hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-27 12:23:41 +01:00
Code Issues Packages Projects Releases Wiki Activity
20,680 Commits 1,694 Branches 161 Tags
87e4dec86a76b4327719e4dd47bef86d0dbb5670
Commit Graph

1011 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
87e4dec86a Merge pull request #5300 from tamasvajk/feature/external-remote-flow-sources 
Java: Convert remote flow sources to use new CSV format
 2021-03-11 10:44:17 +01:00
Tom Hvitved
fc5158c41c Merge pull request #5338 from hvitved/dataflow/performance-tweaks 
Data flow: Performance tweaks
 2021-03-10 13:56:57 +01:00
Chris Smowton
9163893879 Add models for Commons-Lang's RegExUtils class 2021-03-09 15:11:13 +00:00
Tom Hvitved
fe6efde449 Address review comments 2021-03-09 14:30:12 +01:00
Tamas Vajk
5480a31b68 Java: Remove MultipartFile.getSize/isEmpty from remote flow sources 2021-03-09 12:23:47 +01:00
Tamas Vajk
0d405c293a Java: Convert PlayRequestGetMethod to CSV based flow source 2021-03-09 12:20:35 +01:00
Joe Farebrother
7a4ce83169 Merge pull request #5310 from joefarebrother/guava-io 
Java: Add modelling for Guava IO utilities
 2021-03-09 11:19:44 +00:00
Tamas Vajk
e0b1a86038 Java: Convert WebSocketMessageParameterSource to CSV based flow source 2021-03-09 11:49:59 +01:00
Tamas Vajk
193458eb3d Java: Convert SpringRestTemplateResponseEntityMethod to CSV based flow source 2021-03-09 11:49:59 +01:00
Tamas Vajk
e0c51b510f Java: Convert WebViewGetUrlMethod to CSV based flow source 2021-03-09 11:42:40 +01:00
Tamas Vajk
8ba820cae1 Java: Convert android XML get* methods to CSV based flow source 2021-03-09 11:42:13 +01:00
Tamas Vajk
09b0d824b4 Java: Convert org.apache.http.Http*.get* methods to CSV based flow source 2021-03-09 11:41:33 +01:00
Tamas Vajk
3c8ac5c789 Java: Convert Cookie.get* methods to CSV based flow source 2021-03-09 11:41:33 +01:00
Tamas Vajk
86cf143029 Java: Convert ServletRequestGetBodyMethod to CSV based flow source 2021-03-09 11:41:32 +01:00
Tamas Vajk
b05a9043b5 Java: Convert SpringWebRequestGetMethod to CSV based flow source 2021-03-09 11:41:32 +01:00
Tamas Vajk
09bcf878f7 Java: Convert HttpServletRequest.get* methods to CSV based flow source 2021-03-09 11:40:59 +01:00
Tamas Vajk
f2448cc921 Java: Convert SpringMultipartFileSource to CSV based flow source 2021-03-09 11:40:18 +01:00
Tamas Vajk
80b4d63d4b Java: Convert SpringMultipartRequestSource to CSV based flow source 2021-03-09 11:39:47 +01:00
Tamas Vajk
06fdd64dab Java: Remove already modelled BeanValidationSource 2021-03-09 11:35:42 +01:00
Tamas Vajk
3dfc236bbe Java: Remove already modelled RemoteTaintedMethods 2021-03-09 11:35:42 +01:00
Joe Farebrother
ed228cbcef Add sinks for URL Open Stream query 2021-03-08 14:07:53 +00:00
Anders Schack-Mulligen
cf4f55d9ab Merge pull request #5223 from smowton/smowton/feature/backward-dataflow-for-modelled-fluent-methods 
Java: Add backward dataflow edges through modelled function invocations
 2021-03-05 15:11:43 +01:00
Tom Hvitved
6e5af1a9f8 Data flow: Sync files 2021-03-05 14:56:40 +01:00
Chris Smowton
012058a866 Apply review suggestions: use ArgumentNode.argumentOf, and change more uses of ValuePreservingCallable -> ValuePreservingMethod 2021-03-05 13:34:13 +00:00
Chris Smowton
eed357dc93 ValuePreservingCallable -> ValuePreservingMethod 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-03-05 13:28:35 +00:00
Chris Smowton
a37b98ca27 Value-preserving methods: handle generics in DataFlowUtil.qll 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-03-05 13:15:06 +00:00
