 2021-07-23 09:28:55 +08:00
intrigus-lgtm
a30005c42e Replace broken link with archive.org link. 2021-07-22 22:14:44 +02:00
Chris Smowton
5c917b4a23 Merge pull request #6353 from sauyon/sauyon/java/model-constructors 
Java: Add models for collection constructors
 2021-07-22 16:27:59 +01:00
haby0
2a50cf8244 Fix 2021-07-22 22:24:09 +08:00
Sauyon Lee
fd02dcdf2e Java: Add models for collection constructors 2021-07-22 07:23:26 -07:00
haby0
d8f5f6987b Fix 2021-07-22 21:53:41 +08:00
haby0
e160352b38 Fix 2021-07-22 21:48:46 +08:00
haby0
735ab28040 Update java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.qhelp 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-07-22 21:45:30 +08:00
haby0
7cf2e9ed79 Update java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.qhelp 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-07-22 21:45:29 +08:00
haby0
46a212b712 Update java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-07-22 21:45:29 +08:00
haby0
676f0ad817 Update java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-07-22 21:45:29 +08:00
haby0
4ebf0ed7c5 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') 2021-07-22 21:45:29 +08:00
Chris Smowton
e2a533c7de Merge pull request #6346 from aschackmull/java/perf-fix 
Java: Fix bad magic.
 2021-07-22 10:15:16 +01:00
Chris Smowton
605f037af8 Merge pull request #6247 from p0wn4j/spring-responseentity-redirect-sink 
[Java] CWE-601: Add Spring URL Redirect ResponseEntity sink
 2021-07-22 09:45:30 +01:00
Anders Schack-Mulligen
dcfc027b5f Java: Fix bad magic. 2021-07-22 10:12:49 +02:00
Chris Smowton
c568a9463a Remove <> qualifier from ResponseEntity name 
This was an extractor bug that was fixed recently
 2021-07-21 17:58:06 +01:00
p0wn4j
f0d5520976 Add Spring URL Redirect ResponseEntity sink 
Copyedit qhelp
 2021-07-21 03:16:16 +04:00
Anders Schack-Mulligen
77d53676ba Java: Remove deprecated ParExpr. 2021-07-20 15:27:31 +02:00
Tony Torralba
68df8028d2 Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-07-20 14:47:16 +02:00
Artem Smotrakov
158a75e5a1 Import UnsafeDeserializationQuery in unsafeDeserialization.ql 2021-07-20 10:14:50 +02:00
github-actions[bot]
bed08a6f4f Add changed framework coverage reports 2021-07-20 00:06:37 +00:00
Chris Smowton
7819d32784 Make MediaType stub constants actually constant 
This is required to use them in annotations
 2021-07-19 18:28:30 +01:00
Chris Smowton
a0297d51e5 Note fixed test result 
the Optional type has now been modelled
 2021-07-19 18:28:06 +01:00
Chris Smowton
82ea2592ad Spring HTTP: Fix test mistakes 
Classes without RestController and methods without GetMapping or similar were never going to be detected.
 2021-07-19 18:21:13 +01:00
Chris Smowton
392e405f5d Add Spring-XSS test 
This covers the cases currently exercised in https://github.com/github/codeql-securitylab/blob/main/java/ql/src/pwntester/security/RestXSS.ql
 2021-07-19 18:21:11 +01:00
Chris Smowton
16c5952167 Add and improve Spring-web stubs 2021-07-19 18:20:37 +01:00
Tony Torralba
70081b6a1e Refactor MvelInjection.qll 2021-07-19 15:36:35 +02:00
Artem Smotrakov
47e4cf4180 Make UnsafeDeserializationSink public 2021-07-19 15:34:33 +02:00
Tony Torralba
46faf68d64 Decouple MvelInjection.qll to reuse the taint tracking configuration 2021-07-19 13:50:03 +02:00
Tony Torralba
5ca8b380e9 Merge branch 'main' into atorralba/promote-mvel-injection 2021-07-19 13:45:10 +02:00
Artem Smotrakov
035f7ac669 Refactored libs for unsafe deserialization 2021-07-19 13:19:36 +02:00
Anders Schack-Mulligen
db76b12f3f Merge pull request #6313 from aschackmull/java/fix-csv-dispatch 
Java: Fix a bug in call-context-sensitve dispatch to SummarizedCallable.
 2021-07-19 12:49:31 +02:00
Artem Smotrakov
e02530749b Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-07-19 11:52:12 +02:00
Anders Schack-Mulligen
0b89f96055 Merge pull request #6318 from Marcono1234/patch-1 
Java: Fix documentation mistake for `ProtoPom`
 2021-07-19 11:25:06 +02:00
Anders Schack-Mulligen
d1f21a854a Merge pull request #6042 from joefarebrother/spring-http 
[Java] Model spring `http` package
 2021-07-19 11:24:41 +02:00
Anders Schack-Mulligen
c32a75a1b3 Merge pull request #6183 from smowton/smowton/feature/javax-json-models 
Add models of the jakarta/javax.json package
 2021-07-19 11:19:21 +02:00
github-actions[bot]
9b7616bea4 Add changed framework coverage reports 2021-07-19 00:07:04 +00:00