hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
55,088 Commits 1,672 Branches 157 Tags
65dd7eb8e77178d91d9b5a05d0a43311ead5f18b
Commit Graph

9684 Commits

Author SHA1 Message Date
Jami Cogswell
65dd7eb8e7 Java: add neutral models discovered with path-inj and ssrf heuristics 2023-05-26 18:55:13 -04:00
github-actions[bot]
5be4f6e58b Add changed framework coverage reports 2023-05-25 00:16:11 +00:00
Tony Torralba
7d0b02e267 Merge pull request #13248 from atorralba/atorralba/java/nio-files-copy-models-fix 
Java: Tweak java.nio.file.Files.copy models
 2023-05-24 10:55:15 +02:00
Edward Minnix III
52340802bb Merge pull request #13097 from egregius313/egregius313/java/webgoat/ssrf-regex-fix 
Java: Add constraint to `HostnameSanitizingPrefix` to prevent false negatives in SSRF queries
 2023-05-23 10:50:43 -04:00
Tony Torralba
6f012d51c0 Merge pull request #13091 from atorralba/atorralba/java/inputstreamwrapper-transitive 
Java: Make inputStreamWrapper consider supertypes transitively
 2023-05-23 13:28:17 +02:00
Tony Torralba
5c5f910130 Add change note 2023-05-23 10:31:28 +02:00
Tony Torralba
654bb00946 Java: Tweak java.nio.files.Files.copy models 2023-05-23 10:27:19 +02:00
Tony Torralba
0ff90df497 Merge pull request #13245 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2023-05-23 09:38:01 +02:00
Erik Krogh Kristensen
50cb5ea184 Merge pull request #13164 from erik-krogh/polyQhelp 
ReDoS: add another example to the qhelp in poly-redos, showing how to just limit the length of the input
 2023-05-23 09:25:15 +02:00
github-actions[bot]
abcece88f5 Add changed framework coverage reports 2023-05-23 00:16:20 +00:00
Ed Minnix
2d69f81d85 Add change note 2023-05-22 15:57:15 -04:00
Ed Minnix
43966ebaeb Change regex used in HostnameSanitizingPrefix 2023-05-22 15:57:15 -04:00
Ed Minnix
774baead60 Add test case based on missing result 2023-05-22 15:57:15 -04:00
Tony Torralba
183915410d Add change note 2023-05-22 15:01:25 +02:00
erik-krogh
710b309142 apply suggestions from doc review 2023-05-21 22:18:48 +02:00
erik-krogh
10bf17c33e Merge branch 'main' into polyQhelp 2023-05-21 22:17:06 +02:00
Tony Torralba
b58eb3a92c Java: Add TemplateEngine.createTemplate as a groovy injection sink 2023-05-19 17:45:47 +02:00
github-actions[bot]
66f2579437 Add changed framework coverage reports 2023-05-19 00:15:25 +00:00
Tony Torralba
a8afa4785e Merge pull request #13140 from atorralba/atorralba/java/spring-jdbc-namedparam-models 
Java: Add SQLi sinks for Spring JDBC
 2023-05-18 14:49:28 +02:00
Tony Torralba
2c54996499 Apply @jcogs33's suggestions from code review 2023-05-18 08:51:19 +02:00
Tony Torralba
1b06bf132c Merge pull request #12932 from atorralba/atorralba/java/promote-xxe-experimental-sinks 
Java: Promote experimental XXE sinks
 2023-05-17 17:39:31 +02:00
Stephan Brandauer
7c02a9b6ea Merge pull request #13185 from github/fix-automodel-extraction-parameterName 
Java: Automodel Extraction Parameter Name Fix
 2023-05-17 12:16:44 +02:00
Stephan Brandauer
a5ef738bb0 add extra parameters in query-messages 2023-05-17 08:37:18 +00:00
erik-krogh
480e71fd69 avoid contractions 2023-05-17 08:42:45 +02:00
Michael B. Gale
