Граф коммитов

455 Коммитов

Автор SHA1 Сообщение Дата
yh-semmle de65f023d6
Merge pull request #2167 from aschackmull/java/dataflow-out-of-arg-refactor
Java/C++/C#: Refactor dataflow to simplify return flow.
2019-11-15 11:10:06 -05:00
Anders Schack-Mulligen 81a90943c0 Java: Fix range analysis bug where int was assumed. 2019-11-15 15:08:14 +01:00
Anders Schack-Mulligen 106b8cfbca Java/C++/C#: Fix bad magic and bad join-order. 2019-11-14 13:17:17 +01:00
Anders Schack-Mulligen 6a2edce040
Merge pull request #2205 from rneatherway/java/hamcrest-nullness
Java: Respect Hamcrest assertThat(X, notNullValue())
2019-11-14 13:09:56 +01:00
Dave Bartolomeo e89ecc19e3
Merge pull request #2302 from max-schaefer/test-qlpacks
Add `qlpack.yml` files for test folders.
2019-11-13 12:21:19 -07:00
yh-semmle 429c307832
Merge pull request #2304 from aschackmull/java/rangeanalysis-integral-fix
Java: Fix range analysis bug in integral inequality bounds.
2019-11-12 16:33:12 -05:00
Anders Schack-Mulligen 7619275c8b Java: Fix range analysis bug in integral inequality bounds. 2019-11-12 17:28:40 +01:00
Anders Schack-Mulligen 8cd6b51763 Java: Add ConditionalExpr to overflow candidate pattern. 2019-11-12 17:27:18 +01:00
Max Schaefer 5b2e32b051 Add `qlpack.yml` files for test folders. 2019-11-12 15:03:02 +00:00
Anders Schack-Mulligen e6d0a2eca5
Merge pull request #2215 from yh-semmle/java-remove-obsolete-queries
Java: remove some obsolete metric queries
2019-11-12 10:14:55 +01:00
Anders Schack-Mulligen b0fecbce28
Merge pull request #2230 from yh-semmle/java-move-cwe502-lib
Java: move `UnsafeDeserialization.qll` to standard library location
2019-11-11 10:44:52 +01:00
Sauyon Lee 0040c9fb4c
Update links to OWASP cheat sheet 2019-11-06 20:21:47 -08:00
Robin Neatherway 7850d67a78 Remove TODO comment
I've checked Hamcrest versions 1.3, 2.0, 2.1 and 2.2
2019-11-06 17:47:02 +00:00
yh-semmle e232f538e9 Java 13: update test options 2019-11-02 16:09:32 -04:00
yh-semmle e8a65101bc Java 13: add db stats for `@yieldstmt` 2019-11-02 16:09:32 -04:00
yh-semmle de0869c216 Java 13: remove superfluous disjunct in `JumpStmt.getAPotentialTarget()` 2019-11-02 16:09:31 -04:00
yh-semmle 8fb4dbe092 Java 13: account for changes to switch expressions 2019-11-02 16:09:31 -04:00
yh-semmle 9f37237b4a Java 13: add stmt kind `@yieldstmt` to dbscheme 2019-11-02 16:09:31 -04:00
Robin Neatherway d3016e5b98 Run autoformatter 2019-10-31 11:21:57 +00:00
yh-semmle 8620b0513e Java: move `UnsafeDeserialization.qll` to standard library location 2019-10-30 11:18:36 -04:00
Robin Neatherway 96f9a01355 Correct minor compilation errors in test code 2019-10-29 17:52:13 +00:00
Robin Neatherway 84202ff2e1 Java: Respect Hamcrest assertThat(X, notNullValue()) 2019-10-29 17:52:13 +00:00
Anders Schack-Mulligen d0842fc35d Java/C++/C#: Minor refactor following review comment. 2019-10-28 16:31:22 +01:00
Anders Schack-Mulligen 0ffcf9ce64
Merge pull request #2192 from JLLeitschuh/feature/JLL/http_response_splitting_netty
Add CWE-113 check for io.netty.handler.codec.http.DefaultHttpHeaders
2019-10-28 15:01:20 +01:00
Anders Schack-Mulligen 379ef1d2f9 Java: Fix bad magic and join-order. 2019-10-28 10:40:06 +01:00
Jonathan Leitschuh 934eed97df
Apply suggestions from code review for netty DefaultHttpHeaders
Co-Authored-By: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
2019-10-25 12:30:16 -04:00
yh-semmle 80fd5b2ada
Merge pull request #2175 from aschackmull/java/continue-in-false-loop
Java: Port C++ query cpp/continue-in-false-loop to Java.
