codeql

mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00

Author	SHA1	Message	Date
Tony Torralba	2dd862661b	Generic type parameters no longer needed in CSV sink models	2021-06-16 16:23:50 +02:00
Tony Torralba	91ba30a781	Merge branch 'main' into atorralba/promote-missing-jwt-signature-check	2021-06-16 15:46:14 +02:00
Tony Torralba	e2918d55b5	Move tests back from internal repo	2021-06-16 10:09:44 +02:00
Anders Schack-Mulligen	19305a217a	Merge pull request #5374 from joefarebrother/guava-base Java: Model additional flow steps for the package `com.google.common.base` of the Guava framwork.	2021-06-15 10:58:48 +02:00
Joe Farebrother	36cb207600	Increase precision of tests to test value flow	2021-06-14 11:20:07 +01:00
Calum Grant	85467adc5e	Merge pull request #5839 from github/security-severities5 Add security-severity scores	2021-06-11 15:56:20 +01:00
Joe Farebrother	678597f3f9	Update CSV rows for collection flow	2021-06-11 15:08:27 +01:00
Chris Smowton	76838809bb	Merge pull request #5818 from artem-smotrakov/rmi-deserialization Java: Unsafe RMI deserialization	2021-06-11 13:43:07 +01:00
Joe Farebrother	dc19d1db35	Add change note	2021-06-11 11:41:30 +01:00
Joe Farebrother	04ffe80366	Add unit tests	2021-06-11 11:41:27 +01:00
Joe Farebrother	153e0c4ac3	Add modelling for more `com.google.common.base` methods	2021-06-11 11:40:37 +01:00
Tony Torralba	c828c7031f	Add change note	2021-06-11 12:04:11 +02:00
Calum Grant	a594afb828	Add security-severity metadata	2021-06-10 20:11:08 +01:00
Tony Torralba	52f1930e1d	Add key-read-steps as local additional taint steps	2021-06-07 11:37:05 +02:00
Anders Schack-Mulligen	96da85449d	Merge pull request #5823 from atorralba/promote-jexl-injection Java: Promote JEXL Injection query from experimental	2021-06-07 10:03:12 +02:00
Tom Hvitved	3c7c10a424	Merge pull request #5991 from hvitved/java/shared-external-source-sink Java: Move common CSV logic for sources and sinks into shared library	2021-06-04 16:04:25 +02:00
Tom Hvitved	42202402a4	Address review comments	2021-06-04 14:32:37 +02:00
Anders Schack-Mulligen	f73960da8f	Merge pull request #5788 from Marcono1234/marcono1234/stmt-toString Java: Override toString() for statements	2021-06-04 12:41:03 +02:00
Anders Schack-Mulligen	60377a8f86	Merge pull request #5383 from smowton/smowton/feature/strbuilder-fluent-methods Java: Add models for StrBuilder's fluent methods	2021-06-04 12:33:24 +02:00
Anders Schack-Mulligen	30cb80b341	Merge pull request #5181 from smowton/smowton/feature/commons-tostringbuilder Java: Add models for Commons ToStringBuilder	2021-06-04 12:30:36 +02:00
Marcono1234	6003b6edd2	Java: Adjust change note for statement `toString()` changes Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2021-06-03 17:17:00 +02:00
Marcono1234	485b0be805	Java: Fix expected test output	2021-06-03 17:15:00 +02:00
Marcono1234	2889f94128	Java: Add change note for statement toString() changes	2021-06-03 16:27:37 +02:00
Marcono1234	e0a45507f8	Java: Adjust toString() for statements	2021-06-03 16:27:36 +02:00
Marcono1234	7e778bc008	Java: Override toString() for statements Additionally remove redundant QLDoc which is inherited anyways.	2021-06-03 16:27:35 +02:00
Anders Schack-Mulligen	bd9e3d0fa9	Merge pull request #5751 from aschackmull/java/collection-flow Java: Convert all collection and array steps from taint flow to value flow.	2021-06-03 15:29:14 +02:00
Tom Hvitved	d0b6808299	Java: Move common CSV logic for sources and sinks into shared library	2021-06-03 13:54:51 +02:00
Tony Torralba	56a429a5f9	Merge branch 'main' into promote-jexl-injection	2021-06-03 11:10:56 +02:00
Tony Torralba	607dcd4a27	Don't use CSV models for private flow configs	2021-06-03 11:05:13 +02:00
Tony Torralba	00836c4bac	Fix QLDocs	2021-06-03 10:52:52 +02:00
Tony Torralba	2833f8daa4	Change predicate isUnsafeEngine -> isSafeEngine to improve performance	2021-06-03 10:42:41 +02:00
Anders Schack-Mulligen	e86c534c48	Revert "Java: Update coverage." This reverts commit `1c081eeaed`.	2021-06-03 09:02:49 +02:00
Anders Schack-Mulligen	acca26f1d6	Merge pull request #5992 from hvitved/java/is-unreachable-perf Java: Improve performance of `isUnreachableInCall()`	2021-06-03 08:49:51 +02:00
Tom Hvitved	daf2cc3d53	Java: Improve performance of `isUnreachableInCall()`	2021-06-02 20:39:05 +02:00
Anders Schack-Mulligen	8e6dd51f50	Merge pull request #5868 from Marcono1234/marcono1234/ignore-not-closing-char-array-closeable Java: Ignore char array based closeables for CloseReader.ql and CloseWriter.ql	2021-06-02 15:00:59 +02:00
Chris Smowton	7382b349c2	Merge pull request #5987 from aschackmull/java/query-metadata Java: Add missing metadata.	2021-06-02 12:40:34 +01:00
Anders Schack-Mulligen	8a20395857	Merge pull request #5940 from pwntester/main Remove XSS sink for Java	2021-06-02 12:30:20 +02:00
Anders Schack-Mulligen	c0e562de21	Merge pull request #5979 from hvitved/java/shared-external-summaries Java: Move some CSV flow summary code into shared library	2021-06-02 12:28:45 +02:00
Alvaro Muñoz	a3a215afea	HTTP -> Http	2021-06-02 11:12:39 +02:00
Anders Schack-Mulligen	5e96e28792	Java: Add missing metadata.	2021-06-02 10:24:46 +02:00
Alvaro Muñoz	9aba92397d	lift XssSink check to InformationLeakSink	2021-06-01 17:16:41 +02:00
Anders Schack-Mulligen	650c4f19d2	Java: More qldoc.	2021-06-01 16:09:17 +02:00
Alvaro Muñoz	970b4e7d6a	update java library coverage documentation	2021-06-01 14:54:31 +02:00
Anders Schack-Mulligen	922b421a45	Java: Add change note.	2021-06-01 14:33:52 +02:00
Anders Schack-Mulligen	1c081eeaed	Java: Update coverage.	2021-06-01 14:00:05 +02:00
Alvaro Muñoz	0fb692400c	fix failing test	2021-06-01 13:57:13 +02:00
Tom Hvitved	14f9a5c280	Java: Move some CSV flow summary code into shared library	2021-06-01 13:22:14 +02:00
Anders Schack-Mulligen	fc913e744e	Java: Minor model fix.	2021-06-01 11:47:52 +02:00
Anders Schack-Mulligen	dbe352f3ff	Java: Remove deprecated tests.	2021-06-01 11:47:52 +02:00
Anders Schack-Mulligen	901996f9fd	Java: Add collection flow test.	2021-06-01 11:47:52 +02:00

1 2 3 4 5 ...

2431 Commits