hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-23 16:06:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
24,643 Commits 1,712 Branches 163 Tags
8b50b3d00f9c93589db1dc9cd00a14534724945d
Commit Graph

24643 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tony Torralba
8b50b3d00f Add jackson-core to test dependencies 2021-08-02 16:04:49 +02:00
Tony Torralba
f4b78ef3bd Fix stubs 2021-08-02 14:12:05 +02:00
Tony Torralba
9b384d84cc Merge branch 'main' into atorralba/promote-ognl-injection 2021-08-02 14:06:45 +02:00
Tony Torralba
351a24558d Add tests for JacksonSerializability 
Upgraded jackson stubs to 2.12
 2021-08-02 14:03:30 +02:00
Tony Torralba
632ae747c7 Fix JacksonModel duplicate row 2021-08-02 12:53:30 +02:00
Anders Schack-Mulligen
3b676d432f Merge pull request #5900 from artem-smotrakov/unsafe-jackson-deserialization 
Java: Unsafe deserialization with Jackson
 2021-08-02 12:45:30 +02:00
Anders Schack-Mulligen
0a1c754de8 Merge pull request #6395 from github/bmuskalla/fixTypoInVariables 
Fix typo in variables documentation
 2021-08-02 12:30:14 +02:00
Benjamin Muskalla
d678cdc815 Update variables.rst 2021-08-02 12:07:09 +02:00
Anders Schack-Mulligen
6c973b59ac Update java/ql/src/semmle/code/java/frameworks/Jackson.qll 2021-08-02 10:16:42 +02:00
Anders Schack-Mulligen
26881ec220 Merge pull request #6389 from github/yo-h-patch-1 
Java: update `frameworks.rst` with Jackson
 2021-08-02 10:07:02 +02:00
Artem Smotrakov
7959e76da8 Better qldoc in UnsafeDeserializationQuery.qll 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-07-30 09:30:59 +02:00
Fosstars
a4b0041120 Better looksLikeResolveClassStep() predicate 2021-07-30 09:28:03 +02:00
Fosstars
1d3eb570bf hasJsonTypeInfoAnnotation() should check fields recursively 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-07-30 08:30:40 +02:00
yo-h
6a18b33616 Java: update frameworks.rst with Jackson 
Updating manually maintained list with coverage in `JacksonSerializability.qll`
 2021-07-29 17:35:06 -04:00
Aditya Sharad
cb686ea802 Merge pull request #6388 from github/geoffw0-patch-2 
Update query-metadata-style-guide.md
 2021-07-29 10:20:26 -07:00
Geoffrey White
5e6e176f32 Update query-metadata-style-guide.md 
Add a note about the `@security-severity` tag.
 2021-07-29 17:53:31 +01:00
Mathias Vorreiter Pedersen
b1e5fbe2de Merge pull request #6377 from sashabu/sashabu/virtual 
C++: Allow querying virtual, override, and final declaration specifiers.
