hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
57,315 Commits 1,672 Branches 157 Tags
e1a5eba61b8558f55f230d6969027fb33acb51b2
Commit Graph

10164 Commits

Author SHA1 Message Date
Tony Torralba
4dfc9b13cd Java: Fix performance issue in the stub generator 2023-05-26 12:44:53 +02:00
Tony Torralba
8e16a0d144 Add tests and stubs for the summaries 2023-05-26 12:43:58 +02:00
Michael Nebel
915042a881 Minor cleanup and sync files. 2023-05-26 12:25:00 +02:00
Michael Nebel
b7a8660375 Java: Re-factor getComponent. 2023-05-26 12:24:59 +02:00
Tony Torralba
903fdb0cb8 Java: Add models for the Play Framework 2023-05-26 10:23:43 +02:00
Stephan Brandauer
5ca2221097 remove some of the biggest frameworks from application mode consideration 2023-05-25 17:06:02 +02:00
Stephan Brandauer
db77c6b9a3 Java: mark functional expressions as likely not sinks 2023-05-25 16:39:27 +02:00
Stephan Brandauer
76d731a61d improve CannotBeTaintedCharacteristic 2023-05-25 16:28:07 +02:00
Stephan Brandauer
9a041243ff Java: fine-tune characteristics 2023-05-25 14:16:32 +02:00
Stephan Brandauer
f224a40dec Java: use containing call as call context, not argument 2023-05-25 14:16:23 +02:00
Stephan Brandauer
33fdb0fc52 Java: remove superfluous characteristic 2023-05-25 14:16:23 +02:00
Taus
2000f22533 Java: Port over characteristics from codex branch 2023-05-25 14:16:23 +02:00
Taus
11ab7e2e71 Java: Share argument indexing logic 
Adds a utility predicate for turning integer indices into the desired string representation.
 2023-05-25 14:16:23 +02:00
Taus
04b8bf35d4 Java: Avoid overlapping import 
Importing `AutomodelEndpointTypes` inside `AutomodelSharedUtil` non-privately made it overlap with the imports in the candidate extraction queries.
 2023-05-25 14:16:23 +02:00
Stephan Brandauer
db61a2d099 Java: share isKnownKind between modes 2023-05-25 14:16:16 +02:00
Stephan Brandauer
d93ad9b398 Java: remove unneeded abstract metadata extractor classes and fix some names 2023-05-25 14:16:11 +02:00
Stephan Brandauer
6e21f14c09 Java: update extraction query metadata 2023-05-25 14:16:03 +02:00
Stephan Brandauer
7c3bc26c41 Java: make input an actual string, not an integer 2023-05-25 14:15:59 +02:00
Stephan Brandauer
185ad101b3 Java: add application-mode and framework-mode tags to extraction queries 2023-05-25 14:15:50 +02:00
Taus
9b30f9a476 Java: Add negative characteristic for static calls 2023-05-25 14:15:49 +02:00
Taus
6fc16574b3 Java: Add QL support for automodel application mode 2023-05-25 14:15:49 +02:00
erik-krogh
9f5bf8fb22 also fix the first code-block 2023-05-25 13:56:29 +02:00
erik-krogh
765076bcba fix whitespace in the samples in ReDoS.qhelp 2023-05-25 13:28:39 +02:00
Tony Torralba
a276cc3094 Convert all command injection sinks to MaD format 2023-05-25 11:41:32 +02:00
github-actions[bot]
5be4f6e58b Add changed framework coverage reports 2023-05-25 00:16:11 +00:00
github-actions[bot]
d2e192020b Post-release preparation for codeql-cli-2.13.3 2023-05-24 11:26:12 +00:00
Tony Torralba
7d0b02e267 Merge pull request #13248 from atorralba/atorralba/java/nio-files-copy-models-fix 
Java: Tweak java.nio.file.Files.copy models
 2023-05-24 10:55:15 +02:00
Edward Minnix III
52340802bb Merge pull request #13097 from egregius313/egregius313/java/webgoat/ssrf-regex-fix 
Java: Add constraint to `HostnameSanitizingPrefix` to prevent false negatives in SSRF queries
 2023-05-23 10:50:43 -04:00
Tony Torralba
6f012d51c0 Merge pull request #13091 from atorralba/atorralba/java/inputstreamwrapper-transitive 
Java: Make inputStreamWrapper consider supertypes transitively
 2023-05-23 13:28:17 +02:00
Tony Torralba
5c5f910130 Add change note 2023-05-23 10:31:28 +02:00
Tony Torralba
654bb00946 Java: Tweak java.nio.files.Files.copy models 2023-05-23 10:27:19 +02:00
Tony Torralba
0ff90df497 Merge pull request #13245 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2023-05-23 09:38:01 +02:00
Erik Krogh Kristensen
50cb5ea184 Merge pull request #13164 from erik-krogh/polyQhelp 
ReDoS: add another example to the qhelp in poly-redos, showing how to just limit the length of the input
 2023-05-23 09:25:15 +02:00
github-actions[bot]
abcece88f5 Add changed framework coverage reports 2023-05-23 00:16:20 +00:00
github-actions[bot]
7aa23cf11d Release preparation for version 2.13.3 2023-05-22 20:47:00 +00:00
Ed Minnix
2d69f81d85 Add change note 2023-05-22 15:57:15 -04:00
Ed Minnix
43966ebaeb Change regex used in HostnameSanitizingPrefix 2023-05-22 15:57:15 -04:00
Ed Minnix
774baead60 Add test case based on missing result 2023-05-22 15:57:15 -04:00
Tony Torralba
183915410d Add change note 2023-05-22 15:01:25 +02:00
erik-krogh
710b309142 apply suggestions from doc review 2023-05-21 22:18:48 +02:00
erik-krogh
10bf17c33e Merge branch 'main' into polyQhelp 2023-05-21 22:17:06 +02:00
Tony Torralba
b58eb3a92c Java: Add TemplateEngine.createTemplate as a groovy injection sink 2023-05-19 17:45:47 +02:00
github-actions[bot]
66f2579437 Add changed framework coverage reports 2023-05-19 00:15:25 +00:00
Tony Torralba
a8afa4785e Merge pull request #13140 from atorralba/atorralba/java/spring-jdbc-namedparam-models 
Java: Add SQLi sinks for Spring JDBC
 2023-05-18 14:49:28 +02:00
Alvaro Muñoz
bf3fb09dfd Apply suggestions from code review 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2023-05-18 12:39:41 +02:00
Tony Torralba
2c54996499 Apply @jcogs33's suggestions from code review 2023-05-18 08:51:19 +02:00
Tony Torralba
1b06bf132c Merge pull request #12932 from atorralba/atorralba/java/promote-xxe-experimental-sinks 
Java: Promote experimental XXE sinks
 2023-05-17 17:39:31 +02:00
Alvaro Muñoz
b235b1cbb9 improve yaml models 2023-05-17 16:40:28 +02:00
Alvaro Muñoz
7baf244ac6 remove test predicate 2023-05-17 16:18:46 +02:00
Alvaro Muñoz
8cd85a5676 add flow support for unmarshaled object fields 2023-05-17 16:16:30 +02:00