codeql

mirror of https://github.com/github/codeql.git synced 2026-02-13 13:41:08 +01:00

Author	SHA1	Message	Date
Anders Schack-Mulligen	96da85449d	Merge pull request #5823 from atorralba/promote-jexl-injection Java: Promote JEXL Injection query from experimental	2021-06-07 10:03:12 +02:00
Anders Schack-Mulligen	f73960da8f	Merge pull request #5788 from Marcono1234/marcono1234/stmt-toString Java: Override toString() for statements	2021-06-04 12:41:03 +02:00
Anders Schack-Mulligen	60377a8f86	Merge pull request #5383 from smowton/smowton/feature/strbuilder-fluent-methods Java: Add models for StrBuilder's fluent methods	2021-06-04 12:33:24 +02:00
Anders Schack-Mulligen	30cb80b341	Merge pull request #5181 from smowton/smowton/feature/commons-tostringbuilder Java: Add models for Commons ToStringBuilder	2021-06-04 12:30:36 +02:00
Marcono1234	485b0be805	Java: Fix expected test output	2021-06-03 17:15:00 +02:00
Marcono1234	e0a45507f8	Java: Adjust toString() for statements	2021-06-03 16:27:36 +02:00
Marcono1234	7e778bc008	Java: Override toString() for statements Additionally remove redundant QLDoc which is inherited anyways.	2021-06-03 16:27:35 +02:00
Anders Schack-Mulligen	bd9e3d0fa9	Merge pull request #5751 from aschackmull/java/collection-flow Java: Convert all collection and array steps from taint flow to value flow.	2021-06-03 15:29:14 +02:00
Tony Torralba	56a429a5f9	Merge branch 'main' into promote-jexl-injection	2021-06-03 11:10:56 +02:00
Anders Schack-Mulligen	8e6dd51f50	Merge pull request #5868 from Marcono1234/marcono1234/ignore-not-closing-char-array-closeable Java: Ignore char array based closeables for CloseReader.ql and CloseWriter.ql	2021-06-02 15:00:59 +02:00
Anders Schack-Mulligen	8a20395857	Merge pull request #5940 from pwntester/main Remove XSS sink for Java	2021-06-02 12:30:20 +02:00
Anders Schack-Mulligen	dbe352f3ff	Java: Remove deprecated tests.	2021-06-01 11:47:52 +02:00
Anders Schack-Mulligen	901996f9fd	Java: Add collection flow test.	2021-06-01 11:47:52 +02:00
Anders Schack-Mulligen	43d1b0ab27	Java: Update qltests.	2021-06-01 11:47:52 +02:00
Anders Schack-Mulligen	a4661e1aca	Merge pull request #5704 from edvraa/regexj Java: Regex injection	2021-06-01 11:45:59 +02:00
Alvaro Muñoz	735e4e4b7b	update failing tests	2021-05-28 15:13:18 +02:00
Sebastian Bauersfeld	28f597440f	Add method invocations of Spring's SavedRequest as a remote sources.	2021-05-20 20:00:14 +07:00
luchua-bc	e4699f7fa9	Optimize the query	2021-05-18 16:12:22 +00:00
luchua-bc	d664aa6d6a	Include more scenarios and update qldoc	2021-05-18 16:12:22 +00:00
luchua-bc	852bcfb5c7	Refactor the ScriptEngine query and the Rhino code injection query into one	2021-05-18 16:12:22 +00:00
luchua-bc	b0b5338359	Rhino code injection	2021-05-18 16:12:22 +00:00
Chris Smowton	4230869ee2	Merge pull request #5819 from luchua-bc/java/jpython-injection Java: CWE-094 Jython code injection	2021-05-18 16:38:40 +01:00
Chris Smowton	71f540a755	Merge pull request #5844 from haby0/SpringRedirects [Java] CWE-601 Spring url redirection detect	2021-05-18 16:37:40 +01:00
