codeql

mirror of https://github.com/github/codeql.git synced 2026-03-01 21:34:50 +01:00

Author	SHA1	Message	Date
Anders Schack-Mulligen	ae21de90b6	Java: Misc grammar and formatting.	2020-07-06 16:19:42 +02:00
Anders Schack-Mulligen	b06d1c715a	Java: More qldoc and some formatting.	2020-07-06 16:04:14 +02:00
Anders Schack-Mulligen	5e9e7feddc	Java: Add some qldoc and minor formatting.	2020-07-06 15:39:20 +02:00
Anders Schack-Mulligen	e6658c5110	Java: Cleanup TaintTrackingUtil.qll	2020-07-06 15:35:16 +02:00
Anders Schack-Mulligen	5d8f9a79f1	Java: Misc grammar fixes.	2020-07-06 14:50:33 +02:00
Anders Schack-Mulligen	a80e663ab5	Java: Minor typo fix and autoformat	2020-07-06 14:43:01 +02:00
Anders Schack-Mulligen	2ce0921935	Java: Clean up SpringHttp.qll	2020-07-06 14:35:53 +02:00
Anders Schack-Mulligen	2ae15f9ace	Java: Remove list, map, and StringReplaceMethod flow steps.	2020-07-06 14:19:13 +02:00
Anders Schack-Mulligen	a41c2d8abf	Java: Make a few predicates private and autoformat SpringController.	2020-07-06 14:18:16 +02:00
Anders Schack-Mulligen	6de612a566	Java: Split SpringWebRequestGetMethod into its own class.	2020-07-03 14:06:54 +02:00
lcartey@github.com	2978af34cd	Java: Add RestTemplate as flow source.	2020-06-16 09:50:37 +01:00
lcartey@github.com	f2edc53144	Java: Add Spring RestTemplate return values to untrusted data types - Also improve unwrapping of lists/arrays/maps etc.	2020-06-16 09:50:37 +01:00
lcartey@github.com	9625e82afd	Java: Model Spring WebClients/RestTemplates.	2020-06-16 09:50:37 +01:00
lcartey@github.com	cd6339f5cd	Java: Add Spring flow out of HttpEntity and HttpHeader	2020-06-16 09:50:36 +01:00
lcartey@github.com	93c28d4c03	Java: Add taint step to flow through Spring tainted user data class getters.	2020-06-16 09:50:36 +01:00
lcartey@github.com	8678d5fc6f	Java: Model untrusted user data types Model the datatypes that may be populated on demand from request parameters.	2020-06-16 09:50:36 +01:00
lcartey@github.com	8bd5f748b4	Java: SpringController - handle non-string literal produces values.	2020-06-16 09:50:36 +01:00
lcartey@github.com	0db7cead31	Java: Model taint flow through ResponseEntity.	2020-06-16 09:50:35 +01:00
lcartey@github.com	f6b2accabd	Java: Model ResponseEntity.BodyBuilder	2020-06-16 09:50:35 +01:00
lcartey@github.com	e2cec582be	Java: XSS - ignore Spring sinks when content-type is safe. Methods annotated with a produces field which indicates a safe content-type should not be considered XSS sinks. For example: @RequestMapping(..., produces = "application/json")	2020-06-16 09:50:35 +01:00
lcartey@github.com	f6a99cb42e	Java: Model produces parameter to RequestMapping attribute.	2020-06-16 09:50:34 +01:00
lcartey@github.com	8057dff368	Java: Add Spring XSS sinks Look for Spring request methods which return a String value which may be coerced into a text/html output.	2020-06-16 09:50:34 +01:00
lcartey@github.com	c59042f9c3	Java: Taint tracking through String.replace(all)?	2020-06-16 09:50:34 +01:00
lcartey@github.com	7d555a7467	Java: Track flow through HttpEntity and ResponseEntity - Only track if the body is a String type, as that is the only type at risk of XSS.	2020-06-16 09:50:33 +01:00
