hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 02:13:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
25,031 Commits 1,671 Branches 157 Tags
codeql-cli/v2.6.0
Commit Graph

3156 Commits

Author SHA1 Message Date
Chris Smowton
7a2704373f Merge pull request #5943 from joefarebrother/java-stub 
[Java] Add stubbing script
 2021-08-11 16:11:53 +01:00
github-actions[bot]
5db82651fe Add changed framework coverage reports 2021-08-11 00:13:37 +00:00
Joe Farebrother
7462180dcd Improve handling or array types 2021-08-10 16:52:38 +01:00
Chris Smowton
9f9c76390f Nudge CI 2021-08-10 09:12:18 +01:00
github-actions[bot]
22fe354aab Add changed framework coverage reports 2021-08-10 00:07:47 +00:00
Chris Smowton
5ba9347281 Merge pull request #6006 from artem-smotrakov/timing-attacks 
Java: Timing attacks while comparing results of cryptographic operations
 2021-08-09 15:30:47 +01:00
Chris Smowton
171dc26531 Fix test reference and expectations 2021-08-09 13:56:55 +01:00
Anders Schack-Mulligen
c29353db80 Merge pull request #6424 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2021-08-05 09:48:53 +02:00
Tony Torralba
0356ed7f9e Merge pull request #5911 from atorralba/atorralba/promote-missing-jwt-signature-check 
Java: Promote Missing JWT signature check query from experimental
 2021-08-05 09:43:03 +02:00
Anders Schack-Mulligen
1932f604dc Merge pull request #6419 from smowton/smowton/admin/unsafe-deserialization-jabsorb 
Add unsafe-deserialization support for Jabsorb
 2021-08-05 09:04:23 +02:00
github-actions[bot]
9d13edb325 Add changed framework coverage reports 2021-08-05 00:08:17 +00:00
Fosstars
b913928294 Renamed queries and merged qhelp files 2021-08-04 17:54:16 +02:00
Chris Smowton
1f08c3fe55 Move test files to appropriate package directories 2021-08-04 16:50:03 +01:00
Chris Smowton
5a42448888 Code review suggestions 
- Remove unneeded import
- Remove unnecessary `toLowerCase` call
 2021-08-04 16:08:07 +01:00
Chris Smowton
69549e9ce3 Add unsafe-deserialization support for Jabsorb 
This is partly extracted from https://github.com/github/codeql/pull/5954
 2021-08-04 15:35:50 +01:00
Anders Schack-Mulligen
5f9f857c34 Update java/ql/src/semmle/code/java/security/JWT.qll 2021-08-04 16:23:21 +02:00
Anders Schack-Mulligen
78998d0ca1 Update java/ql/src/semmle/code/java/security/JWT.qll 2021-08-04 16:22:56 +02:00
Anders Schack-Mulligen
6a09a5667d Merge pull request #5931 from atorralba/atorralba/promote-jndi-injection 
Java: Promote JNDI Injection query from experimental
 2021-08-04 15:48:44 +02:00
Tony Torralba
bc9563c073 Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-08-04 14:40:32 +02:00
Tony Torralba
989afb446e Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-08-04 14:07:10 +02:00
Tony Torralba
a046d75ea6 Apply suggestions from code review 2021-08-04 13:15:49 +02:00
Tony Torralba
452fd9a8e3 Refactor to path query 2021-08-04 13:05:18 +02:00
turbo
a8f84da7ac Update Security-Severity for CWE-918 2021-08-04 12:17:21 +02:00
Tony Torralba
b586f3ec9c Make the additional flow step abstract 2021-08-04 12:11:17 +02:00
Tony Torralba
f4bc4df8c1 Renamed JWTQuery so that it's named after the actual query name 2021-08-04 12:08:08 +02:00
github-actions[bot]
8a2acda53c Add changed framework coverage reports 2021-08-04 00:07:10 +00:00
Chris Smowton
eaf3d3cc03 Merge pull request #6162 from smowton/smowton/feature/jax-rs-content-type-sensitivity-fixes 
Jax-RS: implement content-type tracking
 2021-08-03 14:53:31 +01:00
Anders Schack-Mulligen
7fb1e1578e Merge pull request #5894 from atorralba/atorralba/promote-ognl-injection 
Java: Promote OGNL Injection query from experimental
 2021-08-03 15:31:40 +02:00
Anders Schack-Mulligen
be6fd7c22e Merge pull request #6382 from bmuskalla/stringValueOfTaint 
Track taint for String.valueOf(..)
