hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,189 Commits 1,672 Branches 157 Tags
ebd38eaf3bd0d5f4cb15bf4724fb2bb90ad1f8a6
Commit Graph

1946 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
87e4dec86a Merge pull request #5300 from tamasvajk/feature/external-remote-flow-sources 
Java: Convert remote flow sources to use new CSV format
 2021-03-11 10:44:17 +01:00
Anders Schack-Mulligen
674886a17d Dataflow: Sync. 2021-03-10 16:53:51 +01:00
Anders Schack-Mulligen
667dab28d4 Dataflow: Switch from unbind to pragma[only_bind_into]. 2021-03-10 16:52:45 +01:00
Tom Hvitved
fc5158c41c Merge pull request #5338 from hvitved/dataflow/performance-tweaks 
Data flow: Performance tweaks
 2021-03-10 13:56:57 +01:00
Chris Smowton
410f21cd55 Fix comment describing two-arg nextInt/nextLong 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-03-10 08:43:37 +00:00
Chris Smowton
fa51af5be1 NBSP -> original-flavour space 2021-03-09 15:40:45 +00:00
Chris Smowton
189b2215c5 Remove useless value from inline test expectations 2021-03-09 15:11:39 +00:00
Chris Smowton
e8f81c4f30 Improve change note 2021-03-09 15:11:13 +00:00
Chris Smowton
074d73e325 Add change note 2021-03-09 15:11:13 +00:00
Chris Smowton
9163893879 Add models for Commons-Lang's RegExUtils class 2021-03-09 15:11:13 +00:00
Tom Hvitved
fe6efde449 Address review comments 2021-03-09 14:30:12 +01:00
Taus
19b74e6e01 Merge pull request #5367 from tausbn/mergeback-rc/3.1-to-main 
Merge rc/3.1 into main
 2021-03-09 12:46:24 +01:00
Tamas Vajk
5480a31b68 Java: Remove MultipartFile.getSize/isEmpty from remote flow sources 2021-03-09 12:23:47 +01:00
Tamas Vajk
0d405c293a Java: Convert PlayRequestGetMethod to CSV based flow source 2021-03-09 12:20:35 +01:00
Joe Farebrother
7a4ce83169 Merge pull request #5310 from joefarebrother/guava-io 
Java: Add modelling for Guava IO utilities
 2021-03-09 11:19:44 +00:00
Joe Farebrother
bd4a414abd Remove CSV data from query 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-03-09 10:50:15 +00:00
Tamas Vajk
e0b1a86038 Java: Convert WebSocketMessageParameterSource to CSV based flow source 2021-03-09 11:49:59 +01:00
Tamas Vajk
193458eb3d Java: Convert SpringRestTemplateResponseEntityMethod to CSV based flow source 2021-03-09 11:49:59 +01:00
Tamas Vajk
e0c51b510f Java: Convert WebViewGetUrlMethod to CSV based flow source 2021-03-09 11:42:40 +01:00
Tamas Vajk
8ba820cae1 Java: Convert android XML get* methods to CSV based flow source 2021-03-09 11:42:13 +01:00
Tamas Vajk
09b0d824b4 Java: Convert org.apache.http.Http*.get* methods to CSV based flow source 2021-03-09 11:41:33 +01:00
Tamas Vajk
3c8ac5c789 Java: Convert Cookie.get* methods to CSV based flow source 2021-03-09 11:41:33 +01:00
Tamas Vajk
86cf143029 Java: Convert ServletRequestGetBodyMethod to CSV based flow source 2021-03-09 11:41:32 +01:00
Tamas Vajk
b05a9043b5 Java: Convert SpringWebRequestGetMethod to CSV based flow source 2021-03-09 11:41:32 +01:00
Tamas Vajk
09bcf878f7 Java: Convert HttpServletRequest.get* methods to CSV based flow source 2021-03-09 11:40:59 +01:00
Tamas Vajk
f2448cc921 Java: Convert SpringMultipartFileSource to CSV based flow source 2021-03-09 11:40:18 +01:00
Tamas Vajk
80b4d63d4b Java: Convert SpringMultipartRequestSource to CSV based flow source 2021-03-09 11:39:47 +01:00
Tamas Vajk
06fdd64dab Java: Remove already modelled BeanValidationSource 2021-03-09 11:35:42 +01:00
Tamas Vajk
3dfc236bbe Java: Remove already modelled RemoteTaintedMethods 2021-03-09 11:35:42 +01:00
Taus Brock-Nannestad
3d0d280972 Merge remote-tracking branch 'upstream/rc/3.1' into mergeback-rc/3.1-to-main 2021-03-08 22:15:10 +01:00
Chris Smowton
f9f143d62c Merge pull request #5347 from Marcono1234/marcono1234/simplify-tests 
Java: Simplify tests using InlineExpectationsTest
 2021-03-08 14:47:28 +00:00
Joe Farebrother
ed228cbcef Add sinks for URL Open Stream query 2021-03-08 14:07:53 +00:00
Anders Schack-Mulligen
e63f81171c Merge pull request #5349 from p0wn4j/fix-nashorn-engine-1 
Java: Fix NashornScriptEngine detection in ScriptEngine query
 2021-03-08 13:23:36 +01:00
Chris Smowton
6cf15f49bb Replace hasTaintFlow=y with hasTaintFlow everywhere 2021-03-08 11:57:35 +00:00
Marcono1234
b7353f0bb0 Java: Simplify tests using InlineExpectationsTest 2021-03-08 11:49:52 +00:00
Chris Smowton
790fb7829a Improve comment and change-note accuracy 2021-03-08 11:00:05 +00:00
Chris Smowton
4a4f4b01a1 Add support for java.util.concurrent.ThreadLocalRandom 2021-03-08 10:59:53 +00:00
Rasmus Lerchedahl Petersen
cc9a938054 InlineExpectationTest: clarify the nedd for an 
empty `.expected` file
 2021-03-08 09:18:47 +01:00
p0wn4j
6841f5f7c4 Java: Add NashornScriptEngine detection in ScriptEngine query 
Java: Add NashornScriptEngine detection in ScriptEngine query

