hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
26,003 Commits 1,672 Branches 157 Tags
e58b90ef1c670308976b6e901b202a4c4ab665a3
Commit Graph

3455 Commits

Author SHA1 Message Date
Benjamin Muskalla
6287e6d8e9 Filter unused API callsites 2021-08-11 15:31:56 +02:00
Benjamin Muskalla
ec7f4d18e1 Avoid duplicates and support modular runtime 2021-08-11 15:31:33 +02:00
github-actions[bot]
5db82651fe Add changed framework coverage reports 2021-08-11 00:13:37 +00:00
Joe Farebrother
7462180dcd Improve handling or array types 2021-08-10 16:52:38 +01:00
Joe Farebrother
207c753f6f Update model for getAll 2021-08-10 15:05:02 +01:00
Owen Mansel-Chan
2000985509 Remove duplicate test 2021-08-10 11:58:28 +01:00
Owen Mansel-Chan
a55a32f50a Add more missing models 
And corresponding tests
 2021-08-10 11:35:20 +01:00
Benjamin Muskalla
8127f63b1e Only include APIs without support 2021-08-10 12:05:16 +02:00
Benjamin Muskalla
26d4269071 Use FlowSources for coverage tracking 2021-08-10 12:02:56 +02:00
Benjamin Muskalla
c48586ff80 Implement coverage tracking using dataflow nodes 2021-08-10 11:38:01 +02:00
Benjamin Muskalla
5b55a83aaa Use basename for jars 2021-08-10 11:37:19 +02:00
Chris Smowton
9f9c76390f Nudge CI 2021-08-10 09:12:18 +01:00
github-actions[bot]
22fe354aab Add changed framework coverage reports 2021-08-10 00:07:47 +00:00
Owen Mansel-Chan
54fdfe3906 Make helper functions more consistent 2021-08-09 17:18:03 +01:00
Owen Mansel-Chan
2d31bb8d64 Remove toString taint propagation 
We do not do this for other overrides of toString
 2021-08-09 17:18:02 +01:00
Owen Mansel-Chan
487a46ae77 Improve treatment of new and old package name 2021-08-09 16:25:11 +01:00
Chris Smowton
021e405294 Elaborate change note a little 2021-08-09 15:33:21 +01:00
Chris Smowton
5ba9347281 Merge pull request #6006 from artem-smotrakov/timing-attacks 
Java: Timing attacks while comparing results of cryptographic operations
 2021-08-09 15:30:47 +01:00
Chris Smowton
171dc26531 Fix test reference and expectations 2021-08-09 13:56:55 +01:00
Owen Mansel-Chan
1997dfbb4a Remove unnecessary casts 2021-08-08 14:03:57 +01:00
Owen Mansel-Chan
f94e467076 Fixes to models and tests 
Running the test generator script again showed many missing tests.
 2021-08-08 14:03:48 +01:00
Owen Mansel-Chan
377403d525 Remove redundant models and corresponding test 
Iterator.next is already modelled
 2021-08-08 13:57:51 +01:00
Owen Mansel-Chan
5d3f10824e Fix erroneous treatment of varargs in models 2021-08-08 13:57:50 +01:00
Fosstars
df0f9ee3a5 Fixed a few typos 2021-08-08 12:50:04 +02:00
Owen Mansel-Chan
9533f12e24 Add explanatory commented for MapIterator model 2021-08-06 07:06:36 +01:00
Owen Mansel-Chan
2ba41df2ba Remove commented line 2021-08-06 07:06:36 +01:00
Owen Mansel-Chan
d1a440a45a Improve helper functions for Put 2021-08-06 07:06:35 +01:00
Owen Mansel-Chan
26f5ac9ff2 Add change note 2021-08-06 07:06:35 +01:00
Owen Mansel-Chan
b922d7c6f3 Duplicate models for old package name 
The package name was org.apache.commons.collection until release 4.0.
 2021-08-06 07:06:34 +01:00
Owen Mansel-Chan
51a7018afc Add stubs 2021-08-06 07:06:16 +01:00
Chris Smowton
0b6c991ac4 Unsafe deserialization: add support for Jodd JSON library 2021-08-05 16:01:14 +01:00
Anders Schack-Mulligen
c29353db80 Merge pull request #6424 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2021-08-05 09:48:53 +02:00
Tony Torralba
0356ed7f9e Merge pull request #5911 from atorralba/atorralba/promote-missing-jwt-signature-check 
Java: Promote Missing JWT signature check query from experimental
 2021-08-05 09:43:03 +02:00
Anders Schack-Mulligen
1932f604dc Merge pull request #6419 from smowton/smowton/admin/unsafe-deserialization-jabsorb 
Add unsafe-deserialization support for Jabsorb
 2021-08-05 09:04:23 +02:00
github-actions[bot]
9d13edb325 Add changed framework coverage reports 2021-08-05 00:08:17 +00:00
Fosstars
b913928294 Renamed queries and merged qhelp files 2021-08-04 17:54:16 +02:00
Chris Smowton
1f08c3fe55 Move test files to appropriate package directories 2021-08-04 16:50:03 +01:00
Chris Smowton
5a42448888 Code review suggestions 
- Remove unneeded import
- Remove unnecessary `toLowerCase` call
 2021-08-04 16:08:07 +01:00
Chris Smowton
69549e9ce3 Add unsafe-deserialization support for Jabsorb 
This is partly extracted from https://github.com/github/codeql/pull/5954
 2021-08-04 15:35:50 +01:00
Anders Schack-Mulligen
5f9f857c34 Update java/ql/src/semmle/code/java/security/JWT.qll 2021-08-04 16:23:21 +02:00
Anders Schack-Mulligen
78998d0ca1 Update java/ql/src/semmle/code/java/security/JWT.qll 2021-08-04 16:22:56 +02:00
Anders Schack-Mulligen
6a09a5667d Merge pull request #5931 from atorralba/atorralba/promote-jndi-injection 
Java: Promote JNDI Injection query from experimental
 2021-08-04 15:48:44 +02:00
Owen Mansel-Chan
2e04319d9f Manually improve tests 2021-08-04 14:27:01 +01:00
Owen Mansel-Chan
a538699a0a Add automatically generated tests 2021-08-04 14:27:00 +01:00
Owen Mansel-Chan
b82389088b Model interfaces in Apache Commons Collections main package 2021-08-04 14:26:59 +01:00
Owen Mansel-Chan
39ea0a989a Model *Utils classes 2021-08-04 14:26:58 +01:00
Tony Torralba
bc9563c073 Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-08-04 14:40:32 +02:00
Tony Torralba
989afb446e Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-08-04 14:07:10 +02:00
Tony Torralba
a046d75ea6 Apply suggestions from code review 2021-08-04 13:15:49 +02:00
Tony Torralba
452fd9a8e3 Refactor to path query 2021-08-04 13:05:18 +02:00