hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 03:06:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,643 Commits 1,672 Branches 157 Tags
alexet/avoid-path-node-java
Commit Graph

5825 Commits

Author SHA1 Message Date
Chris Smowton
0afe22d60c Merge pull request #5710 from p0wn4j/jsch-os-injection 
[Java] CWE-078: Add JSch lib OS Command Injection sink
 2021-05-10 16:12:00 +01:00
Tony Torralba
8553ca1019 Autoformatting 2021-05-10 15:42:20 +02:00
Tony Torralba
c70503142f Require JS enabled even when cross-origin access is enabled in the webviews 2021-05-10 09:45:59 +02:00
Dave Bartolomeo
d9f243d18a Java: Fix QLDoc for Container.toString() 
Fixes #5828

The QLDoc was just too specific about the default implementation. I've improved the wording.
 2021-05-08 11:14:02 -04:00
Hayk Andriasyan
fd88b72101 Delete JSchOSInjection.qhelp 2021-05-08 12:51:15 +04:00
Tony Torralba
6884edf52a Merge branch 'main' into atorralba/promote-unsafe-android-webview-fetch 2021-05-07 16:31:55 +02:00
Tony Torralba
1f1a1bdb41 Remove unnecessary CWE reference 2021-05-07 16:29:00 +02:00
luchua-bc
fc7d340a89 Query to detect hard-coded Azure credentials 2021-05-07 13:16:41 +00:00
Tony Torralba
e6b7da1926 Add import for Android sinks in ExternalFlow 2021-05-07 12:41:39 +02:00
Tony Torralba
e78e5b9ee4 Merge branch 'main' into promote-jexl-injection 2021-05-07 12:36:49 +02:00
Tony Torralba
b37b15cea4 Re-structure imports, add some new comments to tests 2021-05-07 12:33:51 +02:00
Tony Torralba
e2e65aca3c Add new sink for Android XSS 2021-05-07 12:25:19 +02:00
Tony Torralba
b69be30b88 Fix imports as suggested in code review 2021-05-07 11:07:06 +02:00
Tony Torralba
f16605b3c1 Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2021-05-06 15:17:55 +02:00
Tony Torralba
b69261727d Add a new test for 2021-05-06 13:26:25 +02:00
Tony Torralba
1f1f85aeb5 Add change note and fix some QLDocs 2021-05-06 13:13:23 +02:00
Tony Torralba
e14294a2f7 Remove XSS sink since it's better handled in this query 2021-05-06 11:20:37 +02:00
Tony Torralba
76468559ba Add safe example for dom4j 2021-05-06 10:17:25 +02:00
Tony Torralba
8af7f4a484 New sinks and test cases 2021-05-06 09:18:49 +02:00
Tony Torralba
26c3ff2cee Move from experimental to standard 2021-05-06 09:18:49 +02:00
Tony Torralba
215118c7ea Fixes in QLDocs and imports 2021-05-06 09:18:49 +02:00
Tony Torralba
720b5d6da3 Refactored sto use CSV sink model. Also, added more sinks 2021-05-06 09:18:49 +02:00
Tony Torralba
ab62bb66f4 Consider second parameter of Node.selectNodes 2021-05-06 09:18:49 +02:00
Tony Torralba
d72dd9b861 javax.xml.xpath.XPath is an interface 2021-05-06 09:18:49 +02:00
Tony Torralba
2bb2baf6f7 Support more methods that evaluate XPath expressions 2021-05-06 09:18:49 +02:00
Tony Torralba
3705970bfd Refactored XPath.qll to remove redundant classes and restrict visibility 2021-05-06 09:18:49 +02:00
Tony Torralba
d739a8cac2 Moved configuration from XPath.qll back to XPath Injection query 2021-05-06 09:18:48 +02:00
Tony Torralba
ee269fbc69 Added missing doc comments 2021-05-06 09:18:48 +02:00
Tony Torralba
fb3e56eac8 Fix imports and stubs so that tests pass 2021-05-06 09:18:48 +02:00
Tony Torralba
a62997463f Remove unused imports; use set literals in hasName 2021-05-06 09:18:48 +02:00
Tony Torralba
ed5619498c WIP: XPath Injection promotion 2021-05-06 09:18:48 +02:00
Jonathan Leitschuh
67e9f06304 [Java] Fix Kryo FP & Kryo 5 Support 
Closes #4992
 2021-05-05 17:38:34 -04:00
Tony Torralba
c138ed3e4d QLDocs 2021-05-05 16:51:15 +02:00
Tony Torralba
03ce8d689f Refactored to use CSV sink model 2021-05-05 16:34:30 +02:00
Felicity Chapman
8b2009cfb1 Minor updates to qhelp file 2021-05-05 12:36:29 +01:00
Tony Torralba
be50e8f30c Moved from experimental to standard 2021-05-05 11:59:49 +02:00
Timo Müller
a65481d24b Apply suggestions from code review more precise help text 2021-05-04 17:30:49 +02:00
Timo Müller
65642df1a0 Apply suggestions from code review for help text 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-05-04 17:28:34 +02:00
Timo Mueller
152f4862ec Reworked the references a bit 2021-05-04 16:10:15 +02:00
Timo Mueller
81363a8843 Some better (and more styleguide compliant) descriptions within the query. 2021-05-04 15:57:47 +02:00
Timo Mueller
f7437422c1 InstanceOf check instead of comparing classnames 2021-05-04 15:51:40 +02:00
Timo Mueller
fd52135f29 Removed unnecessary check for type 2021-05-04 15:45:30 +02:00
Timo Müller
c476b6c088 Fix accordance to style guide 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-05-04 14:00:01 +02:00
Timo Müller
030e2bdd9b Fix accordance to style guide 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-05-04 13:59:52 +02:00
Timo Müller
ab308b5e9e Fix accordance to style guide 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-05-04 13:59:43 +02:00
Timo Müller
485a3a139a Fixed content to confirm with the style guide 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-05-04 13:58:38 +02:00
Timo Müller
45443baf84 Fixed Typo 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-05-04 13:58:00 +02:00
Timo Müller
1fd2be3879 Added more clear reference 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-05-04 13:57:19 +02:00
Timo Müller
7026d82a72 Fixed typo 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-05-04 13:53:14 +02:00
Timo Müller
f28e994121 Update java/ql/src/experimental/Security/CWE/CWE-665/InsecureRmiJmxEnvironmentConfiguration.qhelp 
More descriptive (and PC) description.

Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-05-04 13:52:47 +02:00