Java: Add NashornScriptEngine detection in ScriptEngine query

Java: Add NashornScriptEngine detection in ScriptEngine query
 2021-03-06 16:19:07 +04:00
Anders Schack-Mulligen
cf4f55d9ab Merge pull request #5223 from smowton/smowton/feature/backward-dataflow-for-modelled-fluent-methods 
Java: Add backward dataflow edges through modelled function invocations
 2021-03-05 15:11:43 +01:00
Tom Hvitved
6e5af1a9f8 Data flow: Sync files 2021-03-05 14:56:40 +01:00
Chris Smowton
012058a866 Apply review suggestions: use ArgumentNode.argumentOf, and change more uses of ValuePreservingCallable -> ValuePreservingMethod 2021-03-05 13:34:13 +00:00
Chris Smowton
eed357dc93 ValuePreservingCallable -> ValuePreservingMethod 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-03-05 13:28:35 +00:00
Chris Smowton
a37b98ca27 Value-preserving methods: handle generics in DataFlowUtil.qll 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-03-05 13:15:06 +00:00
Chris Smowton
ca86925a45 Update java/ql/src/semmle/code/java/dataflow/FlowSteps.qll 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-03-05 13:02:19 +00:00
Chris Smowton
45f3365d06 Apply suggestions from code review 
Note value-preserving functions can't be constructors

Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-03-05 12:52:38 +00:00
Chris Smowton
e3cf5c235e Add support for Commons-Lang's RandomUtils 
This is realised by somewhat generalising our interfaces for modelling RNGs. We also add tests for randomness-related queries that didn't have any, and addtest cases checking the Apache random-number generators are interchangeable with the stdlib ones.
 2021-03-05 12:09:33 +00:00
Chris Smowton
990bdc20b0 Move value-preserving callable class into FlowSteps 2021-03-05 11:55:53 +00:00
Joe Farebrother
3f3640fcbd Model ByteArrayDataOutput 2021-03-05 11:19:55 +00:00
Joe Farebrother
470a2ca336 Add CopyTo 2021-03-05 11:19:55 +00:00