hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,643 Commits 1,671 Branches 157 Tags
alexet/avoid-path-node-java
Commit Graph

5825 Commits

Author SHA1 Message Date
Ed Minnix
cb0ea350b5 Improve docs 2023-12-15 11:09:07 -05:00
Ed Minnix
0efca8200d Weak Hashing query wording 2023-12-15 11:09:07 -05:00
Ed Minnix
86b57a11ac Bump change note date 2023-12-15 11:09:07 -05:00
Ed Minnix
93cf5b8eb9 Weak Hashing Property initial query 2023-12-15 11:09:07 -05:00
Anders Schack-Mulligen
7623432c76 Java: Remove/deprecate FlowStateString-based extension points. 2023-12-14 15:15:58 +01:00
Tom Hvitved
c8b4a215bc Merge pull request #14573 from hvitved/flow-summary-impl-param 
Move `FlowSummaryImpl.qll` to `dataflow` pack
 2023-12-14 12:24:15 +01:00
Jeroen Ketema
99e65df6ce Merge remote-tracking branch 'upstream/rc/3.12' into mb12 2023-12-13 15:43:39 +01:00
masterofnow
e1b8fabf7f Use global instead of local taint tracking. 2023-12-13 13:50:34 +08:00
masterofnow
8538c12267 Merge branch 'github:main' into LoadClassNoSignatureCheck 2023-12-13 13:47:40 +08:00
Tony Torralba
bd8f35bef7 Java: Fix FPs in Missing certificate pinning 
Local URIs should never require pinning
 2023-12-12 18:02:12 +01:00
Tony Torralba
27be5ba14b Merge pull request #15073 from atorralba/atorralba/java/remove-invalid-ognl-sinks 
Java: Remove invalid OGNL sinks
 2023-12-12 16:52:31 +01:00
Tony Torralba
103110f9c2 Java: Remove invalid OGNL sinks 
Fixes #15053
 2023-12-12 13:39:51 +01:00
Edward Minnix III
06eef93f89 Docs review suggestions 2023-12-11 11:18:40 -05:00
Edward Minnix III
ce20c4ae03 Docs review suggestions 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2023-12-11 11:18:40 -05:00
Ed Minnix
3ca039bc8f Rename to InsecureRandomness 2023-12-11 11:18:40 -05:00
Edward Minnix III
4678302edb Update query metadata 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2023-12-11 11:18:39 -05:00
Ed Minnix
4bdf2b5e18 Bump change note date 2023-12-11 11:18:39 -05:00
Ed Minnix
14fdfa4428 Add new sink kind and change note 2023-12-11 11:18:38 -05:00
Ed Minnix
e69ff7b601 Move to library and add docs 2023-12-11 11:18:38 -05:00
Ed Minnix
9f986ca527 Add Weak Randomness Query 2023-12-11 11:18:38 -05:00
Tom Hvitved
f9dbf676a6 Java: Use FlowSummaryImpl from dataflow pack 2023-12-10 11:25:45 +01:00
Ed Minnix
1b8f3f3450 Deprecate or remove imports of dataflow library copies 2023-12-08 10:42:10 -05:00
github-actions[bot]
92af5f5386 Post-release preparation for codeql-cli-2.15.4 2023-12-06 22:59:22 +00:00
github-actions[bot]
c04457e9e7 Release preparation for version 2.15.4 2023-12-06 21:11:50 +00:00
Tony Torralba
649dc9d1d4 Merge pull request #14993 from github/shati-patel/fix-cwe-tags 
Update inconsistent CWE tags
 2023-12-04 14:30:32 +01:00
Shati Patel
6284781a9b Update inconsistent CWE tags 
Most tags use the "external/cwe/cwe-xxx" format, except for these few queries. Updating them for consistency.
 2023-12-04 11:52:31 +00:00
Chris Smowton
ad713a7a93 Java: report any extracted file as successfully extracted 2023-12-01 22:35:00 +00:00
Chris Smowton
bbc0f29f16 Restrict getCheckedType to unrestricted records, introduce getSyntacticCheckedType and use that where appropriate 2023-11-30 11:24:05 +00:00
Chris Smowton
d2ff1baff0 Replace getDefaultOrNullDefaultCase with getDefaultCase 2023-11-30 11:24:03 +00:00
Chris Smowton
88d9caff8c Unused local query: exclude mandatory declarations 2023-11-30 11:24:02 +00:00
Chris Smowton
91774099fa Write-only container query: account for implicitly-initialised variables 2023-11-30 11:24:01 +00:00
Chris Smowton
bb6e04456a Boxed variable query: account for implicit-init variables 2023-11-30 11:24:01 +00:00
Chris Smowton
9035ba1f30 Fix isImplicitInit; use it in empty-container query 2023-11-30 11:24:01 +00:00
Chris Smowton
54a89d6fef Handle 'case null, default:' 2023-11-30 11:23:59 +00:00
Chris Smowton
9a450b09be Account for pattern-cases in more places 2023-11-30 11:23:59 +00:00
masterofnow
57d897d40f Merge branch 'main' into LoadClassNoSignatureCheck 2023-11-30 10:05:00 +08:00
amammad
97eb7b7b72 update example to include more logical vulnerable pattern, add documentations for ql classes 2023-11-22 09:27:55 +01:00
Arthur Baars
db180d9872 Merge pull request #14823 from github/post-release-prep/codeql-cli-2.15.3 
Post-release preparation for codeql-cli-2.15.3
 2023-11-19 12:13:42 +01:00
masterofnow
2952d8f65a Updated query to cover broader detection. 2023-11-18 18:52:47 +08:00
github-actions[bot]
bad499e360 Post-release preparation for codeql-cli-2.15.3 2023-11-17 14:35:41 +00:00
Max Schaefer
ca334021ad Merge pull request #14793 from github/max-schaefer/tainted-path-qhelp 
Java: Improve QHelp for `java/path-injection` to mention less disruptive fixes.
 2023-11-16 14:09:55 +00:00
github-actions[bot]
6ec9b95072 Release preparation for version 2.15.3 2023-11-16 13:07:16 +00:00
Max Schaefer
a5e7ef424e Revert "Add additional example." 
This reverts commit 947b094387.
 2023-11-16 11:54:16 +00:00
Max Schaefer
143e1680bd Apply suggestions from code review 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2023-11-16 11:42:35 +00:00
Max Schaefer
947b094387 Add additional example. 2023-11-16 10:06:19 +00:00
Max Schaefer
009d58034f Address suggestions from review. 2023-11-16 10:05:54 +00:00
Max Schaefer
a46a7fadb2 Java: Improve QHelp for java/path-injection to mention less disruptive fixes. 2023-11-15 11:25:13 +00:00
masterofnow
532f6a5b0c Removed @kind path-problem in comment. Added text message in select. 2023-11-13 08:27:07 +08:00
masterofnow
20592352d0 Updated text in LoadClassNoSignatureCheck.qhelp 2023-11-12 20:48:49 +08:00
masterofnow
fd66f47d82 Added LoadClassNoSignatureCheck.ql 2023-11-12 20:27:49 +08:00