hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
54,729 Commits 1,672 Branches 157 Tags
c2ec1b0a810fcc79a3524f5933e67cbede16f4f0
Commit Graph

9645 Commits

Author SHA1 Message Date
Kasper Svendsen
b0714904c0 Java: Enable implicit this receiver warnings 2023-05-09 08:25:40 +02:00
github-actions[bot]
f235387ba6 Add changed framework coverage reports 2023-05-09 00:15:32 +00:00
Edward Minnix III
05b1bd881e Merge pull request #12852 from egregius313/egregius313/java/webgoat/model-jwsheader 
Java: Model `io.jsonwebtoken.SigningKeyResolverAdapter` and `io.jsonwebtoken.JwsHeader`
 2023-05-08 10:57:34 -04:00
Michael Nebel
baee4cedfd Apply suggestions from code review 
Co-authored-by: Jami <57204504+jcogs33@users.noreply.github.com>
 2023-05-08 16:19:00 +02:00
Michael Nebel
efa2bd8614 Apply suggestions from code review 
Co-authored-by: Jami <57204504+jcogs33@users.noreply.github.com>
 2023-05-08 16:19:00 +02:00
Michael Nebel
8435c31213 C#/Java: Update model converter queries to handle kind information. 2023-05-08 16:19:00 +02:00
Michael Nebel
7858da66e3 C#/Java: Add change note. 2023-05-08 16:18:59 +02:00
Michael Nebel
c30f080ff0 Java: Update expected test out for the model generator. 2023-05-08 16:18:59 +02:00
Michael Nebel
d103a57141 Java: Adjust the model generator to produce kinds. 2023-05-08 16:18:59 +02:00
Michael Nebel
bd23814e7c Java: Update existing neutrals to include kind information. 2023-05-08 16:18:59 +02:00
Michael Nebel
bcbda9046f Java: Extend neutrals with a kind column and introduce validation. 2023-05-08 16:18:59 +02:00
Chuan-kai Lin
4960305022 Merge pull request #13025 from cklin/java-location-tostring-bindingset 
Java: Add pragma[only_bind_out] to Top::toString() calls
 2023-05-08 06:27:42 -07:00
Mathias Vorreiter Pedersen
09ba9a74ce Merge pull request #12959 from MathiasVP/identity-consistency-check 
DataFlow: Add an "identity-step" consistency check
 2023-05-05 10:03:20 +01:00
Tony Torralba
929d9dbdfa Merge pull request #13046 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2023-05-05 10:06:53 +02:00
github-actions[bot]
3d9e5ebfd8 Add changed framework coverage reports 2023-05-05 00:14:57 +00:00
Edward Minnix III
2d5b35067e Merge pull request #12721 from egregius313/egregius313/java/move-configurations-to-libraries 
Java: Move more dataflow configurations to `*Query.qll` files
 2023-05-04 20:14:22 -04:00
Ed Minnix
0c604b1c34 Remove generated model 2023-05-04 16:56:14 -04:00
Ed Minnix
7a295b554b Remove Map rows 2023-05-04 16:52:40 -04:00
Edward Minnix III
a34a51737f Add SyntheticFields for JwsHeader 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2023-05-04 16:52:40 -04:00
Ed Minnix
62cbcdb30c Add change note 2023-05-04 16:52:40 -04:00
Ed Minnix
a4f4ff15ce Change method resolveSigningKey from class to interface 
The resolveSigningKey method of SigningKeyResolverAdapter is an
implementation of that defined in SigningKeyResolver. So this changes
the type from the class to the interface it implements
 2023-05-04 16:52:40 -04:00
Ed Minnix
5c10d42915 More test cases for io.jsonwebtoken.SigningKeyResolverAdapter 2023-05-04 16:52:40 -04:00
Ed Minnix
a4fa1ec768 Test case for modeling io.jsonwebtoken.SigningKeyResolverAdapter 2023-05-04 16:52:40 -04:00
Ed Minnix
3d0147765c Add missing methods to jwtk-jjwt stubs 2023-05-04 16:52:40 -04:00
Ed Minnix
a38466b0f3 Erase generics in generated model 2023-05-04 16:52:40 -04:00
Ed Minnix
26cdf24bf0 Added MaD models for io.jsonwebtoken 2023-05-04 16:52:39 -04:00
Jami
3c74c8bbe0 Merge pull request #13019 from jcogs33/jcogs33/url-open-stream-updates 
Java: switch `url-open-stream` sink models to `experimentalSinkModel`
 2023-05-04 15:07:44 -04:00
Chuan-kai Lin
d968cee2c4 Java: Add pragma[only_bind_out] to Top::toString() calls 2023-05-04 11:46:35 -07:00
Stephan Brandauer
62ab91c14a fix ql-for-ql warning 2023-05-04 17:48:50 +02:00
Stephan Brandauer
27703c777a pull subtypes-logic out into helper predicate, and document it 2023-05-04 17:45:17 +02:00
Stephan Brandauer
0e5591ff86 move getCallable to signature module implementation, and document it 2023-05-04 17:35:46 +02:00
Stephan Brandauer
a616a786f0 formatting 2023-05-04 17:27:27 +02:00
Jami
4e31c46b0c Merge pull request #13024 from jcogs33/jcogs33/remove-hardcoded-jwt-key-summaries 
Java: remove `hardcoded-jwt-key` experimental summary models
 2023-05-04 11:18:18 -04:00
Stephan Brandauer
36aabc077e Update java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll 
Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>
 2023-05-04 16:50:37 +02:00
Ed Minnix
5f3c8fef3f Privacy markers and fixed imports 2023-05-04 10:25:17 -04:00
Ed Minnix
3100e98513 Add missing change notes and update date 2023-05-04 10:25:17 -04:00
Ed Minnix
74fc6382a6 Add improper validation of array size query libraries 2023-05-04 10:25:17 -04:00
Ed Minnix
c319ee4c0d Add TempDirLocalInformationDisclosureQuery 2023-05-04 10:25:16 -04:00
Ed Minnix
b087cf9a0a Add Arithmetic query libraries 2023-05-04 10:25:16 -04:00
Ed Minnix
b6361cdd3d Move CWE-190/ArithmeticCommon.qll to semmle.code.java.security 2023-05-04 10:25:16 -04:00
Ed Minnix
77ee80fd81 Add missing change notes 2023-05-04 10:25:16 -04:00
Ed Minnix
24b00bac11 Add UnsafeHostnameVerificationQuery 2023-05-04 10:25:16 -04:00
Ed Minnix
f4a6f555b4 Add NumericCastTaintedQuery 2023-05-04 10:25:13 -04:00
Ed Minnix
e65a54b85f Add BrokenCryptoAlgorithmQuery 2023-05-04 10:19:12 -04:00
Ed Minnix
4b76564911 Add MaybeBrokenCryptoAlgorithmQuery 2023-05-04 10:15:00 -04:00
Ed Minnix
e4f47ece43 Add ResponseSplittingLocalQuery 2023-05-04 10:15:00 -04:00
Ed Minnix
91b3533035 Add SqlTaintedLocalQuery 2023-05-04 10:14:59 -04:00
Ed Minnix
a0f7575b34 Add StackTraceExposureQuery 2023-05-04 10:14:59 -04:00
Ed Minnix
aff299eafd Add ExecTaintedLocal 2023-05-04 10:14:59 -04:00
Ed Minnix
b39d5088de Add InsecureCookieQuery 2023-05-04 10:14:59 -04:00