hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-06 07:36:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
25,419 Commits 1,703 Branches 162 Tags
33c727e6b9faaedb79765e7b41ecbeab237bce6c
Commit Graph

2680 Commits

Author SHA1 Message Date
Chris Smowton
33c727e6b9 Split up GenerateFlowTestCase.qll 
This doesn't change any behaviour or alter any predicate bodies
 2021-08-26 08:02:19 -07:00
Andrew Eisenberg
8f73c6968a Merge pull request #6542 from github/aeisenberg/pack/move-external 
Java: Move the ExternalArtifact.qll module to the library pack
 2021-08-24 16:07:26 -07:00
Andrew Eisenberg
7f3066cd64 Java: Move the ExternalArtifact.qll module to the library pack 2021-08-24 13:01:02 -07:00
Chris Smowton
7f73efe3e1 Downgrade precision of java/concatenated-sql-query 2021-08-24 10:46:01 +01:00
Tony Torralba
1ee2f6f207 Adapt test generator to new package name 2021-08-23 16:05:13 +02:00
Andrew Eisenberg
2042cc7871 Packaging: Migrate default.qll 2021-08-20 20:01:29 -07:00
Andrew Eisenberg
8e750f18ad Packaging: Java refactoring 
Split java pack into `codeql/java-all` and `codeql/java-queries`.
 2021-08-19 14:09:35 -07:00
Owen Mansel-Chan
714e126088 Merge pull request #6370 from owen-mc/java/model/apache-collections 
Java: Model more of Apache Commons Collections
 2021-08-19 15:09:06 +01:00
Joe Farebrother
9dc28eb9b5 Merge pull request #6387 from joefarebrother/guava-cache 
Java: Model guava cache package
 2021-08-19 10:53:48 +01:00
Chris Smowton
48818ebd6d Merge pull request #6434 from smowton/smowton/admin/jodd-unsafe-deserialization 
Java: Unsafe deserialization: add support for Jodd JSON library
 2021-08-18 17:26:02 +01:00
Chris Smowton
cc4fe7375c Merge pull request #5953 from github/sauyon/java/spring-webutil 
Java: Add models for the Spring `web.util` package
 2021-08-18 15:07:28 +01:00
Andrew Eisenberg
03d6b15401 Merge branch 'main' into aeisenberg/pack/cpp 2021-08-17 15:28:47 -07:00
Sauyon Lee
17cef3f498 Address review comments 2021-08-17 12:45:47 -07:00
Joe Farebrother
076aeb5d80 Update tests 2021-08-17 16:44:58 +01:00
Sauyon Lee
390e48fdd2 Remove more redundant models 2021-08-17 02:17:36 -07:00
Andrew Eisenberg
e566fb9c5a Packaging: Update suite-helpers qlpack 
Uses new style naming scheme.
