hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
28,569 Commits 1,671 Branches 157 Tags
aeisenberg/codeql-workspace
Commit Graph

355 Commits

Author SHA1 Message Date
Joe Farebrother
a9dde419d2 Fix up test 2021-10-21 16:46:07 +01:00
Joe Farebrother
447e06d92a Rename from SensitiveBroadcast to SensitiveCommmunication 2021-10-20 17:09:59 +01:00
Joe Farebrother
daf6ac2584 Update tests to InlineFlowTest 2021-10-20 17:09:58 +01:00
Joe Farebrother
d7c7776495 Add additional models; fix up tests 2021-10-20 17:09:57 +01:00
Joe Farebrother
ae461bcfe4 Switch to inline expectations tests 2021-10-20 17:09:57 +01:00
Joe Farebrother
c68a7077d7 Move query and tests out of experimental 2021-10-20 17:09:56 +01:00
Anders Schack-Mulligen
57cb300759 C++/C#/Java/JavaScript/Python: Remove singleton set literals. 2021-10-14 11:34:22 +02:00
Chris Smowton
1dffbcd0bd Fix tests disrupted by re-modelling and stubbing Android 9: 
* Account for changed dataflow graph shape using external flow
* Account for BaseBundle only existing as of Android 5
* Properly implement Parcelable, which we previously got away with due to a partial stub
* Restore an Android 11 function that had been added to the Android 9 Context class (I won't get into enforcing the difference in this PR)
 2021-10-12 12:35:05 +01:00
Chris Smowton
cd2c9e9ca3 Add Gson support to unsafe deserialization query 2021-10-12 12:35:04 +01:00
Tony Torralba
a86cbd884e Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-10-05 09:40:22 +02:00
Tony Torralba
2d1278ece5 Consider setStartTLSRequired for Apache SimpleEmail 2021-10-05 09:18:48 +02:00
Tony Torralba
baffb0ed89 Consider Jakarta Mail 2021-10-05 09:18:47 +02:00
Tony Torralba
73653f77aa Use InlineExpectationsTest 2021-10-05 09:18:45 +02:00
Tony Torralba
0e149f0523 Move from experimental 2021-10-05 09:18:44 +02:00
f1v3
168fc4170d Apply suggestions from code review 2021-09-30 14:26:14 +01:00
f1v3
f3bde56de9 detects a hard-coded cipher key for shiro 2021-09-30 14:22:48 +01:00
Chris Smowton
60a023d064 Merge pull request #5852 from luchua-bc/java/hardcoded-azure-credential 
Java: CWE-798 Query to detect hard-coded Azure credentials
 2021-09-30 14:11:29 +01:00
Anders Schack-Mulligen
cfa0d46b73 Merge pull request #6097 from atorralba/atorralba/promote-xslt-injection 
Java: Promote XSLT Injection from experimental
 2021-09-27 13:14:57 +02:00
Tony Torralba
6967b06dee Decouple XsltInjection.qll to reuse the taint tracking configuration 2021-09-27 11:59:51 +02:00
Tony Torralba
108118afa3 Use InlineExpectationsTest 2021-09-27 11:58:18 +02:00
Tony Torralba
c792567904 Move from experimental 2021-09-27 11:57:53 +02:00
Tony Torralba
6d9a88d1c8 Move to lib 2021-09-27 11:43:46 +02:00
Tony Torralba
94f32d2985 Decouple SpelInjection.qll to reuse the taint tracking configuration 2021-09-27 11:39:30 +02:00
Tony Torralba
569426b04e Consider subtypes of Expression and ExpressionParser 
Add parseRaw as additional taint step
 2021-09-27 11:38:12 +02:00
Tony Torralba
b985ddb868 Use InlineExpectationsTest 2021-09-27 11:37:41 +02:00
Tony Torralba
fc6af0476f Moved from experimental 2021-09-27 11:36:48 +02:00
Anders Schack-Mulligen
2cbad4aed6 Merge pull request #6600 from atorralba/atorralba/fix-conditionalbypass 
