hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-28 12:53:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
23,340 Commits 1,697 Branches 161 Tags
bf2be6ec7cf4b03f2f1f5aad8229b6f97b23c26b
Commit Graph

1224 Commits

Author SHA1 Message Date
Tony Torralba
bf2be6ec7c Merge branch 'main' into atorralba/promote-jndi-injection 2021-06-16 15:34:37 +02:00
Anders Schack-Mulligen
19305a217a Merge pull request #5374 from joefarebrother/guava-base 
Java: Model additional flow steps for the package `com.google.common.base` of the Guava framwork.
 2021-06-15 10:58:48 +02:00
Joe Farebrother
36cb207600 Increase precision of tests to test value flow 2021-06-14 11:20:07 +01:00
Joe Farebrother
678597f3f9 Update CSV rows for collection flow 2021-06-11 15:08:27 +01:00
Joe Farebrother
04ffe80366 Add unit tests 2021-06-11 11:41:27 +01:00
Joe Farebrother
153e0c4ac3 Add modelling for more com.google.common.base methods 2021-06-11 11:40:37 +01:00
Tony Torralba
52f1930e1d Add key-read-steps as local additional taint steps 2021-06-07 11:37:05 +02:00
Anders Schack-Mulligen
96da85449d Merge pull request #5823 from atorralba/promote-jexl-injection 
Java: Promote JEXL Injection query from experimental
 2021-06-07 10:03:12 +02:00
Tom Hvitved
3c7c10a424 Merge pull request #5991 from hvitved/java/shared-external-source-sink 
Java: Move common CSV logic for sources and sinks into shared library
 2021-06-04 16:04:25 +02:00
Tom Hvitved
42202402a4 Address review comments 2021-06-04 14:32:37 +02:00
Anders Schack-Mulligen
f73960da8f Merge pull request #5788 from Marcono1234/marcono1234/stmt-toString 
Java: Override toString() for statements
 2021-06-04 12:41:03 +02:00
Anders Schack-Mulligen
60377a8f86 Merge pull request #5383 from smowton/smowton/feature/strbuilder-fluent-methods 
Java: Add models for StrBuilder's fluent methods
 2021-06-04 12:33:24 +02:00
Anders Schack-Mulligen
30cb80b341 Merge pull request #5181 from smowton/smowton/feature/commons-tostringbuilder 
Java: Add models for Commons ToStringBuilder
 2021-06-04 12:30:36 +02:00
Tony Torralba
58aa25ddc2 Fix QLDocs 2021-06-04 09:32:00 +02:00
Marcono1234
e0a45507f8 Java: Adjust toString() for statements 2021-06-03 16:27:36 +02:00
Marcono1234
7e778bc008 Java: Override toString() for statements 
Additionally remove redundant QLDoc which is inherited anyways.
 2021-06-03 16:27:35 +02:00
Anders Schack-Mulligen
bd9e3d0fa9 Merge pull request #5751 from aschackmull/java/collection-flow 
Java: Convert all collection and array steps from taint flow to value flow.
