hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-27 20:33:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
20,438 Commits 1,697 Branches 161 Tags
f91c71c8f75048c6a2c54ef8595df0fb4297f66a
Commit Graph

947 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
f91c71c8f7 Merge pull request #5270 from Marcono1234/marcono1234/class-isPackageProtected 
Java: Add Class and Interface.isPackageProtected()
 2021-03-03 16:33:57 +01:00
Anders Schack-Mulligen
7ca57fd7a5 Merge pull request #5294 from Marcono1234/patch-1 
Java: Fix wrong algorithm name matching
 2021-03-03 16:33:13 +01:00
Marcono1234
d5d0439471 Java: Fix wrong algorithm name matching 
The regex character class `[5|7]` matches `5`, `7` and `|`.
 2021-03-03 15:44:23 +01:00
Anders Schack-Mulligen
3400c121d6 Merge pull request #5202 from joefarebrother/apache-http 
Java: Add modelling for Apache HTTP Components
 2021-03-03 13:41:41 +01:00
Anders Schack-Mulligen
394c82d564 Apply suggestions from code review 
Adjust qldoc.
 2021-03-02 10:17:07 +01:00
Porcuiney Hairs
14ec148272 refactor to meet experimental guidelines. 2021-03-01 18:46:33 +05:30
Porcupiney Hairs
602f63ad45 [Java] Add QL for detecting Spring View Manipulation Vulnerabilities. 2021-02-26 16:29:18 +05:30
Marcono1234
fa189ded9d Java: Add Class and Interface.isPackageProtected() 2021-02-25 18:21:18 +01:00
Joe Farebrother
41b7db144d Allow for array types in model signatures 2021-02-25 11:40:48 +00:00
Anders Schack-Mulligen
f0d3841369 Merge pull request #5105 from JLLeitschuh/feat/JLL/depricated_bintray_usage 
CWE-1104: Maven POM dependence upon Bintray/JCenter
 2021-02-25 09:08:31 +01:00
Joe Farebrother
caa6f00292 Switch to CSV based modelling 2021-02-24 16:59:49 +00:00
Anders Schack-Mulligen
add960bc4d Merge pull request #4880 from luchua-bc/java/sensitive-query-with-get 
Java: Sensitive GET Query
 2021-02-24 11:08:47 +01:00
luchua-bc
56e3b301e9 Resolve ambiguous method access 2021-02-23 15:18:07 +00:00
Joe Farebrother
ee651da23f Remove TODO comment 2021-02-23 14:27:11 +00:00
Joe Farebrother
a3b8d4ab2d Switch to inline test expectations; fix failing test outputs 2021-02-23 14:26:12 +00:00
Joe Farebrother
7b5961769a Add unit tests for version 5.x 2021-02-23 14:26:12 +00:00
Joe Farebrother
cf58a90d74 Add unit tests for utility methods 2021-02-23 14:26:12 +00:00
Joe Farebrother
e5d624d1e8 Add open redirect sinks 2021-02-23 14:26:12 +00:00
Joe Farebrother
e3fe635004 Add support for httpcomponents 5.x 2021-02-23 14:26:11 +00:00
Joe Farebrother
5bba7f6df7 Add unit tests 2021-02-23 14:26:11 +00:00
Joe Farebrother
da6e9492a0 Model XSS sinks and utility methods 2021-02-23 14:26:11 +00:00
Joe Farebrother
561679611e Java: Model flow source for apache http requests, 
Model flow steps for associated getters

Fix rebase conflict
 2021-02-23 14:26:11 +00:00
Joe Farebrother
4184ebd091 Java: Add HttpRequestHandler as a remote flow source 2021-02-23 14:26:11 +00:00
Anders Schack-Mulligen
b1bed2731d Merge pull request #5172 from smowton/smowton/feature/commons-strbuilder 
Java: Add support for commons-lang's StrBuilder class
 2021-02-23 14:39:11 +01:00
yo-h
6213c20bc3 Merge pull request #5136 from aschackmull/java/csv-models 
Java: Add support for framework modelling through csv data.