Java: Fix performance of the query User-controlled bypass of sensitive method
 2021-09-17 16:07:39 +02:00
Marcono1234
020aa4d94c Java: Address feedback and fix test failures 2021-09-16 14:10:48 +01:00
Tony Torralba
f18c163408 Improve handling of the 'author' word as an exception 2021-09-16 11:57:28 +02:00
Tony Torralba
21079a1315 Fix conditionControlsMethod predicate 
Exceptions for throw and return statements were missing the appropriate condition
 2021-09-15 17:51:51 +02:00
Tony Torralba
5ed9949498 Adapt InsecureBasicAuth to the previous commit 2021-09-15 17:20:28 +02:00
Tony Torralba
30178d4f23 Decouple InsecureBasicAuth.qll to reuse the taint tracking configuration 2021-09-15 17:20:27 +02:00
Tony Torralba
148443fae1 Use InlineExpectationsTest 2021-09-15 17:20:27 +02:00
Tony Torralba
2cada386b4 Refactored into InsecureBasicAuth.qll 2021-09-15 17:20:27 +02:00
Tony Torralba
905be67aae Moved from experimental 2021-09-15 17:20:27 +02:00
Anders Schack-Mulligen
3f7d6e6f85 Merge pull request #6136 from smowton/smowton/admin/spring-xss-content-type-sensitivity 
Spring HTTP: improve content-type sensitivity
 2021-09-15 09:50:56 +02:00
Chris Smowton
6cff0d0376 Merge pull request #6393 from luchua-bc/java/xss-jsf 
Java: CWE-079 Query to detect XSS with JavaServer Faces (JSF)
 2021-09-14 15:15:56 +01:00
Tony Torralba
4e93330cb9 Improved tests 
Note that a FN test case was added
 2021-09-14 15:51:08 +02:00
Anders Schack-Mulligen
26eafcb55a Merge pull request #6456 from smowton/smowton/admin/flexjson-unsafe-deserialization 
Java: add unsafe-deserialization support for Flexjson
 2021-09-14 14:33:22 +02:00
Tony Torralba
0640b41f00 Adjust tests 2021-09-14 13:44:53 +02:00
Chris Smowton
fcc0f1d5a7 Expand test to exercise all sinks 2021-09-14 12:27:33 +01:00
Tony Torralba
f8d1e2ac11 Refactor tests to use InlineExpectationsTest 2021-09-14 13:16:45 +02:00
luchua-bc
24addd5c10 Query to detect XSS with JavaServer Faces (JSF) 2021-09-14 11:47:32 +01:00
Chris Smowton
122ffca049 Merge pull request #6645 from Marcono1234/marcono1234/spurious-javadoc-param-generic-class 
Java: Detect spurious param Javadoc tag of generic classes
 2021-09-13 16:41:06 +01:00
Chris Smowton
9b488207eb Add support for the Flexjson framework to the unsafe-deserialization query 2021-09-10 16:27:23 +01:00
Chris Smowton
b47939c737 Note resolved spurious results 2021-09-10 16:10:54 +01:00
Chris Smowton
d940085384 Spring HTTP: inherit produced content-types from surrounding class 2021-09-10 16:10:52 +01:00
Chris Smowton
bdd135dbff Spring HTTP: mark explicitly content-typed body calls as sinks 
Previously only the return from the request-handler method constituted a sink, and was filtered by the Produces annotation if any, even though a BodyBuilder could explicitly override.

These sinks are also marked as out-barriers to avoid duplicate paths when the Produces annotation is in agreement.
 2021-09-10 16:10:50 +01:00
Chris Smowton
701d0bcdca Spring content types: recognise constant content-type strings 2021-09-10 16:10:48 +01:00
Chris Smowton
3b6cc97557 Sanitize Spring bodies directly associated with an XSS-safe Content-Type 2021-09-10 16:10:44 +01:00