 2021-07-29 17:51:14 +02:00
Tony Torralba
2628d3dc39 Improve csv sink models 2021-07-29 15:36:18 +02:00
Tony Torralba
3edc8bc679 Doc improvements 2021-07-29 15:35:39 +02:00
Tony Torralba
d9fb650dfb JacksonCreateParserMethod converted to CSV summay model 2021-07-29 15:19:30 +02:00
Tony Torralba
b20d53cfd4 Update java/ql/src/semmle/code/java/security/OgnlInjection.qll 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-07-29 15:08:27 +02:00
Alexandre Boulgakov
e55bd4fb64 C++: Allow querying virtual, override, and final declaration specifiers. 2021-07-29 14:02:03 +01:00
Joe Farebrother
143b302eef Merge pull request #6384 from joefarebrother/test-gen-improvements 
Java: Test generator: use getComponentType
 2021-07-29 10:47:37 +01:00
Joe Farebrother
f7099f459f Java: Test generator: use getComponentType 2021-07-29 10:08:45 +01:00
Artem Smotrakov
83a9b0ee28 Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-07-29 11:04:21 +02:00
Fosstars
893f84fbf4 Merge branch 'unsafe-jackson-deserialization' of github.com:artem-smotrakov/ql into unsafe-jackson-deserialization 2021-07-28 18:25:53 +02:00
Fosstars
50497eb747 Make imports as private as possible 2021-07-28 18:25:05 +02:00
Joe Farebrother
d900fcaf42 Merge pull request #6374 from joefarebrother/test-gen-improvements 
Java: Add support for synthetic fields to the test generator
 2021-07-28 16:02:47 +01:00
Artem Smotrakov
7fec575df8 Simplify JsonTypeInfo stub 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-07-28 14:23:50 +02:00
Joe Farebrother
9ddae3e9f6 Fix spelling 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-07-28 10:12:17 +01:00
Aditya Sharad
d7c29791de Merge pull request #6368 from bmuskalla/addMissingKeywords 
Add missing keywords to language specification
 2021-07-27 11:08:25 -07:00
Felicity Chapman
0714f4abbb Merge pull request #6339 from github/package-manager-docs 
[July 27-8, 2021] CodeQL package manager: update CodeQL CLI docs (beta)
 2021-07-27 18:24:03 +01:00
Joe Farebrother
2d862ef119 Support synthetic fields 2021-07-27 17:28:53 +01:00
Joe Farebrother
a8cca4ba0e Merge pull request #6373 from joefarebrother/test-gen-improvements 
Java: Test generator improvements
 2021-07-27 15:44:56 +01:00
Chris Smowton
0049b8e3c4 Merge pull request #6371 from github/smowton/admin/test-generator-notice-bad-rows 
Add test-case generator check for non-parseable rows
 2021-07-27 15:44:01 +01:00
Joe Farebrother
309f0e7c26 Fix handling of arrays 2021-07-27 15:05:57 +01:00
Joe Farebrother
9ffcfbcd33 Add --force option 2021-07-27 15:05:57 +01:00
Joe Farebrother
8ab0fd54b4 Improvements to the test generator: 
- Only reference public methods
- Report rows for which test cases could not be generated
- Add a blanket `throws Exception` clause to the generated method
 2021-07-27 15:05:55 +01:00
Joe Farebrother
2036aa1e4a Format test generator 2021-07-27 15:04:19 +01:00
Felicity Chapman
28ce21ed7e Update docs/codeql/codeql-cli/publishing-and-using-codeql-packs.rst 2021-07-27 15:02:39 +01:00
Chris Smowton
97d603cafb Add test-case generator check for non-parseable rows 2021-07-27 14:26:22 +01:00
Anders Schack-Mulligen
a5f0a4ea71 Merge pull request #6087 from smowton/smowton/admin/rest-xss-tests 
Java: Add Spring XSS tests
 2021-07-27 14:09:34 +02:00
Felicity Chapman
e5d8e81634 Merge branch 'package-manager-docs' of github.com:github/codeql into package-manager-docs 2021-07-27 12:52:46 +01:00
Felicity Chapman
f060296cf8 Update beta note with details of release 2021-07-27 12:52:15 +01:00
Anders Schack-Mulligen
aa8fa26a2a Merge pull request #6355 from intrigus-lgtm/patch-6 
Update broken link
 2021-07-27 09:05:02 +02:00
Felicity Chapman
ecaf03ff7e Update docs/codeql/codeql-cli/about-ql-packs.rst 2021-07-27 00:19:31 +01:00
Felicity Chapman
070554e0d8 Update description of 'suites' 2021-07-26 23:48:50 +01:00
Felicity Chapman
de5d14df62 Replace package manager 2021-07-26 23:37:13 +01:00
Felicity Chapman
5b92d9445e Apply suggestions from code review 
Co-authored-by: Dave Bartolomeo <dbartol@github.com>
 2021-07-26 23:29:01 +01:00
Felicity Chapman
5197c2db9f Move beta note into a reusable 2021-07-26 23:15:45 +01:00