hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 05:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity
24,426 Commits 1,742 Branches 166 Tags
2a50cf8244b0baf2fffcd9e89d4049da1b04d547
Commit Graph

2416 Commits

Author SHA1 Message Date
Chris Smowton
a11021991a Improve method documentation 2021-07-13 16:35:44 +01:00
Chris Smowton
b5492056d8 Remove superfluous parens 2021-07-13 16:35:22 +01:00
Chris Smowton
97694bc9a1 Report error even if interpretElement resolves to a non-Callable Element 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-07-13 16:16:01 +01:00
Tom Hvitved
7e9d87055d Data flow: Sync 2021-07-13 16:15:00 +02:00
Anders Schack-Mulligen
0f6f020766 Java: Fix models. 2021-07-13 15:23:19 +02:00
Chris Smowton
78fe0f810a Add models for decode/encodePointer methods 2021-07-13 11:10:46 +01:00
Chris Smowton
2bd58d6ba7 Improve header comment 2021-07-12 18:09:23 +01:00
Chris Smowton
cc4401b453 Add models of JsonPointer, JsonMergeDiff and JsonPatchBuilder 2021-07-12 18:08:45 +01:00
Chris Smowton
539859497b Add models of JsonMergePatch, JsonPatchBuilder and JsonPointer 2021-07-12 17:39:51 +01:00
Chris Smowton
6bf931392b Add missing model of JsonObjectBuilder.remove 2021-07-12 17:13:39 +01:00
Tom Hvitved
47d126e681 Data flow: Sync 2021-07-12 12:09:51 +02:00
Joe Farebrother
4d459f24d9 Fix up tests and update models 2021-07-02 14:46:33 +01:00
Joe Farebrother
fc017b7934 Use ArrayElement of in flow step specifications 2021-07-02 14:46:31 +01:00
Joe Farebrother
15415931ce Use Argument ranges in CSV rows 2021-07-02 14:46:03 +01:00
Joe Farebrother
5325622813 Convert sql-related flow steps to CSV 2021-07-02 14:46:03 +01:00
Anders Schack-Mulligen
3c6604daa7 Java: Fix subtypes interpretation. 2021-07-02 14:43:56 +02:00
Anders Schack-Mulligen
55ebbc3e01 Java: Add signature to Map.put. 2021-07-02 14:41:32 +02:00
Chris Smowton
a51154a8ef Deduplicate Jexl configuration 2021-07-02 10:02:28 +01:00
Chris Smowton
bbd3ecb768 Add docs to RandomQuery.qll 2021-07-02 10:02:28 +01:00
Chris Smowton
e661fc08d3 Split Android XSS sink defintions out of XSS.qll 
This removes one of the routes by which XSS.qll is always in scope, and so its dataflow configuration is too -- however it is still always in scope because JaxWS.qll imports it.
 2021-07-02 10:02:25 +01:00
Chris Smowton
747a8e4157 Split up JexlInjection.qll 
This avoids a DataFlow2::Configuration being in scope for all queries via the import from ExternalFlow.qll
 2021-07-02 10:01:51 +01:00
Chris Smowton
643f7dfb87 Split up Random.qll 
This prevents bringing a dataflow config into scope from utility libraries.
 2021-07-02 10:00:49 +01:00
Anders Schack-Mulligen
80124df78e Merge pull request #5487 from joefarebrother/sql-sinks 
Java: Convert SQL sinks to CSV format
 2021-07-02 10:51:09 +02:00
Anders Schack-Mulligen
4e1155cfd2 Merge pull request #6202 from smowton/smowton/admin/cleanup-duplicated-experimental-query 
Deduplicate shared body of regular and experimental versions of `java/command-line-injection` query.
 2021-07-02 09:23:50 +02:00
Anders Schack-Mulligen
f9da044e54 Merge pull request #6185 from aschackmull/java/perf-fix-request-forgery 
Java: Fix bad magic.
 2021-07-02 09:07:07 +02:00
Chris Smowton
8b7db8a8cc Merge pull request #5408 from p0wn4j/urlclassloader-webclient-ssrf-sinks 
Java: Add URLClassLoader, WebClient SSRF sinks
 2021-07-01 16:14:22 +01:00
Chris Smowton
d5a9f3d87b Deduplicate shared body of regular and experimental versions of java/command-line-injection query. 2021-07-01 14:53:56 +01:00
Joe Farebrother
160f3b4312 Remove ArrayElement from sink specifications 2021-07-01 14:41:39 +01:00
Joe Farebrother
1a06c132be Use ArrayElement of to handle arargs case in SpringJdbc.qll 2021-07-01 14:38:20 +01:00
Joe Farebrother
29f82fc81f Use ArrayElementOf in Android sinks 2021-07-01 14:38:19 +01:00
Joe Farebrother
95d8018a43 Include overrides for SQLiteQueryBuilder sinks 2021-07-01 14:38:19 +01:00
Joe Farebrother
0d4f8aedb8 Use Argument ranges in CSV rows 2021-07-01 14:38:19 +01:00
Joe Farebrother
7926d16844 Convert SQL sinks to CSV format 2021-07-01 14:38:19 +01:00
Anders Schack-Mulligen
cda5c22f6e Merge pull request #5590 from github/sauyon/java-spring-errors 
Add models for Spring validation.Errors
 2021-07-01 14:29:49 +02:00
Anders Schack-Mulligen
37f8794d01 Merge pull request #6165 from edoardopirovano/fix-regression 
Performance: Improve join order in data flow library
 2021-07-01 14:13:18 +02:00
p0wn4j
0db7496617 Add URLClassLoader and Spring WebClient SSRF sinks 2021-07-01 03:34:14 +04:00
Chris Smowton
753c878f48 Also cover jakarta version of javax.json, and some missed methods 2021-06-30 15:04:15 +01:00
Anders Schack-Mulligen
d8b017e6c0 Merge pull request #6036 from atorralba/atorralba/spring-beans 
Java: Flow summaries for Spring's Bean Properties classes
 2021-06-30 15:41:24 +02:00
Anders Schack-Mulligen
f03d460e95 Java: Fix bad join-order. 2021-06-30 13:42:45 +02:00
Tony Torralba
0bb9e464b2 Merge branch 'main' into atorralba/spring-beans 2021-06-30 12:55:10 +02:00
Anders Schack-Mulligen
e235e151f1 Java: Fix bad magic. 2021-06-30 11:09:08 +02:00
Tony Torralba
9d64cadb50 Adapt tests after applying changes from code review 2021-06-30 10:02:03 +02:00
Tony Torralba
b64b8ecec2 Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-06-30 09:52:22 +02:00
Sauyon Lee
52d1901d6e Adjust validation models to reflect array parameters 2021-06-29 12:01:24 -07:00
Edoardo Pirovano
8354f66c29 Performance: Improve join order in data flow library 2021-06-29 18:23:22 +01:00
Chris Smowton
47ccb19b84 SSV -> CSV everywhere 
While these are semicolon-delimited, we use CSV as a generic term for delimited values
 2021-06-29 15:59:43 +01:00
Chris Smowton
92ab650b7d Use new interpretSpec/2 predicate where appropriate 2021-06-29 15:59:43 +01:00
Chris Smowton
28ab4c083b Make interpretSpec/3 private again 2021-06-29 15:59:43 +01:00
Chris Smowton
c94c69415f Document Content::hasLocationInfo 2021-06-29 15:59:43 +01:00
Chris Smowton
cf7c966ea7 GenerateFlowTestCase: make imports private 2021-06-29 15:59:43 +01:00