hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-01 13:23:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,861 Commits 1,697 Branches 161 Tags
261ef0fbff76f175d896bd5bc011bcccb824f139
Commit Graph

776 Commits

Author SHA1 Message Date
lcartey@github.com
4300bc8088 Java: Update RemoteFlowSource to use improve Spring request parameter 
mapping.
 2020-06-16 09:50:31 +01:00
lcartey@github.com
f5dc0337ed Java: Improve modelling of Spring request methods 
- Recognise @<httpverb>Mapping as well as @RequestMapping.
 - Identify tainted/not tainted parameters of RequestMapping methods.
 2020-06-16 09:50:31 +01:00
Anders Schack-Mulligen
421a548e42 Update java/ql/src/semmle/code/java/Expr.qll 2020-06-12 09:24:37 +02:00
intrigus-lgtm
422b059aec Fix typo 2020-06-11 22:54:13 +02:00
Anders Schack-Mulligen
c961a31789 Java: Add Expr.getAnEnclosingStmt. 2020-06-11 13:46:12 +02:00
Anders Schack-Mulligen
f23eb0432e Java: Improve qldoc for JavadocTag. 2020-06-11 11:44:50 +02:00
semmle-qlci
1b8f3c4b84 Merge pull request #3657 from hvitved/dataflow/hidden-nodes 
Approved by aschackmull, jbj
 2020-06-10 13:22:09 +01:00
Anders Schack-Mulligen
c334d72f11 Java: Fix CompileTimeConstantExpr qldoc and add char cast case. 2020-06-10 10:59:10 +02:00
Tom Hvitved
a371205db1 Data flow: Sync files 2020-06-09 13:55:12 +02:00
Tom Hvitved
8c9f85d04f Data flow: Allow nodes to be hidden from path explanations 2020-06-09 13:53:19 +02:00
Anders Schack-Mulligen
ad8647f345 Merge pull request #3547 from pwntester/issue_3139 
add support for java.io.StringWriter
 2020-06-08 10:02:23 +02:00
Anders Schack-Mulligen
be862280b2 Update java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll 
Fix trailing whitespace
 2020-06-08 09:18:39 +02:00
Anders Schack-Mulligen
8d6e39eb18 Java: Add instanceof type bounds for ArrayAccess. 2020-06-03 09:42:37 +02:00
yo-h
1fea545160 Merge pull request #3573 from aschackmull/java/private-interface-methods 
Java: Fix for private interface methods.
 2020-05-28 20:31:55 -04:00
yo-h
c2de08ca51 Merge pull request #3499 from aschackmull/java/instanceof-pattern-cfg 
Java: Add CFG edges for Java 14 pattern-matching instanceof.
 2020-05-28 20:24:39 -04:00
Anders Schack-Mulligen
a858a8cd42 Java: Fix for private interface methods. 2020-05-27 11:05:41 +02:00
Anders Schack-Mulligen
796eac108f Java: Autoformat 2020-05-27 09:19:59 +02:00
Jonas Jensen
5deeda0337 Merge pull request #3387 from geoffw0/tostringperf 
C++: Eliminate recursion from toString().
 2020-05-26 13:24:43 +02:00
Jonas Jensen
3d58e6f7af Merge pull request #3515 from hvitved/dataflow/remove-deprecated 
Data flow: Remove deprecated predicates
 2020-05-25 15:08:28 +02:00
Alvaro Muñoz
0b20785cce add support for java.io.StringWriter 2020-05-22 18:13:28 +02:00
Tom Hvitved
431403f5db Data flow: Remove deprecated predicates 2020-05-19 15:42:59 +02:00
Anders Schack-Mulligen
9d7329de30 Java: Clean up deprecated overrides. 2020-05-19 10:41:41 +02:00
Anders Schack-Mulligen
bd114db862 Java: Add cfg edges for instanceof-pattern. 2020-05-18 09:49:32 +02:00
yo-h
4f00e40257 Merge pull request #3474 from aschackmull/java/string-formatted 
Java: Add taint steps for String.formatted.
 2020-05-15 22:04:36 -04:00
yo-h
69ab158910 Merge pull request #3473 from aschackmull/java/switchexpr 
Java: Extend library support for switch expressions.
