Chris Smowton
|
591ac38c31
|
Merge pull request #5591 from Marcono1234/marcono1234/member-nested-type
Java: Add MemberType
|
2021-04-14 12:29:54 +01:00 |
|
Anders Schack-Mulligen
|
3b6cd0f681
|
Merge pull request #5661 from smowton/smowton/cleanup/call-is-exprparent
Make Call a subclass of ExprParent.
|
2021-04-14 10:49:33 +02:00 |
|
Chris Smowton
|
2965a1f204
|
Use Thread$State as an inner-class example
Map<>$Entry currently has odd generic notation that may be about to change.
|
2021-04-14 08:43:05 +01:00 |
|
Marcono1234
|
d853f0c400
|
Java: Add MemberType
|
2021-04-13 18:55:20 +02:00 |
|
Chris Smowton
|
58d198261e
|
Merge pull request #5663 from smowton/luchua/java/sensitive-cookie-not-httponly
Java: CWE-1004 Query to check sensitive cookies without the HttpOnly flag set w/minor corrections
|
2021-04-13 12:08:53 +01:00 |
|
Chris Smowton
|
dee974ff2d
|
Make Call a subclass of ExprParent. All of its subclasses are in any case (via Expr or Stmt)
|
2021-04-13 09:13:47 +01:00 |
|
luchua-bc
|
d7f26dfc18
|
Update stub classes and qldoc
|
2021-04-12 16:19:23 +00:00 |
|
Chris Smowton
|
423ff32d04
|
Merge pull request #5384 from luchua-bc/java/insecure-spring-actuator-config
Java: CWE-016 Query to detect insecure configuration of Spring Boot Actuator
|
2021-04-12 17:04:47 +01:00 |
|
Chris Smowton
|
bb23866cec
|
Add missing doc comments
|
2021-04-12 16:33:01 +01:00 |
|
Chris Smowton
|
2656a52880
|
Merge pull request #5538 from luchua-bc/java/credentials-in-properties
Java: CWE-555 Query to detect plaintext credentials in Java properties files
|
2021-04-12 15:22:21 +01:00 |
|
Chris Smowton
|
abeefcaced
|
Merge pull request #4947 from porcupineyhairs/DexLoading
Java : add query to detect insecure loading of Dex File
|
2021-04-12 15:22:12 +01:00 |
|
Chris Smowton
|
11bf982728
|
Remove superfluous linebreaks in qhelp file
|
2021-04-12 14:36:42 +01:00 |
|
Tom Hvitved
|
7d2a60e910
|
Merge pull request #5640 from hvitved/dataflow/path-step-perf
Data flow: Prevent bad join-order in `pathStep`
|
2021-04-12 14:40:46 +02:00 |
|
Anders Schack-Mulligen
|
acd4cf2878
|
Merge pull request #5636 from aschackmull/java/shared-flow-summaries
Java: Adopt shared flow summaries
|
2021-04-12 13:35:31 +02:00 |
|
Anders Schack-Mulligen
|
e003b04061
|
Merge pull request #5637 from Marcono1234/marcono1234/toString-method
Java: Add ToStringMethod
|
2021-04-12 11:43:55 +02:00 |
|
Marcono1234
|
9349e6922d
|
Java: Add ToStringMethod
|
2021-04-10 04:00:44 +02:00 |
|
porcupineyhairs
|
8687c5c145
|
Apply suggestions from code review
Co-authored-by: Chris Smowton <smowton@github.com>
|
2021-04-10 04:18:35 +05:30 |
|
luchua-bc
|
4e3791dc0d
|
Remove LoadCredentialsConfiguration and update qldoc
|
2021-04-09 19:36:35 +00:00 |
|
luchua-bc
|
04b0682bbf
|
Use isAdditionalTaintStep and make the query more readable
|
2021-04-09 16:14:51 +00:00 |
|
Tom Hvitved
|
fd8f745468
|
Java: Adopt shared flow summary library and refactor data-flow nodes.