 2021-08-16 17:51:33 -07:00
Chris Smowton
ff3f85be49 Autoformat 2021-08-16 18:09:40 +01:00
Owen Mansel-Chan
b23fabe8cb Fix errors from previous PR 2021-08-16 16:11:17 +01:00
Joe Farebrother
48c61fc4b4 Update models for Cache.getAllPresent and LoadingCache.getAll 2021-08-16 13:50:54 +01:00
Marcono1234
48872b4588 Java: Improve Callable.getStringSignature() documentation 2021-08-14 19:58:55 +02:00
Sauyon Lee
ed1d855025 Java: Remove redundant models from Spring web.util and fix typo 2021-08-12 11:20:49 -07:00
Sauyon Lee
9a5c0f6c73 Java: Add HTML escapes as XSS sanitizers 
Co-Authored-By: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-08-12 11:20:49 -07:00
Sauyon Lee
25649a61c4 Java: Add models for the Spring web.util package 2021-08-12 11:20:48 -07:00
Owen Mansel-Chan
1c2476c6a1 Add explanatory comments 2021-08-12 14:51:49 +01:00
Owen Mansel-Chan
fe477ff989 Fix more models based on review comments 2021-08-12 14:51:37 +01:00
Chris Smowton
7a2704373f Merge pull request #5943 from joefarebrother/java-stub 
[Java] Add stubbing script
 2021-08-11 16:11:53 +01:00
Joe Farebrother
7462180dcd Improve handling or array types 2021-08-10 16:52:38 +01:00
Joe Farebrother
207c753f6f Update model for getAll 2021-08-10 15:05:02 +01:00
Owen Mansel-Chan
a55a32f50a Add more missing models 
And corresponding tests
 2021-08-10 11:35:20 +01:00
Owen Mansel-Chan
2d31bb8d64 Remove toString taint propagation 
We do not do this for other overrides of toString
 2021-08-09 17:18:02 +01:00
Owen Mansel-Chan
487a46ae77 Improve treatment of new and old package name 2021-08-09 16:25:11 +01:00
Chris Smowton
5ba9347281 Merge pull request #6006 from artem-smotrakov/timing-attacks 
Java: Timing attacks while comparing results of cryptographic operations
 2021-08-09 15:30:47 +01:00
Owen Mansel-Chan
f94e467076 Fixes to models and tests 
Running the test generator script again showed many missing tests.
 2021-08-08 14:03:48 +01:00
Owen Mansel-Chan
377403d525 Remove redundant models and corresponding test 
Iterator.next is already modelled
 2021-08-08 13:57:51 +01:00
Owen Mansel-Chan
5d3f10824e Fix erroneous treatment of varargs in models 2021-08-08 13:57:50 +01:00
Owen Mansel-Chan
9533f12e24 Add explanatory commented for MapIterator model 2021-08-06 07:06:36 +01:00
Owen Mansel-Chan
b922d7c6f3 Duplicate models for old package name 
The package name was org.apache.commons.collection until release 4.0.
 2021-08-06 07:06:34 +01:00
Chris Smowton
0b6c991ac4 Unsafe deserialization: add support for Jodd JSON library 2021-08-05 16:01:14 +01:00
Tony Torralba
0356ed7f9e Merge pull request #5911 from atorralba/atorralba/promote-missing-jwt-signature-check 
Java: Promote Missing JWT signature check query from experimental
 2021-08-05 09:43:03 +02:00
Anders Schack-Mulligen
1932f604dc Merge pull request #6419 from smowton/smowton/admin/unsafe-deserialization-jabsorb 
Add unsafe-deserialization support for Jabsorb
 2021-08-05 09:04:23 +02:00
Fosstars
b913928294 Renamed queries and merged qhelp files 2021-08-04 17:54:16 +02:00
Chris Smowton
5a42448888 Code review suggestions 
- Remove unneeded import
- Remove unnecessary `toLowerCase` call
 2021-08-04 16:08:07 +01:00
Chris Smowton
69549e9ce3 Add unsafe-deserialization support for Jabsorb 
This is partly extracted from https://github.com/github/codeql/pull/5954
 2021-08-04 15:35:50 +01:00
Anders Schack-Mulligen
5f9f857c34 Update java/ql/src/semmle/code/java/security/JWT.qll 2021-08-04 16:23:21 +02:00
Anders Schack-Mulligen
78998d0ca1 Update java/ql/src/semmle/code/java/security/JWT.qll 2021-08-04 16:22:56 +02:00
Anders Schack-Mulligen
6a09a5667d Merge pull request #5931 from atorralba/atorralba/promote-jndi-injection 
Java: Promote JNDI Injection query from experimental
 2021-08-04 15:48:44 +02:00
Owen Mansel-Chan
b82389088b Model interfaces in Apache Commons Collections main package 2021-08-04 14:26:59 +01:00
Owen Mansel-Chan
39ea0a989a Model *Utils classes 2021-08-04 14:26:58 +01:00
Tony Torralba
bc9563c073 Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-08-04 14:40:32 +02:00
Tony Torralba
989afb446e Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-08-04 14:07:10 +02:00