hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,643 Commits 1,671 Branches 157 Tags
alexet/avoid-path-node-java
Commit Graph

5825 Commits

Author SHA1 Message Date
Jonathan Leitschuh
472cca9221 Align Java CommandInjectionRuntimeExec.ql Severity 
Align severity with other command injection vulnerabilities:

- 4a448f445e/cpp/ql/src/Security/CWE/CWE-078/ExecTainted.ql (L8)
- 4a448f445e/go/ql/src/Security/CWE-078/CommandInjection.ql (L7)
- 4a448f445e/swift/ql/src/queries/Security/CWE-078/CommandInjection.ql (L7)
- 4a448f445e/javascript/ql/src/Security/CWE-078/CommandInjection.ql (L7)
 2024-06-21 10:29:27 -04:00
Michael Nebel
ed3f1e40db Java: Sync changes and make dummy language specific implementation. 2024-06-19 14:10:54 +02:00
Michael Nebel
cd9d58fdc8 Merge pull request #16772 from michaelnebel/java/taintedpermissionthreatmodel 
Java: Opt-in `java/tainted-permissions-check` to threat models.
 2024-06-18 10:54:28 +02:00
Michael Nebel
5686efd25c Update java/ql/src/change-notes/2024-06-17-tainted-permissions-check.md 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2024-06-17 16:47:22 +02:00
Michael Nebel
833b4f90bf Java: Make source and sink callable adapters. 2024-06-17 12:53:08 +02:00
Michael Nebel
c3862660e4 Java: Add change note. 2024-06-17 11:07:29 +02:00
Michael Nebel
a29446a566 C#/Java: Address review comments. 2024-06-14 10:46:19 +02:00
Michael Nebel
e247d5b316 Java: Sync files and make dummy language specific implementation. 2024-06-13 10:55:17 +02:00
Mathias Vorreiter Pedersen
67b327a0f7 Merge pull request #16725 from MathiasVP/rc-3.14-mergeback 
Mergeback from `rc/3.14`
 2024-06-11 17:37:40 +01:00
Mathias Vorreiter Pedersen
3351b9547d Merge branch 'rc/3.14' into rc-3.14-mergeback 2024-06-11 16:21:08 +01:00
Mauro Baluda
e9dba59f11 Merge branch 'main' into main 2024-06-10 19:57:00 +02:00
github-actions[bot]
8a25081a0e Post-release preparation for codeql-cli-2.17.5 2024-06-10 15:33:08 +00:00
github-actions[bot]
877bfa2468 Release preparation for version 2.17.5 2024-06-10 13:40:39 +00:00
Mauro Baluda
71505f4003 Added more org.apache.commons.io.FileUtils-related sinks to the path injection query. 2024-06-10 11:29:51 +02:00
Rakshith Gopalakrishna
798a736d16 fix: update changelog 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2024-06-04 11:20:05 -07:00
Rakshith Gopala krishna
0f63f0dda2 docs: add changenote 2024-06-04 11:20:05 -07:00
Tony Torralba
f16dd8c010 Apply code review suggestions. 2024-06-04 10:35:11 +02:00
Tony Torralba
f84c2a842d Java: Add more File-related sinks for path-injection 2024-06-04 10:35:07 +02:00
Mauro Baluda
48fc44baff Add release notes 2024-05-30 23:21:12 +02:00
github-actions[bot]
906b65d09c Post-release preparation for codeql-cli-2.17.4 2024-05-28 18:02:25 +00:00
github-actions[bot]
33b4ae8bbb Release preparation for version 2.17.4 2024-05-28 15:44:32 +00:00
Michael Nebel
78d4745722 Merge pull request #16578 from michaelnebel/java/dontliftneutral 
Java: Do not lift neutrals in Model generation.
 2024-05-24 09:19:20 +02:00
Dave Bartolomeo
f498e05099 Merge branch 'main' into dbartol/v1 2024-05-23 14:37:28 -04:00
Dave Bartolomeo
613ccaac1d Add change note to all v1.0.0 packs 2024-05-23 13:01:22 -04:00
Arthur Baars
b2c64eabd4 Merge pull request #16572 from github/aibaars-patch-2 
Java: include link to `remote source` in TrustBoundaryViolation.ql
 2024-05-23 18:16:11 +02:00
Michael Nebel
6f5bdfba65 Java: Do not lift neutrals and only generate for public endpoints. 2024-05-23 16:32:45 +02:00
Arthur Baars
b5b5fef642 Switch source and sink in TrustBoundaryViolation.ql 2024-05-23 15:53:12 +02:00
Arthur Baars
5c4eb3c943 Java: add change note 2024-05-23 13:06:01 +00:00
Arthur Baars
d540675b9e Update TrustBoundaryViolation.ql 2024-05-23 12:04:47 +00:00
Anders Schack-Mulligen
0f864081cb Java: Remove source dispatch when there's an exact match from a manual model. 2024-05-23 10:50:00 +02:00
Tony Torralba
d202355b07 Merge pull request #16553 from atorralba/atorralba/java/xxe-qhelp-reword 
Java: Reword recommendation section of XXE query
 2024-05-23 08:48:29 +02:00
Dave Bartolomeo
ffe4c8c87b Update all pack versions to 1.0.0 2024-05-22 13:39:08 -04:00
Tony Torralba
5ec3335b07 Java: Reword recommendation section of XXE query 2024-05-22 11:34:19 +02:00
Anders Schack-Mulligen
7828cb8f5a Java: Add change note. 2024-05-22 10:27:33 +02:00
Tom Hvitved
bebcd679a4 Address review comments 2024-05-21 14:51:52 +02:00
Tom Hvitved
454687d583 Data flow: Synthesize parameter return nodes 2024-05-21 14:47:42 +02:00
Michael Nebel
b1329fd806 Merge pull request #16362 from michaelnebel/java/removelocalqueries 
Java: Remove local query variants.
 2024-05-16 14:34:04 +02:00
Max Schaefer
3c47c1137d Simplify query. 2024-05-15 12:49:45 +01:00
github-actions[bot]
32e8b5c667 Post-release preparation for codeql-cli-2.17.3 2024-05-14 21:14:08 +00:00
github-actions[bot]
100166fa53 Release preparation for version 2.17.3 2024-05-14 19:23:18 +00:00
Michael Nebel
79c6834aa3 Merge pull request #16374 from michaelnebel/java/narrowsuperimpl 
Java: Improve finding best type for models and lifting.
 2024-05-14 13:12:04 +02:00
Anders Schack-Mulligen
76e740bc1d Java: Clean up some instances of getQualifiedName. 2024-05-13 13:06:44 +02:00
am0o0
02b0b402d6 remove useless predicate 
add missed FlowState
 2024-05-12 19:29:37 +02:00
am0o0
be03e582c6 remove isBarrier 2024-05-12 18:17:47 +02:00
am0o0
9fffd7846a remove empty predicates, fix FP for zipFile 2024-05-12 18:16:57 +02:00
am0o0
c9daf914cb remove unused predicate 2024-05-12 14:09:55 +02:00
am0o0
3eb5778543 upgrade FlowState to new DecompressionState 2024-05-12 14:08:52 +02:00
am0o0
e23cbeda24 update to MethodCall 2024-05-12 13:54:21 +02:00
am0o0
4b68dd2315 add new additional taint steps, fix some comments 2024-05-12 13:51:08 +02:00
Am
9946e07f36 Merge branch 'github:main' into amammad-java-bombs 2024-05-12 13:17:02 +02:00