 2021-06-03 15:29:14 +02:00
Tom Hvitved
d0b6808299 Java: Move common CSV logic for sources and sinks into shared library 2021-06-03 13:54:51 +02:00
Tony Torralba
56a429a5f9 Merge branch 'main' into promote-jexl-injection 2021-06-03 11:10:56 +02:00
Tony Torralba
607dcd4a27 Don't use CSV models for private flow configs 2021-06-03 11:05:13 +02:00
Tony Torralba
00836c4bac Fix QLDocs 2021-06-03 10:52:52 +02:00
Tony Torralba
2833f8daa4 Change predicate isUnsafeEngine -> isSafeEngine to improve performance 2021-06-03 10:42:41 +02:00
Tom Hvitved
daf2cc3d53 Java: Improve performance of isUnreachableInCall() 2021-06-02 20:39:05 +02:00
Anders Schack-Mulligen
8a20395857 Merge pull request #5940 from pwntester/main 
Remove XSS sink for Java
 2021-06-02 12:30:20 +02:00
Anders Schack-Mulligen
c0e562de21 Merge pull request #5979 from hvitved/java/shared-external-summaries 
Java: Move some CSV flow summary code into shared library
 2021-06-02 12:28:45 +02:00
Alvaro Muñoz
9aba92397d lift XssSink check to InformationLeakSink 2021-06-01 17:16:41 +02:00
Anders Schack-Mulligen
650c4f19d2 Java: More qldoc. 2021-06-01 16:09:17 +02:00
Tom Hvitved
14f9a5c280 Java: Move some CSV flow summary code into shared library 2021-06-01 13:22:14 +02:00
Anders Schack-Mulligen
fc913e744e Java: Minor model fix. 2021-06-01 11:47:52 +02:00
Anders Schack-Mulligen
a40880af70 Java: Add read-as-taint and config-dependent store-as-taint. 2021-06-01 11:47:52 +02:00
Anders Schack-Mulligen
2f087e17cb Java: Allow <> in types for now. 2021-06-01 11:47:52 +02:00
Anders Schack-Mulligen
3f538e7fac Java: Update some models. 2021-06-01 11:47:52 +02:00
Anders Schack-Mulligen
9e313d0cf6 Java: Remove container taint steps. 2021-06-01 11:47:52 +02:00
Anders Schack-Mulligen
3b6cef4f74 Java: Add container flow models. 2021-06-01 11:47:52 +02:00
Anders Schack-Mulligen
ffd52bb673 Java: Fix bug in matching generic signatures. 2021-06-01 11:47:52 +02:00
Anders Schack-Mulligen
1001dd84e6 Java: Switch array steps and one containerstep. 2021-06-01 11:47:52 +02:00
Anders Schack-Mulligen
ce509eb7e1 Merge pull request #5927 from aschackmull/dataflow/flowthrough-dispatch-perf 
Dataflow: Improve performance in flow-through pruning
 2021-06-01 11:46:22 +02:00
Anders Schack-Mulligen
5d21c64247 Dataflow: qldoc fix. 2021-06-01 10:49:47 +02:00
Anders Schack-Mulligen
4f9a6c151b Dataflow: Code review fixes. 2021-06-01 10:29:17 +02:00
Anders Schack-Mulligen
683f853fa5 Dataflow: Fix another bad join order. 2021-05-31 15:14:13 +02:00
Alvaro Muñoz
41d034d5a0 Attempt to use information-leak sink category 2021-05-30 00:22:40 +02:00
Alvaro Muñoz
706874491b Remove XSS sink for Java 2021-05-28 15:13:18 +02:00
Erik Krogh Kristensen
79989cc3f4 CPP/Java: Fix getAPrimaryQlClass implementations 2021-05-27 21:36:27 +02:00
Anders Schack-Mulligen
d05f524759 Merge pull request #5941 from aschackmull/java/virt-disp-perf 
Java: Improve performance of virtual dispatch calculation.
 2021-05-25 14:44:51 +02:00
Anders Schack-Mulligen
4884da363f Java: Bugfix. 2021-05-25 11:48:35 +02:00
Anders Schack-Mulligen
017bf68906 Dataflow: Fix bad join order. 2021-05-25 11:40:53 +02:00
Tony Torralba
7dbdba28cc Consider search methods with unsafe SearchControls 2021-05-21 15:21:04 +02:00
Anders Schack-Mulligen
d00618f4f4 Java: Improve performance of virtual dispatch calculation. 2021-05-21 15:04:08 +02:00
Sebastian Bauersfeld
28f597440f Add method invocations of Spring's SavedRequest as a remote sources. 2021-05-20 20:00:14 +07:00
Tony Torralba
0589dd7e54 Move Jndi.qll from experimental 2021-05-20 12:30:28 +02:00