|
2021-04-09 16:57:03 +02:00 |
|
Tom Hvitved
|
f130616369
|
Data flow: Make getLocalCc private again
|
2021-04-09 16:22:58 +02:00 |
|
Anders Schack-Mulligen
|
701e815368
|
Merge pull request #5628 from hvitved/java/remove-unique
Java: Remove `unique` wrapper from `DataFlow::Node::getEnclosingCallable()`
|
2021-04-09 15:21:26 +02:00 |
|
Tom Hvitved
|
6874b8d4b3
|
Data flow: Prevent bad join-order in pathStep
|
2021-04-09 14:24:47 +02:00 |
|
luchua-bc
|
11304b2ae1
|
Update qldoc and change the wrapper method implementation
|
2021-04-09 02:21:59 +00:00 |
|
Anders Schack-Mulligen
|
6109ef5e88
|
Merge pull request #5475 from Marcono1234/marcono1234/minus-literal
Java: Improve documentation regarding minus in front of numeric literals
|
2021-04-08 16:11:14 +02:00 |
|
Anders Schack-Mulligen
|
d42a01cb3a
|
qldoc fixup
|
2021-04-08 15:45:21 +02:00 |
|
Tom Hvitved
|
2faf52b6bd
|
Java: Remove unique wrapper from DataFlow::Node::getEnclosingCallable()`
|
2021-04-08 10:07:19 +02:00 |
|
luchua-bc
|
1349bf7b0b
|
Create a .qll file to reuse the code and add check of Spring properties
|
2021-03-30 11:25:29 +00:00 |
|
luchua-bc
|
5ce3f9d6ff
|
Update qldoc and enhance the query
|
2021-03-28 16:10:35 +00:00 |
|
luchua-bc
|
a53cbc1631
|
Update qldoc and make the query more readable
|
2021-03-27 00:11:01 +00:00 |
|
luchua-bc
|
a72b1340eb
|
Add a comment on how to run the query
|
2021-03-26 16:51:43 +00:00 |
|
Anders Schack-Mulligen
|
506c95d098
|
Merge pull request #5372 from smowton/smowton/feature/commons-lang-models-to-csv
Java: Convert existing Commons Lang models to CSV
|
2021-03-26 10:18:23 +01:00 |
|
luchua-bc
|
d33b04cd96
|
Query to detect plaintext credentials in Java properties files
|
2021-03-26 02:33:40 +00:00 |
|
Porcuiney Hairs
|
2ca95166d9
|
Java : add query to detect insecure loading of Dex File
|
2021-03-26 01:59:11 +05:30 |
|
Chris Smowton
|
eaa2d4d831
|
Stop using wildcard Argument
All instances are replaced with a specific Argument or range.
|
2021-03-25 15:42:35 +00:00 |
|
Chris Smowton
|
2f34588770
|
Constructor models: use Argument[-1] for the result, not ReturnValue
|
2021-03-25 15:23:08 +00:00 |
|
Anders Schack-Mulligen
|
28fb0edfbe
|
Merge pull request #4920 from luchua-bc/java/hash-without-salt
Java: Query to detect hash without salt
|
2021-03-25 16:13:26 +01:00 |
|
Chris Smowton
|
a5220bf616
|
Convert StrBuilder models to CSV
|
2021-03-25 15:11:52 +00:00 |
|
Chris Smowton
|
25a0e09130
|
Convert StringUtils models to CSV
|
2021-03-25 15:11:52 +00:00 |
|
Chris Smowton
|
1beac06236
|
Translate ArrayUtils models to CSV
|
2021-03-25 15:11:51 +00:00 |
|
Chris Smowton
|
7fb5bd0cab
|
Add tests for and slightly expand models of Commons Lang's ArrayUtils class
|
2021-03-25 15:11:51 +00:00 |
|
Anders Schack-Mulligen
|
344c2d3c3d
|
Update java/ql/src/experimental/Security/CWE/CWE-759/HashWithoutSalt.ql
|
2021-03-25 15:42:57 +01:00 |
|
Anders Schack-Mulligen
|
75afa011ff
|
Java: Add metadata to several more experimental queries.
|
2021-03-25 13:09:26 +01:00 |
|
luchua-bc
|
57bd3f3c14
|
Optimize the taint flow source
|
2021-03-25 10:44:26 +00:00 |
|
Anders Schack-Mulligen
|
d53c334488
|
Merge branch 'java/fix-experimental-query-metadata' into java/cleanup
|
2021-03-25 10:36:36 +01:00 |
|
Anders Schack-Mulligen
|
28ff3f412d
|
Java: Add severity and precision metadata to experimental queries.
|
2021-03-25 10:29:47 +01:00 |
|
Anders Schack-Mulligen
|
c82b5eb040
|
Java: Remove code duplication library.
|
2021-03-25 10:06:10 +01:00 |
|
Anders Schack-Mulligen
|
4b7440d4d5
|
Java: Remove precision tag from metric queries.
|
2021-03-25 09:52:05 +01:00 |
|
Anders Schack-Mulligen
|
70824b3f0b
|
Java: Delete filter queries.
|
2021-03-25 09:47:31 +01:00 |
|
luchua-bc
|
fe0e7f5eac
|
Change method check to taint flow
|
2021-03-25 01:45:13 +00:00 |
|