codeql

mirror of https://github.com/github/codeql.git synced 2026-01-14 06:54:48 +01:00

Author	SHA1	Message	Date
Owen Mansel-Chan	39ea0a989a	Model *Utils classes	2021-08-04 14:26:58 +01:00
Chris Smowton	eaf3d3cc03	Merge pull request #6162 from smowton/smowton/feature/jax-rs-content-type-sensitivity-fixes Jax-RS: implement content-type tracking	2021-08-03 14:53:31 +01:00
Anders Schack-Mulligen	7fb1e1578e	Merge pull request #5894 from atorralba/atorralba/promote-ognl-injection Java: Promote OGNL Injection query from experimental	2021-08-03 15:31:40 +02:00
Anders Schack-Mulligen	be6fd7c22e	Merge pull request #6382 from bmuskalla/stringValueOfTaint Track taint for String.valueOf(..)	2021-08-03 15:30:30 +02:00
Chris Smowton	3bf41491b3	Apply suggestions from code review	2021-08-03 14:15:39 +01:00
Benjamin Muskalla	8ce841493c	Avoid taint for valueOf(Object)	2021-08-03 14:46:55 +02:00
Anders Schack-Mulligen	c0d76da1a6	Merge pull request #5846 from atorralba/atorralba/promote-unsafe-android-webview-fetch Java: Promote Unsafe resource loading in Android WebView from experimental	2021-08-03 14:24:34 +02:00
Anders Schack-Mulligen	fb9feabe64	Merge pull request #6062 from atorralba/atorralba/promote-groovy-injection Java: Promote Groovy Code Injection from experimental	2021-08-03 14:19:15 +02:00
Tony Torralba	c44de87503	Fix reference to PostUpdateNode	2021-08-03 12:45:12 +02:00
Chris Smowton	36379146c5	Resync dataflow clone	2021-08-03 11:03:30 +01:00
Chris Smowton	afa827829a	Make imports private where possible Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2021-08-03 10:36:46 +01:00
Chris Smowton	a52c4746bc	Improve docs	2021-08-03 10:36:46 +01:00
Chris Smowton	75310a6609	Create a dataflow instance specifically for the Serializability library Otherwise because this dataflow instance populates AdditionalTaintStep there is an ever-present danger that a user will stumble into creating a recursive configuration, or at least that by using DataFlow5::Configuration for any other purpose they will needlessly recalculate the Serializability dataflow results.	2021-08-03 10:36:46 +01:00
Chris Smowton	f83f950be6	Merge pull request #6325 from smowton/smowton/feature/org-json-models Java: add models of JSON-java, aka `org.json`	2021-08-03 10:33:49 +01:00
Tony Torralba	084cda6daa	Merge branch 'main' into atorralba/promote-groovy-injection	2021-08-03 09:53:46 +02:00
Tony Torralba	8852f69d36	Apply suggestions from code review Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2021-08-03 09:46:32 +02:00
Chris Smowton	fad1622730	Merge pull request #5435 from haby0/DynamicallyLoadedClasses Java: CWE-470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')	2021-08-02 16:04:30 +01:00
Tony Torralba	08bdd1aa7a	Merge branch 'main' into atorralba/promote-ognl-injection	2021-08-02 16:05:38 +02:00
Chris Smowton	09a873138d	Add missing qldoc	2021-08-02 14:48:42 +01:00
Anders Schack-Mulligen	53e6ddfeb6	Merge pull request #6001 from atorralba/atorralba/promote-mvel-injection Java: Promote MVEL injection query from experimental	2021-08-02 14:40:26 +02:00
Tony Torralba	9b384d84cc	Merge branch 'main' into atorralba/promote-ognl-injection	2021-08-02 14:06:45 +02:00
Tony Torralba	632ae747c7	Fix JacksonModel duplicate row	2021-08-02 12:53:30 +02:00
Anders Schack-Mulligen	3b676d432f	Merge pull request #5900 from artem-smotrakov/unsafe-jackson-deserialization Java: Unsafe deserialization with Jackson	2021-08-02 12:45:30 +02:00
