900 Commits

Author	SHA1	Message	Date
Jonathan Leitschuh	c43765917f	Fix formatting of MavenPom.qll	2021-02-17 11:55:10 -05:00
Jonathan Leitschuh	a8167c6c9c	Add docstring for DeclaredRepository.getUrl	2021-02-16 11:21:19 -05:00
Jonathan Leitschuh	d82e8216ed	Merge branch 'main' into feat/JLL/depricated_bintray_usage	2021-02-15 10:48:28 -05:00
Anders Schack-Mulligen	b9a479dd31	Merge pull request #5134 from pwntester/ArrayUtils ... Add support for Apache Commons Lang ArrayUtils	2021-02-15 13:50:01 +01:00
Alvaro Muñoz	812884341b	Merge branch 'ArrayUtils' of github.com:pwntester/codeql-1 into ArrayUtils	2021-02-15 10:59:49 +01:00
Alvaro Muñoz	504d119749	adjust max parameter number	2021-02-15 10:58:17 +01:00
Anders Schack-Mulligen	7e83a608a2	Merge pull request #4954 from aschackmull/java/member-hasqualifiedname ... Java: Add Member.hasQualifiedName.	2021-02-15 10:02:13 +01:00
Chris Smowton	402f20c5e2	Merge pull request #5154 from smowton/smowton/admin/deprecate-old-maven-predicate-names ... Java: Re-introduce deprecated versions of old Maven predicate names	2021-02-12 17:22:05 +00:00
Alvaro Muñoz	7d294361dc	Update java/ql/src/semmle/code/java/frameworks/apache/Lang.qll ... Co-authored-by: Joe Farebrother <joefarebrother@github.com>	2021-02-12 15:40:44 +01:00
Alvaro Muñoz	8606386c2c	add bidirectional import	2021-02-12 14:59:28 +01:00
Alvaro Muñoz	49eda8ced6	apply LSP formatter	2021-02-12 14:56:10 +01:00
Anders Schack-Mulligen	085286ab58	Merge pull request #5135 from pwntester/guava_preconditions ... Add support for the Preconditions Class in the Guava framework	2021-02-12 14:15:17 +01:00
Chris Smowton	655cfb3a47	Re-introduce deprecated versions of old Maven predicate names	2021-02-12 12:24:19 +00:00
Marcono1234	e89891fa1f	Address review comments	2021-02-12 01:30:47 +01:00
Jonathan Leitschuh	35e2ceba13	Update java/ql/src/semmle/code/xml/MavenPom.qll ... Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>	2021-02-11 08:59:02 -05:00
Marcono1234	2a1c11b517	Improve MavenPom documentation, rename inconsistent predicates	2021-02-10 23:56:45 +01:00
Jonathan Leitschuh	3b92f97967	Refactor DeclaredRepository to library	2021-02-10 11:41:50 -05:00
Alvaro Muñoz	645b021845	Add support for the Preconditions Class in the Guava framework	2021-02-10 13:20:29 +01:00
Alvaro Muñoz	0cf3a29429	Add support for Apache Commons Lang ArrayUtils	2021-02-10 13:09:57 +01:00
Tom Hvitved	1f9b42f9ab	Data flow: Sync files	2021-02-09 20:10:23 +01:00
Anders Schack-Mulligen	35e620a19c	Merge pull request #4854 from luchua-bc/java/insecure-ldap-auth ... Java: Insecure LDAP authentication	2021-02-04 14:56:38 +01:00
Anders Schack-Mulligen	40d02e7e32	Merge pull request #4926 from luchua-bc/java/insufficient-key-size ... Java: Query to detect weak encryption: insufficient key size	2021-02-03 15:16:10 +01:00
Anders Schack-Mulligen	0df7e9fa4e	Merge pull request #4989 from lcartey/lcartey/spring-inheritence-improvements ... Java: Track taint through Spring Java bean getters on super types	2021-02-03 15:06:03 +01:00
