hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-27 15:47:23 +02:00
Code Issues Packages Projects Releases Wiki Activity
88,235 Commits 1,784 Branches 169 Tags
2e1289dbddf53ef608a05206079d38efe63b762e
Commit Graph

621 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
17fded4aa5 Java: Delete old deprecated code. 2026-05-04 10:52:27 +02:00
Owen Mansel-Chan
91c731f68d Fix new usage that was introduced 2026-02-16 11:03:27 +00:00
Owen Mansel-Chan
c4192b670b More copilot suggestions 2026-02-16 11:02:21 +00:00
Owen Mansel-Chan
31840902cd Fix places which already dealt with both javax and jakarta 2026-02-16 11:02:16 +00:00
Owen Mansel-Chan
a5e6f6daf9 Replace "javax" with javaxOrJakarta() 
This is just a find-replace of `"javax` with `javaxOrJakarta() + "`.
 2026-02-16 11:02:12 +00:00
Owen Mansel-Chan
16ddb5658f Small refactor for stylistic consistency 2026-02-15 14:39:23 +00:00
Owen Mansel-Chan
d6b71a346e Extend RegexMatch framework to allow for MatcherMatchesCall edge case 2026-02-15 14:39:21 +00:00
Owen Mansel-Chan
1fefa989d7 Rename RegexMatch and only include expressions 2026-02-13 22:45:48 +00:00
Owen Mansel-Chan
953ff9f0d0 PatternAnnotation.getString() should only be field reads 2026-02-13 22:41:20 +00:00
Owen Mansel-Chan
106254b220 Improve QLDocs 2026-02-13 22:40:36 +00:00
Owen Mansel-Chan
5bdf550317 Fix QLDocs 2026-02-12 16:57:14 +00:00
Owen Mansel-Chan
bfe26c1989 Add @Pattern as RegexExecution => SSRF sanitizer 2026-02-12 16:57:11 +00:00
Owen Mansel-Chan
1ee5728311 Add missing QLDoc 2026-02-11 13:40:20 +00:00
Owen Mansel-Chan
44eeee5757 Add and improve classes for regex-related methods 2026-02-11 13:09:45 +00:00
Anders Schack-Mulligen
6f40ac15b4 Java: Rename ReturnStmt.getResult to getExpr. 2026-02-04 14:43:31 +01:00
Anders Schack-Mulligen
5e6e64b2b7 Java: Rename UnaryExpr.getExpr to getOperand. 2026-02-04 10:50:49 +01:00
Mads Navntoft
9a94d0474c Java: Add support for Struts 7.x package names 
Updates Struts library to recognize both legacy xwork2 and new struts2
packages:
- StrutsActions.qll: Add org.apache.struts2 alternatives for Action,
  Preparable, ActionSupport
- StrutsConventions.qll: Add org.apache.struts2.action.Action
  alternative

This maintains backward compatibility for analyzing Struts 2.x-6.x apps
while supporting Struts 7.x which renamed packages from
com.opensymphony.xwork2 to org.apache.struts2.
