codeql

mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00

Author	SHA1	Message	Date
Arthur Baars	0d33a77ee3	Fix modelling of Stack.push Stack.push(E) returns its argument, it does not propagate taint from the stack to the return value.	2020-07-09 16:16:29 +02:00
Anders Schack-Mulligen	879551fc6a	Merge pull request #3936 from aibaars/object-clone Java: model Object.clone	2020-07-09 16:09:01 +02:00
Arthur Baars	e183171fea	Java: model Object.clone	2020-07-09 14:50:29 +02:00
intrigus	641c5df79f	Centralize and model additional path creations.	2020-07-09 14:48:47 +02:00
Arthur Baars	0bd103ac05	Java: add tests for Container taint steps	2020-07-09 12:15:38 +02:00
Anders Schack-Mulligen	777dc6305c	Merge pull request #3893 from aibaars/set-map-list-copy-of Java: model some new Set,List,Map methods	2020-07-09 10:18:12 +02:00
Arthur Baars	e8f216c761	Merge remote-tracking branch 'upstream/master' into set-map-list-copy-of	2020-07-08 15:11:13 +02:00
Anders Schack-Mulligen	bf5c5297d3	Merge pull request #3897 from aibaars/util-objects Java: data flow for `java.util.Objects`	2020-07-08 15:07:50 +02:00
Arthur Baars	72a24972e7	Apply suggestions from code review Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2020-07-08 13:30:24 +02:00
Arthur Baars	940fec5669	Drop taint tracking for Arrays.{deepToString,toString}	2020-07-07 17:26:49 +02:00
Arthur Baars	583f7f914e	Drop taint tracking for Arrays.{setAll, parallelSetAll, parallelPrefix}	2020-07-07 17:22:30 +02:00
Arthur Baars	9cf6601d02	Java: Data flow for `java.util.Objects`	2020-07-07 16:58:22 +02:00
Arthur Baars	19a481f809	Java: Arrays: add tests	2020-07-03 17:15:17 +02:00
Arthur Baars	1485f7c876	Java: model some new Set,List,Map methods Models the taint propagation for the copyOf(..), of(..), ofEntries(..) and entry(..) methods	2020-07-03 17:14:53 +02:00
Arthur Baars	c629f6b13a	Merge pull request #3869 from aibaars/util-collections Java: model java.util.Collections	2020-07-03 17:09:14 +02:00
Arthur Baars	5fff41f35b	Don't track taint on Map keys	2020-07-03 14:47:25 +02:00
Arthur Baars	5f2a5f1b55	Java: Collections: add tests	2020-07-02 19:18:02 +02:00
Geoffrey White	cf75397ef1	Java: Rename tests.	2020-06-30 14:33:05 +01:00
Geoffrey White	f8425b8a58	Java: Update uses.	2020-06-30 13:02:48 +01:00
Tom Hvitved	c01f570d9e	Java: Implement `clearsContent()`	2020-06-23 10:55:12 +02:00
Tom Hvitved	e578827626	Java: Add more field-flow tests	2020-06-23 10:55:11 +02:00
Anders Schack-Mulligen	8107fbadc2	Merge pull request #3456 from hvitved/dataflow/precise-field-types Data flow: Track precise types during field flow	2020-06-19 11:50:10 +02:00
Anders Schack-Mulligen	74eab3cbc0	Dataflow: Fix qltest.	2020-06-17 17:23:35 +02:00
Anders Schack-Mulligen	64225c31a6	Java: Add test case.	2020-06-04 10:31:08 +02:00
Anders Schack-Mulligen	37c8917813	Java: Add test.	2020-05-18 13:19:19 +02:00
Tom Hvitved	e608c53c3f	Java: Follow-up changes	2020-05-14 15:58:50 +02:00
Anders Schack-Mulligen	0aad24e6db	Java: Extend library support for switch expressions.	2020-05-14 15:40:26 +02:00
Anders Schack-Mulligen	2561ba82db	Merge pull request #3215 from aibaars/validating-object-input Java: teach UnsafeDeserialization about ValidatingObjectInputStream	2020-05-07 14:57:50 +02:00
Arthur Baars	797721cd31	Test	2020-05-06 12:15:27 +02:00
Anders Schack-Mulligen	3b3ca6d41e	Merge pull request #3214 from aibaars/base64 Java: Add org.apache.commons.codec.(De\|En)coder to TaintTrackingUtil	2020-05-06 09:21:18 +02:00
Anders Schack-Mulligen	b7458091a9	Merge pull request #3110 from hvitved/dataflow/no-more-summaries Data flow: No more flow summaries	2020-05-05 13:27:07 +02:00
Anders Schack-Mulligen	b6a7ab8bf4	Merge pull request #3372 from aibaars/spring-multipart Java: add `org.springframework.web.multipart.MultipartFile::getX` as RemoteFlowSource	2020-04-29 11:35:04 +02:00
Arthur Baars	ae2bab7e9c	Add test case	2020-04-28 16:57:03 +02:00
Arthur Baars	31e284a707	Add test case	2020-04-28 11:26:43 +02:00
Arthur Baars	59869ace63	Java: teach Encryption.qll about MessageDigest.getInstance We already modelled usage of the protected `MessageDigest(String algo)` constructor as a crypto algorithm specification. For some reason we did not model the more commonly used public `MessageDigest.getInstance` method.	2020-04-25 00:41:10 +02:00
Tom Hvitved	05ec75558d	Java: Update test	2020-04-17 13:49:08 +02:00
yo-h	697b273e32	Java 14: update expected test output	2020-04-07 22:22:10 -04:00
yo-h	9d2f76849b	Java 14: switch expressions are no longer in preview	2020-04-07 22:22:07 -04:00
Anders Schack-Mulligen	b2769b42ed	Merge pull request #3117 from adityasharad/java/jackson-taint-steps Java: Add taint steps through Jackson serialization methods.	2020-03-30 10:34:56 +02:00
Aditya Sharad	a6e039b284	Java: Add tests for Jackson taint steps. Add stubs for jackson-databind-2.10. Based on http://fasterxml.github.io/jackson-databind/javadoc/2.10. Test taint through Jackson serialization APIs.	2020-03-24 12:59:24 -07:00
Anders Schack-Mulligen	d8edae96df	Java: Add test.	2020-03-24 15:24:17 +01:00
Anders Schack-Mulligen	e1a0c2d846	Java: Add minor test case to typeflow qltest.	2020-03-11 13:13:19 +01:00
Anders Schack-Mulligen	4298a3a931	Java: Add test.	2020-03-09 11:16:59 +01:00
yo-h	f8bf055fe1	Merge pull request #2927 from aschackmull/java/taintgettersetter-tests Java: Add some more taint-getter-setter tests.	2020-02-27 22:12:25 -05:00
Anders Schack-Mulligen	33f6392be5	Java: Add some more taint-getter-setter tests.	2020-02-27 10:47:25 +01:00
Anders Schack-Mulligen	0c30d7cced	Java: Update test output.	2020-02-27 10:28:12 +01:00
semmle-qlci	ecad925101	Merge pull request #2631 from hvitved/dataflow/generalize-flow-summaries Approved by aschackmull	2020-02-17 18:22:46 +00:00
Anders Schack-Mulligen	75f7671e75	Java: Fix .expected	2020-02-06 10:27:44 +01:00
Anders Schack-Mulligen	ba86dea657	Java: Improve taint step modeling to use postupdate nodes.	2020-02-05 15:33:29 +01:00
Tom Hvitved	15ee1e37b9	Java: Follow-up changes	2020-02-04 14:09:12 +01:00

1 2 3 4 5

250 Commits