hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-23 04:06:37 +01:00
Code Issues Packages Projects Releases Wiki Activity
50,611 Commits 1,672 Branches 157 Tags
ea4c2e432100cb15e4ad5448d02c36153a6f9f95
Commit Graph

4381 Commits

Author SHA1 Message Date
Chris Smowton
455b840712 Fix all dead qhelp links 
For those documents with no obvious new home I've pointed the links to the Internet Archive.
 2021-04-23 15:20:21 +01:00
Anders Schack-Mulligen
bc8c55836a Merge pull request #5743 from aschackmull/java/flow-summary-tweaks 
Java/C#: Move a couple of flow summary tweaks to the shared implementation.
 2021-04-23 13:46:04 +02:00
Tamás Vajk
43dc9bbc94 Merge pull request #5744 from tamasvajk/feature/java-loc 
Java: Introduce LoC summary metric query
 2021-04-23 11:39:42 +02:00
intrigus
98dcd4e52b Java: Tighten definition of sink. 2021-04-23 00:14:48 +02:00
intrigus
a385b30c29 Java: Factor common expr into class. 2021-04-22 23:51:27 +02:00
intrigus-lgtm
958e2fab05 Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-22 23:36:17 +02:00
haby0
407dcea751 add String type startsWith 2021-04-22 19:20:54 +08:00
haby0
9b4442be8b Fix some errors 2021-04-22 19:01:55 +08:00
Tamás Vajk
cb28bc80b7 Merge branch 'main' into feature/java-sinks-csv 2021-04-22 11:41:18 +02:00
Tamas Vajk
7134eb9079 Improve documentation of csv sink models 2021-04-22 11:37:41 +02:00
Tamas Vajk
1caa5c4780 Adjust hostname verifier sink identifier name 2021-04-22 11:22:18 +02:00
Tamas Vajk
6c78a247f2 Revert erroneous refactoring in header splitting sink base class 2021-04-22 11:20:39 +02:00
Tamas Vajk
9b1c54e81b Add argument indices to HTTP header splitting sinks 2021-04-22 11:17:25 +02:00
Tamas Vajk
180904e9f6 Revert "Java: Convert Google HTTP client API parseAs sink to CSV format" 
This reverts commit 3e53484bb3.
 2021-04-22 11:14:51 +02:00
Owen Mansel-Chan
fea9f5f431 Merge pull request #5746 from owen-mc/java/refactor-exec-tainted 
Make ExecTainted easier to extend
 2021-04-22 10:14:28 +01:00
Owen Mansel-Chan
8a01799fb8 Make imports private 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-04-22 09:46:49 +01:00
Owen Mansel-Chan
4b8d4f5bbd Update docs 2021-04-22 09:30:50 +01:00
Owen Mansel-Chan
e448dcb725 Avoid bad join order 
We want to avoid joining on `i` first.
 2021-04-22 09:30:49 +01:00
Owen Mansel-Chan
9f1704560b Include constructors in abstract class 2021-04-22 09:30:48 +01:00
Tamás Vajk
9c936867fa Exclude code from XML files 
Co-authored-by: yo-h <55373593+yo-h@users.noreply.github.com>
 2021-04-22 09:00:31 +02:00
edvraa
86444bfa09 Use set literal expression 2021-04-22 09:48:46 +03:00
edvraa
9774b24c4e Use TypeString 2021-04-22 09:44:07 +03:00
haby0
454324781d delete IfStmt 2021-04-22 11:59:33 +08:00
Chris Smowton
76091f0f8d Use ArrayElement accessor where needed 2021-04-21 15:58:41 +01:00
Chris Smowton
2c95b7539f Remove now-redundant steps 2021-04-21 15:57:09 +01:00
Chris Smowton
874733a61b Argument -> specific Argument indices 2021-04-21 15:53:55 +01:00
Chris Smowton
6589460357 Add models for Commons ToStringBuilder 
These don't include support for reflectionToString yet, which is coming up in a subsequent PR.
 2021-04-21 15:47:19 +01:00
Chris Smowton
94f0a1532d Merge pull request #5682 from smowton/smowton/docs/fix-has-modifier-comment 
Fix documentation of Modifier.qll
 2021-04-21 15:41:29 +01:00
Owen Mansel-Chan
9c72e73a82 Make ExecTainted easier to extend 
To add a method that executes a command, you can now define a class
extending ExecMethod.
 2021-04-21 14:55:37 +01:00
Tamas Vajk
e25305e3cc Java: Introduce LoC summary metric query 2021-04-21 14:27:00 +02:00
Anders Schack-Mulligen
f9599da32d Java/C#: Move a couple of flow summary tweaks to the shared implementation. 2021-04-21 14:24:15 +02:00
edvraa
452ec8c43f comments 2021-04-21 13:12:53 +03:00
edvraa
13655b5d80 Add RegExUtils 2021-04-21 13:08:35 +03:00
Anders Schack-Mulligen
9362ae0687 Merge pull request #5422 from tamasvajk/feature/sink-migration-ldap 
Java: Migrate LDAP injection sinks to CSV format
 2021-04-21 10:05:28 +02:00
haby0
84f00c21df update IfConditionSink. 2021-04-21 15:38:41 +08:00
intrigus
231b07795c Java: Ignore results in test directories. 2021-04-20 23:25:13 +02:00
intrigus
fcaf5e7657 Java: Plural type name -> singular type name. 2021-04-20 23:09:44 +02:00
intrigus
3acec94773 Java: Fix typos. 2021-04-20 23:04:06 +02:00
intrigus
149c4491ce Java: Simplify qldoc. 2021-04-20 23:03:10 +02:00
intrigus
9e4fa90f6e Java: Refer to Java types in qldoc instead of ql types. 2021-04-20 23:02:18 +02:00
intrigus
26502881d7 Java: Consistently use this in charpred. 2021-04-20 22:56:58 +02:00
yo-h
00137f2905 Merge pull request #5721 from github/yo-h/java-diagnostic-queries 
Java: add extractor `diagnostic` queries
 2021-04-20 13:36:49 -04:00
Tamas Vajk
583513bafd Fix review findings 2021-04-20 16:28:47 +02:00
Chris Smowton
9bfb0d93ca Autoformat QL 2021-04-20 13:59:09 +01:00
Chris Smowton
0ec3ee29e4 Style last use of SecureASTCustomizer 2021-04-20 12:44:49 +01:00
Hayk Andriasyan
bb58a50503 Update GroovyInjection.qhelp 2021-04-20 15:41:58 +04:00
p0wn4j
f2de440886 [Java] CWE-094: Query to detect Groovy Code Injections 2021-04-20 19:18:24 +04:00
haby0
3e376f95c4 Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-20 19:36:16 +08:00
haby0
b1ee864ad9 Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-20 19:35:52 +08:00
haby0
9e87f4ec4e Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-20 19:35:34 +08:00