hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 03:36:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
53,240 Commits 1,672 Branches 157 Tags
d48adbd1751d22f887352e8c9c76e217cb15444e
Commit Graph

8255 Commits

Author SHA1 Message Date
Ed Minnix
d48adbd175 Refactor JsonpInjection 2023-04-12 20:37:35 -04:00
Ed Minnix
8cb5e78832 Refactor XXE files 2023-04-12 20:37:35 -04:00
Ed Minnix
4c80ff03de Refactor UnvalidatedCors 2023-04-12 20:37:35 -04:00
Ed Minnix
d254d91f57 Refactor Injection queries 2023-04-12 20:37:35 -04:00
Ed Minnix
7002ed5303 Refactor InsecureRmiJmxEnvironmentConfiguration 2023-04-12 20:37:35 -04:00
Ed Minnix
6e4e1e52c0 Refactor NFEAndroidDoS 2023-04-12 20:37:35 -04:00
Ed Minnix
94768f425f Refactor HashWithoutSalt 2023-04-12 20:37:35 -04:00
Ed Minnix
cb7391177d Refactor MyBatis queries 2023-04-12 20:37:35 -04:00
Ed Minnix
d528c8461f Refactor XQueryInjection.ql 2023-04-12 20:37:35 -04:00
Ed Minnix
e7cbd493d7 Refactor FilePathInjection 2023-04-12 20:37:35 -04:00
Ed Minnix
47c5db03ab Refactor OpenStream.ql 2023-04-12 20:37:34 -04:00
Ed Minnix
5bd9aae072 Refactor Log4jJndiInjection.ql 2023-04-12 20:37:34 -04:00
Chris Smowton
7eefa43f5a Rename and document viableArgParamSpecific to make clear it is a temporary hook. 2023-04-12 14:33:46 +01:00
Chris Smowton
4d8ca3d759 Add dataflow callback to filter out receiver argument flow to Golang interface dispatch candidates. 
Other langauges stub the callback.
 2023-04-12 14:19:06 +01:00
Jami
b7c7449b08 Merge pull request #12739 from jcogs33/jcogs33/add-one-more-top500-model 
Java: add summary model for `UnsupportedOperationException(String)` constructor
 2023-04-11 08:25:36 -04:00
Tony Torralba
944bdfde45 Apply suggestions from code review 2023-04-11 09:47:47 +02:00
Stephan Brandauer
cb8506d51a Update MaD Declarations after Triage 2023-04-11 09:25:39 +02:00
Jami Cogswell
6a103f5070 Java: add change note 2023-04-06 10:22:03 -04:00
Jami Cogswell
c4f8a9a2eb Java: update genVsMan query test case; resolve conflict 2023-04-06 10:21:53 -04:00
Jami Cogswell
01dd2647d4 Java: add test case for yml model 2023-04-06 10:19:33 -04:00
Jami Cogswell
6b695434b7 Java: add yml model for UnsupportedOperationException; resolve conflict 2023-04-06 10:19:19 -04:00
Jami Cogswell
8b0eba78aa Java: add UnsupportedOperationException to topJdkApiName 2023-04-06 10:14:36 -04:00
Jami
c55c9f50c9 Merge pull request #12680 from jcogs33/jcogs33/metrics-query-refactor-top500 
Java: test GeneratedVsManualCoverage query on top 500 JDK APIs
 2023-04-06 10:07:35 -04:00
Tony Torralba
8686036346 Update java/ql/lib/change-notes/2023-03-31-new-models.md 2023-04-06 15:25:33 +02:00
Jami Cogswell
cc92936f6a Java: rename stubs directory 2023-04-06 08:32:09 -04:00
Jami Cogswell
b534f40b26 Java: move TopJdkApis.qll to src directory 2023-04-06 08:23:22 -04:00
Tony Torralba
d58d6fe6be Update java/ql/lib/ext/java.net.model.yml 2023-04-06 13:58:13 +02:00
Tony Torralba
cdb3d9ea5a Apply suggestions from code review 2023-04-06 12:23:50 +02:00
Stephan Brandauer
18801b39c6 Update MaD Declarations after Triage 2023-04-06 12:23:50 +02:00
Tony Torralba
3f2840bb1b Remove com.hippo models 2023-04-05 15:32:53 +02:00
Tony Torralba
bced2d692b Apply suggestions from code review 2023-04-05 15:19:21 +02:00
Stephan Brandauer
f87618238f Review suggestions 2023-04-05 15:15:03 +02:00
Stephan Brandauer
edf7ba09e7 try different change note name 2023-04-05 15:15:02 +02:00
Stephan Brandauer
0a5d19fc71 Update MaD Declarations after Triage 2023-04-05 15:15:02 +02:00
Jonathan Leitschuh
0d774a647c Fix partial path traversal Java example Again 
The original wouldn't compile, and the fix made by #11899 is sub-optimal.
This keeps the entire comparision using the Java `Path` object, which is optimal.

Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
 2023-03-31 23:36:07 -04:00
Jonathan Leitschuh
b9d409279b Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversalRemainder.inc.qhelp 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2023-03-31 23:36:07 -04:00
Jonathan Leitschuh
e641505361 Fix partial path traversal Java example Again 
The original wouldn't compile, and the fix made by #11899 is sub-optimal.
This keeps the entire comparision using the Java `Path` object, which is optimal.

Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
 2023-03-31 23:36:07 -04:00
Jami Cogswell
0688fa6ed1 Java: update expected file for results without interface members 2023-03-31 18:02:09 -04:00
Jami Cogswell
c69745a6f8 Java: fix stubs 2023-03-31 18:02:09 -04:00
Jami Cogswell
266939840d Java: update expected file with results that include interface members 2023-03-31 18:02:09 -04:00
Jami Cogswell
aca538310f Java: update some qldocs 2023-03-31 18:02:09 -04:00
Jami Cogswell
8b18df0987 Java: update top jdk apis test case with stubs 2023-03-31 18:02:09 -04:00
Jami Cogswell
e0524a1177 Java: add test case for top jdk apis 2023-03-31 18:02:09 -04:00
Jami Cogswell
8501a16cac Java: move TopJdkApis.qll to lib directory for better importing 2023-03-31 18:02:09 -04:00
Jami Cogswell
fea55e910e Java: move query logic to qll file and add subset restriction for top500 jdk apis 2023-03-31 18:02:08 -04:00
Edward Minnix III
2b9daed26a Merge pull request #12563 from egregius313/egregius313/refactor-java-libs-to-dataflow-modules 
Java: Refactor Java query libraries to use dataflow modules
 2023-03-31 12:38:14 -04:00
Ed Minnix
800411cd81 More replacing of single-predicate classes to predicate 2023-03-31 10:55:17 -04:00
Ian Lynagh
c1a7d7f825 Merge pull request #12646 from igfoo/igfoo/expanded_args 
Java: Store expanded args in the database
 2023-03-31 15:27:02 +01:00
Ian Lynagh
3d85c4f19c Java: Add another change note 2023-03-31 12:46:10 +01:00
Ian Lynagh
04c09a73a9 Java: Add .md extension to changenote file 2023-03-31 12:40:19 +01:00