hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-20 22:46:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
9,374 Commits 1,712 Branches 163 Tags
7b2192d2e376ecd687bb851ffc85ff52ea86de99
Commit Graph

505 Commits

Author SHA1 Message Date
Grzegorz Golawski
7b2192d2e3 Apply suggestion from code review 2020-01-27 22:34:15 +01:00
ggolawski
408c49a61c Apply suggestions from code review 
Co-Authored-By: Felicity Chapman <felicitymay@github.com>
 2020-01-27 22:31:51 +01:00
Grzegorz Golawski
968c18d208 Query to detect LDAP injections in Java 
Refactoring according to review comments.
 2020-01-23 22:51:10 +01:00
Grzegorz Golawski
bed6a9886f Query to detect LDAP injections in Java 
Autoformat
 2020-01-22 21:42:47 +01:00
Grzegorz Golawski
00ee3d2549 Query to detect LDAP injections in Java 
Cleanup
 2020-01-18 20:21:38 +01:00
Grzegorz Golawski
95723b08e1 Query to detect LDAP injections in Java 
Add help
 2020-01-18 19:01:35 +01:00
Grzegorz Golawski
8cec46342f Query to detect LDAP injections in Java 
Refactoring
 2020-01-18 17:14:22 +01:00
Grzegorz Golawski
b7325232d7 Query to detect LDAP injections in Java 
Consider DNs as injection points as well
Add more taint steps
 2020-01-14 23:07:21 +01:00
Grzegorz Golawski
3e86dd1182 Query to detect LDAP injections in Java 
Apache LDAP API sink
 2020-01-12 20:19:25 +01:00
Grzegorz Golawski
c01aa3d2ee Query to detect LDAP injections in Java 
Spring LDAP sink
 2020-01-12 13:28:29 +01:00
Grzegorz Golawski
7570fa9137 Query to detect LDAP injections in Java 
JNDI and UnboundID sinks
JNDI, UnboundID and Spring LDAP sanitizers
 2020-01-11 21:55:54 +01:00
Anders Schack-Mulligen
7e987c570f Merge pull request #2413 from JLLeitschuh/feature/JLL/maven_insecure_artifact_resolution 
Java: Use of HTTP/FTP to download/upload Maven artifacts
 2020-01-02 14:47:30 +01:00
Tom Hvitved
29cd6a9e30 Sync XML.qll 2019-12-19 10:29:30 +01:00
Jonathan Leitschuh
75939afe9c Update java/ql/src/Security/CWE/CWE-829/InsecureDependencyResolution.qhelp 
Co-Authored-By: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2019-12-18 09:53:36 -05:00
Max Schaefer
09ee106333 Java/JavaScript: Add two deprecated predicates to XML.qll. 
This makes XML.qll identical across C++, Java, JavaScript and Python.
 2019-12-17 10:15:43 +00:00
Max Schaefer
923e36ba4f C++/Java/JavaScript/Python: Make qldoc consistent. 2019-12-17 10:15:43 +00:00
Max Schaefer
a2fe678464 C++/Java/JavaScript/Python: Unify imports in XML.qll. 2019-12-17 10:15:43 +00:00
yo-h
69a2632806 Merge pull request #2341 from aschackmull/java/cached-tostring-perf-fixes 
Java: Fix a number of performance issues when toString is cached.
 2019-12-16 22:01:35 -05:00
Anders Schack-Mulligen
13f12c5332 Java: Fix characteristic predicate of XMLParent. 2019-12-13 15:20:52 +01:00
Anders Schack-Mulligen
f88623ccb4 Java: Add .expected file to qltest. 2019-12-13 14:34:29 +01:00
Jonathan Leitschuh
0c2da8af40 Update java/ql/src/Security/CWE/CWE-829/InsecureDependencyResolution.ql 2019-12-12 14:10:11 -05:00
Jonathan Leitschuh
229622459c Update InsecureDependencyResolution with code review comments 2019-12-09 20:37:53 -05:00
Jonathan Leitschuh
f341234edb Apply suggestions from code review 
Co-Authored-By: Felicity Chapman <felicitymay@github.com>
Co-Authored-By: yo-h <55373593+yo-h@users.noreply.github.com>
 2019-12-09 19:17:23 -05:00
Henning Makholm
baacc6f66b Java tests: add queries.xml 
The `queries.xml` file defines which extractor the `codeql test` runner will use
to extract databases for the tests. In the future one will be able to write this
information in `qlpack.yml`, but we can't do that immediately because the
_existing_ CodeQL tooling would  refuse to parse  a `qlpack.yml` that has
the new field in it.
 2019-12-07 02:38:02 +01:00
yo-h
ed97be459f Merge pull request #2454 from aschackmull/java/explicit-mul-zero 
Java: Allow explicit zero multiplication in java/evaluation-to-constant.
 2019-12-06 18:13:43 -05:00
Jonas Jensen
57917bec17 Merge pull request #2480 from hvitved/dataflow/performance-tweaks 
Data flow: Various performance tweaks
 2019-12-03 18:44:11 +01:00
Henning Makholm
95c26a51af remove java test EmptyInterface 
This is a test of an internal query for the Semmle repository. It cannot
run against the public QL repository alone, and therefore should not be
tested here.

