Chris Smowton
|
a2eeffa9c0
|
Add support for Apache Commons Lang StringUtils
|
2021-02-16 14:48:39 +00:00 |
|
Anders Schack-Mulligen
|
6eafa9d396
|
Merge pull request #5133 from pwntester/fix_SnakeYaml
Remove sanitizing condition which does not prevent vulnerability.
|
2021-02-16 12:58:47 +01:00 |
|
Anders Schack-Mulligen
|
b9a479dd31
|
Merge pull request #5134 from pwntester/ArrayUtils
Add support for Apache Commons Lang ArrayUtils
|
2021-02-15 13:50:01 +01:00 |
|
Alvaro Muñoz
|
812884341b
|
Merge branch 'ArrayUtils' of github.com:pwntester/codeql-1 into ArrayUtils
|
2021-02-15 10:59:49 +01:00 |
|
Alvaro Muñoz
|
504d119749
|
adjust max parameter number
|
2021-02-15 10:58:17 +01:00 |
|
Anders Schack-Mulligen
|
7e83a608a2
|
Merge pull request #4954 from aschackmull/java/member-hasqualifiedname
Java: Add Member.hasQualifiedName.
|
2021-02-15 10:02:13 +01:00 |
|
Chris Smowton
|
402f20c5e2
|
Merge pull request #5154 from smowton/smowton/admin/deprecate-old-maven-predicate-names
Java: Re-introduce deprecated versions of old Maven predicate names
|
2021-02-12 17:22:05 +00:00 |
|
Chris Smowton
|
80978c7c35
|
Merge pull request #5153 from smowton/smowton/admin/move-misplaced-experimental-query
Move misplaced experimental query into the conventional directory
|
2021-02-12 17:21:57 +00:00 |
|
Alvaro Muñoz
|
7d294361dc
|
Update java/ql/src/semmle/code/java/frameworks/apache/Lang.qll
Co-authored-by: Joe Farebrother <joefarebrother@github.com>
|
2021-02-12 15:40:44 +01:00 |
|
Alvaro Muñoz
|
6b80a42913
|
apply LSP formatter and add missing dot
|
2021-02-12 15:03:11 +01:00 |
|
Alvaro Muñoz
|
8606386c2c
|
add bidirectional import
|
2021-02-12 14:59:28 +01:00 |
|
Alvaro Muñoz
|
49eda8ced6
|
apply LSP formatter
|
2021-02-12 14:56:10 +01:00 |
|
Anders Schack-Mulligen
|
085286ab58
|
Merge pull request #5135 from pwntester/guava_preconditions
Add support for the Preconditions Class in the Guava framework
|
2021-02-12 14:15:17 +01:00 |
|
Chris Smowton
|
655cfb3a47
|
Re-introduce deprecated versions of old Maven predicate names
|
2021-02-12 12:24:19 +00:00 |
|
Chris Smowton
|
97df60f9d6
|
Move misplaced experimental query into the conventional directory
|
2021-02-12 12:12:16 +00:00 |
|
Marcono1234
|
e89891fa1f
|
Address review comments
|
2021-02-12 01:30:47 +01:00 |
|
Marcono1234
|
2a1c11b517
|
Improve MavenPom documentation, rename inconsistent predicates
|
2021-02-10 23:56:45 +01:00 |
|
Anders Schack-Mulligen
|
b74911204a
|
Merge pull request #4945 from intrigus-lgtm/java/insecure-jxbrowser
Java: Insecure JXBrowser
|
2021-02-10 15:48:17 +01:00 |
|
intrigus
|
5c82ff83de
|
Java: Fix qhelp, fix CWE reference
|
2021-02-10 13:57:51 +01:00 |
|
Alvaro Muñoz
|
645b021845
|
Add support for the Preconditions Class in the Guava framework
|
2021-02-10 13:20:29 +01:00 |
|
Alvaro Muñoz
|
0cf3a29429
|
Add support for Apache Commons Lang ArrayUtils
|
2021-02-10 13:09:57 +01:00 |
|
Alvaro Muñoz
|
3b4357792b
|
Remove sanitizing condition which does not prevent
vulnerability.
|
2021-02-10 12:21:48 +01:00 |
|
Tom Hvitved
|
1f9b42f9ab
|
Data flow: Sync files
|
2021-02-09 20:10:23 +01:00 |
|
intrigus
|
2e30f2d9ce
|
Java: Fix QHelp & accept test output
Accept test output for changed alert message.
