hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
35,614 Commits 1,671 Branches 157 Tags
c20ee76826e10318f8f39c6fae901b743c2e8254
Commit Graph

1764 Commits

Author SHA1 Message Date
Tony Torralba
604a5fc71f Merge pull request #8639 from atorralba/atorralba/spring-beans-improvements 
Java: Improve Spring models
 2022-04-28 11:59:51 +02:00
Tony Torralba
e99cee4913 Merge branch 'main' into java/unsafe-get-resource 2022-04-27 16:45:42 +02:00
Jonathan Leitschuh
2565cdb964 Add additional File taint value flow models 
Adds
 - File::getAbsoluteFile
 - File::getCanonicalFile
 - File::getAbsolutePath
 - File::getCanonicalPath
 2022-04-26 10:42:53 -04:00
Artem Smotrakov
12ca1f0b11 Fixed library-tests/frameworks/guava/handwritten/flow.ql 2022-04-26 13:34:24 +01:00
Artem Smotrakov
52b7fbf484 Removed non-ASCII characters 2022-04-26 13:34:24 +01:00
Artem Smotrakov
e86fd72529 Moved RabbitMQ tests to java/ql/test/library-tests/frameworks/rabbitmq 2022-04-26 13:34:23 +01:00
Artem Smotrakov
20f185e772 Use tainted tag in JMS tests 2022-04-26 13:34:23 +01:00
Artem Smotrakov
b6bd4f92d1 Added sources and steps for JMS API 2022-04-26 13:34:21 +01:00
Artem Smotrakov
269143a19f Java: Added sources and flow steps for RabbitMQ 2022-04-26 13:34:04 +01:00
Tony Torralba
2ee83e2ba2 Add Editable.toString flow step 2022-04-26 13:34:16 +02:00
Tony Torralba
85d5b122f7 Merge pull request #8817 from atorralba/atorralba/cleartext-storage-sharedprefs-improvs 
Java: Add value-preserving flow steps for Android's SharedPreferences
 2022-04-25 16:16:46 +02:00
Anders Schack-Mulligen
cbdd4927ce Merge pull request #8582 from Marcono1234/marcono1234/JumpStmt-superclass 
Java: Make `JumpStmt` a proper superclass
 2022-04-25 12:22:20 +02:00
Tony Torralba
f1c08bc492 Add value-preserving steps for SharedPreferences 2022-04-22 17:44:59 +02:00
Tom Hvitved
b033f107df Merge remote-tracking branch 'upstream/main' into dataflow/interpret-read-store 2022-04-22 14:35:02 +02:00
luchua-bc
b76873fc8d Add more test cases 2022-04-19 22:22:15 +00:00
luchua-bc
7029802f3b Add sinks for getClass() and getClassLoader() 2022-04-11 21:03:48 +00:00
luchua-bc
eccd97c7b7 Query to detect unsafe getResource calls in Java EE applications 2022-04-09 01:14:15 +00:00
Tony Torralba
9833fa2451 Add tests for SpringController 2022-04-07 18:17:50 +02:00
Anders Schack-Mulligen
c0f48b6c14 Merge pull request #8681 from JLLeitschuh/fix/JLL/os_check_bugs 
Java: Fix Local Temp File/Dir Incorrect Guard Logic
 2022-04-07 14:00:13 +02:00
Michael Nebel
72d4c97463 Merge pull request #8628 from michaelnebel/csharp/generatedkind 
C#: Introduce generated flag as a part of the kind column for flow summaries
 2022-04-07 08:43:30 +02:00
Jonathan Leitschuh
2753521650 Java: Fix Local Temp File/Dir Incorrect Guard Logic 
Resolves https://github.com/github/codeql/pull/8032#discussion_r841723906
 2022-04-06 12:16:09 -04:00
Anders Schack-Mulligen
d0b5b99e74 Merge pull request #8611 from github/smowton/doc/switch-expr-accessors 
Java: make SwitchCase.getRuleExpression/Statement more consistent
 2022-04-06 11:16:40 +02:00
Michael Nebel
d7bf024318 Java: Add testcase for generated summary model. 2022-04-05 14:25:34 +02:00
Michael Nebel