 2021-08-03 15:30:30 +02:00
Chris Smowton
3bf41491b3 Apply suggestions from code review 2021-08-03 14:15:39 +01:00
Benjamin Muskalla
8ce841493c Avoid taint for valueOf(Object) 2021-08-03 14:46:55 +02:00
Anders Schack-Mulligen
c0d76da1a6 Merge pull request #5846 from atorralba/atorralba/promote-unsafe-android-webview-fetch 
Java: Promote Unsafe resource loading in Android WebView from experimental
 2021-08-03 14:24:34 +02:00
Tony Torralba
f5cbec4938 Fix tests affected by Jackson stubs changes 2021-08-03 14:22:55 +02:00
Anders Schack-Mulligen
fb9feabe64 Merge pull request #6062 from atorralba/atorralba/promote-groovy-injection 
Java: Promote Groovy Code Injection from experimental
 2021-08-03 14:19:15 +02:00
Tony Torralba
a33e0bce9d Fix tests affected by Jackson stubs changes 2021-08-03 13:15:45 +02:00
Tony Torralba
c44de87503 Fix reference to PostUpdateNode 2021-08-03 12:45:12 +02:00
Chris Smowton
36379146c5 Resync dataflow clone 2021-08-03 11:03:30 +01:00
Joe Farebrother
a4659f4e96 Exclude package protected members 2021-08-03 10:51:39 +01:00
Chris Smowton
afa827829a Make imports private where possible 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-08-03 10:36:46 +01:00
Chris Smowton
a52c4746bc Improve docs 2021-08-03 10:36:46 +01:00
Chris Smowton
75310a6609 Create a dataflow instance specifically for the Serializability library 
Otherwise because this dataflow instance populates AdditionalTaintStep there is an ever-present danger that a user will stumble into creating a recursive configuration, or at least that by using DataFlow5::Configuration for any other purpose they will needlessly recalculate the Serializability dataflow results.
 2021-08-03 10:36:46 +01:00
Chris Smowton
f83f950be6 Merge pull request #6325 from smowton/smowton/feature/org-json-models 
Java: add models of JSON-java, aka `org.json`
 2021-08-03 10:33:49 +01:00
Tony Torralba
084cda6daa Merge branch 'main' into atorralba/promote-groovy-injection 2021-08-03 09:53:46 +02:00
Tony Torralba
36565802dc Delete unnecesary file 
RequestForgery.expected in experimental was an artifact from a merge that wasn't adequately removed
 2021-08-03 09:48:04 +02:00
Tony Torralba
8852f69d36 Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-08-03 09:46:32 +02:00
github-actions[bot]
cd65baf481 Add changed framework coverage reports 2021-08-03 00:07:34 +00:00
Chris Smowton
fad1622730 Merge pull request #5435 from haby0/DynamicallyLoadedClasses 
Java: CWE-470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
 2021-08-02 16:04:30 +01:00
Tony Torralba
08bdd1aa7a Merge branch 'main' into atorralba/promote-ognl-injection 2021-08-02 16:05:38 +02:00
Tony Torralba
8b50b3d00f Add jackson-core to test dependencies 2021-08-02 16:04:49 +02:00
Chris Smowton
09a873138d Add missing qldoc 2021-08-02 14:48:42 +01:00