hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,643 Commits 1,672 Branches 157 Tags
alexet/avoid-path-node-java
Commit Graph

5825 Commits

Author SHA1 Message Date
Tony Torralba
ca2959cf37 Merge pull request #8537 from atorralba/atorralba/unsafe_android_access_improvs 
Java: Improvements to UnsafeAndroidAccess
 2022-05-05 16:46:54 +02:00
luchua-bc
937ab417b1 Query to detect hardcoded JWT secret keys 2022-05-04 23:09:48 +00:00
Joe Farebrother
64227c9109 Fix codescanning alerts 2022-05-04 15:58:30 +01:00
Joe Farebrother
1605d36ddf Refine polynomial redos sources to exclude length limited methods 2022-05-04 15:41:39 +01:00
Joe Farebrother
6794268a3c Split PolynomialRedos definition into a library to avoid duplication in the tests 2022-05-04 15:41:38 +01:00
Joe Farebrother
2d963176bf Fix change note 2022-05-04 15:41:37 +01:00
Joe Farebrother
5364001aa2 Update docs to be about Java 2022-05-04 15:41:36 +01:00
Joe Farebrother
5143585080 Fix to PolynomialRedos not finding results and to test cases not finding that 2022-05-04 15:41:36 +01:00
Joe Farebrother
5b61de67de Implement style/doc suggestions from code review 2022-05-04 15:41:33 +01:00
Joe Farebrother
59945cd8b3 Add dataflow logic to PolynomialRedDoS 2022-05-04 15:41:30 +01:00
Joe Farebrother
37240f01d2 Copy Redos queries from python 
Todo: Implement dataflow for polynomialredos; update docs to reference java rather than python
 2022-05-04 15:40:58 +01:00
Michael Nebel
5f1a176a02 Java: Sync CaptureModels implementation to only allow at most two reads and two stores. 2022-05-04 12:29:57 +02:00
Tony Torralba
192017635a Update java/ql/src/change-notes/2022-03-24-unsafe-android-access-improvements.md 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-05-04 10:53:31 +02:00
Tony Torralba
b9859fe165 Add change note 2022-05-04 10:53:29 +02:00
Tony Torralba
b876431950 Merge pull request #8706 from luchua-bc/java/unsafe-get-resource 
Java: CWE-552 Add sources and sinks to to detect unsafe getResource calls in Java EE applications
 2022-05-04 10:12:28 +02:00
Joe Farebrother
f65f833b11 Merge pull request #9020 from joefarebrother/predictable-seed 
Java: Add CWE-377 tag to java/predictable-seed
 2022-05-03 15:13:58 +01:00
Tony Torralba
02822c6284 Merge pull request #9013 from atorralba/atorralba/private-externalflow-imports 
Java: Make more ExternalFlow imports private
 2022-05-03 16:02:09 +02:00
Joe Farebrother
61f13817cf Add change note 2022-05-03 14:27:47 +01:00
Joe Farebrother
f7d0884db1 Java: Add cwe-377 tag to predictable-seed 2022-05-03 12:28:14 +01:00
Anders Schack-Mulligen
249f771fad Merge pull request #8952 from cklin/fix-ql-comments-syntax 
Fix syntax errors in QL comments
 2022-05-03 11:15:56 +02:00
Tony Torralba
c66e583aea Make more ExternalFlow imports private 2022-05-03 10:31:29 +02:00
Anders Schack-Mulligen
86516b157b Merge pull request #8884 from JLLeitschuh/feat/JLL/additional-file-taint-flow 
Java: Add additional `File` taint value flow models
 2022-05-02 16:30:45 +02:00
Tony Torralba
9a35aba465 Add change notes 2022-05-02 15:45:44 +02:00
Tony Torralba
1cf4b60769 Simplify non-https-url query 2022-05-02 15:43:07 +02:00
luchua-bc
920a7cd2e6 Put back the taint step removed during merge 2022-04-29 20:29:04 +00:00
luchua-bc
0aa1251ffe Add more test cases 2022-04-29 02:31:43 +00:00
Chuan-kai Lin
d6f0bbb816 Fix syntax errors in QL comments 2022-04-28 11:53:36 -07:00
Jeroen Ketema
2e6addab03 Fix one more change note 2022-04-28 14:22:41 +02:00
Jeroen Ketema
4a648f3c89 Fix change note items 2022-04-28 14:14:19 +02:00
github-actions[bot]
8e4cf190e9 Release preparation for version 2.9.1 2022-04-28 11:59:05 +00:00
luchua-bc
590b9d8519 Standardize the query and update qldoc 2022-04-27 22:17:17 +00:00
Tony Torralba
e99cee4913 Merge branch 'main' into java/unsafe-get-resource 2022-04-27 16:45:42 +02:00
Jonathan Leitschuh
2565cdb964 Add additional File taint value flow models 
Adds
 - File::getAbsoluteFile
 - File::getCanonicalFile
 - File::getAbsolutePath
 - File::getCanonicalPath
 2022-04-26 10:42:53 -04:00
Tony Torralba
b69d81ce24 Make all imports of ExternalFlow private 2022-04-26 13:48:44 +02:00
Anders Schack-Mulligen
e5eef51e9d Merge pull request #8875 from aschackmull/java/useless-imports 
Java: Remove some useless imports.
 2022-04-26 13:32:09 +02:00
Anders Schack-Mulligen
7002f49abc Java: Remove some useless imports. 2022-04-26 12:37:03 +02:00
Chris Smowton
8d7098245b Add change note 2022-04-26 10:38:20 +01:00
Chris Smowton
7d4767a4f5 Java insecure cookies query: look through named constants 2022-04-26 10:32:13 +01:00
Mathias Vorreiter Pedersen
aca4c8727f Merge pull request #8802 from github/post-release-prep/codeql-cli-2.9.0 
Post-release preparation for codeql-cli-2.9.0
 2022-04-25 22:52:55 +01:00
Anders Schack-Mulligen
cbdd4927ce Merge pull request #8582 from Marcono1234/marcono1234/JumpStmt-superclass 
Java: Make `JumpStmt` a proper superclass
 2022-04-25 12:22:20 +02:00
Tom Hvitved
3edc72feb6 Update CaptureModels.qll 2022-04-22 15:49:17 +02:00
Tom Hvitved
b033f107df Merge remote-tracking branch 'upstream/main' into dataflow/interpret-read-store 2022-04-22 14:35:02 +02:00
github-actions[bot]
1aecfc67c2 Post-release preparation for codeql-cli-2.9.0 2022-04-21 19:22:19 +00:00
Dave Bartolomeo
d0687303f4 Fix formatting in change log 2022-04-21 11:01:39 -04:00
Dave Bartolomeo
033694d7f7 Fix formatting in change log 2022-04-21 11:00:38 -04:00
github-actions[bot]
eeaf233c29 Release preparation for version 2.9.0 2022-04-21 14:49:00 +00:00
luchua-bc
f0c4b1955b Change getResource() to be a taint step 2022-04-19 15:55:09 +00:00
luchua-bc
7029802f3b Add sinks for getClass() and getClassLoader() 2022-04-11 21:03:48 +00:00
Marcono1234
7bed14bbf0 Merge remote-tracking branch 'remotes/origin/main' into marcono1234/statement-expression 2022-04-10 18:23:45 +02:00
luchua-bc
eccd97c7b7 Query to detect unsafe getResource calls in Java EE applications 2022-04-09 01:14:15 +00:00