hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 03:06:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
77,098 Commits 1,672 Branches 157 Tags
66737402c20fc83b3d3a654dcccf4b26c901b100
Commit Graph

12946 Commits

Author SHA1 Message Date
Marcono1234
e21cbe82a9 Update Java documentation links to Java 11 
Where possible update Java documentation links to Java 11.
Additionally update some other links to use HTTPS.
 2021-02-26 00:43:51 +01:00
intrigus
141f057f7b Java: Remove duplicate code. 2021-02-25 21:29:26 +01:00
Marcono1234
fa189ded9d Java: Add Class and Interface.isPackageProtected() 2021-02-25 18:21:18 +01:00
Tamás Vajk
505d04b13e Merge pull request #5102 from luchua-bc/java/main-method-in-servlet 
Java: CWE-489 Query to detect main() method in servlets
 2021-02-25 16:05:06 +01:00
Joe Farebrother
41b7db144d Allow for array types in model signatures 2021-02-25 11:40:48 +00:00
haby0
0521ef87da Merge remote-tracking branch 'upstream/main' into JsonHijacking 2021-02-25 16:31:14 +08:00
Anders Schack-Mulligen
f0d3841369 Merge pull request #5105 from JLLeitschuh/feat/JLL/depricated_bintray_usage 
CWE-1104: Maven POM dependence upon Bintray/JCenter
 2021-02-25 09:08:31 +01:00
Artem Smotrakov
e02b51f42b Improved SpringHttpInvokerUnsafeDeserialization.qhelp 2021-02-24 22:35:20 +01:00
Artem Smotrakov
aac0c27dcd Added tests for SpringHttpInvokerUnsafeDeserialization.ql 2021-02-24 22:35:20 +01:00
Artem Smotrakov
95284ad71d Added SpringHttpInvokerUnsafeDeserialization.qhelp and example 2021-02-24 22:35:20 +01:00
Artem Smotrakov
476309af6d Added SpringHttpInvokerUnsafeDeserialization.ql 2021-02-24 22:35:20 +01:00
Artem Smotrakov
34b6ed0a05 Removed commented code from JexlUberspect 2021-02-24 22:31:03 +01:00
luchua-bc
e34a203731 Refactor the check of a main method in a test program to improve maintainability 2021-02-24 17:15:08 +00:00
Joe Farebrother
caa6f00292 Switch to CSV based modelling 2021-02-24 16:59:49 +00:00
Jonathan Leitschuh
237fefbcf1 Add release notes 2021-02-24 11:19:20 -05:00
haby0
6fe8bafc7d *)update 2021-02-24 20:59:51 +08:00
haby0
872a000a33 *)update to JSONP injection 2021-02-24 20:36:12 +08:00
Anders Schack-Mulligen
add960bc4d Merge pull request #4880 from luchua-bc/java/sensitive-query-with-get 
Java: Sensitive GET Query
 2021-02-24 11:08:47 +01:00
yo-h
1d654febfd Merge pull request #5195 from aschackmull/java/cwe-548-test 
Java: Add empty file to test.
 2021-02-23 21:12:40 -05:00
Joe Farebrother
e13c779f0f Add additional unit tests 2021-02-23 16:17:13 +00:00
luchua-bc
56e3b301e9 Resolve ambiguous method access 2021-02-23 15:18:07 +00:00
luchua-bc
45f9125bfa Update test program 2021-02-23 14:41:44 +00:00
luchua-bc
9eb8ec7da5 Create a separate file for EJB check 2021-02-23 14:38:15 +00:00
Joe Farebrother
ee651da23f Remove TODO comment 2021-02-23 14:27:11 +00:00
Joe Farebrother
459c0afc55 Add change note 2021-02-23 14:26:12 +00:00
Joe Farebrother
a3b8d4ab2d Switch to inline test expectations; fix failing test outputs 2021-02-23 14:26:12 +00:00
Joe Farebrother
7b5961769a Add unit tests for version 5.x 2021-02-23 14:26:12 +00:00
Joe Farebrother
cf58a90d74 Add unit tests for utility methods 2021-02-23 14:26:12 +00:00
Joe Farebrother
e5d624d1e8 Add open redirect sinks 2021-02-23 14:26:12 +00:00
Joe Farebrother
e3fe635004 Add support for httpcomponents 5.x 2021-02-23 14:26:11 +00:00
Joe Farebrother
5bba7f6df7 Add unit tests 2021-02-23 14:26:11 +00:00
Joe Farebrother
da6e9492a0 Model XSS sinks and utility methods 2021-02-23 14:26:11 +00:00
Joe Farebrother
561679611e Java: Model flow source for apache http requests, 
Model flow steps for associated getters

Fix rebase conflict
 2021-02-23 14:26:11 +00:00
Joe Farebrother
4184ebd091 Java: Add HttpRequestHandler as a remote flow source 2021-02-23 14:26:11 +00:00
Anders Schack-Mulligen
b1bed2731d Merge pull request #5172 from smowton/smowton/feature/commons-strbuilder 
Java: Add support for commons-lang's StrBuilder class
 2021-02-23 14:39:11 +01:00
yo-h
6213c20bc3 Merge pull request #5136 from aschackmull/java/csv-models 
Java: Add support for framework modelling through csv data.
 2021-02-22 19:00:41 -05:00
Jonathan Leitschuh
ad99aa2d76 Fix typo in test output 2021-02-22 13:26:51 -05:00
luchua-bc
40df01d2cd Update qldoc and method name 2021-02-22 14:15:41 +00:00
Francis Alexander
45bdb22db8 Switch from sanitizer to tainttracking, formatting and qldoc changes 2021-02-21 16:45:48 +05:30
Artem Smotrakov
43a07bb13a Better sink in SandboxedJexlFlowConfig 2021-02-20 11:17:51 +01:00
luchua-bc
dc799019d0 Add query for Struts and Spring actions 2021-02-20 03:36:21 +00:00
luchua-bc
3d9ac0d094 Add query for enterprise beans 2021-02-20 02:00:42 +00:00
Anders Schack-Mulligen
dae65f687a Merge pull request #5150 from Marcono1234/marcono1234/conditional-expr-branch 
Java: Add ConditionalExpr.getBranchExpr(boolean)
 2021-02-19 10:12:43 +01:00
Chris Smowton
321df82851 Apply review feedback: comment style, bracketing, and use proper MISSING test annotations 2021-02-18 14:56:52 +00:00
Anders Schack-Mulligen
954e0b9496 Java: Add empty file to test. 2021-02-18 13:10:29 +01:00
Anders Schack-Mulligen
74d35f4f37 Java: Add support for value-preserving steps. 2021-02-18 11:26:15 +01:00
Anders Schack-Mulligen
04eeeda2c9 Java: Add documentation for the final column. 2021-02-18 11:23:49 +01:00
Anders Schack-Mulligen
6f583baa90 Java: More documentation and support for field writes. 2021-02-18 11:18:31 +01:00
haby0
8119fd2ad1 *)add JsonHijacking ql query 2021-02-18 18:11:10 +08:00
luchua-bc
e916ce8b9b Exclude test directories of typical build tools 2021-02-18 00:50:38 +00:00