2d80302108 Use empty toolchains.xml for java-version-too-old 2023-05-16 16:54:19 +01:00
Stephan Brandauer
2cd8a879a5 use asParameter().getName() instead of toString() 
Co-authored-by: Taus <tausbn@github.com>
 2023-05-16 17:28:02 +02:00
Stephan Brandauer
9845887452 automodel java fix: export method name as 'name' metadata parameter; export parameter name as 'parameterName' parameter 2023-05-16 15:07:14 +00:00
Michael B. Gale
9660b47879 Hide GHA variables in java-version-too-old test 2023-05-16 14:20:17 +01:00
Tony Torralba
770099f210 Merge branch 'main' into atorralba/java/promote-xxe-experimental-sinks 2023-05-16 09:49:34 +02:00
Tony Torralba
7d79d87d48 Add XPath.evaluate as XXE sink 2023-05-15 17:39:35 +02:00
erik-krogh
83ca1495e0 trim the whitespace in the poly-redos examples 2023-05-15 16:47:24 +02:00
erik-krogh
d989359656 add another example to the qhelp in poly-redos, showing how to just limit the length of the input 2023-05-15 16:47:02 +02:00
Ian Lynagh
202037e925 Merge pull request #13148 from igfoo/igfoo/arrays 
Kotlin: Add some documentation on arrays, and tweak the tests we use for them
 2023-05-12 18:52:16 +01:00
Tony Torralba
549fa7e288 Java: make inputStreamWrapper only act on constructors from outside of source 2023-05-12 17:47:56 +02:00
Ian Lynagh
826e87f435 Kotlin: Simplify some array tests 2023-05-12 12:54:08 +01:00
Ian Lynagh
ad51767374 Kotlin: Add comment describing Kotlin array predicates 2023-05-12 12:38:05 +01:00
Kasper Svendsen
d40cd0f275 Java: Make implicit this receivers explicit 2023-05-12 12:47:21 +02:00
Tony Torralba
a48fa652ce Java: Add SQLi sinks for Spring JDBC 2023-05-12 10:57:49 +02:00
github-actions[bot]
996d864e73 Add changed framework coverage reports 2023-05-12 00:15:01 +00:00
Ian Lynagh
4885e584a0 Merge pull request #13042 from igfoo/igfoo/ODASA_JAVA_LAYOUT 
Kotlin: Remove ODASA_JAVA_LAYOUT support
 2023-05-11 18:35:08 +01:00
Stephan Brandauer
510febf46d Merge pull request #12830 from github/kaeluka/parameter-candidate-extraction 
Java: Automodel Framework Mode Extraction Queries
 2023-05-11 18:00:55 +02:00
Anders Schack-Mulligen
82e780d175 Merge pull request #13128 from aschackmull/java/externalapi-jar 
Java: Fix ExternalApi.jarContainer().
 2023-05-11 16:31:05 +02:00
Stephan Brandauer
c31ad01579 squash ql-for-ql warnings 2023-05-11 16:18:52 +02:00
Stephan Brandauer
61b0514b53 Merge pull request #13122 from github/java/update-mad-decls-after-triage-2023-05-11T08-52-07 
Java: Update MaD Declarations after Triage
 2023-05-11 16:04:36 +02:00
Tony Torralba
ca6ae26aad Change provenance to ai-manual 2023-05-11 14:56:16 +02:00
Tony Torralba
c17b0e809f Apply suggestions from code review 2023-05-11 14:53:56 +02:00
Anders Schack-Mulligen
587ee53917 Java: Fix ExternalApi.jarContainer(). 2023-05-11 14:09:27 +02:00
Ian Lynagh
712561ffa2 Kotlin: Fix recommended variable names in error messages 2023-05-11 13:02:35 +01:00
Stephan Brandauer
9b35a9f74a Update java/ql/lib/ext/org.apache.hadoop.fs.model.yml 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2023-05-11 14:01:25 +02:00
Ian Lynagh
e7d1782eea Merge pull request #13088 from igfoo/igfoo/getTypeParameterParentLabel 
Kotlin: Small simplification
 2023-05-11 11:59:06 +01:00