hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
75,734 Commits 1,672 Branches 157 Tags
codeql-cli-2.20.4
Commit Graph

5453 Commits

Author SHA1 Message Date
haby0
a18aad8536 Fix one 2021-12-08 21:03:17 +08:00
haby0
1d321c692b Refactor isMybatisXmlOrAnnotationSqlInjection 2021-12-08 18:59:55 +08:00
Anders Schack-Mulligen
6c739b67fa Merge pull request #7318 from RasmusWL/java-cwe-328 
Java: Tag queries with CWE-328
 2021-12-07 11:39:48 +01:00
Rasmus Wriedt Larsen
ff9ed0d4fb Java: Tag queries with CWE-328 
CWE-328: Use of Weak Hash, see https://cwe.mitre.org/data/definitions/328.html

Since weak hash functions (md5/sha1) are considered for the
`java/weak-cryptographic-algorithm` query. See
caeeebf572/java/ql/lib/semmle/code/java/security/Encryption.qll (L148)

To keep things consistent between `java/weak-cryptographic-algorithm`
and `java/potentially-weak-cryptographic-algorithm`, I also added the
tag to the latter.
 2021-12-06 13:59:00 +01:00
haby0
daf6a4ce07 Partial modification 2 2021-12-04 17:45:02 +08:00
haby0
6c6113b85b Partial modification 2021-12-03 18:59:24 +08:00
luchua-bc
8bcffc2886 Query to detect unsafe request dispatcher usage 2021-12-02 04:00:29 +00:00
github-actions[bot]
87b968f337 Post-release preparation 2.7.3 2021-12-02 00:46:55 +00:00
haby0
6742beae1b use <code> tags 2021-12-01 16:24:46 +08:00
haby0
08be8edbce Modify according to suggestions 2021-12-01 11:57:57 +08:00
github-actions[bot]
337ce65fe5 Release preparation for version 2.7.3 2021-11-30 20:39:35 +00:00
Dave Bartolomeo
d0dac03bad Manually bump versions 2021-11-29 14:21:08 -05:00
Dave Bartolomeo
2dfcd1dd9c Add groups property 
Also removed versions from test packs
 2021-11-29 14:15:53 -05:00
haby0
db04a0dadf New model: SQL injection in MyBatis annotations 2021-11-28 14:43:57 +08:00
Erik Krogh Kristensen
6ff8d4de5c add all remaining explicit this 2021-11-26 13:50:10 +01:00
Anders Schack-Mulligen
609d6011a2 Merge pull request #7229 from smowton/smowton/admin/document-xxe-sanitisation-policy 
Document XXE sanitisation policy
 2021-11-25 10:55:25 +01:00
haby0
04a3f76a8b Eliminate false positives of Mybatis Configuration Variable 2021-11-25 15:47:37 +08:00
haby0
d36a7ed10e add test case 2021-11-25 15:47:32 +08:00
haby0
99c8b291b2 add sink 2021-11-25 15:47:32 +08:00
haby0
b8732859de Add isSanitizerGuard, verify file path 2021-11-25 15:47:31 +08:00
haby0
31400df0d4 Modify sink and improve SQL injection detection 2021-11-25 15:47:30 +08:00
haby0
69690a2509 Modify sinks 2021-11-25 15:47:30 +08:00
haby0
4438f8c58c Add MyBatis Mapper Sql Injection 2021-11-25 15:47:29 +08:00
Chris Smowton
3c8f6e3c07 Merge pull request #6717 from luchua-bc/java/thread-resource-abuse 
Java: CWE-400 - Query to detect uncontrolled thread resource consumption
 2021-11-24 18:59:41 +00:00
Chris Smowton
c74eac4930 Remove needless casts 2021-11-24 12:18:05 +00:00
Chris Smowton
cec91c4831 Update ThreadResourceAbuse.qhelp 2021-11-24 12:15:48 +00:00
Chris Smowton
5101a8e9f3 Fix qhelp test 2021-11-24 12:12:56 +00:00
Chris Smowton
136ecaf49a Abbreviate qhelp example 2021-11-24 12:12:22 +00:00
Chris Smowton
120f2045cd Document XXE sanitisation policy 2021-11-24 12:03:28 +00:00
Anders Schack-Mulligen
a3b263ee6e Merge pull request #7181 from bmuskalla/coverageAsDiagnostics 
Java: Add diagnostic query for framework coverage
 2021-11-24 10:57:50 +01:00
luchua-bc
e56737e007 Use value step to optimize the taint step and add a test case for Apache file upload listener 2021-11-23 17:15:28 +00:00
Benjamin Muskalla
50518b5622 Fix sum of rows 2021-11-23 10:42:24 +01:00
luchua-bc
ed78d39d61 Move duplicate code to the shared library and update qldoc 2021-11-23 03:06:26 +00:00
Benjamin Muskalla
cd39d15b40 Simplify diagnostic query 2021-11-19 12:28:24 +01:00
Benjamin Muskalla
fb9b16325d Add diagnostic query for framework coverage 2021-11-19 10:30:59 +01:00
luchua-bc
b6a6ed5ba3 Add a recommendation category query for local user input and check Apache file upload 2021-11-19 04:23:19 +00:00
Erik Krogh Kristensen
011fc20963 use matches instead of regexpMatch 2021-11-18 15:41:25 +01:00
Anders Schack-Mulligen
22ebe68b1b Merge pull request #7132 from aschackmull/java/overrides 
Java: Fix overrides to not be transitive.
 2021-11-17 15:38:11 +01:00
Benjamin Muskalla
0e6bb28016 Only consider store steps 2021-11-16 10:46:24 +01:00
Benjamin Muskalla
fd9199c0c0 Simplify handling of tainting fields 2021-11-15 16:40:09 +01:00
Benjamin Muskalla
d7ed325b3f Refactor content flow into predicate 2021-11-15 16:30:55 +01:00
Benjamin Muskalla
f4310898b3 Capture sources flowing into parameters 2021-11-15 16:28:28 +01:00
Anders Schack-Mulligen
1cd42ea668 Java: Fix test and some references. 2021-11-15 16:03:04 +01:00
Benjamin Muskalla
8040d9cfcf Only consider true return statements as sinks 2021-11-15 15:29:01 +01:00
Benjamin Muskalla
e6e52a3b32 190 2021-11-15 15:18:03 +01:00
Benjamin Muskalla
dc022430ee Remove superflous instanceof 2021-11-15 13:07:02 +01:00
Benjamin Muskalla
412bd32f45 Move more predicates into configuration 2021-11-15 13:04:23 +01:00
Benjamin Muskalla
b84c03672d Prefer types to TargetAPI 2021-11-15 12:43:46 +01:00
Benjamin Muskalla
bca6cecd1c Remove basic support for lambda flow 2021-11-15 12:38:30 +01:00
Benjamin Muskalla
78e3906ea7 Exclude more JDK internals 2021-11-15 11:58:10 +01:00