codeql

mirror of https://github.com/github/codeql.git synced 2026-03-01 13:23:49 +01:00

Author	SHA1	Message	Date
Geoffrey White	a70f534458	Sync identical files.	2020-05-05 09:18:05 +01:00
Anders Schack-Mulligen	b6a7ab8bf4	Merge pull request #3372 from aibaars/spring-multipart Java: add `org.springframework.web.multipart.MultipartFile::getX` as RemoteFlowSource	2020-04-29 11:35:04 +02:00
Arthur Baars	d7774788b3	Java: add Spring MultipartFile as RemoteFlowSource	2020-04-28 16:57:03 +02:00
Anders Schack-Mulligen	bc7163aa68	Merge pull request #3216 from aibaars/message-digest Java: teach Encryption.qll about MessageDigest.getInstance	2020-04-28 11:41:53 +02:00
Arthur Baars	9742d3892d	Java: Add org.apache.commons.codec.(De\|En)coder to TainTrackingUtil The commons codec library contains many encoder and decoder methods and is fairly commonly used.	2020-04-28 11:26:43 +02:00
Grzegorz Golawski	d590f3fba8	CodeQL query to detect XSLT injections	2020-04-27 22:35:35 +02:00
yo-h	97f4cb64ef	Merge pull request #3349 from aschackmull/java/qldoc1 Java: Improve qldoc coverage.	2020-04-27 12:49:23 -04:00
Tom Hvitved	d28c4fb0f5	Merge pull request #3202 from jbj/pathStep-join-unique Java/C++/C#: Use `unique` to improve join order fix	2020-04-27 13:06:27 +02:00
Arthur Baars	59869ace63	Java: teach Encryption.qll about MessageDigest.getInstance We already modelled usage of the protected `MessageDigest(String algo)` constructor as a crypto algorithm specification. For some reason we did not model the more commonly used public `MessageDigest.getInstance` method.	2020-04-25 00:41:10 +02:00
Anders Schack-Mulligen	beab320557	Java: Add more qldoc.	2020-04-24 14:17:47 +02:00
Tom Hvitved	1b6e978a62	Data flow: Sync files	2020-04-17 13:49:06 +02:00
yo-h	9a79e3be2c	Java 14: add `PREVIEW FEATURE` notes to QLDoc	2020-04-07 22:22:10 -04:00
yo-h	662cff8316	Java 14: add class `Record` to `Type.qll`	2020-04-07 22:22:08 -04:00
yo-h	b763342277	Java 14: account for `instanceof` pattern matching	2020-04-07 22:22:07 -04:00
yo-h	9d2f76849b	Java 14: switch expressions are no longer in preview	2020-04-07 22:22:07 -04:00
Jonas Jensen	46fc91315b	Java/C++/C#: Revert the join order fix from #2872 This revert brings back the performance problems in `DataFlowImplLocal.qll` so they can be fixed in a different way. The fix in #2872 was asymptotically good but had undesired overhead because it introduced another predicate in the SCC that existed purely for join ordering. I did the revert by inlining the helper predicate, eliminating the `enclosing` variable, and re-ordering the resulting lines to what they were before #2872.	2020-04-06 10:04:50 +02:00
Anders Schack-Mulligen	01157e43e3	Merge pull request #2899 from p-/cwe-036 Java: Calling openStream on URLs created from remote source can lead to file disclosure	2020-04-02 13:55:06 +02:00
Tom Hvitved	42e180d6c4	Merge pull request #3060 from aschackmull/dataflow/no-param-to-same-param-flow Dataflow: Exclude param-param flow through with identical params.	2020-04-01 09:42:12 +02:00
Tom Hvitved	9fa9c10361	Merge pull request #2921 from aschackmull/dataflow/consistency-checks Java: Add data-flow consistency checks.	2020-03-30 12:47:41 +02:00
Anders Schack-Mulligen	caf0d1528f	Merge pull request #3155 from max-schaefer/add-module-comment Data flow: Add module doc comment for `TaintTrackingImpl.qll`	2020-03-30 12:07:08 +02:00