lcartey@github.com	1d1234093f	Java: Model Spring @ResponseBody methods.	2020-06-16 09:50:33 +01:00
lcartey@github.com	fd2cd6025d	Java: Modelling of the Spring HTTP classes.	2020-06-16 09:50:33 +01:00
lcartey@github.com	bfcc06dd0b	Java: Improve Spring controller modelling - Identify ModelMaps correctly - Add extra not tainted param types (Pageable) - Identify ModelAttributes	2020-06-16 09:50:33 +01:00
lcartey@github.com	7c4251deac	Java: Add flow out of Map and List	2020-06-16 09:50:32 +01:00
lcartey@github.com	6de2b93f3a	Java: Add SpringWebRequest to RemoteTaintedMethod	2020-06-16 09:50:32 +01:00
lcartey@github.com	4300bc8088	Java: Update RemoteFlowSource to use improve Spring request parameter mapping.	2020-06-16 09:50:31 +01:00
lcartey@github.com	f5dc0337ed	Java: Improve modelling of Spring request methods - Recognise @<httpverb>Mapping as well as @RequestMapping. - Identify tainted/not tainted parameters of RequestMapping methods.	2020-06-16 09:50:31 +01:00
intrigus-lgtm	422b059aec	Fix typo	2020-06-11 22:54:13 +02:00
semmle-qlci	1b8f3c4b84	Merge pull request #3657 from hvitved/dataflow/hidden-nodes Approved by aschackmull, jbj	2020-06-10 13:22:09 +01:00
Anders Schack-Mulligen	c334d72f11	Java: Fix CompileTimeConstantExpr qldoc and add char cast case.	2020-06-10 10:59:10 +02:00
Tom Hvitved	a371205db1	Data flow: Sync files	2020-06-09 13:55:12 +02:00
Tom Hvitved	8c9f85d04f	Data flow: Allow nodes to be hidden from path explanations	2020-06-09 13:53:19 +02:00
Anders Schack-Mulligen	ad8647f345	Merge pull request #3547 from pwntester/issue_3139 add support for java.io.StringWriter	2020-06-08 10:02:23 +02:00
Anders Schack-Mulligen	be862280b2	Update java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll Fix trailing whitespace	2020-06-08 09:18:39 +02:00
Anders Schack-Mulligen	8d6e39eb18	Java: Add instanceof type bounds for ArrayAccess.	2020-06-03 09:42:37 +02:00
yo-h	1fea545160	Merge pull request #3573 from aschackmull/java/private-interface-methods Java: Fix for private interface methods.	2020-05-28 20:31:55 -04:00
yo-h	c2de08ca51	Merge pull request #3499 from aschackmull/java/instanceof-pattern-cfg Java: Add CFG edges for Java 14 pattern-matching instanceof.	2020-05-28 20:24:39 -04:00
Anders Schack-Mulligen	a858a8cd42	Java: Fix for private interface methods.	2020-05-27 11:05:41 +02:00
Anders Schack-Mulligen	796eac108f	Java: Autoformat	2020-05-27 09:19:59 +02:00
Jonas Jensen	5deeda0337	Merge pull request #3387 from geoffw0/tostringperf C++: Eliminate recursion from toString().	2020-05-26 13:24:43 +02:00
Jonas Jensen	3d58e6f7af	Merge pull request #3515 from hvitved/dataflow/remove-deprecated Data flow: Remove deprecated predicates	2020-05-25 15:08:28 +02:00
Alvaro Muñoz	0b20785cce	add support for java.io.StringWriter	2020-05-22 18:13:28 +02:00
Tom Hvitved	431403f5db	Data flow: Remove deprecated predicates	2020-05-19 15:42:59 +02:00
Anders Schack-Mulligen	9d7329de30	Java: Clean up deprecated overrides.	2020-05-19 10:41:41 +02:00
Anders Schack-Mulligen	bd114db862	Java: Add cfg edges for instanceof-pattern.	2020-05-18 09:49:32 +02:00
yo-h	4f00e40257	Merge pull request #3474 from aschackmull/java/string-formatted Java: Add taint steps for String.formatted.	2020-05-15 22:04:36 -04:00

1 2 3 4 5 ...

448 Commits