3a04e9a03d Java: Update java capture models with new kind column (including tests). 2022-04-05 12:55:47 +02:00
Tom Hvitved
b91858e7cf Java: Implement ContentSet 2022-04-04 13:51:44 +02:00
Tony Torralba
3747aec144 Improve models of spring-beans 2022-04-01 12:37:22 +02:00
Chris Smowton
9309a652df Merge pull request #8493 from JLLeitschuh/feat/JLL/test_assertion_guard_preconditions 
[Java]: Add precondition support for testing library asserts
 2022-03-31 22:30:09 +01:00
Chris Smowton
9bcf466aa8 Accept expected test result improvement 2022-03-31 15:19:08 +01:00
Chris Smowton
04325abfa5 Add test 2022-03-31 12:26:38 +01:00
Chris Smowton
9675f34cf5 Merge pull request #8257 from luchua-bc/java/insecure-webview-resource-response 
Java: CWE-200 Query to detect insecure WebResourceResponse implementation
 2022-03-30 15:56:27 +01:00
Marcono1234
a93b4ed0f2 Java: Make JumpStmt a proper superclass 2022-03-30 00:30:27 +02:00
luchua-bc
657f615703 Fine tune the query and update qldoc 2022-03-28 20:05:12 +00:00
Chris Smowton
b5c05a580d Java: Fix harmless search-replace mistake 2022-03-22 14:42:09 +00:00
Jonathan Leitschuh
b3ee1bd313 Refactor Preconditions and add Tests 2022-03-21 11:20:05 -04:00
Jonathan Leitschuh
1d0275344d [Java]: Add precondition support for testing library asserts 2022-03-18 20:39:24 -04:00
Chris Smowton
767453520e Merge pull request #8032 from JLLeitschuh/feat/JLL/check_os 
Java: Add Guard Classes for checking OS & unify System Property Access
 2022-03-18 11:20:36 +00:00
jorgectf
f6eb83fd22 Update MyBatisAnnotationSqlInjection.qlref 
By adding more imports in the test file, the expected result's lines changed.
 2022-03-16 10:12:38 +01:00
Jonathan Leitschuh
09cc8ee09e Add tests for StandardSystemProperty 2022-03-15 12:37:42 -04:00
Jonas Jensen
d89c52f4b0 Merge pull request #8403 from erik-krogh/noUpper 
Rename all upper-case variables, and all lower-case modules
 2022-03-15 09:00:37 +01:00
jorgectf
f10dac31f9 Format some tests 2022-03-14 22:12:22 +01:00
jorgectf
d47fcedd21 Add tests 2022-03-14 21:31:51 +01:00
Joe Farebrother
d4b5eed3e4 Merge pull request #8410 from joefarebrother/sensitive-logging 
Java: Promote Sensitive Logging query
 2022-03-14 14:50:26 +00:00
Chris Smowton
9f02ca0db2 Merge pull request #8357 from p0wn4j/jdbc-url-ssrf-sink 
Java: Add JDBC connection SSRF sinks
 2022-03-14 13:27:34 +00:00
Erik Krogh Kristensen
83f26eb833 rename all upper-case variables to start with a lower-case letter 2022-03-14 11:50:48 +01:00
Erik Krogh Kristensen
bbb2847ec1 Merge pull request #8323 from erik-krogh/acronyms 
Enforcing consistent casing of acronyms
 2022-03-14 11:38:25 +01:00
p0wn4j
ee67d27b56 Java: Add JDBC connection SSRF sinks 2022-03-12 16:35:32 +04:00
Joe Farebrother
06f2c03828 Add tests 2022-03-11 17:44:52 +00:00
Jonathan Leitschuh
50ff2c2c68 Code cleanup from code review 2022-03-11 11:44:15 -05:00
Chris Smowton
496cae7742 Revert 8325, Add CharacterLiteral to CompileTimeConstantExpr.getStringValue 
As pointed out in 8325's thread, this breaks the corner case of char-literal addition and the convention that getStringValue only applies to String-typed constants.
 2022-03-11 12:45:53 +00:00
Chris Smowton
46cd85c70b Revert #8360, "Add CompileTimeConstantExpr.getStringified method" 2022-03-11 11:13:21 +00:00