1177 Commits

Author	SHA1	Message	Date
Marcono1234	7e778bc008	Java: Override toString() for statements ... Additionally remove redundant QLDoc which is inherited anyways.	2021-06-03 16:27:35 +02:00
Tom Hvitved	daf2cc3d53	Java: Improve performance of isUnreachableInCall()	2021-06-02 20:39:05 +02:00
Anders Schack-Mulligen	8a20395857	Merge pull request #5940 from pwntester/main ... Remove XSS sink for Java	2021-06-02 12:30:20 +02:00
Anders Schack-Mulligen	c0e562de21	Merge pull request #5979 from hvitved/java/shared-external-summaries ... Java: Move some CSV flow summary code into shared library	2021-06-02 12:28:45 +02:00
Alvaro Muñoz	9aba92397d	lift XssSink check to InformationLeakSink	2021-06-01 17:16:41 +02:00
Tom Hvitved	14f9a5c280	Java: Move some CSV flow summary code into shared library	2021-06-01 13:22:14 +02:00
Anders Schack-Mulligen	ce509eb7e1	Merge pull request #5927 from aschackmull/dataflow/flowthrough-dispatch-perf ... Dataflow: Improve performance in flow-through pruning	2021-06-01 11:46:22 +02:00
Anders Schack-Mulligen	5d21c64247	Dataflow: qldoc fix.	2021-06-01 10:49:47 +02:00
Anders Schack-Mulligen	4f9a6c151b	Dataflow: Code review fixes.	2021-06-01 10:29:17 +02:00
Anders Schack-Mulligen	683f853fa5	Dataflow: Fix another bad join order.	2021-05-31 15:14:13 +02:00
Alvaro Muñoz	41d034d5a0	Attempt to use information-leak sink category	2021-05-30 00:22:40 +02:00
Alvaro Muñoz	706874491b	Remove XSS sink for Java	2021-05-28 15:13:18 +02:00
Erik Krogh Kristensen	79989cc3f4	CPP/Java: Fix getAPrimaryQlClass implementations	2021-05-27 21:36:27 +02:00
Anders Schack-Mulligen	d05f524759	Merge pull request #5941 from aschackmull/java/virt-disp-perf ... Java: Improve performance of virtual dispatch calculation.	2021-05-25 14:44:51 +02:00
Anders Schack-Mulligen	4884da363f	Java: Bugfix.	2021-05-25 11:48:35 +02:00
Anders Schack-Mulligen	017bf68906	Dataflow: Fix bad join order.	2021-05-25 11:40:53 +02:00
Anders Schack-Mulligen	d00618f4f4	Java: Improve performance of virtual dispatch calculation.	2021-05-21 15:04:08 +02:00
Sebastian Bauersfeld	28f597440f	Add method invocations of Spring's SavedRequest as a remote sources.	2021-05-20 20:00:14 +07:00
Anders Schack-Mulligen	4406b8e339	Dataflow: Sync.	2021-05-19 19:22:36 +02:00
Anders Schack-Mulligen	bb258813a1	Dataflow: Improve performance for dispatch-join in flow-through.	2021-05-19 19:20:57 +02:00
Anders Schack-Mulligen	9b0e3b1950	Merge pull request #5814 from JLLeitschuh/feat/JLL/jackson_as_taint_step ... [Java] Add taint tracking through Jackson deserialization	2021-05-18 09:31:16 +02:00
Anders Schack-Mulligen	77c93dcf26	Make private	2021-05-17 10:35:04 +02:00
Jonathan Leitschuh	48b50f93c2	Update java/ql/src/semmle/code/java/frameworks/jackson/JacksonSerializability.qll ... Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>	2021-05-12 08:58:01 -04:00
Sebastian Bauersfeld	bf4d88175c	Consider boxed booleans to avoid false positives for XXE.ql	2021-05-12 16:40:00 +07:00
Anders Schack-Mulligen	a247ae4357	Merge pull request #5843 from JLLeitschuh/feat/JLL/improve_kryo_support ... [Java] Fix Kryo FP & Kryo 5 Support	2021-05-12 09:52:24 +02:00
