hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
20,067 Commits 1,672 Branches 157 Tags
6fe8bafc7d35f77d5db38d0802b192b6abb45dd1
Commit Graph

1643 Commits

Author SHA1 Message Date
haby0
6fe8bafc7d *)update 2021-02-24 20:59:51 +08:00
haby0
872a000a33 *)update to JSONP injection 2021-02-24 20:36:12 +08:00
haby0
8119fd2ad1 *)add JsonHijacking ql query 2021-02-18 18:11:10 +08:00
Chris Smowton
a2eeffa9c0 Add support for Apache Commons Lang StringUtils 2021-02-16 14:48:39 +00:00
Chris Smowton
bf03c0f419 Port InlineExpectationsTest for the Java analysis 2021-02-16 14:48:39 +00:00
Anders Schack-Mulligen
6eafa9d396 Merge pull request #5133 from pwntester/fix_SnakeYaml 
Remove sanitizing condition which does not prevent vulnerability.
 2021-02-16 12:58:47 +01:00
Anders Schack-Mulligen
8f5fe14e52 Merge pull request #5170 from pwntester/ArrayUtils_changeNote 
add change note for new ArrayUtils support
 2021-02-15 15:00:15 +01:00
Alvaro Muñoz
3d3f4ba797 add change note 2021-02-15 14:53:16 +01:00
Alvaro Muñoz
923e1c5e9b add change note for new ArrayUtils support 2021-02-15 14:41:18 +01:00
Anders Schack-Mulligen
b9a479dd31 Merge pull request #5134 from pwntester/ArrayUtils 
Add support for Apache Commons Lang ArrayUtils
 2021-02-15 13:50:01 +01:00
Alvaro Muñoz
00a0b12dad update expected results 2021-02-15 11:23:40 +01:00
Alvaro Muñoz
812884341b Merge branch 'ArrayUtils' of github.com:pwntester/codeql-1 into ArrayUtils 2021-02-15 10:59:49 +01:00
Alvaro Muñoz
504d119749 adjust max parameter number 2021-02-15 10:58:17 +01:00
Alvaro Muñoz
c7072aef16 update A.java test 2021-02-15 10:34:20 +01:00
Anders Schack-Mulligen
7e83a608a2 Merge pull request #4954 from aschackmull/java/member-hasqualifiedname 
Java: Add Member.hasQualifiedName.
 2021-02-15 10:02:13 +01:00
Anders Schack-Mulligen
161e756c4b Merge pull request #5141 from github/yo-h/java-flow-check-fix 
Java: prepare to enforce additional compiler checks in test code
 2021-02-15 09:41:03 +01:00
yo-h
1d007b6e72 Java: delete two test cases as per code review 2021-02-14 21:42:58 -05:00
Chris Smowton
402f20c5e2 Merge pull request #5154 from smowton/smowton/admin/deprecate-old-maven-predicate-names 
Java: Re-introduce deprecated versions of old Maven predicate names
 2021-02-12 17:22:05 +00:00
Chris Smowton
80978c7c35 Merge pull request #5153 from smowton/smowton/admin/move-misplaced-experimental-query 
Move misplaced experimental query into the conventional directory
 2021-02-12 17:21:57 +00:00
Alvaro Muñoz
7d294361dc Update java/ql/src/semmle/code/java/frameworks/apache/Lang.qll 
Co-authored-by: Joe Farebrother <joefarebrother@github.com>
 2021-02-12 15:40:44 +01:00
Alvaro Muñoz
6b80a42913 apply LSP formatter and add missing dot 2021-02-12 15:03:11 +01:00
Alvaro Muñoz
8606386c2c add bidirectional import 2021-02-12 14:59:28 +01:00
Alvaro Muñoz
49eda8ced6 apply LSP formatter 2021-02-12 14:56:10 +01:00
Anders Schack-Mulligen
085286ab58 Merge pull request #5135 from pwntester/guava_preconditions 
Add support for the Preconditions Class in the Guava framework
 2021-02-12 14:15:17 +01:00
Chris Smowton
655cfb3a47 Re-introduce deprecated versions of old Maven predicate names 2021-02-12 12:24:19 +00:00
Chris Smowton
97df60f9d6 Move misplaced experimental query into the conventional directory 2021-02-12 12:12:16 +00:00
Marcono1234
e89891fa1f Address review comments 2021-02-12 01:30:47 +01:00
Marcono1234
2a1c11b517 Improve MavenPom documentation, rename inconsistent predicates 2021-02-10 23:56:45 +01:00
Anders Schack-Mulligen
b74911204a Merge pull request #4945 from intrigus-lgtm/java/insecure-jxbrowser 
Java: Insecure JXBrowser
 2021-02-10 15:48:17 +01:00
intrigus
5c82ff83de Java: Fix qhelp, fix CWE reference 2021-02-10 13:57:51 +01:00
Alvaro Muñoz
645b021845 Add support for the Preconditions Class in the Guava framework 2021-02-10 13:20:29 +01:00
Alvaro Muñoz
0cf3a29429 Add support for Apache Commons Lang ArrayUtils 2021-02-10 13:09:57 +01:00
Alvaro Muñoz
3b4357792b Remove sanitizing condition which does not prevent 
vulnerability.
 2021-02-10 12:21:48 +01:00
Tom Hvitved
1f9b42f9ab Data flow: Sync files 2021-02-09 20:10:23 +01:00
yo-h
e5331a4735 Java: accept changes in expected output 2021-02-09 09:17:35 -05:00
yo-h
e194411cfa Java: fix javac errors in test code 2021-02-09 09:16:57 -05:00
intrigus
2e30f2d9ce Java: Fix QHelp & accept test output 
Accept test output for changed alert message.
 2021-02-08 00:05:02 +01:00
Anders Schack-Mulligen
35e620a19c Merge pull request #4854 from luchua-bc/java/insecure-ldap-auth 
Java: Insecure LDAP authentication
 2021-02-04 14:56:38 +01:00
luchua-bc
724c3e00e0 Update help file 2021-02-03 16:45:15 +00:00
Anders Schack-Mulligen
40d02e7e32 Merge pull request #4926 from luchua-bc/java/insufficient-key-size 
Java: Query to detect weak encryption: insufficient key size
 2021-02-03 15:16:10 +01:00
Anders Schack-Mulligen
0df7e9fa4e Merge pull request #4989 from lcartey/lcartey/spring-inheritence-improvements 
Java: Track taint through Spring Java bean getters on super types
 2021-02-03 15:06:03 +01:00
luchua-bc
2ace10fcdf Use PostUpdateNode for wrapper method calls 2021-02-03 12:21:31 +00:00
luchua-bc
3151aeff48 Enhance the query 2021-02-02 18:26:29 +00:00
luchua-bc
5e3b6fa341 Update qldoc 2021-02-02 16:20:39 +00:00
luchua-bc
50be54385a Update qldoc 2021-02-02 14:49:50 +00:00
Luke Cartey
76c9b6466e Reformat TaintTrackingUtil.qll with more recent CodeQL CLI 2021-01-29 11:27:30 +00:00
Anders Schack-Mulligen
bbdd7c9b57 Merge pull request #4963 from joefarebrother/guava-collections 
Java: Add flow steps for Guava collection utilities
 2021-01-28 11:01:03 +01:00
luchua-bc
ab7d257569 Add more cases and change EC to 256 bits 2021-01-28 04:06:27 +00:00
luchua-bc
2ac7b4bab4 Update qldoc 2021-01-28 04:06:27 +00:00
luchua-bc
058f3af4b2 Refactor the hasShortSymmetricKey method 2021-01-28 04:06:27 +00:00