hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-06 03:00:24 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,818 Commits 1,676 Branches 157 Tags
8a3fba05e992249bd71bd67bc79f54cde04cce10
Commit Graph

760 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
cb77e460ae Merge pull request #4600 from porcupineyhairs/urirefactor 
Java : Refactor all instances of `java.net.URI` into TypeUri
 2020-11-06 09:35:09 +01:00
Anders Schack-Mulligen
45d117b68e Merge pull request #4603 from pwntester/new_deser_sink 
New UnsafeDeserialization sink and improvements to SnakeYaml sink
 2020-11-05 13:09:15 +01:00
Alvaro Muñoz
f103955f38 change qldoc formating according to LSP suggestion 2020-11-05 11:48:26 +01:00
Alvaro Muñoz
6fef63306e add qldoc 2020-11-04 18:58:41 +01:00
Porcupiney Hairs
0a028dcb47 Java : Refactor all instances of java.net.URI into TypeUri 2020-11-04 18:23:26 +05:30
Anders Schack-Mulligen
22b4df0f3c Merge pull request #4512 from luchua-bc/sensitive-broadcast 
Java: Sensitive broadcast
 2020-11-04 10:47:48 +01:00
Alvaro Muñoz
6f78b725e6 Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2020-11-04 10:43:37 +01:00
Anders Schack-Mulligen
92494441a7 Merge pull request #4554 from aschackmull/dataflow/reverse-partial 
Dataflow: Add support reverse partial flow exploration.
 2020-11-03 15:34:30 +01:00
Anders Schack-Mulligen
89361a3b75 Merge pull request #3812 from luchua-bc/java-android-remote-source 
Java: Add remote source of Android intent extra
 2020-11-03 09:35:40 +01:00
Anders Schack-Mulligen
2971784f9c Dataflow: Add missing qldoc and sync. 2020-11-03 09:21:48 +01:00
Anders Schack-Mulligen
7eb64aa998 Dataflow: Code review fixes. 2020-11-03 09:16:20 +01:00
Anders Schack-Mulligen
1ae76a80aa Dataflow: Fix qldoc. 2020-11-03 09:16:20 +01:00
Anders Schack-Mulligen
d5be4d7b92 Dataflow: Add support reverse partial flow exploration. 2020-11-03 09:16:19 +01:00
luchua-bc
8da9b9d3ea Add documentation to new library method and use the singular form 2020-11-02 10:53:46 +00:00
luchua-bc
7ac3fb41d5 Clean up query and test files 2020-10-31 13:37:36 +00:00
luchua-bc
5a6339c1af Remove userid from the regex 2020-10-29 15:46:05 +00:00
luchua-bc
b1d6bc5ba9 Use getDeclaringType() for getIntent() method call 2020-10-29 12:55:03 +00:00
luchua-bc
2ee9a45e69 Use proper class inheritance 2020-10-28 22:05:30 +00:00
Alvaro Muñoz
a57308a519 Fix SnakeYaml query to account for Yaml subclasses and compose methods 2020-10-28 14:52:14 +01:00
Alvaro Muñoz
c28856d3dc remove wicket taintstep from TaintTrackingUtil 2020-10-28 14:51:44 +01:00
Anders Schack-Mulligen
f3e2bd0fd9 Merge pull request #3141 from pwntester/InsecureBeanValidation 
Insecure Bean Validation query
 2020-10-28 12:04:12 +01:00
luchua-bc
99c79f4aa3 Enhance the dataflow sink and update test cases 2020-10-28 03:07:01 +00:00
luchua-bc
3cc3fe9d37 Switch to TaintPreservingCallable and add test cases 2020-10-28 00:33:07 +00:00
Alvaro Muñoz
a36970f306 Add beanValidation remote source 2020-10-27 15:47:54 +01:00
Alvaro Muñoz
a4a91eb1d2 new deserialization sink 2020-10-27 14:24:17 +01:00
Chris Smowton
54c1480fd6 Replace explicit extra step with TaintPreservingCallable 2020-10-27 12:02:29 +00:00
Chris Smowton
60e8910330 Follow taint across getExtras without qualifier 2020-10-27 12:01:30 +00:00
Joe Farebrother
2050f82553 Merge pull request #4383 from joefarebrother/guava-strings 
Java: Add modelling for Guava
 2020-10-26 10:16:55 +00:00
Tom Hvitved
492b1141ef Merge pull request #4445 from hvitved/csharp/sign-analysis-cfg 
C#: Use CFG nodes instead of AST nodes in sign/modulus analysis
 2020-10-26 09:45:38 +01:00
luchua-bc
9ae5689af6 Use AndroidIntentInput source 2020-10-24 11:55:00 +00:00
luchua-bc
f5f7259937 Revamp the query to implement AdditionalTaintStep 2020-10-23 12:00:36 +01:00
luchua-bc
3c5c8494b1 Refine the query to check intents coming from outside only 2020-10-23 11:58:16 +01:00
luchua-bc
f86413a9b5 text changes 2020-10-23 11:58:12 +01:00
Bt2018
2ddeb0b169 Add method access qualifier as source 2020-10-23 11:57:02 +01:00
luchua-bc
f5ca459795 Add remote source of Android intent extra 2020-10-23 11:57:01 +01:00
Joe Farebrother
227092e2ae Java: Minor corrections to comments 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2020-10-19 11:16:33 +01:00
Anders Schack-Mulligen
a806a4f086 Merge pull request #4312 from JLLeitschuh/feat/JLL/java/jhipster_CVE-2019-16303 
Java: QL Query Detector for JHipster Generated CVE-2019-16303
 2020-10-16 15:47:09 +02:00
Anders Schack-Mulligen
b352605d12 Dataflow: Code review fixes. 2020-10-16 13:45:51 +02:00
Joe Farebrother
3ef9498d53 Java: Modify privateness of a couple imports for Guava 2020-10-16 12:09:39 +01:00
Anders Schack-Mulligen
664f04020f Revert "Dataflow: Count callables instead of nodes for fieldFlowBranchLimit." 
This reverts commit 1501a40de8.
 2020-10-16 12:51:50 +02:00
Anders Schack-Mulligen
1501a40de8 Dataflow: Count callables instead of nodes for fieldFlowBranchLimit. 2020-10-16 12:51:17 +02:00
Anders Schack-Mulligen
6aae51fa4f Dataflow: Sync. 2020-10-16 12:51:17 +02:00
Anders Schack-Mulligen
8f055f56b8 Dataflow: Adaptive field flow precision. 2020-10-16 12:51:17 +02:00
Anders Schack-Mulligen
b0f0f89dbc Dataflow: Minor pruning improvements. 2020-10-16 12:51:17 +02:00
Joe Farebrother
4b160b9aaf Java: Merge Guava definitions for string utilities into one file 2020-10-16 10:46:27 +01:00
Joe Farebrother
adad75bd86 Java: Update Guava modelling to use new refactor 2020-10-16 10:39:18 +01:00
Joe
f58ebad756 Java: Fix QLDoc 2020-10-16 10:22:41 +01:00
Joe
fc4d7c3161 Java: Make Guava stuff private 2020-10-16 10:22:41 +01:00
Joe
e196c75b4e Java: Add modelling for Guava Strings, Splitter, and Joiner 2020-10-16 10:22:30 +01:00
Tom Hvitved
5f01fda1ef Data flow: Sync files 2020-10-16 09:05:02 +02:00