hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-23 10:23:41 +01:00
Code Issues Packages Projects Releases Wiki Activity
23,904 Commits 1,693 Branches 161 Tags
d8b017e6c0f02da101ace23ec7c8f219263eacb6
Commit Graph

1330 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
d8b017e6c0 Merge pull request #6036 from atorralba/atorralba/spring-beans 
Java: Flow summaries for Spring's Bean Properties classes
 2021-06-30 15:41:24 +02:00
Anders Schack-Mulligen
f03d460e95 Java: Fix bad join-order. 2021-06-30 13:42:45 +02:00
Tony Torralba
0bb9e464b2 Merge branch 'main' into atorralba/spring-beans 2021-06-30 12:55:10 +02:00
Tony Torralba
9d64cadb50 Adapt tests after applying changes from code review 2021-06-30 10:02:03 +02:00
Tony Torralba
b64b8ecec2 Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-06-30 09:52:22 +02:00
Anders Schack-Mulligen
ad8bef5177 Update java/ql/src/semmle/code/java/frameworks/spring/SpringUtil.qll 2021-06-29 14:08:48 +02:00
Chris Smowton
9551321592 Fix LinkedMultiValueMap models and make tests more realistic 2021-06-29 12:40:57 +01:00
Chris Smowton
d6c4325c13 Import SpringUtil from ExternalFlow.qll 2021-06-29 12:18:30 +01:00
Chris Smowton
3d270bbc50 Drop models for stringifying functions 
Per default stringification isn't taint-propagating in Java
 2021-06-29 12:01:08 +01:00
Chris Smowton
0441098b18 Amend models of MultiValueMap.addAll overloads 2021-06-29 11:58:46 +01:00
Chris Smowton
b202110285 Drop redundant model that can be inherited from java.util.Iterator 2021-06-29 11:47:22 +01:00
Chris Smowton
f67e9ae1cc Drop tests for protected inner classes 2021-06-29 11:45:59 +01:00
Chris Smowton
5769f4718f Add missing CollectionUtils model 2021-06-29 11:44:29 +01:00
Chris Smowton
659478cc39 Remove model for protected class 
Can't be accessed outside the org.springframework.util package.
 2021-06-29 11:40:19 +01:00
Chris Smowton
f7a4614f56 Add missing tests for AntPathMatcher's protected methods; fix models accordingly 2021-06-29 11:35:25 +01:00
Chris Smowton
dec0123751 Autoformat 2021-06-29 09:52:24 +01:00
Sauyon Lee
4012076c90 fixup! Model spring util 
Apply review comments
 2021-06-28 10:52:58 -07:00
Sauyon Lee
92ebb63b1f Model Spring AntPath utils 2021-06-28 08:26:38 -07:00
Sauyon Lee
c4e9b1fd8e Model Spring util 2021-06-28 08:26:37 -07:00
Tony Torralba
8112d723e0 Merge branch 'main' into atorralba/spring-beans 2021-06-28 17:02:31 +02:00
Tony Torralba
393b95cbbe Remove 'magic' from tests 2021-06-28 17:01:34 +02:00
Chris Smowton
def4a23af2 Merge pull request #4879 from intrigus-lgtm/java/improve-trustmanager 
Java: Add/improve insecure trustmanager query
 2021-06-25 18:15:55 +01:00
Anders Schack-Mulligen
a79356e316 Apply suggestions from code review 2021-06-25 16:47:26 +02:00
intrigus
dc0b06a735 Java: Factor out SecurityFlag library. 2021-06-25 16:47:24 +02:00
Owen Mansel-Chan
bad32716e8 Import Apache Collections models in ExternalFlow 2021-06-25 14:51:09 +01:00
Owen Mansel-Chan
eb469c0811 Duplicate models for old package name 
The package name was org.apache.commons.collection until release 4.0.
 2021-06-25 11:17:09 +01:00
Owen Mansel-Chan
224fd343f3 Fix models (addressing PR review comments) 2021-06-25 11:17:03 +01:00
Owen Mansel-Chan
e78d56e7e9 Model MapUtils class and keyvalue package 2021-06-25 11:17:02 +01:00
Owen Mansel-Chan
213f5d6a37 Model and use isEmpty from Apache Collections 2021-06-25 11:17:01 +01:00
Owen Mansel-Chan
492f6ebc7c Model isNotEmpty from Apache Commons Collections 2021-06-25 11:17:00 +01:00
Anders Schack-Mulligen
2d24387e9e Merge pull request #6149 from edoardopirovano/fix-java-regression 
Performance: Fix bad join order in Java dataflow library
 2021-06-25 10:42:05 +02:00
Anders Schack-Mulligen
95ad8b55fe Merge pull request #6107 from aschackmull/dataflow/implicit-reads 
Dataflow: Add support for implicit reads
 2021-06-24 15:38:35 +02:00
Anders Schack-Mulligen
cd0efbe7ce Dataflow: Sync. 2021-06-24 14:19:17 +02:00
Anders Schack-Mulligen
1c1d11a4a4 DataFlow: Address review comments. 2021-06-24 14:18:45 +02:00
Anders Schack-Mulligen
1e511c0a9e Merge pull request #6137 from smowton/smowton/feature/java-util-optional 
Java: Model java.util.Optional
 2021-06-24 13:21:36 +02:00
Edoardo Pirovano
0909c9ff22 Performance: Fix bad join order in dataflow library 2021-06-24 08:24:17 +01:00
Chris Smowton
74feaf2893 Adapt to static methods and nested types returning unbound declaring types 
Previously these returned raw declaring types instead
 2021-06-23 16:03:18 +01:00
Chris Smowton
b34448af87 {Generic,Parameterized,Raw}Type: implement getAPrimaryQlClass 
An aid to debugging
 2021-06-23 15:58:31 +01:00
Anders Schack-Mulligen
6374914053 Java: Fix bad magic. 2021-06-23 14:39:18 +02:00
Chris Smowton
9fd1606238 Model java.util.Optional 2021-06-22 21:17:22 +01:00
Anders Schack-Mulligen
38fc8a750c Java: Improve test and fix a few missing cases. 2021-06-22 11:16:02 +02:00
Anders Schack-Mulligen
27c973e157 Java: Fix some qltests. 2021-06-21 16:08:52 +02:00
Anders Schack-Mulligen
d383c0f69b Java: Remove temporary store-as-taint. 2021-06-21 14:42:47 +02:00
Anders Schack-Mulligen
65ac8be5ac Java: Add defaultImplicitTaintRead and sync. 2021-06-21 14:42:47 +02:00
Anders Schack-Mulligen
aa82d0b815 Java: Make Content public as DataFlow::Content. 2021-06-21 14:42:47 +02:00
Anders Schack-Mulligen
80880320d5 Dataflow: Sync. 2021-06-21 14:42:47 +02:00
Anders Schack-Mulligen
b7ac329ba1 DataFlow: Add support for configuration-specific implicit reads. 2021-06-21 14:41:19 +02:00
Anders Schack-Mulligen
9110dfaeb3 Merge pull request #6095 from hvitved/dataflow/local-cc-join 
Data flow: Fix `getLocalCallContext` join-order
 2021-06-21 12:53:38 +02:00
Anders Schack-Mulligen
7eb6da3888 Merge pull request #5772 from smowton/smowton/feature/apache-tuple-flow 
Add models for Apache Commons Lang's tuple types
 2021-06-18 11:25:07 +02:00
Tom Hvitved
eb86bceb4d Address review comments 2021-06-18 10:18:47 +02:00