codeql

mirror of https://github.com/github/codeql.git synced 2025-12-21 03:06:31 +01:00

Author	SHA1	Message	Date
Artem Smotrakov	14e724bce6	Added sinks for RmiBasedExporter and HessianExporter	2021-06-23 09:53:47 +02:00
haby0	a73cb3f04a	Fix error	2021-06-18 17:22:26 +08:00
haby0	0d18e4ff9c	BeanShell Injection	2021-06-18 15:54:13 +08:00
Chris Smowton	7509e36382	Remove no-longer-needed BasicRequestLine model from InsecureBasicAuth.ql; adjust test expectations accordingly	2021-06-17 11:43:33 +01:00
Chris Smowton	487c1db6ed	Promote SSRF query to main query set	2021-06-17 11:41:01 +01:00
Anders Schack-Mulligen	8fe2f4a554	Merge pull request #6034 from owen-mc/java/jax-rs Improve JAX-WS and JAX-RS models	2021-06-17 12:35:34 +02:00
Chris Smowton	76838809bb	Merge pull request #5818 from artem-smotrakov/rmi-deserialization Java: Unsafe RMI deserialization	2021-06-11 13:43:07 +01:00
Owen Mansel-Chan	e0130a932e	Update experimental query using NewCookie	2021-06-10 13:33:20 +01:00
Owen Mansel-Chan	ee6019a2d8	Fix tests for experimental httponly query	2021-06-10 13:31:28 +01:00
Anders Schack-Mulligen	96da85449d	Merge pull request #5823 from atorralba/promote-jexl-injection Java: Promote JEXL Injection query from experimental	2021-06-07 10:03:12 +02:00
Tony Torralba	56a429a5f9	Merge branch 'main' into promote-jexl-injection	2021-06-03 11:10:56 +02:00
Anders Schack-Mulligen	43d1b0ab27	Java: Update qltests.	2021-06-01 11:47:52 +02:00
Anders Schack-Mulligen	a4661e1aca	Merge pull request #5704 from edvraa/regexj Java: Regex injection	2021-06-01 11:45:59 +02:00
Artem Smotrakov	c837605c85	Added test cases with sanitizers for UnsafeDeserializationRmi.ql	2021-05-23 13:01:22 +02:00
Artem Smotrakov	d2e29fc72c	Renamed RmiUnsafeDeserialization.ql -> UnsafeDeserializationRmi.ql	2021-05-23 10:21:05 +02:00
Artem Smotrakov	e28f919f3d	Look for remote callable method only in RmiUnsafeDeserialization.ql	2021-05-23 10:21:05 +02:00
Artem Smotrakov	5ffe04d6a5	Updated expected output for RmiUnsafeDeserialization.java test	2021-05-23 10:21:04 +02:00
Artem Smotrakov	3d20330a92	More tests for RmiUnsafeDeserialization	2021-05-23 10:21:04 +02:00
Artem Smotrakov	ec6186a1c5	Draft of tests for RmiUnsafeDeserialization.ql	2021-05-23 10:21:04 +02:00
luchua-bc	e4699f7fa9	Optimize the query	2021-05-18 16:12:22 +00:00
luchua-bc	d664aa6d6a	Include more scenarios and update qldoc	2021-05-18 16:12:22 +00:00
luchua-bc	852bcfb5c7	Refactor the ScriptEngine query and the Rhino code injection query into one	2021-05-18 16:12:22 +00:00
luchua-bc	b0b5338359	Rhino code injection	2021-05-18 16:12:22 +00:00
Chris Smowton	4230869ee2	Merge pull request #5819 from luchua-bc/java/jpython-injection Java: CWE-094 Jython code injection	2021-05-18 16:38:40 +01:00
Chris Smowton	71f540a755	Merge pull request #5844 from haby0/SpringRedirects [Java] CWE-601 Spring url redirection detect	2021-05-18 16:37:40 +01:00
haby0	a0cd551bae	Add filtering of String.format	2021-05-18 11:05:10 +08:00
haby0	498c99e26c	Add left value, Add return expression tracing flow	2021-05-14 16:31:59 +08:00
haby0	effa2b162a	Add spring url redirection detect	2021-05-13 09:55:37 +08:00
luchua-bc	e7cd6c9972	Optimize the query	2021-05-11 16:56:12 +00:00
Chris Smowton	0afe22d60c	Merge pull request #5710 from p0wn4j/jsch-os-injection [Java] CWE-078: Add JSch lib OS Command Injection sink	2021-05-10 16:12:00 +01:00
Tony Torralba	e78e5b9ee4	Merge branch 'main' into promote-jexl-injection	2021-05-07 12:36:49 +02:00
luchua-bc	703fbf139a	Add more methods and update the library name	2021-05-04 02:54:49 +00:00
Tony Torralba	4bfd34b1fe	Moved from experimental	2021-05-03 13:15:24 +02:00
Tony Torralba	38e052482c	More csv sinks and sources	2021-05-03 12:44:53 +02:00
luchua-bc	4709e8139d	JPython code injection	2021-05-03 01:43:56 +00:00
Chris Smowton	b2c0259197	Merge pull request #5631 from haby0/UseOfLessTrustedSource [Java] CWE-348: Using a client-supplied IP address in a security check	2021-04-30 15:20:53 +01:00
haby0	fdcc517b9f	UseOfLessTrustedSource -> ClientSuppliedIpUsedInSecurityCheck"	2021-04-30 17:43:34 +08:00
Chris Smowton	ad9ea40954	Merge pull request #5597 from intrigus-lgtm/java/jwt-insecure-parse [Java] JWT without signature check.	2021-04-29 14:41:11 +01:00
haby0	e813257431	use hardCode	2021-04-29 21:23:52 +08:00
intrigus	a8865e2fa2	Java: Cleanup jwt stubs.	2021-04-28 20:46:09 +02:00
haby0	5be9fbbc5a	Remove LogOperationSink and PrintSink	2021-04-27 14:12:33 +08:00
p0wn4j	3d891f0b39	[Java] CWE-078: Add JSch OS command injection sink	2021-04-26 18:20:32 +04:00
edvraa	ade238307f	Add a test	2021-04-22 10:02:06 +03:00
haby0	454324781d	delete IfStmt	2021-04-22 11:59:33 +08:00
edvraa	13655b5d80	Add RegExUtils	2021-04-21 13:08:35 +03:00
p0wn4j	f2de440886	[Java] CWE-094: Query to detect Groovy Code Injections	2021-04-20 19:18:24 +04:00
haby0	8296abcea8	Fix Modify the ql query (the qhelp part is not modified).	2021-04-19 20:59:47 +08:00
Anders Schack-Mulligen	175c71221a	Java: Adjust some test output with more edges/nodes.	2021-04-19 14:06:27 +02:00
haby0	23b508c5e7	Merge remote-tracking branch 'upstream/main' into UseOfLessTrustedSource	2021-04-19 20:05:49 +08:00
edvraa	29e320627f	Regex injection	2021-04-16 23:29:08 +03:00

1 2 3 4 5 ...

264 Commits