 2021-02-22 19:00:41 -05:00
Anders Schack-Mulligen
dae65f687a Merge pull request #5150 from Marcono1234/marcono1234/conditional-expr-branch 
Java: Add ConditionalExpr.getBranchExpr(boolean)
 2021-02-19 10:12:43 +01:00
Chris Smowton
321df82851 Apply review feedback: comment style, bracketing, and use proper MISSING test annotations 2021-02-18 14:56:52 +00:00
Anders Schack-Mulligen
74d35f4f37 Java: Add support for value-preserving steps. 2021-02-18 11:26:15 +01:00
Anders Schack-Mulligen
04eeeda2c9 Java: Add documentation for the final column. 2021-02-18 11:23:49 +01:00
Anders Schack-Mulligen
6f583baa90 Java: More documentation and support for field writes. 2021-02-18 11:18:31 +01:00
Jonathan Leitschuh
c43765917f Fix formatting of MavenPom.qll 2021-02-17 11:55:10 -05:00
Chris Smowton
c700d004e0 Commons Lang/Text StrBuilder: propagate taint from constructors 2021-02-17 09:51:28 +00:00
Chris Smowton
c243e03133 Lang3 StrBuilder: fix typo and coding style 2021-02-17 09:50:56 +00:00
Chris Smowton
10112c50ab Add support for StrBuilder and TextStringBuilder in commons-text 
These are identical to the current deprecated StrBuilder in commons-lang3.
 2021-02-17 09:36:28 +00:00
Chris Smowton
714611f803 Address review feedback 2021-02-17 09:36:21 +00:00
Chris Smowton
a63f18e49d Add models for Commons-Lang's StrBuilder class. These exclude its fluent methods for the time being, which will be added in a forthcoming PR. 2021-02-17 09:36:20 +00:00
Jonathan Leitschuh
a8167c6c9c Add docstring for DeclaredRepository.getUrl 2021-02-16 11:21:19 -05:00
Chris Smowton
a2eeffa9c0 Add support for Apache Commons Lang StringUtils 2021-02-16 14:48:39 +00:00
Anders Schack-Mulligen
6eafa9d396 Merge pull request #5133 from pwntester/fix_SnakeYaml 
Remove sanitizing condition which does not prevent vulnerability.
 2021-02-16 12:58:47 +01:00
Jonathan Leitschuh
d82e8216ed Merge branch 'main' into feat/JLL/depricated_bintray_usage 2021-02-15 10:48:28 -05:00
Anders Schack-Mulligen
b9a479dd31 Merge pull request #5134 from pwntester/ArrayUtils 
Add support for Apache Commons Lang ArrayUtils
 2021-02-15 13:50:01 +01:00
Alvaro Muñoz
812884341b Merge branch 'ArrayUtils' of github.com:pwntester/codeql-1 into ArrayUtils 2021-02-15 10:59:49 +01:00
Alvaro Muñoz
504d119749 adjust max parameter number 2021-02-15 10:58:17 +01:00
Anders Schack-Mulligen
7e83a608a2 Merge pull request #4954 from aschackmull/java/member-hasqualifiedname 
Java: Add Member.hasQualifiedName.
 2021-02-15 10:02:13 +01:00
Marcono1234
7a6db061b5 Address review feedback 2021-02-12 20:15:10 +01:00
Chris Smowton
402f20c5e2 Merge pull request #5154 from smowton/smowton/admin/deprecate-old-maven-predicate-names 
Java: Re-introduce deprecated versions of old Maven predicate names
 2021-02-12 17:22:05 +00:00
Alvaro Muñoz
7d294361dc Update java/ql/src/semmle/code/java/frameworks/apache/Lang.qll 
Co-authored-by: Joe Farebrother <joefarebrother@github.com>
 2021-02-12 15:40:44 +01:00
Alvaro Muñoz
6b80a42913 apply LSP formatter and add missing dot 2021-02-12 15:03:11 +01:00
Alvaro Muñoz
8606386c2c add bidirectional import 2021-02-12 14:59:28 +01:00
Alvaro Muñoz
49eda8ced6 apply LSP formatter 2021-02-12 14:56:10 +01:00