hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
52,226 Commits 1,671 Branches 157 Tags
fec80973a9425632b51a46617b74628677af0da2
Commit Graph

1894 Commits

Author SHA1 Message Date
Ed Minnix
fec80973a9 Refactor SpelInjectionQuery 2023-03-24 09:57:55 -04:00
Ed Minnix
787b73317d Refactor TemplateInjection 2023-03-24 09:57:55 -04:00
Ed Minnix
7e1c42442a Refactor OgnlInjection 2023-03-24 09:57:55 -04:00
Ed Minnix
3116e306b1 Refactor MvelInjection 2023-03-24 09:57:55 -04:00
Ed Minnix
423ab1d9cf Refactor JndiInjection 2023-03-24 09:57:54 -04:00
Ed Minnix
8bf3315bb5 Refactor JexlInjection 2023-03-24 09:57:54 -04:00
Ed Minnix
7ee6c06f7f Refactor RegexInjectionQuery 2023-03-24 09:57:54 -04:00
Ed Minnix
c44254e2e0 Refactor XsltInjection 2023-03-24 09:57:54 -04:00
Tony Torralba
c395779b85 Merge pull request #12643 from chmodxxx/sbaddou/jndisanitizer 
Java : Add JndiInjection Sanitizer Class
 2023-03-24 09:04:54 +01:00
Anders Schack-Mulligen
9d88f01c82 Merge pull request #12645 from aschackmull/dataflow/renaming 
Dataflow: Rename Make to Global and hasFlow to flow
 2023-03-24 08:48:31 +01:00
Tony Torralba
3eed4b4186 Move JndiInjectionSanitizer to importable file 
Add change note
 2023-03-23 17:05:53 +01:00
Anders Schack-Mulligen
4993e7c149 Dataflow: Rename output signature 2023-03-23 13:39:53 +01:00
Salah Baddou
b1d9c65194 Add JndiInjection Sanitizer Class 2023-03-23 12:11:07 +00:00
Anders Schack-Mulligen
978c5f7bd8 Java/C++: Autoformat 2023-03-23 13:06:19 +01:00
Anders Schack-Mulligen
ec34d44359 Java: Rename references. 2023-03-23 13:06:19 +01:00
Anders Schack-Mulligen
2761aa73ca Dataflow: Sync. 2023-03-23 13:06:19 +01:00
Anders Schack-Mulligen
cfa5af969e Dataflow: Rename Make to Global and remove has* prefix. 2023-03-23 13:06:19 +01:00
Kasper Svendsen
ce6be1f636 Dataflow: Instantiate stage 1 access paths with proper unit type 2023-03-23 08:32:16 +01:00
Michael Nebel
915efffe21 Merge pull request #12610 from michaelnebel/java/validatespecs 
Java/C#: Validate all AccessPaths.
 2023-03-22 16:22:54 +01:00
Anders Schack-Mulligen
dc6729d0bf Merge pull request #12616 from aschackmull/java-csharp/redundant-sign-analysis-case 
Java/C#: Remove useless disjuncts.
 2023-03-22 13:33:46 +01:00
Michael Nebel
46ef954d5c Java: Validate all accesspaths except for Field. 2023-03-22 10:05:46 +01:00
Anders Schack-Mulligen
89d9d65755 Java/C#: Remove useless disjuncts. 2023-03-21 14:45:29 +01:00
Anders Schack-Mulligen
56288eb3d2 Java: Misc performance fixes 2023-03-21 14:26:13 +01:00
Edward Minnix III
ac58299d9e Merge pull request #12541 from egregius313/egregius313/refactor-queries-to-new-dataflow-api 
Java: Refactor more queries to the new DataFlow module API
 2023-03-20 12:24:26 -04:00
Anders Schack-Mulligen
3876e4335f Merge pull request #12420 from kaspersv/kaspersv/dataflow-remove-alias-preds 
Dataflow: Remove revFlowAlias and revFlowApAlias predicates
 2023-03-20 16:30:15 +01:00
Michael Nebel
17b3383043 Merge pull request #12556 from michaelnebel/java/argumentthis 
Java: Argument[-1] -> Argument[this]
 2023-03-20 15:59:59 +01:00
Erik Krogh Kristensen
a9d40d39d9 Merge pull request #12550 from erik-krogh/useNumberUtil 
Java/Python: use Number.qll to parse hex numbers in regex parsing
 2023-03-20 15:50:31 +01:00
Kasper Svendsen
1d2f1b6ae6 Address comments 2023-03-20 13:34:14 +01:00
Ed Minnix
1c661fd3ac Add missing QLDocs 2023-03-20 08:10:07 -04:00
Kasper Svendsen
e0e3a1d621 Dataflow: remove revFlowApAlias trick 2023-03-20 13:04:13 +01:00
Ed Minnix
60a4a79537 Make the Config module of public Flow modules public 
This is to make things easier for the CodeML/ATM team once these
configurations are moved from `src/` to `lib/`.
