2190 Commits

Author	SHA1	Message	Date
Joe Farebrother	49374b877a	Fix parsing of alternations in character classes	2022-05-04 15:41:37 +01:00
Joe Farebrother	3ce0c2c23b	Add more regex use functions in String	2022-05-04 15:41:36 +01:00
Joe Farebrother	57ba8a4d1b	Improve handling of hex escapes; and support some named character classes	2022-05-04 15:41:36 +01:00
Joe Farebrother	5143585080	Fix to PolynomialRedos not finding results and to test cases not finding that	2022-05-04 15:41:36 +01:00
Joe Farebrother	e23162d91b	Add test cases for PolynomialRedos dataflow logic; make fixes	2022-05-04 15:41:35 +01:00
Joe Farebrother	5a4316d945	Add test cases for exponential redos query	2022-05-04 15:41:35 +01:00
Joe Farebrother	4b845d5dac	Move test cases to their own directory to avoid conflict	2022-05-04 15:41:35 +01:00
Joe Farebrother	9f4da65030	Improve calculation of locations of regex terms	2022-05-04 15:41:35 +01:00
Joe Farebrother	bc109521aa	Simplify octal handling	2022-05-04 15:41:34 +01:00
Joe Farebrother	9e88c67c19	Add more test cases; make some fixes	2022-05-04 15:41:34 +01:00
Joe Farebrother	28649da187	Add parser tests; fix some parser issues. ... [temporarily renamed existing regex/Test.java during rebasing to avoid conflict]	2022-05-04 15:41:33 +01:00
Tony Torralba	2d3b15f936	Add more taint models	2022-05-04 12:32:59 +02:00
Tony Torralba	49259a6575	Remove everything related to WebView CSV models ... This reverts commit c6c72eb.	2022-05-04 10:53:31 +02:00
Tony Torralba	7ba5a032ce	Add tests and stubs for the new sources and flow steps	2022-05-04 10:53:30 +02:00
Tony Torralba	b876431950	Merge pull request #8706 from luchua-bc/java/unsafe-get-resource ... Java: CWE-552 Add sources and sinks to to detect unsafe getResource calls in Java EE applications	2022-05-04 10:12:28 +02:00
Tony Torralba	7b3a803d19	Add flow step from startActivity to getIntent	2022-05-03 15:46:17 +02:00
Tony Torralba	9c92454fa7	Merge pull request #8872 from atorralba/atorralba/android-widget-flowstep ... Java: Add Editable.toString flow step	2022-05-03 15:27:52 +02:00
Tony Torralba	de8b5f927b	Adjust test expectations	2022-05-02 16:55:11 +02:00
Anders Schack-Mulligen	86516b157b	Merge pull request #8884 from JLLeitschuh/feat/JLL/additional-file-taint-flow ... Java: Add additional `File` taint value flow models	2022-05-02 16:30:45 +02:00
Tony Torralba	8602a6f6c9	Add models for OkHttp and Retrofit	2022-05-02 15:42:15 +02:00
luchua-bc	920a7cd2e6	Put back the taint step removed during merge	2022-04-29 20:29:04 +00:00
Tony Torralba	12320aa5d2	Fix Intent Redirection sanitizer	2022-04-29 12:19:49 +02:00
luchua-bc	0aa1251ffe	Add more test cases	2022-04-29 02:31:43 +00:00
Jorge	193ea1a86e	Merge branch 'main' into mybatis-new-sinks	2022-04-28 22:26:38 +02:00
Tony Torralba	604a5fc71f	Merge pull request #8639 from atorralba/atorralba/spring-beans-improvements ... Java: Improve Spring models	2022-04-28 11:59:51 +02:00
Tony Torralba	e99cee4913	Merge branch 'main' into java/unsafe-get-resource	2022-04-27 16:45:42 +02:00