Max Schaefer	e5e94e3357	Data flow: Add module doc comment for `TaintTrackingImpl.qll` Modelled after the correponding comment for `DataFlowImpl.qll`.	2020-03-30 10:35:47 +01:00
Anders Schack-Mulligen	b2769b42ed	Merge pull request #3117 from adityasharad/java/jackson-taint-steps Java: Add taint steps through Jackson serialization methods.	2020-03-30 10:34:56 +02:00
Peter Stöckli	74fc416a35	Merge branch 'master' into cwe-036	2020-03-27 14:54:41 +01:00
Mathias Vorreiter Pedersen	7890a322c8	C++/C#/Java: Sync identical files	2020-03-27 11:51:38 +01:00
yo-h	0f70da2258	Merge pull request #3105 from aschackmull/java/postupdate-jump Java: Fix missing jump step from PostUpdate to capture.	2020-03-25 22:05:30 -04:00
yo-h	116c13eb18	Merge pull request #3106 from aschackmull/java/getstmtbody-type Java: Sharpen return type of LambdaExpr.getStmtBody().	2020-03-24 19:20:57 -04:00
Aditya Sharad	7de8b48692	Java: Add taint steps through Jackson serialization methods.	2020-03-24 12:59:14 -07:00
yo-h	d315864383	Merge pull request #3108 from aschackmull/java/finalizemethod Java: Fixup FinalizeMethod definition.	2020-03-23 18:27:57 -04:00
Anders Schack-Mulligen	f29f0f418f	Dataflow: Exclude flow param-param flow through with identical params.	2020-03-23 17:27:53 +01:00
Anders Schack-Mulligen	4bc0cb0d28	Java: Fixup FinalizeMethod definition.	2020-03-23 11:11:00 +01:00
Anders Schack-Mulligen	6d3717cff8	Java: Sharpen return type of LambdaExpr.getStmtBody().	2020-03-23 10:27:36 +01:00
Anders Schack-Mulligen	c78906500d	Java: Fix missing jump step from PostUpdate to capture.	2020-03-23 10:24:25 +01:00
Anders Schack-Mulligen	888c504f55	Merge pull request #2903 from hvitved/dataflow/performance Data flow: Refactoring + performance improvements	2020-03-23 10:01:20 +01:00
yo-h	16f2957029	Merge pull request #3081 from aschackmull/java/urldecoder-step Java: Add URLDecoder.decode as taint step.	2020-03-20 13:53:20 -04:00
Tom Hvitved	937924571c	Data flow: Sync files	2020-03-18 18:16:27 +01:00
Tom Hvitved	3bd6429072	Data flow: Sync files	2020-03-18 13:28:26 +01:00
Anders Schack-Mulligen	396678fd55	Java: Add apache Base64 taint steps.	2020-03-18 10:54:40 +01:00
Tom Hvitved	2e8bd5ccba	Data flow: Sync files	2020-03-17 15:16:12 +01:00
Anders Schack-Mulligen	9c9e302a73	Java: Add URLDecoder.decode as taint step.	2020-03-17 10:19:02 +01:00
Tom Hvitved	f935f5eaca	Data flow: Sync files	2020-03-13 13:58:05 +01:00
Anders Schack-Mulligen	99c55b6edb	Java: Add taint steps for java.util.Queue methods.	2020-03-12 15:02:06 +01:00
Anders Schack-Mulligen	a9d76cbe64	Dataflow: Add consistency checks for toString and location.	2020-03-11 10:29:48 +01:00
Tom Hvitved	bd6c23d165	Merge pull request #3020 from aschackmull/dataflow/type-pruning-bigstep Dataflow: Fix bug in type pruning.	2020-03-10 14:21:21 +01:00
Anders Schack-Mulligen	e97c72cd5d	Dataflow: Adjust imports.	2020-03-10 11:34:09 +01:00
Anders Schack-Mulligen	a2bbacf58d	Java/C++/C#: Fix performance issue in partial paths exploration.	2020-03-09 11:30:59 +01:00
Anders Schack-Mulligen	f491fcd5ae	Java/C++/C#: Sync.	2020-03-09 11:05:13 +01:00
Anders Schack-Mulligen	7a74634cfd	Java/C++/C#: Simplify.	2020-03-09 11:04:28 +01:00
Anders Schack-Mulligen	cf84a53573	Java/C++/C#: Fix bug in type pruning.	2020-03-09 11:04:24 +01:00
Anders Schack-Mulligen	8e2b56cfd0	Java: Include count in messages.	2020-02-27 13:10:42 +01:00
Anders Schack-Mulligen	a09e479033	Java: Change relevantNode to a class, and add two more checks.	2020-02-27 10:14:14 +01:00

... 7 8 9 10 11 ...

776 Commits