Chris Smowton
ca86925a45 Update java/ql/src/semmle/code/java/dataflow/FlowSteps.qll 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-03-05 13:02:19 +00:00
Chris Smowton
45f3365d06 Apply suggestions from code review 
Note value-preserving functions can't be constructors

Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-03-05 12:52:38 +00:00
Chris Smowton
990bdc20b0 Move value-preserving callable class into FlowSteps 2021-03-05 11:55:53 +00:00
Joe Farebrother
3f3640fcbd Model ByteArrayDataOutput 2021-03-05 11:19:55 +00:00
Joe Farebrother
470a2ca336 Add CopyTo 2021-03-05 11:19:55 +00:00
Joe Farebrother
61dcf3a275 Apply suggestions from code review 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-03-05 11:19:55 +00:00
Joe Farebrother
f5564b1c3b Remove unnecassary import 2021-03-05 11:19:54 +00:00
Joe Farebrother
d30d1a2ab2 Add unit tests and fix issues 2021-03-05 11:19:52 +00:00
Joe Farebrother
d67de88d34 Model Guava IO package 2021-03-05 11:19:25 +00:00
Anders Schack-Mulligen
20ccb52912 Merge pull request #4299 from torque59/play-framework 
Initial support for Java - Play Framework > 2.6.x
 2021-03-05 10:51:53 +01:00
Anders Schack-Mulligen
3565ba51b3 Merge pull request #5209 from smowton/smowton/feature/commons-misc-text 
Java: add models for miscellaneous text-processing utilities from Commons Lang
 2021-03-05 10:21:58 +01:00
Owen Mansel-Chan
96eaf2119f Correct signature and package in comment 
cf https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletResponse.html#addCookie(javax.servlet.http.Cookie)
 2021-03-04 15:10:02 +00:00
Chris Smowton
da0a7f343a Move existing value-preserving methods to use ValuePreservingCallable 2021-03-04 11:45:45 +00:00
Chris Smowton
40b0f68d2a Add backward dataflow edges through modelled function invocations. 
Also add convenience abstract classes for easily modelling new functions as fluent or value-preserving.
 2021-03-04 11:45:19 +00:00
Chris Smowton
71cd329ded Directly import Lang from ExternalFlow's Frameworks module 2021-03-04 11:12:21 +00:00
Chris Smowton
563404120f Move calls to getSourceDeclaration 2021-03-04 11:11:56 +00:00
Chris Smowton
43b9436bb8 Convert Apache misc text models to CSV taint-flow specifications 2021-03-04 11:11:56 +00:00
Chris Smowton
0029d3b743 Java CSV flow summaries: allow specifying an unqualified typename to imply either the type itself or any generic specialisation. 
It is still possible to specify a precise generic signature if need be.
 2021-03-04 11:11:56 +00:00
Chris Smowton
b0ba0585a7 Add models for Apache Commons Lang and Text's Str[ing]Substitutor 2021-03-04 11:11:55 +00:00
Chris Smowton
f749c31136 Add models for commons lang/text's Str[ing]Lookup class 2021-03-04 11:11:55 +00:00
Chris Smowton
1580d23b2b Add models for WordUtils and StrTokenizer 
Both of these have commons-text and commons-lang variants.
 2021-03-04 11:11:55 +00:00
Anders Schack-Mulligen
fe07630e40 Merge pull request #5219 from smowton/smowton/feature/backward-dataflow-for-fluent-methods 
Java: Add backward dataflow edges through fluent function invocations.
 2021-03-04 11:13:32 +01:00
Anders Schack-Mulligen
f91c71c8f7 Merge pull request #5270 from Marcono1234/marcono1234/class-isPackageProtected 
Java: Add Class and Interface.isPackageProtected()
 2021-03-03 16:33:57 +01:00
Anders Schack-Mulligen
7ca57fd7a5 Merge pull request #5294 from Marcono1234/patch-1 
Java: Fix wrong algorithm name matching
 2021-03-03 16:33:13 +01:00