2019-10-24 20:47:59 -04:00
Jonathan Leitschuh dcbd6e0a11 Add CWE-113 check for io.netty.handler.codec.http.DefaultHttpHeaders
Closes #2185
2019-10-24 10:27:40 -04:00
Anders Schack-Mulligen fe2988ab39
Merge pull request #2152 from yh-semmle/java-alert-suppression-annotations
Java: support LGTM alert suppression using `@SuppressWarnings` annotations
2019-10-24 15:04:29 +02:00
Anders Schack-Mulligen 3462624995 Java: Add test. 2019-10-23 16:24:26 +02:00
Henning Makholm 347d97c14c qlpack.json is now qlpack.yml 2019-10-22 17:36:35 +02:00
Anders Schack-Mulligen da57dbc528 Java: Port C++ query cpp/continue-in-false-loop. 2019-10-22 17:07:57 +02:00
Henning Makholm fd768a1af6 Add some new-style suite definitions 2019-10-22 15:51:00 +02:00
Anders Schack-Mulligen c37195b226 Java/C++/C#: Sync. 2019-10-22 11:42:35 +02:00
Anders Schack-Mulligen 2ffbb2ecd6 Java: Refactor dataflow to simplify return flow. 2019-10-22 11:42:35 +02:00
yh-semmle 28720679ad Java: remove some obsolete metric queries 2019-10-19 20:55:46 -04:00
yh-semmle afcde14403
Merge pull request #2085 from aschackmull/java/overflow-check-fp
Java: Add another overflow check pattern to UselessComparisonTest.
2019-10-18 11:01:24 -04:00
yh-semmle 155d14a185 Java: simplify `Extents.qll` 2019-10-18 09:46:00 -04:00
yh-semmle 4348241f72 Java: simplify `java/alert-suppression-annotations` 2019-10-18 09:45:49 -04:00
Anders Schack-Mulligen 27b8a46dac Java: Exclude loop conditions from overflow check heuristic. 2019-10-18 11:58:46 +02:00
yh-semmle ee2c97f147 Java: add extra test for `java/alert-suppression-annotations` 2019-10-17 22:09:04 -04:00
yh-semmle 62521dca32 Java: account for multiple strings in `java/alert-suppression-annotations` 2019-10-17 22:09:04 -04:00
yh-semmle f3a980deb6 Java: clarify predicate name in `java/alert-suppression-annotations` 2019-10-17 22:09:03 -04:00
yh-semmle d165ce95f2 Java: tidy QLDoc in `Extents.qll` 2019-10-17 22:09:03 -04:00
yh-semmle e3f828c588 Java: refine ranges in `java/alert-suppression-annotations` 2019-10-17 22:09:03 -04:00
yh-semmle b2bc8382b0 Java: add alert-suppression query for `@SuppressWarnings("lgtm[...]")` 2019-10-17 22:09:02 -04:00
Pavel Avgustinov 7fa6c54731
Merge pull request #2119 from hmakholm/pr/qlpacks
Add qlpack.json files
2019-10-16 14:27:10 +01:00
yh-semmle 5aced3e432
Merge pull request #2128 from AlexTereshenkov/move-qll-java
Move qll file to support import from custom QL queries
2019-10-15 11:39:10 -04:00
Anders Schack-Mulligen 309961d493
Merge pull request #2118 from yh-semmle/java-non-sync-override
Java: restrict `java/non-sync-override` to immediate overrides
2019-10-15 16:40:00 +02:00
alexey 715f1ddaca Move qll file to support import from custom QL queries 2019-10-15 14:55:09 +01:00