Jonathan Leitschuh	2565cdb964	Add additional File taint value flow models ... Adds - File::getAbsoluteFile - File::getCanonicalFile - File::getAbsolutePath - File::getCanonicalPath	2022-04-26 10:42:53 -04:00
Artem Smotrakov	12ca1f0b11	Fixed library-tests/frameworks/guava/handwritten/flow.ql	2022-04-26 13:34:24 +01:00
Artem Smotrakov	52b7fbf484	Removed non-ASCII characters	2022-04-26 13:34:24 +01:00
Artem Smotrakov	e86fd72529	Moved RabbitMQ tests to java/ql/test/library-tests/frameworks/rabbitmq	2022-04-26 13:34:23 +01:00
Artem Smotrakov	20f185e772	Use tainted tag in JMS tests	2022-04-26 13:34:23 +01:00
Artem Smotrakov	b6bd4f92d1	Added sources and steps for JMS API	2022-04-26 13:34:21 +01:00
Artem Smotrakov	269143a19f	Java: Added sources and flow steps for RabbitMQ	2022-04-26 13:34:04 +01:00
Tony Torralba	2ee83e2ba2	Add Editable.toString flow step	2022-04-26 13:34:16 +02:00
Tony Torralba	85d5b122f7	Merge pull request #8817 from atorralba/atorralba/cleartext-storage-sharedprefs-improvs ... Java: Add value-preserving flow steps for Android's SharedPreferences	2022-04-25 16:16:46 +02:00
Anders Schack-Mulligen	cbdd4927ce	Merge pull request #8582 from Marcono1234/marcono1234/JumpStmt-superclass ... Java: Make `JumpStmt` a proper superclass	2022-04-25 12:22:20 +02:00
Tony Torralba	f1c08bc492	Add value-preserving steps for SharedPreferences	2022-04-22 17:44:59 +02:00
Tom Hvitved	b033f107df	Merge remote-tracking branch 'upstream/main' into dataflow/interpret-read-store	2022-04-22 14:35:02 +02:00
luchua-bc	b76873fc8d	Add more test cases	2022-04-19 22:22:15 +00:00
luchua-bc	7029802f3b	Add sinks for getClass() and getClassLoader()	2022-04-11 21:03:48 +00:00
Marcono1234	7bed14bbf0	Merge remote-tracking branch 'remotes/origin/main' into marcono1234/statement-expression	2022-04-10 18:23:45 +02:00
luchua-bc	eccd97c7b7	Query to detect unsafe getResource calls in Java EE applications	2022-04-09 01:14:15 +00:00
Tony Torralba	9833fa2451	Add tests for SpringController	2022-04-07 18:17:50 +02:00
Anders Schack-Mulligen	c0f48b6c14	Merge pull request #8681 from JLLeitschuh/fix/JLL/os_check_bugs ... Java: Fix Local Temp File/Dir Incorrect Guard Logic	2022-04-07 14:00:13 +02:00
Michael Nebel	72d4c97463	Merge pull request #8628 from michaelnebel/csharp/generatedkind ... C#: Introduce generated flag as a part of the kind column for flow summaries	2022-04-07 08:43:30 +02:00
Jonathan Leitschuh	2753521650	Java: Fix Local Temp File/Dir Incorrect Guard Logic ... Resolves https://github.com/github/codeql/pull/8032#discussion_r841723906	2022-04-06 12:16:09 -04:00
Anders Schack-Mulligen	d0b5b99e74	Merge pull request #8611 from github/smowton/doc/switch-expr-accessors ... Java: make SwitchCase.getRuleExpression/Statement more consistent	2022-04-06 11:16:40 +02:00
Michael Nebel	d7bf024318	Java: Add testcase for generated summary model.	2022-04-05 14:25:34 +02:00
Michael Nebel	3a04e9a03d	Java: Update java capture models with new kind column (including tests).	2022-04-05 12:55:47 +02:00
Tom Hvitved	b91858e7cf	Java: Implement ContentSet	2022-04-04 13:51:44 +02:00