 2026-01-27 12:57:55 +01:00
Owen Mansel-Chan
a5d9cb179a Merge pull request #20930 from owen-mc/java/spring-rest-template-request-forgery-sinks 
Java: add more Spring RestTemplate request forgery sinks
 2026-01-15 14:23:15 +00:00
Owen Mansel-Chan
97e0b4e9fd Use parameter name to only select correct overloads 2026-01-15 10:36:03 +00:00
Owen Mansel-Chan
44295e4c7d Convert XSS barrier to MaD 2025-12-11 16:24:28 +01:00
Owen Mansel-Chan
f6e40bd49d Convert trust boundary violation barrier and barrier guard to MaD 2025-12-11 16:24:26 +01:00
Owen Mansel-Chan
5c8ab1f6d1 Merge pull request #20956 from owen-mc/java/improve-regex-sanitizer 
Java: improve regex sanitizer for `java/ssrf`
 2025-12-04 15:32:12 +00:00
Anders Schack-Mulligen
dc6d3fe7ba Use flowFrom. 2025-12-03 14:04:18 +01:00
Owen Mansel-Chan
a85d0ea8a3 Make tests pass 2025-12-02 17:08:16 +00:00
Owen Mansel-Chan
9f2a7f712a Apply suggestion from @owen-mc 2025-12-02 15:52:01 +00:00
Owen Mansel-Chan
992bd68d4b Use set literals #2 2025-11-28 03:48:50 +00:00
Owen Mansel-Chan
22b614ac48 Use set literals 2025-11-28 03:34:17 +00:00
Owen Mansel-Chan
62238fcbd7 Fix variable name in qldoc 2025-11-28 03:33:18 +00:00
Owen Mansel-Chan
89546cbc83 Fix qldoc inaccuracies 2025-11-28 01:09:07 +00:00
Owen Mansel-Chan
8debe49563 Correct mistake in qldoc 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-11-28 01:00:16 +00:00
Owen Mansel-Chan
969b0cf439 Add SSRF sinks for uriVariables arguments of more methods on Spring RestTemplate 2025-11-27 23:44:35 +00:00
Anders Schack-Mulligen
06df5c0bd1 Java: Introduce SsaCapturedDefinition and replace uses of getAnUltimateDefinition. 2025-11-12 09:06:17 +01:00
Anders Schack-Mulligen
483b2d89a7 Java: Replace uses of SsaExplicitUpdate. 2025-11-12 09:06:16 +01:00
Anders Schack-Mulligen
07e635636c Java: Replace getAFirstUse with top-level predicate. 2025-11-12 09:06:16 +01:00
Anders Schack-Mulligen
99aa0333cf Java: Replace usages of isParameterDefinition. 2025-11-12 09:06:15 +01:00
Anders Schack-Mulligen
942dc2b89e Java: Replace BaseSSA class wrappers with shared code. 2025-11-12 09:06:14 +01:00
Anders Schack-Mulligen
3815503314 Java: Consolidate Assertions.qll and Preconditions.qll. 2025-09-10 15:42:18 +02:00
Anders Schack-Mulligen
4c1fa58367 Java: Fix more broken performance. 2025-09-08 14:12:00 +02:00
Michael Nebel
77113b2e42 Java: Fix some Ql4Ql violations. 2025-09-01 15:04:08 +02:00
Owen Mansel-Chan
6629bd8279 No need to deprecate classes when module is deprecated 2025-07-17 11:52:31 +01:00
Owen Mansel-Chan
fdd1e3fefe Use MaD models for unsafe deserialization sinks when possible 
Many of the unsafe deserialization sinks have to stay defined in QL
because they have custom logic that cannot be expressed in MaD models.
 2025-07-16 14:42:07 +01:00
Kasper Svendsen
9d2dd782d9 Merge remote-tracking branch 'github/main' into kaspersv/overlay-java-annotations 2025-06-26 13:18:25 +02:00
Anders Schack-Mulligen
73810a6d85 Java: Fix perf issue. 2025-06-26 07:17:35 +02:00
Kasper Svendsen
c207cfdeb7 Overlay: Add overlay annotations to Java & shared libraries 2025-06-24 10:25:06 +02:00
Anders Schack-Mulligen
f27e310ba3 Java: Adjust references. 2025-06-11 15:53:02 +02:00
Owen Mansel-Chan
476ada13db Improve QLDoc for SpringRequestMappingMethod.getAValue 2025-05-22 14:22:28 +01:00
Owen Mansel-Chan
59d4f039d8 Deprecate SpringRequestMappingMethod.getValue (which didn't work) 2025-05-22 12:29:29 +01:00
Owen Mansel-Chan
775338ebdd Rename getArrayValue to getAValue 2025-05-22 12:21:20 +01:00
sentient0being
f575d2f941 get array string url 2025-05-17 19:40:41 +08:00
Chris Smowton
77e4d9e692 Fix stray references to the javax package name 
Co-authored-by: Jami <57204504+jcogs33@users.noreply.github.com>
 2025-04-02 10:03:49 +01:00