hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-24 00:16:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
24,684 Commits 1,714 Branches 163 Tags
9ed14b438e0b86bc4e4c2f0b3429dee4afa00a6c
Commit Graph

2973 Commits

Author SHA1 Message Date
Artem Smotrakov
7fec575df8 Simplify JsonTypeInfo stub 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-07-28 14:23:50 +02:00
Joe Farebrother
9ddae3e9f6 Fix spelling 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-07-28 10:12:17 +01:00
haby0
eda3d864f5 Model written using smowton 2021-07-28 15:55:47 +08:00
Joe Farebrother
2d862ef119 Support synthetic fields 2021-07-27 17:28:53 +01:00
Joe Farebrother
a8cca4ba0e Merge pull request #6373 from joefarebrother/test-gen-improvements 
Java: Test generator improvements
 2021-07-27 15:44:56 +01:00
Joe Farebrother
309f0e7c26 Fix handling of arrays 2021-07-27 15:05:57 +01:00
Joe Farebrother
9ffcfbcd33 Add --force option 2021-07-27 15:05:57 +01:00
Joe Farebrother
8ab0fd54b4 Improvements to the test generator: 
- Only reference public methods
- Report rows for which test cases could not be generated
- Add a blanket `throws Exception` clause to the generated method
 2021-07-27 15:05:55 +01:00
Joe Farebrother
2036aa1e4a Format test generator 2021-07-27 15:04:19 +01:00
Chris Smowton
97d603cafb Add test-case generator check for non-parseable rows 2021-07-27 14:26:22 +01:00
Anders Schack-Mulligen
a5f0a4ea71 Merge pull request #6087 from smowton/smowton/admin/rest-xss-tests 
Java: Add Spring XSS tests
 2021-07-27 14:09:34 +02:00
Anders Schack-Mulligen
aa8fa26a2a Merge pull request #6355 from intrigus-lgtm/patch-6 
Update broken link
 2021-07-27 09:05:02 +02:00
haby0
00f13e1e6e Modify isAdditionalTaintStep 2021-07-27 10:59:38 +08:00
intrigus-lgtm
434b36c648 Update broken link 2021-07-26 15:48:47 +02:00
Anders Schack-Mulligen
6c666b49f5 Merge pull request #6366 from smowton/smowton/fiix/junit-nested-classes 
Prevent class-could-be-static alerts regarding JUnit Nested tests
 2021-07-26 12:45:23 +02:00
Anders Schack-Mulligen
5d3e8d2add Merge pull request #6365 from Marcono1234/marcono1234/InstanceOfExpr-getCheckedType 
Java: Add `InstanceOfExpr.getCheckedType()`
 2021-07-26 11:20:48 +02:00
Anders Schack-Mulligen
ee13520836 Merge pull request #6364 from Marcono1234/marcono1234/TypeLiteral-getReferencedType 
Java: Add `TypeLiteral.getReferencedType()`
 2021-07-26 11:15:06 +02:00
Chris Smowton
aca905fa36 Prevent class-could-be-static alerts regarding JUnit Nested tests 2021-07-26 09:35:26 +01:00
github-actions[bot]
d51eafbfd5 Add changed framework coverage reports 2021-07-26 00:08:31 +00:00
Marcono1234
606173012a Java: Add InstanceOfExpr.getCheckedType() 
Additionally change `EqualsUsesInstanceOf.ql` to check for all RefTypes
instead of only Class.
 2021-07-26 00:50:11 +02:00
Marcono1234
3569ed56e5 Java: Add TypeLiteral.getReferencedType() 2021-07-26 00:02:08 +02:00
haby0
291ca3830a Modify according to suggestions 2021-07-23 09:28:55 +08:00
intrigus-lgtm
a30005c42e Replace broken link with archive.org link. 2021-07-22 22:14:44 +02:00
Chris Smowton
5c917b4a23 Merge pull request #6353 from sauyon/sauyon/java/model-constructors 
Java: Add models for collection constructors
 2021-07-22 16:27:59 +01:00
haby0
2a50cf8244 Fix 2021-07-22 22:24:09 +08:00
Sauyon Lee
fd02dcdf2e Java: Add models for collection constructors 2021-07-22 07:23:26 -07:00
haby0
d8f5f6987b Fix 2021-07-22 21:53:41 +08:00
haby0
e160352b38 Fix 2021-07-22 21:48:46 +08:00
haby0
735ab28040 Update java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.qhelp 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-07-22 21:45:30 +08:00
haby0
7cf2e9ed79 Update java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.qhelp 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-07-22 21:45:29 +08:00
haby0
46a212b712 Update java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-07-22 21:45:29 +08:00
haby0
676f0ad817 Update java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-07-22 21:45:29 +08:00
haby0
4ebf0ed7c5 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') 2021-07-22 21:45:29 +08:00
Chris Smowton
e2a533c7de Merge pull request #6346 from aschackmull/java/perf-fix 
Java: Fix bad magic.
 2021-07-22 10:15:16 +01:00
Chris Smowton
605f037af8 Merge pull request #6247 from p0wn4j/spring-responseentity-redirect-sink 
[Java] CWE-601: Add Spring URL Redirect ResponseEntity sink
 2021-07-22 09:45:30 +01:00
Anders Schack-Mulligen
dcfc027b5f Java: Fix bad magic. 2021-07-22 10:12:49 +02:00
Chris Smowton
c568a9463a Remove <> qualifier from ResponseEntity name 
This was an extractor bug that was fixed recently
 2021-07-21 17:58:06 +01:00
p0wn4j
f0d5520976 Add Spring URL Redirect ResponseEntity sink 
Copyedit qhelp
 2021-07-21 03:16:16 +04:00
Anders Schack-Mulligen
77d53676ba Java: Remove deprecated ParExpr. 2021-07-20 15:27:31 +02:00
Tony Torralba
68df8028d2 Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-07-20 14:47:16 +02:00
Artem Smotrakov
158a75e5a1 Import UnsafeDeserializationQuery in unsafeDeserialization.ql 2021-07-20 10:14:50 +02:00
github-actions[bot]
bed08a6f4f Add changed framework coverage reports 2021-07-20 00:06:37 +00:00
Chris Smowton
7819d32784 Make MediaType stub constants actually constant 
This is required to use them in annotations
 2021-07-19 18:28:30 +01:00
Chris Smowton
a0297d51e5 Note fixed test result 
the Optional type has now been modelled
 2021-07-19 18:28:06 +01:00
Chris Smowton
82ea2592ad Spring HTTP: Fix test mistakes 
Classes without RestController and methods without GetMapping or similar were never going to be detected.
 2021-07-19 18:21:13 +01:00
Chris Smowton
392e405f5d Add Spring-XSS test 
This covers the cases currently exercised in https://github.com/github/codeql-securitylab/blob/main/java/ql/src/pwntester/security/RestXSS.ql
 2021-07-19 18:21:11 +01:00
Chris Smowton
16c5952167 Add and improve Spring-web stubs 2021-07-19 18:20:37 +01:00
Tony Torralba
70081b6a1e Refactor MvelInjection.qll 2021-07-19 15:36:35 +02:00
Artem Smotrakov
47e4cf4180 Make UnsafeDeserializationSink public 2021-07-19 15:34:33 +02:00
Tony Torralba
46faf68d64 Decouple MvelInjection.qll to reuse the taint tracking configuration 2021-07-19 13:50:03 +02:00