1238 Commits

Author	SHA1	Message	Date
Owen Mansel-Chan	dd102c4cea	Merge pull request #18645 from fabienpe/main ... Added missing "GOOD" and "BAD" to some examples	2025-02-13 10:37:39 +00:00
Jami Cogswell	c6a71cd3fd	Java: minor qhelp updates	2025-02-05 10:20:57 -05:00
Jami Cogswell	0367846333	Java: remove token section from qhelp overview ... discussing tokens is not directly relevant to this query's recommendation and examples	2025-02-04 13:36:15 -05:00
Jami Cogswell	f438282674	Java: rewrite qhelp overview section; aligns with overview section used by Python and Ruby	2025-02-04 13:21:43 -05:00
Jami Cogswell	283c3b1e44	Java: minor qhelp updates	2025-02-04 12:47:19 -05:00
fabienpe	9a37682851	Moved comment to previous line if resulting in long line	2025-02-04 09:48:34 +00:00
Jami Cogswell	516df3b4be	Java: qhelp wording updates	2025-02-03 14:52:57 -05:00
fabienpe	a9f107ce06	Added missing "GOOD" and "BAD" to some examples	2025-01-31 15:47:25 +00:00
Jami Cogswell	577152e20f	Java: minor qhelp update	2025-01-30 10:14:33 -05:00
Jami Cogswell	ead224c7b2	Java: expand qhelp, include Stapler examples	2025-01-30 10:14:29 -05:00
Jami Cogswell	096f6f88b2	Java: precision to medium	2025-01-30 10:14:27 -05:00
Jami Cogswell	39ccde0c9d	Java: add name-based heuristic	2025-01-30 10:13:54 -05:00
Jami Cogswell	0f39011122	Java: add taint-tracking config for execute to exclude FPs from non-update queries like select	2025-01-30 10:13:50 -05:00
Jami Cogswell	df77d4914f	Java: initial tests	2025-01-30 10:13:45 -05:00
Jami Cogswell	178b032453	Java: add query	2025-01-30 10:13:43 -05:00
Jami Cogswell	0c6925399d	Java: add qhelp	2025-01-30 10:01:39 -05:00
Owen Mansel-Chan	883301938b	Merge pull request #18161 from owen-mc/java/weak-crypto-algo-more-informative ... Java: Make `java/weak-cryptographic-algorithm` give a reason why the algo is insecure	2025-01-13 23:43:04 +00:00
Owen Mansel-Chan	0f3dd6d8f1	Java: IPA the CFG	2024-12-10 15:26:11 +00:00
Owen Mansel-Chan	e6409e159f	Give reason why crypto algorithm is insecure	2024-11-29 11:54:27 +00:00
Jami Cogswell	335c59792c	Java: remove unnecessary anchor and update page name	2024-10-18 09:26:56 -04:00
Jami Cogswell	88b7a9fcb5	Java: update qhelp link	2024-10-17 16:38:53 -04:00
Ian Lynagh	41ed6e6695	Java: Deprecate RefType.nestedName(), and add RefType.getNestedName()	2024-09-16 17:16:25 +01:00
erik-krogh	846882d22c	delete imports to a deleted file	2024-09-03 20:31:00 +02:00
RobbingDaHood	1cb58922a2	Minor changes to formulations for java/error-message-exposure ... Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2024-07-29 16:48:15 +02:00
Daniel Winther Petersen	1c1ba7734f	Now alerts about exposing exception.getMessage() in servlet responses are split out of java/stack-trace-exposure into its own alert java/error-message-exposure because this is a better fit.	2024-07-25 18:12:45 +02:00
Max Schaefer	d5d0cf5d90	Java: Tag java/non-https-url with CWE-345	2024-07-11 13:37:09 +01:00
Arthur Baars	b5b5fef642	Switch source and sink in TrustBoundaryViolation.ql	2024-05-23 15:53:12 +02:00
Arthur Baars	d540675b9e	Update TrustBoundaryViolation.ql	2024-05-23 12:04:47 +00:00
Tony Torralba	5ec3335b07	Java: Reword recommendation section of XXE query	2024-05-22 11:34:19 +02:00
Michael Nebel	b1329fd806	Merge pull request #16362 from michaelnebel/java/removelocalqueries ... Java: Remove local query variants.	2024-05-16 14:34:04 +02:00
Max Schaefer	3c47c1137d	Simplify query.	2024-05-15 12:49:45 +01:00
Anders Schack-Mulligen	76e740bc1d	Java: Clean up some instances of getQualifiedName.	2024-05-13 13:06:44 +02:00
Michael Nebel	d9c7401ea2	Java: Deprecate the local content of UrlRedirectLocalQuery and remove the local query variant.	2024-05-01 13:07:21 +02:00
Michael Nebel	ed7538d0b9	Java: Deprecate the local content of TaintedPathQuery and remove the local query variant.	2024-05-01 13:07:21 +02:00
Michael Nebel	5b89bd23c7	Java: Deprecate the content of SqlTaintedLocalQuery and remove the local query variant.	2024-05-01 13:07:21 +02:00
Michael Nebel	b68abab12a	Java: Deprecate the content of ResponseSplittingLocalQuery and remove local query variant.	2024-05-01 13:07:21 +02:00
Michael Nebel	d05c5e3d94	Java: Deprecate the content of NumericCastTaintedLocalQuery, remove the local query variant and update the non-local query variant.	2024-05-01 13:07:21 +02:00
Michael Nebel	301a6cc191	Java: Deprecate the content of ImproperValidationOrArray and remove local query variants.	2024-05-01 13:07:21 +02:00
Michael Nebel	acd0fa4b7b	Java: Deprecate the content of ExternallyControlledFormatStringLocalQuery and remove the externally controlled format string local query variant.	2024-05-01 13:07:21 +02:00
Michael Nebel	85a4dd0325	Java: Deprecate the local content of CommandLineQuery and remove the exec tainted local query variant.	2024-05-01 13:07:20 +02:00
Michael Nebel	072f19008a	Java: Deprecate the content of ArithmeticTaintedLocalQuery and remove the arithmetic tainted local query variant.	2024-05-01 08:59:51 +02:00
Michael Nebel	93988e5834	Java: Deprecate the content of XxeLocalQuery and remove the Xxe local query variant.	2024-05-01 08:59:50 +02:00
Michael Nebel	e0c2a43780	Java: Deprecate the content of XssLocalQuery and remove the Xss local query variant.	2024-05-01 08:59:50 +02:00
Jami	d889e3cf98	Merge pull request #14854 from jcogs33/jcogs33/unsafe-url-forward-promotion ... Java: Promote Unsafe URL Forward query from experimental	2024-03-29 16:34:06 -04:00
Jami	2f8c4df309	docs wording updates ... Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>	2024-03-28 16:15:05 -04:00
erik-krogh	ef8368cfc4	fix typo	2024-03-13 22:37:13 +01:00
Jami Cogswell	c331393cfd	Java: update qhelp	2024-03-13 16:28:41 -04:00
Jami Cogswell	09bc21dbd3	Java: rename 'UnsafeUrlForward' to 'UrlForward'	2024-03-13 16:28:41 -04:00
Jami Cogswell	6e7c05467b	Java: update query metadata and alert message	2024-03-13 16:28:41 -04:00
Jami Cogswell	2793f28428	Java: move config to Query.qll file	2024-03-13 16:28:40 -04:00