atorralba
Follow
Pinned
2,019 contributions in the last year
Activity overview
Contributed to
github/codeql,
federicoiosue/Omni-Notes,
atorralba/Omni-Notes
and 3 other
repositories
Contribution activity
May 2023
Created 25 commits in 1 repository
Created a pull request in github/codeql that received 3 comments
Java: Add Hudson models
Includes models-as-data rows, flow sources, and XSS sanitizers. Tests for models-as-data rows not included.
+195
−39
•
3
comments
Opened 6 other pull requests in 1 repository
github/codeql
3
merged
3
open
- Java: Add TemplateEngine.createTemplate as a Groovy injection sink
- Java: Add autogenerated models for frameworks related to Jenkins
- Java: Migrate path injection sinks to models-as-data (simplified)
-
Java: Add
XPath.evaluateas XXE sink - Java: Add SQLi sinks for Spring JDBC
- Java: Make inputStreamWrapper consider supertypes transitively
Reviewed 23 pull requests in 1 repository
github/codeql
23 pull requests
- ReDoS: add another example to the qhelp in poly-redos, showing how to just limit the length of the input
- Update CSV framework coverage reports
- Java: Add SQLi sinks for Spring JDBC
- [Java] Add basic support for Google's Gson library
- Java: Automodel Extraction Parameter Name Fix
-
Java: change
android-widgetMaD source kind toremote - Update CSV framework coverage reports
- Java: revamp MaD sink kinds
- Java: Automodel Framework Mode Extraction Queries
- Java: Update MaD Declarations after Triage
- Java: Fix ExternalApi.jarContainer().
- Update CSV framework coverage reports
-
Java: Add manual models for
org.apache.commons.net - Update CSV framework coverage reports
- Java: Minor perf fix for typePrefixContainsAux1.
- Update CSV framework coverage reports
-
Java: Model
io.jsonwebtoken.SigningKeyResolverAdapterandio.jsonwebtoken.JwsHeader -
Java: Move more dataflow configurations to
*Query.qllfiles - Java, C#: Make implicit this receivers explicit
- Java: Make implicit this receivers explicit
-
Java: switch
url-open-streamsink models toexperimentalSinkModel - WIP: Add threat models to java
- Java: Force high precision for MapValueContent.
Answered 3 discussions in 1 repository
github/codeql
github/codeql
-
Detecting flow from a function parameter field to a member of a class (java)
This contribution was made on May 17
-
This predicate does not override another predicate
This contribution was made on May 10
-
Codeql To detect log injection of sensitive data doesn't catch implicit toString() call
This contribution was made on May 8
51
contributions
in private repositories
May 1 – May 22