Anders Schack-Mulligen	74ae2e0857	Merge pull request #5773 from hvitved/dataflow/aggressive-caching ... Data flow: Cache most language-dependent predicates	2021-05-12 09:41:55 +02:00
Jonathan Leitschuh	5a68ac88ef	Cleanup Jackson logic after code review	2021-05-11 10:48:22 -04:00
Jonathan Leitschuh	bacc3ef5b3	[Java] Jackson add support for 2 step deserialization taint flow	2021-05-11 10:36:47 -04:00
Jonathan Leitschuh	e97bad3b33	Support field access data flow for JacksonDeserializedTaintStep	2021-05-11 10:36:47 -04:00
Jonathan Leitschuh	83d527ed19	Apply suggestions from code review ... Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>	2021-05-11 10:36:47 -04:00
Jonathan Leitschuh	d0b0b767a2	Apply suggestions from code review ... Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>	2021-05-11 10:36:47 -04:00
Jonathan Leitschuh	d0638db6e7	[Java] Add data flow through Iterator deserializers for Jackson	2021-05-11 10:36:47 -04:00
Jonathan Leitschuh	56b1f15dda	[Java] Add taint tracking through Jackson deserialization	2021-05-11 10:36:47 -04:00
Tom Hvitved	d66506b0a3	Data flow: Rename {Argument,Parameter}NodeExt to {Arg,Param}Node	2021-05-11 14:40:10 +02:00
Anders Schack-Mulligen	744c495ac2	Merge pull request #5824 from JLLeitschuh/feat/JLL/guava_first_non_null ... [Java] Add support for com.google.common.base.MoreObjects#firstNonNull	2021-05-11 09:42:20 +02:00
Dave Bartolomeo	f85aff869c	Java: Fix PR feedback	2021-05-10 16:37:23 -04:00
Jonathan Leitschuh	d27316eb3e	Apply suggestions from code review ... Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>	2021-05-10 11:55:31 -04:00
Dave Bartolomeo	d9f243d18a	Java: Fix QLDoc for Container.toString() ... Fixes #5828 The QLDoc was just too specific about the default implementation. I've improved the wording.	2021-05-08 11:14:02 -04:00
Tony Torralba	b69be30b88	Fix imports as suggested in code review	2021-05-07 11:07:06 +02:00
Tony Torralba	8af7f4a484	New sinks and test cases	2021-05-06 09:18:49 +02:00
Tony Torralba	215118c7ea	Fixes in QLDocs and imports	2021-05-06 09:18:49 +02:00
Tony Torralba	720b5d6da3	Refactored sto use CSV sink model. Also, added more sinks	2021-05-06 09:18:49 +02:00
Tony Torralba	ab62bb66f4	Consider second parameter of Node.selectNodes	2021-05-06 09:18:49 +02:00
Tony Torralba	d72dd9b861	javax.xml.xpath.XPath is an interface	2021-05-06 09:18:49 +02:00
Tony Torralba	2bb2baf6f7	Support more methods that evaluate XPath expressions	2021-05-06 09:18:49 +02:00
Tony Torralba	3705970bfd	Refactored XPath.qll to remove redundant classes and restrict visibility	2021-05-06 09:18:49 +02:00
Tony Torralba	d739a8cac2	Moved configuration from XPath.qll back to XPath Injection query	2021-05-06 09:18:48 +02:00
Tony Torralba	ee269fbc69	Added missing doc comments	2021-05-06 09:18:48 +02:00
Tony Torralba	fb3e56eac8	Fix imports and stubs so that tests pass	2021-05-06 09:18:48 +02:00
Tony Torralba	a62997463f	Remove unused imports; use set literals in hasName	2021-05-06 09:18:48 +02:00