luchua-bc	3151aeff48	Enhance the query	2021-02-02 18:26:29 +00:00
luchua-bc	50be54385a	Update qldoc	2021-02-02 14:49:50 +00:00
Luke Cartey	76c9b6466e	Reformat TaintTrackingUtil.qll with more recent CodeQL CLI	2021-01-29 11:27:30 +00:00
luchua-bc	cbaee937d0	Optimize the query	2021-01-28 04:06:27 +00:00
luchua-bc	cfc950f803	Query for weak encryption: Insufficient key size	2021-01-28 03:25:15 +00:00
Joe Farebrother	d69ecde5c1	Java: Add additional flow steps for guava collection methods and more unit tests	2021-01-25 16:37:40 +00:00
Joe Farebrother	7e11d8ed07	Java: Add modelling for guava Sets	2021-01-25 16:37:40 +00:00
Joe Farebrother	d1427fcd93	Java: Add modelling for Guava's collection classes	2021-01-25 16:37:40 +00:00
Luke Cartey	5c6f5b7b33	Java: Track taint through Spring Java bean getters on super types	2021-01-20 16:53:03 +00:00
Anders Schack-Mulligen	dde8d320f3	Apply suggestions from code review ... Minor qldoc fixes.	2021-01-19 08:24:24 +01:00
Marcono1234	703336a77f	Add ArrayInit.getSize(), improve documentation	2021-01-18 16:44:53 +01:00
Anders Schack-Mulligen	f3b8fe2e2e	Java: Add Member.hasQualifiedName.	2021-01-13 13:42:35 +01:00
Anders Schack-Mulligen	29935e1388	Merge pull request #4771 from intrigus-lgtm/split-cwe-295 ... Java: Add unsafe hostname verification query and remove existing overlapping query	2021-01-13 11:31:38 +01:00
intrigus-lgtm	4cfdb10ddc	Java: Improve QLDoc & simplify code ... Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2021-01-11 18:50:43 +01:00
intrigus	5c1e746c96	Java: Rename to EnvReadMethod	2021-01-11 13:42:08 +01:00
intrigus	b4692734b2	Java: Add QLDoc improve query message	2021-01-11 13:42:08 +01:00
intrigus	d98b171998	Java: Make EnvTaintedMethod public + QL-Doc	2021-01-11 13:42:07 +01:00
intrigus	e021158b5f	Java: Tighter model of HostnameVerifier#verify ... This more tightly models `HostnameVerifier#verify` previously it was possible to accidentally match other methods called `verify`.	2021-01-11 13:42:07 +01:00
intrigus	8df5d77398	Java: Model HostnameVerifier method ... Model `HostnameVerifier#setDefaultHostnameVerifier`	2021-01-11 13:42:06 +01:00
Anders Schack-Mulligen	3a2dd8f1ed	Merge pull request #4867 from RasmusWL/java-externalapis-taint-step ... Java: Fix taint-step handling for untrusted-data-external-api	2021-01-11 13:36:59 +01:00
Rasmus Wriedt Larsen	00c253a710	Java: Don't ignore local taint steps (fixup)	2021-01-08 15:29:01 +01:00
Anders Schack-Mulligen	e5b4975450	Merge pull request #4675 from luchua-bc/cleartext-storage-shared-prefs ... Java: Query to detect cleartext storage of sensitive information using Android SharedPreferences	2021-01-08 12:41:34 +01:00
luchua-bc	606d0946fc	Update qldoc	2021-01-07 14:05:12 +00:00
luchua-bc	b54e5b1c49	Revamp the library module	2021-01-07 12:44:59 +00:00
luchua-bc	f13b8814f5	Update class/method names in the module	2021-01-06 16:49:35 +00:00
luchua-bc	5690bf49f4	Optimize the query	2021-01-06 16:21:26 +00:00
Jonathan Leitschuh	ba4a562c9a	Update PrintAst.actual with new test output	2021-01-04 23:37:58 -05:00