Anders Schack-Mulligen	9b0e3b1950	Merge pull request #5814 from JLLeitschuh/feat/JLL/jackson_as_taint_step [Java] Add taint tracking through Jackson deserialization	2021-05-18 09:31:16 +02:00
haby0	a0cd551bae	Add filtering of String.format	2021-05-18 11:05:10 +08:00
haby0	498c99e26c	Add left value, Add return expression tracing flow	2021-05-14 16:31:59 +08:00
haby0	effa2b162a	Add spring url redirection detect	2021-05-13 09:55:37 +08:00
Anders Schack-Mulligen	a247ae4357	Merge pull request #5843 from JLLeitschuh/feat/JLL/improve_kryo_support [Java] Fix Kryo FP & Kryo 5 Support	2021-05-12 09:52:24 +02:00
Marcono1234	8969da7775	Java: Improve not closing resource query; add tests	2021-05-11 19:32:02 +02:00
luchua-bc	e7cd6c9972	Optimize the query	2021-05-11 16:56:12 +00:00
Jonathan Leitschuh	5a68ac88ef	Cleanup Jackson logic after code review	2021-05-11 10:48:22 -04:00
Jonathan Leitschuh	bacc3ef5b3	[Java] Jackson add support for 2 step deserialization taint flow	2021-05-11 10:36:47 -04:00
Jonathan Leitschuh	d0638db6e7	[Java] Add data flow through Iterator deserializers for Jackson	2021-05-11 10:36:47 -04:00
Jonathan Leitschuh	56b1f15dda	[Java] Add taint tracking through Jackson deserialization	2021-05-11 10:36:47 -04:00
Anders Schack-Mulligen	744c495ac2	Merge pull request #5824 from JLLeitschuh/feat/JLL/guava_first_non_null [Java] Add support for com.google.common.base.MoreObjects#firstNonNull	2021-05-11 09:42:20 +02:00
Chris Smowton	0afe22d60c	Merge pull request #5710 from p0wn4j/jsch-os-injection [Java] CWE-078: Add JSch lib OS Command Injection sink	2021-05-10 16:12:00 +01:00
Tony Torralba	e78e5b9ee4	Merge branch 'main' into promote-jexl-injection	2021-05-07 12:36:49 +02:00
Tony Torralba	b37b15cea4	Re-structure imports, add some new comments to tests	2021-05-07 12:33:51 +02:00
Tony Torralba	2a501956b3	Mark a MISSING test result as suggested in code review	2021-05-07 11:17:51 +02:00
Tony Torralba	f1fab854c4	Fix tests for XXE, introduced a dependency with jaxen	2021-05-06 12:11:55 +02:00
Tony Torralba	76468559ba	Add safe example for dom4j	2021-05-06 10:17:25 +02:00
Tony Torralba	926fedb7fb	Update java/ql/test/query-tests/security/CWE-643/XPathInjectionTest.java Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>	2021-05-06 09:18:50 +02:00
Tony Torralba	00a7576679	Rename XPath Injection test file	2021-05-06 09:18:50 +02:00
Tony Torralba	8af7f4a484	New sinks and test cases	2021-05-06 09:18:49 +02:00
Tony Torralba	ccb3ea4453	Fix XPath Injection tests classpath	2021-05-06 09:18:49 +02:00
Tony Torralba	509fc8a640	Add missing docs to stubs	2021-05-06 09:18:49 +02:00
Tony Torralba	26c3ff2cee	Move from experimental to standard	2021-05-06 09:18:49 +02:00
Tony Torralba	720b5d6da3	Refactored sto use CSV sink model. Also, added more sinks	2021-05-06 09:18:49 +02:00
Tony Torralba	ab62bb66f4	Consider second parameter of Node.selectNodes	2021-05-06 09:18:49 +02:00
Tony Torralba	2bb2baf6f7	Support more methods that evaluate XPath expressions	2021-05-06 09:18:49 +02:00

1 2 3 4 5 ...

733 Commits