Anders Schack-Mulligen	6c973b59ac	Update java/ql/src/semmle/code/java/frameworks/Jackson.qll	2021-08-02 10:16:42 +02:00
Artem Smotrakov	7959e76da8	Better qldoc in UnsafeDeserializationQuery.qll Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2021-07-30 09:30:59 +02:00
Fosstars	a4b0041120	Better looksLikeResolveClassStep() predicate	2021-07-30 09:28:03 +02:00
Fosstars	1d3eb570bf	hasJsonTypeInfoAnnotation() should check fields recursively Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2021-07-30 08:30:40 +02:00
Tony Torralba	3fcc9fae79	Refactor sinks to reuse code	2021-07-29 16:48:47 +02:00
Tony Torralba	bdf0f582a4	QLDoc improvements from code review Co-authored-by: Felicity Chapman <felicitymay@github.com> Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2021-07-29 16:34:21 +02:00
Tony Torralba	2628d3dc39	Improve csv sink models	2021-07-29 15:36:18 +02:00
Tony Torralba	d9fb650dfb	JacksonCreateParserMethod converted to CSV summay model	2021-07-29 15:19:30 +02:00
Tony Torralba	b20d53cfd4	Update java/ql/src/semmle/code/java/security/OgnlInjection.qll Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2021-07-29 15:08:27 +02:00
Artem Smotrakov	83a9b0ee28	Apply suggestions from code review Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2021-07-29 11:04:21 +02:00
Benjamin Muskalla	b7b74b51a3	Track taint for String.valueOf(..)	2021-07-29 09:14:03 +02:00
Fosstars	50497eb747	Make imports as private as possible	2021-07-28 18:25:05 +02:00
haby0	eda3d864f5	Model written using smowton	2021-07-28 15:55:47 +08:00
Chris Smowton	23de0859ea	Add missing models and other minor improvements per Marcono1234's review	2021-07-27 16:03:39 +01:00
Anders Schack-Mulligen	5d3e8d2add	Merge pull request #6365 from Marcono1234/marcono1234/InstanceOfExpr-getCheckedType Java: Add `InstanceOfExpr.getCheckedType()`	2021-07-26 11:20:48 +02:00
Marcono1234	606173012a	Java: Add `InstanceOfExpr.getCheckedType()` Additionally change `EqualsUsesInstanceOf.ql` to check for all RefTypes instead of only Class.	2021-07-26 00:50:11 +02:00
Marcono1234	3569ed56e5	Java: Add `TypeLiteral.getReferencedType()`	2021-07-26 00:02:08 +02:00
Chris Smowton	5c917b4a23	Merge pull request #6353 from sauyon/sauyon/java/model-constructors Java: Add models for collection constructors	2021-07-22 16:27:59 +01:00
haby0	2a50cf8244	Fix	2021-07-22 22:24:09 +08:00
Sauyon Lee	fd02dcdf2e	Java: Add models for collection constructors	2021-07-22 07:23:26 -07:00
Anders Schack-Mulligen	dcfc027b5f	Java: Fix bad magic.	2021-07-22 10:12:49 +02:00
Tony Torralba	26999c7ac4	Decouple UnsafeAndroidAccess.qll to reuse the taint tracking configuration	2021-07-20 17:46:35 +02:00
Tony Torralba	99e66cffa2	Merge branch 'main' into atorralba/promote-unsafe-android-webview-fetch	2021-07-20 17:30:56 +02:00
Tony Torralba	3259ead946	Decouple OgnlInjection.qll to reuse the taint tracking configuration	2021-07-20 17:21:10 +02:00
Tony Torralba	b6904a7992	Merge branch 'main' into atorralba/promote-ognl-injection	2021-07-20 17:17:17 +02:00
Anders Schack-Mulligen	77d53676ba	Java: Remove deprecated ParExpr.	2021-07-20 15:27:31 +02:00
Tony Torralba	68df8028d2	Apply suggestions from code review Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2021-07-20 14:47:16 +02:00

1 2 3 4 5 ...

1513 Commits