 2020-05-15 20:46:37 -04:00
Tom Hvitved
cd9538d0d9 Merge remote-tracking branch 'upstream/master' into dataflow/precise-field-types 2020-05-15 15:24:05 +02:00
Anders Schack-Mulligen
1838a7455a Java: Add taint steps for String.formatted. 2020-05-14 16:17:03 +02:00
Tom Hvitved
e608c53c3f Java: Follow-up changes 2020-05-14 15:58:50 +02:00
Tom Hvitved
aa83cc1472 Data flow: Sync files 2020-05-14 15:58:50 +02:00
Anders Schack-Mulligen
0aad24e6db Java: Extend library support for switch expressions. 2020-05-14 15:40:26 +02:00
yo-h
a884538238 Update java/ql/src/semmle/code/java/frameworks/javaee/ejb/EJBRestrictions.qll 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2020-05-12 14:14:26 -04:00
yo-h
facd429d0a Update java/ql/src/semmle/code/java/frameworks/javaee/ejb/EJBJarXML.qll 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2020-05-12 14:14:14 -04:00
yo-h
1d55dffb98 Java: add missing QLDoc for J2ObjC.qll 2020-05-11 20:01:48 -04:00
yo-h
c55d01318c Java: add missing QLDoc for JavaServerFaces.qll and JSFAnnotations.qll 2020-05-11 20:01:48 -04:00
yo-h
6c8a016ca6 Java: add missing QLDoc for JacksonSerializability.qll 2020-05-11 20:01:45 -04:00
yo-h
45b502a82f Java: add missing QLDoc for GWT.qll, GwtUiBinder.qll, GwtXml.qll 2020-05-11 20:01:45 -04:00
yo-h
6e64f3dd05 Java: add missing QLDoc for JavaxAnnotations.qll 2020-05-11 20:01:44 -04:00
yo-h
537c657b19 Java: add missing QLDoc for EJBRestrictions.qll 2020-05-11 20:01:44 -04:00
yo-h
4594b51dfc Java: add missing QLDoc for EJB.qll 2020-05-11 20:01:43 -04:00
yo-h
3a82090087 Java: add missing QLDoc for EJBJarXML.qll 2020-05-11 20:01:42 -04:00
yo-h
8fe093c854 Java: add missing QLDoc for PersistenceXML.qll 2020-05-11 20:01:42 -04:00
yo-h
5b962c1add Java: add missing QLDoc for Persistence.qll 2020-05-11 20:01:42 -04:00
yo-h
c54f8d8128 Merge pull request #3383 from aschackmull/java/printast 
Java: Library for pretty-printing AST in linear time.
 2020-05-08 13:01:39 -04:00
Anders Schack-Mulligen
2561ba82db Merge pull request #3215 from aibaars/validating-object-input 
Java: teach UnsafeDeserialization about ValidatingObjectInputStream
 2020-05-07 14:57:50 +02:00
Anders Schack-Mulligen
f7410739d9 Java: Fix bug in qldoc. 2020-05-06 14:06:49 +02:00
Anders Schack-Mulligen
8c5e89c160 Java: Add PrintAst. 2020-05-06 14:06:40 +02:00
Arthur Baars
39e652b26b Java: teach UnsafeDeserialization about ValidatingObjectInputStream 
The class org.apache.commons.io.serialization.ValidatingObjectInputStream
is an implementation of ObjectInputStream that validates the deserialized
classes against a white list. Therefore, this class should not be considered an
unsafe deserialization sink.
 2020-05-06 12:15:30 +02:00
Anders Schack-Mulligen
3b3ca6d41e Merge pull request #3214 from aibaars/base64 
Java: Add org.apache.commons.codec.(De|En)coder to TaintTrackingUtil
 2020-05-06 09:21:18 +02:00
Tom Hvitved
e95cc24b3f Data flow: Support stores into nodes that are not PostUpdateNodes 2020-05-05 14:01:04 +02:00
Anders Schack-Mulligen
b7458091a9 Merge pull request #3110 from hvitved/dataflow/no-more-summaries 
Data flow: No more flow summaries
 2020-05-05 13:27:07 +02:00