hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,643 Commits 1,671 Branches 157 Tags
alexet/avoid-path-node-java
Commit Graph

5825 Commits

Author SHA1 Message Date
Tony Torralba
cf7091ae5f Merge branch 'main' into atorralba/java/open-redirect-sanitizer 2024-02-12 10:31:52 +01:00
Tony Torralba
e6623ebe4c Add change note 2024-02-12 10:10:42 +01:00
Joe Farebrother
16aed18821 Address reviews - Elaborate on docs and update severity 2024-02-09 13:53:36 +00:00
Anders Schack-Mulligen
b7d4a6926f Dataflow: Add empty provenance column to PathGraph. 2024-02-09 11:27:30 +01:00
Joe Farebrother
f4b6a85a48 Fix typo in qldoc 2024-02-09 10:09:24 +00:00
Tony Torralba
4c0d535cc2 Merge pull request #12886 from atorralba/atorralba/java/path-injection-mad-sinks 
Java: Refactor path injection sinks
 2024-02-09 10:48:49 +01:00
Tony Torralba
34f74869c8 Java: Add extension point and default sanitizer to Open Redirect query 2024-02-09 09:11:07 +01:00
Dave Bartolomeo
92bd550c55 Merge pull request #15531 from github/post-release-prep/codeql-cli-2.16.2 
Post-release preparation for codeql-cli-2.16.2
 2024-02-08 05:58:17 -08:00
Jonathan Leitschuh
1484a169d7 Reduce severity of java/relative-path-command 
Significantly reduces the severity of `java/relative-path-command` from 9.8 to 5.4

https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
 2024-02-06 15:43:19 -05:00
github-actions[bot]
b5139078d0 Post-release preparation for codeql-cli-2.16.2 2024-02-06 19:22:35 +00:00
Erik Krogh Kristensen
879d882fa4 Java: fix typo in JndiInjection.qhelp 2024-02-06 15:17:30 +01:00
github-actions[bot]
c1b35fbf47 Release preparation for version 2.16.2 2024-02-05 17:58:57 +00:00
Joe Farebrother
596f48ca95 Add change note 2024-02-02 17:35:07 +00:00
Joe Farebrother
5022adba56 Fixes to qhelp example 2024-02-02 17:26:00 +00:00
Joe Farebrother
3878192810 Apply suggestions from documentation review 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2024-02-02 17:21:23 +00:00
Joe Farebrother
2a00375bb7 Add documentation 2024-02-02 14:34:43 +00:00
Joe Farebrother
9098428c2a Add security severity 2024-02-01 14:28:14 +00:00
Joe Farebrother
8bd79908a6 Implement local auth query 2024-01-30 16:49:55 +00:00
Joe Farebrother
3abd67064d Add change note 2024-01-29 16:33:07 +00:00
Joe Farebrother
8d201626e1 Add documentation 2024-01-29 16:25:38 +00:00
Joe Farebrother
6081f18089 Add unit tests + make some fixes 2024-01-29 16:25:37 +00:00
Joe Farebrother
5dd0addfc2 Add sensitive text flow query 2024-01-29 16:25:36 +00:00
Joe Farebrother
031bd8bd0c Merge pull request #15281 from joefarebrother/android-sensitive-ui-notif 
Java: Add query for exposure of sensitive information to android notifiactions
 2024-01-26 16:42:55 +00:00
Henry Mercer
452359f20e Merge pull request #15446 from github/codeql-cli-2.16.1 
Merge `codeql-cli-2.16.1` back to `main`
 2024-01-26 15:52:56 +00:00
Henry Mercer
6bef1404fd Merge remote-tracking branch 'origin/codeql-cli-2.16.1' into henrymercer/2.16.0-mergeback 2024-01-26 13:53:13 +00:00
Tony Torralba
2a146405ac Adjust tests 2024-01-26 12:38:32 +01:00
Tony Torralba
1d2a51c522 Rename change note 2024-01-26 12:20:47 +01:00
Tony Torralba
19cb7adb6d Migrate path injection sinks to MaD 
Deprecate and stop using PathCreation

Path creation sinks are now summaries
 2024-01-26 12:19:54 +01:00
Tony Torralba
661c5cf6aa Merge pull request #15409 from erik-krogh/path-java 
Java: Improve the QHelp for `java/path-injection`.
 2024-01-25 17:14:59 +01:00
erik-krogh
73e3fada44 add missing </p> 2024-01-25 12:14:10 +01:00
erik-krogh
05a59d2a94 apply suggestions from doc review 2024-01-25 11:20:46 +01:00
github-actions[bot]
d0b74c00fe Post-release preparation for codeql-cli-2.16.1 2024-01-23 23:02:29 +00:00
github-actions[bot]
7ef611e6dc Release preparation for version 2.16.1 2024-01-23 19:45:16 +00:00
erik-krogh
158ff0da0a add a trailing slash to the folder check in the QHelp for java/path-injection 2024-01-23 14:46:02 +01:00
erik-krogh
00dadeb3bf delete the markdown file again 2024-01-23 12:57:15 +01:00
erik-krogh
57e0b3cceb iterate on the java/path-injection qhelp 2024-01-23 12:56:43 +01:00
erik-krogh
4958c19c67 move the examples for the qhelps into an example/ folder 2024-01-23 12:56:23 +01:00
erik-krogh
6b66f5cbc5 check in the TaintedPath qhelp as markdown to get pretty diffs 2024-01-23 12:56:22 +01:00
Joe Farebrother
69faafa194 Add change note 2024-01-23 09:51:40 +00:00
Joe Farebrother
1190352b67 Add qhelp 2024-01-23 09:51:40 +00:00
Joe Farebrother
143ce0b94a Add sensitive notification query 2024-01-23 09:51:37 +00:00
Ed Minnix
fb80c5ea84 Rename SimpleScalarSanitizer to SimpleTypeSanitizer 2024-01-22 23:55:29 -05:00
Ed Minnix
696788e5b2 Rename semmle.code.java.security.dataflow.CommonSanitizers to semmle.code.java.security.Sanitizers 2024-01-22 23:52:19 -05:00
Ed Minnix
3311b3be8e Convert experimental queries' isBarrier to use instanceof SimpleScalarSanitizer 2024-01-22 23:38:29 -05:00
Tony Torralba
736df6fb05 Fix change note category for clarity 2024-01-18 17:09:34 +01:00
Alexander Eyers-Taylor
934474681d Merge pull request #15254 from github/post-release-prep/codeql-cli-2.16.0 
Post-release preparation for codeql-cli-2.16.0
 2024-01-16 14:50:40 +00:00
github-actions[bot]
57df8b92df Post-release preparation for codeql-cli-2.16.0 2024-01-15 15:00:50 +00:00
Michael Nebel
9becd0876f Merge pull request #15179 from michaelnebel/modelgenrespectmanual 
C#/Java: Increase precision of model generation.
 2024-01-12 15:12:21 +01:00
Michael Nebel
37a21ec548 Java: Address review comments. 2024-01-12 13:36:23 +01:00
Michael Nebel
6af0bca777 Java: Avoid generating contradicting summary and neutral summary models. 2024-01-12 13:36:23 +01:00