https://git.semmle.com/Semmle/code/pull/35690 adds the test back to the
internal repo.
 2019-12-02 15:29:42 +01:00
Tom Hvitved
b3990c5a1d Data flow: Revert reordering changes in flowStore and flowRead 2019-12-02 14:25:59 +01:00
Tom Hvitved
5baa133e6c Data flow: Sync files 2019-12-02 13:41:17 +01:00
Jonas Jensen
5b24b1efc3 Merge remote-tracking branch 'upstream/rc/1.23' into mergeback-20191202 
Conflicts solved:
	javascript/extractor/src/com/semmle/js/extractor/Main.java
	javascript/ql/test/query-tests/Statements/UseOfReturnlessFunction/tst.js
 2019-12-02 09:57:34 +01:00
Anders Schack-Mulligen
333d0a69d2 Java/C++/C#: Bugfix for field flow through reverse read. 2019-11-29 09:38:24 +01:00
Anders Schack-Mulligen
2c3a6d7359 Java: Allow explicit zero multiplication in java/evaluation-to-constant. 2019-11-27 11:49:43 +01:00
Anders Schack-Mulligen
3d0e3aa1fd Java: Fix a number of performance issues when toString is cached. 2019-11-27 09:06:15 +01:00
yo-h
8a8b795696 Merge pull request #2447 from aschackmull/java/cache-perf 
Java: Improve performance by normalizing import order to reduce cache invalidation.
 2019-11-26 16:26:53 -05:00
Anders Schack-Mulligen
deb6a6e5c6 Java: Improve performance by normalizing import order to reduce cache invalidation. 2019-11-26 17:20:01 +01:00
Anders Schack-Mulligen
18e1708036 Merge pull request #2412 from Cornelius-Riemenschneider/nullness-corr-cond 
Java: Nullness library: track instanceof expressions in correlated conditions
 2019-11-26 10:33:34 +01:00
Cornelius Riemenschneider
37f162106a Fix formatting of file. 2019-11-25 17:04:38 +01:00
Cornelius Riemenschneider
3368169df8 Address review. 2019-11-25 14:54:50 +01:00
Tom Hvitved
a26efdf4c1 Java/C++/C#: Rename DataFlowErasedType back to DataFlowType 2019-11-25 11:43:58 +01:00
Cornelius Riemenschneider
0e7a08201f Address review by Anders. 2019-11-22 12:19:06 +01:00
Jonathan Leitschuh
21193bd780 Java: Use of HTTP/FTP to download/upload Maven artifacts 
This adds a security alert for the use of HTTP or FTP to download or upload
artifacts using Maven.
 2019-11-21 13:35:29 -05:00
Cornelius Riemenschneider
5d4b6c3a8c Nullness: Track correlated conditions of equality tests of variables. 2019-11-21 19:24:40 +01:00
Cornelius Riemenschneider
92f32a12d8 Add tests for nullness tracking by comparing variables. 2019-11-21 19:23:39 +01:00
Cornelius Riemenschneider
3e5324e772 More precise Nullness tracking by taking correlated instanceof expressions into account. 
Fixes #2238.
 2019-11-21 18:38:27 +01:00
Cornelius Riemenschneider
d8aae1c126 Add tests to track nullness by instanceof checks. 2019-11-21 18:38:27 +01:00
Tom Hvitved
acc7d5298d Data flow: Sync files 2019-11-20 14:10:02 +01:00
Tom Hvitved
6c0dbcfca2 Java/C++: Add DataFlowErasedType aliases 2019-11-20 14:09:53 +01:00
yh-semmle
de65f023d6 Merge pull request #2167 from aschackmull/java/dataflow-out-of-arg-refactor 
Java/C++/C#: Refactor dataflow to simplify return flow.
 2019-11-15 11:10:06 -05:00
Anders Schack-Mulligen
81a90943c0 Java: Fix range analysis bug where int was assumed. 2019-11-15 15:08:14 +01:00
Anders Schack-Mulligen
106b8cfbca Java/C++/C#: Fix bad magic and bad join-order. 2019-11-14 13:17:17 +01:00