hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
18,324 Commits 1,671 Branches 157 Tags
cf76d31161bafaa5152a4e45793f9e46ef16ede2
Commit Graph

1479 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
b0e5925fea Dataflow: Refactor stage 3 conscand predicates. 2020-11-13 15:09:28 +01:00
Anders Schack-Mulligen
261ef0fbff Dataflow: Refactor forward stores and remove some useless conjuncts. 2020-11-13 15:09:28 +01:00
Anders Schack-Mulligen
628e0a795a Dataflow: A few variable renamings. 2020-11-13 15:09:28 +01:00
Anders Schack-Mulligen
bfd8a3d104 Dataflow: Rename stage 2 cons-cand predicates. 2020-11-13 15:09:28 +01:00
Anders Schack-Mulligen
0a60a3abb3 Dataflow: Align on ApNil. 2020-11-13 15:09:28 +01:00
Anders Schack-Mulligen
60b51011b9 Dataflow: Minor refactor of Stage2::revFlow. 2020-11-13 15:09:28 +01:00
Anders Schack-Mulligen
c054295347 Dataflow: Rename option type branches. 2020-11-13 15:09:28 +01:00
Anders Schack-Mulligen
7eeae49e06 Dataflow: Remove AccessPathFront column. 
This column is functionally determined from the access path, and was
merely included to help with some join-orders that no longer appear
problematic.
 2020-11-13 15:09:28 +01:00
Anders Schack-Mulligen
1fe423550f Dataflow: Stage comments and some formatting. 2020-11-13 15:09:27 +01:00
Anders Schack-Mulligen
586d52fac0 Dataflow: More renaming. 2020-11-13 15:09:27 +01:00
Anders Schack-Mulligen
3f25df902f Dataflow: Rename some types and variables. 2020-11-13 15:09:27 +01:00
Anders Schack-Mulligen
f3f968ce6d Dataflow: Rename predicates. 2020-11-13 15:09:27 +01:00
Anders Schack-Mulligen
aab5263c6a Dataflow: Add modules. 2020-11-13 15:09:22 +01:00
Porcupiney Hairs
402a320a55 include suggestions from review. 2020-11-13 18:07:42 +05:30
Porcupiney Hairs
4b25532b9f include suggestions from review. 2020-11-13 17:55:56 +05:30
Porcupiney Hairs
eb6d6113d9 minor nit. 2020-11-13 00:39:09 +05:30
Porcupiney Hairs
f8de94e906 refactor SpringWebClient 2020-11-13 00:32:27 +05:30
Porcupiney Hairs
2525cfd786 include suggestions from review. 2020-11-13 00:28:06 +05:30
james
9fc84f8061 Merge branch 'rc/1.26' into main-126-merge 2020-11-12 09:55:32 +00:00
Alvaro Muñoz
30d8dce389 check that either there are no custom message interpolator configured, or there is at least one that is insecure 2020-11-11 12:53:54 +01:00
Alvaro Muñoz
c3bc0d6c15 Apply formatting 2020-11-11 12:06:39 +01:00
Alvaro Muñoz
5b1858a514 Do not report the issue only if all message interpolators are secure 2020-11-11 11:50:15 +01:00
luchua-bc
018d5c46da Simplify the query 2020-11-10 21:07:44 +00:00
Jonas Jensen
fc764db8e1 Merge pull request #4643 from nickrolfe/getFileBySourceArchiveName 
Replace getEncodedFile with shared getFileBySourceArchiveName predicate
 2020-11-10 17:36:29 +01:00
Nick Rolfe
ac4a1f1d9b Update comment to be a QLDoc comment 2020-11-10 14:14:27 +00:00
Nick Rolfe
1e1eb7ee33 Replace getEncodedFile with shared getFileBySourceArchiveName predicate 
While also making it work with paths for databases created on Windows.
 2020-11-10 13:55:27 +00:00
Anders Schack-Mulligen
89ef6ea4eb C++/C#/Java/JavaScript/Python: Autoformat set literals. 2020-11-10 13:32:27 +01:00
Alvaro Muñoz
02cf49a773 apply codeql formatting 2020-11-10 11:46:42 +01:00
Alvaro Muñoz
24a47fbb0f additional qldoc commentes 2020-11-10 10:48:47 +01:00
Alvaro Muñoz
3545edb92c address code review suggestions 2020-11-10 10:45:14 +01:00
Porcupiney Hairs
38de9b6433 add request forgery query 2020-11-10 01:19:35 +05:30
luchua-bc
bc899b6337 Move common code to a library and add more test cases 2020-11-09 14:14:54 +00:00
luchua-bc
b10552aa2e Specify exported Android components for local Android DoS 2020-11-09 14:10:01 +00:00
luchua-bc
76a0db84ee Query for detecting Local Android DoS caused by NFE 2020-11-09 14:10:00 +00:00
Anders Schack-Mulligen
31ec79819e Merge pull request #4631 from luchua-bc/java-nfe-library 
Java: Factor NumberFormatException out into a library file
 2020-11-09 13:50:31 +01:00
luchua-bc
d765c7bbb2 Update qldoc 2020-11-09 11:23:48 +00:00
luchua-bc
d568eb635f Update qldoc 2020-11-06 15:33:26 +00:00
luchua-bc
450ff26694 Convert the query to a library 2020-11-06 13:25:00 +00:00
Alvaro Muñoz
9db340c9ca add some improvements to the bean validation query 2020-11-06 13:08:45 +01:00
Anders Schack-Mulligen
cb77e460ae Merge pull request #4600 from porcupineyhairs/urirefactor 
Java : Refactor all instances of `java.net.URI` into TypeUri
 2020-11-06 09:35:09 +01:00
Anders Schack-Mulligen
45d117b68e Merge pull request #4603 from pwntester/new_deser_sink 
New UnsafeDeserialization sink and improvements to SnakeYaml sink
 2020-11-05 13:09:15 +01:00
Alvaro Muñoz
f103955f38 change qldoc formating according to LSP suggestion 2020-11-05 11:48:26 +01:00
Alvaro Muñoz
302062b670 Merge branch 'new_deser_sink' of https://github.com/pwntester/ql into new_deser_sink 2020-11-04 18:58:57 +01:00
Alvaro Muñoz
6fef63306e add qldoc 2020-11-04 18:58:41 +01:00
Porcupiney Hairs
0a028dcb47 Java : Refactor all instances of java.net.URI into TypeUri 2020-11-04 18:23:26 +05:30
Alvaro Muñoz
aa7b87aa33 Update java/change-notes/2020-11-04-commonslang-unsafe-deserialization-sinks.md 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2020-11-04 10:58:27 +01:00
Alvaro Muñoz
b284141a16 Merge branch 'new_deser_sink' of https://github.com/pwntester/ql into new_deser_sink 2020-11-04 10:51:07 +01:00
Alvaro Muñoz
436563d914 ChangeNote for new unsafe deserialization sinks 2020-11-04 10:50:50 +01:00
Anders Schack-Mulligen
22b4df0f3c Merge pull request #4512 from luchua-bc/sensitive-broadcast 
Java: Sensitive broadcast
 2020-11-04 10:47:48 +01:00
Alvaro Muñoz
6f78b725e6 Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2020-11-04 10:43:37 +01:00