4957 Commits

Author	SHA1	Message	Date
Joe Farebrother	457cf41825	Support more escaped characters	2022-05-04 15:41:35 +01:00
Joe Farebrother	4b845d5dac	Move test cases to their own directory to avoid conflict	2022-05-04 15:41:35 +01:00
Joe Farebrother	9f4da65030	Improve calculation of locations of regex terms	2022-05-04 15:41:35 +01:00
Joe Farebrother	dd200e29d4	Improve char set depth calculation	2022-05-04 15:41:35 +01:00
Joe Farebrother	e797d2195c	Topologically sort RegexString	2022-05-04 15:41:34 +01:00
Joe Farebrother	bc109521aa	Simplify octal handling	2022-05-04 15:41:34 +01:00
Joe Farebrother	9e88c67c19	Add more test cases; make some fixes	2022-05-04 15:41:34 +01:00
Joe Farebrother	aa1337db86	Apply style suggestions from code review	2022-05-04 15:41:34 +01:00
Joe Farebrother	e954db293a	Convert snake case predicates to camel case	2022-05-04 15:41:34 +01:00
Joe Farebrother	5b61de67de	Implement style/doc suggestions from code review	2022-05-04 15:41:33 +01:00
Joe Farebrother	28649da187	Add parser tests; fix some parser issues. ... [temporarily renamed existing regex/Test.java during rebasing to avoid conflict]	2022-05-04 15:41:33 +01:00
Joe Farebrother	8e1918216e	Add PrintAst support for regex terms	2022-05-04 15:41:33 +01:00
Joe Farebrother	ca422a2186	Use explicit this	2022-05-04 15:41:33 +01:00
Joe Farebrother	f9f7a01f57	Add Java ReDoS libraries to identical-files.json	2022-05-04 15:41:33 +01:00
Joe Farebrother	11e465f2ac	Implement remaining syntax differences	2022-05-04 15:41:33 +01:00
Joe Farebrother	7530902ad7	Add approximate support for nested character classes. ... This shouldn't fail to parse on any correctly formed character class; but may give incorrect contents when nested classes are involved.	2022-05-04 15:41:33 +01:00
Joe Farebrother	d04c99b0be	Support quote sequences	2022-05-04 15:41:32 +01:00
Joe Farebrother	59945cd8b3	Add dataflow logic to PolynomialRedDoS	2022-05-04 15:41:30 +01:00
Joe Farebrother	37240f01d2	Copy Redos queries from python ... Todo: Implement dataflow for polynomialredos; update docs to reference java rather than python	2022-05-04 15:40:58 +01:00
Joe Farebrother	a8f7a4459e	Port redos libraries from Python	2022-05-04 15:40:56 +01:00
Tom Hvitved	8e33653d25	Merge pull request #9017 from hvitved/dataflow/subpaths-perf ... Data flow: Speedup `subpaths` predicate	2022-05-04 16:37:52 +02:00
Tom Hvitved	9cb63c0a5e	Data flow: Sync files	2022-05-04 14:49:26 +02:00
Tony Torralba	b876431950	Merge pull request #8706 from luchua-bc/java/unsafe-get-resource ... Java: CWE-552 Add sources and sinks to to detect unsafe getResource calls in Java EE applications	2022-05-04 10:12:28 +02:00
Joe Farebrother	f65f833b11	Merge pull request #9020 from joefarebrother/predictable-seed ... Java: Add CWE-377 tag to java/predictable-seed	2022-05-03 15:13:58 +01:00
Tony Torralba	02822c6284	Merge pull request #9013 from atorralba/atorralba/private-externalflow-imports ... Java: Make more ExternalFlow imports private	2022-05-03 16:02:09 +02:00
Tony Torralba	9c92454fa7	Merge pull request #8872 from atorralba/atorralba/android-widget-flowstep ... Java: Add Editable.toString flow step	2022-05-03 15:27:52 +02:00
Joe Farebrother	61f13817cf	Add change note	2022-05-03 14:27:47 +01:00
Joe Farebrother	f7d0884db1	Java: Add cwe-377 tag to predictable-seed	2022-05-03 12:28:14 +01:00
Tom Hvitved	e9c8f979f9	Data flow: Sync files	2022-05-03 11:46:51 +02:00
Anders Schack-Mulligen	249f771fad	Merge pull request #8952 from cklin/fix-ql-comments-syntax ... Fix syntax errors in QL comments	2022-05-03 11:15:56 +02:00
Tony Torralba	c66e583aea	Make more ExternalFlow imports private	2022-05-03 10:31:29 +02:00
github-actions[bot]	433beaf637	Add changed framework coverage reports	2022-05-03 00:15:34 +00:00
Anders Schack-Mulligen	86516b157b	Merge pull request #8884 from JLLeitschuh/feat/JLL/additional-file-taint-flow ... Java: Add additional `File` taint value flow models	2022-05-02 16:30:45 +02:00
Anders Schack-Mulligen	b2e9555075	Merge pull request #8345 from jorgectf/mybatis-new-sinks ... Java: Add `MyBatis`' `Providers` sinks	2022-05-02 09:44:28 +02:00
luchua-bc	920a7cd2e6	Put back the taint step removed during merge	2022-04-29 20:29:04 +00:00
Jonathan Leitschuh	c8e0d7f847	Summary model for File should include overriden methods	2022-04-29 14:51:26 -04:00
Jorge	37b051a851	Apply suggestions from code review ... Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2022-04-29 14:44:17 +02:00
luchua-bc	0aa1251ffe	Add more test cases	2022-04-29 02:31:43 +00:00
github-actions[bot]	1032dcd7e6	Add changed framework coverage reports	2022-04-29 00:15:05 +00:00
jorgectf	548721a8cf	Fix MyBatisInjectionSink	2022-04-28 23:36:51 +02:00
Jorge	193ea1a86e	Merge branch 'main' into mybatis-new-sinks	2022-04-28 22:26:38 +02:00
Jorge	50e95b5aad	Apply suggestions from code review ... Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2022-04-28 21:56:20 +02:00
Jorge	834f2e845d	Delete MyBatisAbstractSql and inline MyBatisAbstractSqlMethodsStep	2022-04-28 21:55:15 +02:00
Chuan-kai Lin	d6f0bbb816	Fix syntax errors in QL comments	2022-04-28 11:53:36 -07:00
Anders Schack-Mulligen	9d2f386032	Merge pull request #8878 from aschackmull/java/validationmethod-joinorder ... Java: Fix join-order.	2022-04-28 14:35:20 +02:00
Tony Torralba	604a5fc71f	Merge pull request #8639 from atorralba/atorralba/spring-beans-improvements ... Java: Improve Spring models	2022-04-28 11:59:51 +02:00
github-actions[bot]	018558b823	Add changed framework coverage reports	2022-04-28 00:18:25 +00:00
luchua-bc	590b9d8519	Standardize the query and update qldoc	2022-04-27 22:17:17 +00:00
Chris Smowton	bb049bffbd	Merge pull request #8765 from artem-smotrakov/cover-jms ... Java: Add flow sources and steps for RabbitMQ and JMS	2022-04-27 21:27:05 +01:00
Tony Torralba	e99cee4913	Merge branch 'main' into java/unsafe-get-resource	2022-04-27 16:45:42 +02:00