hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
77,098 Commits 1,672 Branches 157 Tags
66737402c20fc83b3d3a654dcccf4b26c901b100
Commit Graph

503 Commits

Author SHA1 Message Date
Tony Torralba
c1ac09a063 Added query for Cleartext Storage in Android Filesystem 2022-01-17 11:11:00 +01:00
Tony Torralba
a59a4024a5 Update stubs 2022-01-14 10:32:36 +01:00
Anders Schack-Mulligen
69973dadb3 Merge pull request #7548 from zbazztian/spring-taint-summaries 
Java: Add Spring and Apache Common Langs taint flow steps
 2022-01-13 13:00:41 +01:00
Sebastian Bauersfeld
69f329ffec Java: Add test cases for AbstractMessageSource.getMessage() methods 2022-01-13 14:13:27 +07:00
Sebastian Bauersfeld
39b6678b7d Java: Add test case for StringEscapeUtils.escapeJson() taint step. 2022-01-13 11:18:37 +07:00
Tony Torralba
0e738622df Merge branch 'main' into atorralba/promote-log-injection 2022-01-10 17:24:25 +01:00
Tony Torralba
6f2d91a8ad Sinks for CloseableThreadContext 2021-12-17 09:17:04 +01:00
Tony Torralba
2e0ca6ce2b Add stubs 2021-12-16 13:44:01 +01:00
Tony Torralba
65b6c16254 Fix stub after merge 2021-12-15 16:53:47 +01:00
Tony Torralba
efb471687c Add stubs 2021-12-15 16:53:42 +01:00
Chris Smowton
753d886b0d Merge pull request #6319 from haby0/java/MyBatisSqlInjection 
[Java] CWE-089 MyBatis Mapper Sql Injection
 2021-12-09 19:57:18 +00:00
Tony Torralba
3a3c7fc59e Fix stub 2021-12-09 13:34:41 +01:00
Tony Torralba
f63ffb0630 Add models for Notification builders 2021-12-09 13:33:17 +01:00
Tony Torralba
8ffa195538 Merge branch 'main' into atorralba/android_slice_models 2021-12-03 16:59:33 +01:00
luchua-bc
8bcffc2886 Query to detect unsafe request dispatcher usage 2021-12-02 04:00:29 +00:00
haby0
db04a0dadf New model: SQL injection in MyBatis annotations 2021-11-28 14:43:57 +08:00
Jonathan Leitschuh
1ddf5fb133 Java: Ratpack HTTP Framework Additional Modeling 
Adds models for `ratpack.func.Pair`, and `ratpack.exec.Result`.
Improve moels for `ratpack.exec.Promise`.

Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
 2021-11-25 12:55:32 -05:00
haby0
69690a2509 Modify sinks 2021-11-25 15:47:30 +08:00
haby0
4438f8c58c Add MyBatis Mapper Sql Injection 2021-11-25 15:47:29 +08:00
Chris Smowton
3c8f6e3c07 Merge pull request #6717 from luchua-bc/java/thread-resource-abuse 
Java: CWE-400 - Query to detect uncontrolled thread resource consumption
 2021-11-24 18:59:41 +00:00
luchua-bc
e56737e007 Use value step to optimize the taint step and add a test case for Apache file upload listener 2021-11-23 17:15:28 +00:00
Tony Torralba
f4704f1325 Merge pull request #6397 from atorralba/atorralba/android-intent-redirect-query 
Java: Create new Android Intent Redirection query
 2021-11-04 10:42:59 +01:00
Tony Torralba
f1df542345 Add stubs & tests 
Fix mistakes detected by the tests
 2021-11-03 17:26:13 +01:00
Tony Torralba
7d88f80fb9 Add tests for summaries 2021-11-03 10:35:38 +01:00
Jonathan Leitschuh
21aeee6378 Actually remove the last non-ascii quote from Promise 
Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
 2021-10-26 08:28:44 -04:00
Jonathan Leitschuh
ebe2c26f4d Remove the last non-ascii quote from Promise 
Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
 2021-10-25 11:30:12 -04:00
Jonathan Leitschuh
5eb28398f0 Remove non-ASCII characters from Promise.java 
Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
 2021-10-22 10:52:46 -04:00
Jonathan Leitschuh
cce3aad62e Remove non-ASCII characters from Handler.java 
Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
 2021-10-20 11:34:59 -04:00
Jonathan Leitschuh
23e60e2c52 Add full integration test for Ratpack example 
Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
 2021-10-18 12:21:11 -04:00
Jonathan Leitschuh
6562ac3680 Ratpack conversion to new lambda model 
Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
 2021-10-18 12:21:10 -04:00
Jonathan Leitschuh
901631ceb8 Ratpack Promise add support for apply method 2021-10-18 12:21:10 -04:00
Jonathan Leitschuh
b9dc3d0cfe Ratpack: Better support for Promise API 2021-10-18 12:21:09 -04:00
Jonathan Leitschuh
cdfdcc66bd Ratpack fix formatting and non-ascii characters 2021-10-18 12:21:09 -04:00
Jonathan Leitschuh
a3b1736a73 Ratpack improve support for parsing types 2021-10-18 12:21:09 -04:00
Jonathan Leitschuh
b2e3df29b3 Add support for Promise.value and Promise::flatMap 2021-10-18 12:21:08 -04:00
Jonathan Leitschuh
170657b9a4 Add additional Ratpack test and improve Promise based dataflow tracking 2021-10-18 12:21:08 -04:00
Jonathan Leitschuh
dabf00e8b4 Add Tests to Ratpack Framework Support 2021-10-18 12:21:08 -04:00
Tony Torralba
a5749a5eb1 Add ComponentName tests to existing Intent tests 2021-10-18 15:23:52 +02:00
Tony Torralba
d1d2d61d7e Add more sinks 
Also, fix things after rebase
 2021-10-18 12:00:07 +02:00
Tony Torralba
031fa2199c Fix stubs and tests 2021-10-18 11:06:06 +02:00
Tony Torralba
ef30ca211a Fix stubs 2021-10-18 11:03:13 +02:00
Tony Torralba
8c400d9b1b Added tests and stubs 2021-10-18 11:02:10 +02:00
Tony Torralba
9d50511ea4 Fix stubs 2021-10-18 09:27:53 +02:00
Tony Torralba
5deb996b33 Merge branch 'main' into atorralba/android_slice_models 2021-10-18 08:41:48 +02:00
Chris Smowton
8816aa1431 Improve Android stub fidelity to the point that all relevant tests work 
Note these still aren't entirely mechanically generated stubs matching the real Android 9.
 2021-10-12 12:35:05 +01:00
Chris Smowton
205b6fe6d7 Fix bad merge on Uri.java 2021-10-12 12:35:05 +01:00
Chris Smowton
1dffbcd0bd Fix tests disrupted by re-modelling and stubbing Android 9: 
* Account for changed dataflow graph shape using external flow
* Account for BaseBundle only existing as of Android 5
* Properly implement Parcelable, which we previously got away with due to a partial stub
* Restore an Android 11 function that had been added to the Android 9 Context class (I won't get into enforcing the difference in this PR)
 2021-10-12 12:35:05 +01:00
Chris Smowton
fc0b18cf61 Add tests for Android flow steps 2021-10-12 12:35:05 +01:00
Chris Smowton
cd2c9e9ca3 Add Gson support to unsafe deserialization query 2021-10-12 12:35:04 +01:00
Tony Torralba
588dedc265 Add stubs 2021-10-07 17:03:05 +02:00