 2023-03-20 07:47:55 -04:00
Michael Nebel
0ec56203f9 Java: Introduce index validation. 2023-03-20 09:38:40 +01:00
Michael Nebel
9a3c2d3fbe Java: Update summary parsing to use this instead of -1 and adjust the model generator. 2023-03-20 09:38:40 +01:00
Michael Nebel
abd9f673e1 Java: Update the java internal documentation for models. 2023-03-20 09:38:39 +01:00
Kasper Svendsen
9630feb5e4 Dataflow: Remove revFlowAlias trick 2023-03-20 09:04:35 +01:00
Ed Minnix
c852d3a541 Rename configurations from "Conf" to "Config" 2023-03-19 17:55:53 -04:00
Ed Minnix
2d5944fb0e Refactor DataFlow configurations to use "Config" naming convention 2023-03-19 17:44:07 -04:00
Ed Minnix
d317de14c9 XXE Configuration Deprecation messages 2023-03-17 15:17:18 -04:00
Ed Minnix
271d50ba99 Refactor Security.CWE.CWE-611 Xxe queries 2023-03-17 15:17:18 -04:00
Ian Lynagh
b8fb4b9b0f Merge pull request #12521 from igfoo/igfoo/printast_sig 
Java: PrintAst: Improve the ranking of callables
 2023-03-17 11:43:40 +00:00
Ian Lynagh
13c2ef8c20 Java: PrintAst: Improve the ranking or callables 
We now look not only at how many parameters each callable has, but what
its full signature is. This allows us to give a consistent order to
    Test(Throwable) { ... }
    Test(String) { ... }
 2023-03-16 15:20:07 +00:00
erik-krogh
880632f536 use Number.qll to parse hex numbers in regex parsing for Python/Java 2023-03-16 14:25:53 +01:00
Michael Nebel
2e86bbd6cd Java: Introduce helper predicate to avoid empty predicate in IPA branch. 2023-03-16 14:11:53 +01:00
Tom Hvitved
9f798902bd Data flow: Add consistency check for DataFlowCall::getEnclosingCallable 2023-03-16 08:40:53 +01:00
Anders Schack-Mulligen
bc9942eb75 Merge pull request #12530 from aschackmull/java/refactor-dataflow-queries-3 
Java: Refactor more dataflow queries to the new API (take 3)
 2023-03-15 14:57:29 +01:00
Anders Schack-Mulligen
6408d7cbbe Java: Refactor RsaWithoutOaep. 2023-03-15 10:37:54 +01:00
Anders Schack-Mulligen
b3b5c2c767 Java: Refactor UnsafeContentUriResolution. 2023-03-15 10:32:58 +01:00
Anders Schack-Mulligen
4b814ec71c Java: Refactor SensitiveCommunication.ql. 2023-03-15 10:32:35 +01:00
Anders Schack-Mulligen
ca8e013618 Java: Refactor FragmentInjection. 2023-03-15 10:23:21 +01:00
Anders Schack-Mulligen
5bd530f570 Java: Refactor IntentUriPermissionManipulation. 2023-03-15 10:13:28 +01:00