|
2021-02-08 00:05:02 +01:00 |
|
Anders Schack-Mulligen
|
35e620a19c
|
Merge pull request #4854 from luchua-bc/java/insecure-ldap-auth
Java: Insecure LDAP authentication
|
2021-02-04 14:56:38 +01:00 |
|
luchua-bc
|
724c3e00e0
|
Update help file
|
2021-02-03 16:45:15 +00:00 |
|
Anders Schack-Mulligen
|
40d02e7e32
|
Merge pull request #4926 from luchua-bc/java/insufficient-key-size
Java: Query to detect weak encryption: insufficient key size
|
2021-02-03 15:16:10 +01:00 |
|
Anders Schack-Mulligen
|
0df7e9fa4e
|
Merge pull request #4989 from lcartey/lcartey/spring-inheritence-improvements
Java: Track taint through Spring Java bean getters on super types
|
2021-02-03 15:06:03 +01:00 |
|
luchua-bc
|
2ace10fcdf
|
Use PostUpdateNode for wrapper method calls
|
2021-02-03 12:21:31 +00:00 |
|
luchua-bc
|
3151aeff48
|
Enhance the query
|
2021-02-02 18:26:29 +00:00 |
|
luchua-bc
|
5e3b6fa341
|
Update qldoc
|
2021-02-02 16:20:39 +00:00 |
|
luchua-bc
|
50be54385a
|
Update qldoc
|
2021-02-02 14:49:50 +00:00 |
|
Luke Cartey
|
76c9b6466e
|
Reformat TaintTrackingUtil.qll with more recent CodeQL CLI
|
2021-01-29 11:27:30 +00:00 |
|
luchua-bc
|
ab7d257569
|
Add more cases and change EC to 256 bits
|
2021-01-28 04:06:27 +00:00 |
|
luchua-bc
|
2ac7b4bab4
|
Update qldoc
|
2021-01-28 04:06:27 +00:00 |
|
luchua-bc
|
058f3af4b2
|
Refactor the hasShortSymmetricKey method
|
2021-01-28 04:06:27 +00:00 |
|
luchua-bc
|
cbaee937d0
|
Optimize the query
|
2021-01-28 04:06:27 +00:00 |
|
luchua-bc
|
cfc950f803
|
Query for weak encryption: Insufficient key size
|
2021-01-28 03:25:15 +00:00 |
|
luchua-bc
|
6a93099b64
|
Simplify the query and update qldoc
|
2021-01-28 03:02:53 +00:00 |
|
intrigus
|
d3e6e594b2
|
Java: Improve QLDoc
|
2021-01-27 11:57:32 +01:00 |
|
intrigus
|
bdba7e14fe
|
Java: Switch to data flow
|
2021-01-27 11:54:40 +01:00 |
|
Joe Farebrother
|
d69ecde5c1
|
Java: Add additional flow steps for guava collection methods and more unit tests
|
2021-01-25 16:37:40 +00:00 |
|
Joe Farebrother
|
7e11d8ed07
|
Java: Add modelling for guava Sets
|
2021-01-25 16:37:40 +00:00 |
|
Joe Farebrother
|
d1427fcd93
|
Java: Add modelling for Guava's collection classes
|
2021-01-25 16:37:40 +00:00 |
|
Luke Cartey
|
5c6f5b7b33
|
Java: Track taint through Spring Java bean getters on super types
|
2021-01-20 16:53:03 +00:00 |
|
Anders Schack-Mulligen
|
dde8d320f3
|
Apply suggestions from code review
Minor qldoc fixes.
|
2021-01-19 08:24:24 +01:00 |
|
Marcono1234
|
703336a77f
|
Add ArrayInit.getSize(), improve documentation
|
2021-01-18 16:44:53 +01:00 |
|
luchua-bc
|
32c54628f8
|
Drop fieldName from the function for runtime evaluation
|
2021-01-15 12:33:00 +00:00 |
|
luchua-bc
|
e5a703e49c
|
Revamp the query
|
2021-01-15 04:05:11 +00:00 |
|
intrigus-lgtm
|
b8076481bf
|
Java: Suggestions from Review
|
2021-01-13 20:32:23 +01:00 |
|