1366 Commits

Author	SHA1	Message	Date
Alvaro Muñoz	30d8dce389	check that either there are no custom message interpolator configured, or there is at least one that is insecure	2020-11-11 12:53:54 +01:00
Alvaro Muñoz	c3bc0d6c15	Apply formatting	2020-11-11 12:06:39 +01:00
Alvaro Muñoz	5b1858a514	Do not report the issue only if all message interpolators are secure	2020-11-11 11:50:15 +01:00
Alvaro Muñoz	02cf49a773	apply codeql formatting	2020-11-10 11:46:42 +01:00
Alvaro Muñoz	24a47fbb0f	additional qldoc commentes	2020-11-10 10:48:47 +01:00
Alvaro Muñoz	3545edb92c	address code review suggestions	2020-11-10 10:45:14 +01:00
Alvaro Muñoz	9db340c9ca	add some improvements to the bean validation query	2020-11-06 13:08:45 +01:00
Anders Schack-Mulligen	cb77e460ae	Merge pull request #4600 from porcupineyhairs/urirefactor ... Java : Refactor all instances of `java.net.URI` into TypeUri	2020-11-06 09:35:09 +01:00
Anders Schack-Mulligen	45d117b68e	Merge pull request #4603 from pwntester/new_deser_sink ... New UnsafeDeserialization sink and improvements to SnakeYaml sink	2020-11-05 13:09:15 +01:00
Alvaro Muñoz	f103955f38	change qldoc formating according to LSP suggestion	2020-11-05 11:48:26 +01:00
Alvaro Muñoz	6fef63306e	add qldoc	2020-11-04 18:58:41 +01:00
Porcupiney Hairs	0a028dcb47	Java : Refactor all instances of java.net.URI into TypeUri	2020-11-04 18:23:26 +05:30
Anders Schack-Mulligen	22b4df0f3c	Merge pull request #4512 from luchua-bc/sensitive-broadcast ... Java: Sensitive broadcast	2020-11-04 10:47:48 +01:00
Alvaro Muñoz	6f78b725e6	Apply suggestions from code review ... Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2020-11-04 10:43:37 +01:00
Anders Schack-Mulligen	26495225e0	Update java/ql/src/experimental/Security/CWE/CWE-927/SensitiveBroadcast.qhelp ... Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>	2020-11-04 10:05:55 +01:00
Anders Schack-Mulligen	92494441a7	Merge pull request #4554 from aschackmull/dataflow/reverse-partial ... Dataflow: Add support reverse partial flow exploration.	2020-11-03 15:34:30 +01:00
luchua-bc	f8fd2ea821	Add qldoc and autoformat query	2020-11-03 12:23:40 +00:00
Anders Schack-Mulligen	89361a3b75	Merge pull request #3812 from luchua-bc/java-android-remote-source ... Java: Add remote source of Android intent extra	2020-11-03 09:35:40 +01:00
Anders Schack-Mulligen	2971784f9c	Dataflow: Add missing qldoc and sync.	2020-11-03 09:21:48 +01:00
Anders Schack-Mulligen	7eb64aa998	Dataflow: Code review fixes.	2020-11-03 09:16:20 +01:00
Anders Schack-Mulligen	1ae76a80aa	Dataflow: Fix qldoc.	2020-11-03 09:16:20 +01:00
Anders Schack-Mulligen	d5be4d7b92	Dataflow: Add support reverse partial flow exploration.	2020-11-03 09:16:19 +01:00
luchua-bc	864411b4b9	Updates to Android stub classes	2020-11-02 14:06:44 +00:00
luchua-bc	8da9b9d3ea	Add documentation to new library method and use the singular form	2020-11-02 10:53:46 +00:00
luchua-bc	c89ebeeb5e	Text changes	2020-11-01 00:39:00 +00:00
luchua-bc	7ac3fb41d5	Clean up query and test files	2020-10-31 13:37:36 +00:00
luchua-bc	5a6339c1af	Remove userid from the regex	2020-10-29 15:46:05 +00:00
Anders Schack-Mulligen	0d926dcf70	Java: Tweak qhelp to make it markdown-compatible.	2020-10-29 14:39:01 +01:00
luchua-bc	90d11812be	Update the regex to be the original one	2020-10-29 13:04:15 +00:00
luchua-bc	b1d6bc5ba9	Use getDeclaringType() for getIntent() method call	2020-10-29 12:55:03 +00:00
luchua-bc	2ee9a45e69	Use proper class inheritance	2020-10-28 22:05:30 +00:00
luchua-bc	908d659906	Minor updates	2020-10-28 20:23:22 +00:00
Alvaro Muñoz	a57308a519	Fix SnakeYaml query to account for Yaml subclasses and compose methods	2020-10-28 14:52:14 +01:00
Alvaro Muñoz	c28856d3dc	remove wicket taintstep from TaintTrackingUtil	2020-10-28 14:51:44 +01:00
Anders Schack-Mulligen	f3e2bd0fd9	Merge pull request #3141 from pwntester/InsecureBeanValidation ... Insecure Bean Validation query	2020-10-28 12:04:12 +01:00
Anders Schack-Mulligen	34ae6e0576	Apply suggestions from code review ... Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>	2020-10-28 09:15:08 +01:00
luchua-bc	99c79f4aa3	Enhance the dataflow sink and update test cases	2020-10-28 03:07:01 +00:00
luchua-bc	3cc3fe9d37	Switch to TaintPreservingCallable and add test cases	2020-10-28 00:33:07 +00:00
Alvaro Muñoz	77b551b693	Update java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.qhelp ... Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>	2020-10-27 21:12:17 +01:00
Alvaro Muñoz	b9c75ea462	Update java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.qhelp ... Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>	2020-10-27 21:12:00 +01:00
Alvaro Muñoz	ac116da0dc	Update java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.qhelp ... Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>	2020-10-27 21:11:48 +01:00
Alvaro Muñoz	d5b470ea0c	Update java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.qhelp ... Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>	2020-10-27 21:11:27 +01:00
Alvaro Muñoz	9785013c29	Update java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.qhelp ... Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>	2020-10-27 21:11:15 +01:00
Alvaro Muñoz	d221930c81	Update java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.qhelp ... Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>	2020-10-27 21:10:56 +01:00
Alvaro Muñoz	1fdf0556d2	more fixes to make qlhelp linter happy	2020-10-27 17:05:00 +01:00
Alvaro Muñoz	aa981caea5	more fixes to make qlhelp linter happy	2020-10-27 16:32:13 +01:00
Alvaro Muñoz	8974f252ac	fix format and qlhelp errors blocking the merge	2020-10-27 16:19:39 +01:00
Alvaro Muñoz	11e57bd2f8	add change note for new Insecure Bean Validation query	2020-10-27 16:11:51 +01:00
Alvaro Muñoz	3378dd526e	remove compiled classes from stubs	2020-10-27 15:56:26 +01:00
Alvaro Muñoz	99044fc6ab	remove experimental query forr bean validation	2020-10-27 15:55:19 +01:00