1238 Commits

Author	SHA1	Message	Date
Chris Smowton	5677e38994	Style edit	2022-08-15 10:37:55 +01:00
Chris Smowton	3cf871e9e5	Apply docs suggestions ... Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>	2022-08-15 10:34:55 +01:00
Chris Smowton	b62e9dc92c	Convert tests to inline expectations and fix one bug revealed doing so ... Specifically Apache sshd defines its sensitive api calls on an inherited interface, and they need to be described that way for us to pick them up.	2022-08-13 14:02:05 +01:00
Chris Smowton	ddb0846e06	Split up hardcoded creds queries, ready for conversion to inline expectations	2022-08-13 12:39:16 +01:00
Daniel Santos	60e0f09586	Additional hardcoded credentials candidates 3rd-party api calls	2022-08-13 12:39:15 +01:00
Chris Smowton	09e4c6b66b	Add dataflow path-graph	2022-08-10 10:37:55 +01:00
Chris Smowton	2ca0b0c6b5	Inline qhelp overview ... A <p> at the top isn't allowed, and for some reason the inclusion is required to be a valid qhelp file.	2022-08-10 10:37:48 +01:00
smehta23	cf68a11267	Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.qhelp ... Co-authored-by: Chris Smowton <smowton@github.com>	2022-08-09 11:59:28 -07:00
smehta23	4d80fd0b00	Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.qhelp ... Co-authored-by: Chris Smowton <smowton@github.com>	2022-08-09 11:59:14 -07:00
smehta23	7da07400ea	Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversalFromRemote.qhelp ... Co-authored-by: Chris Smowton <smowton@github.com>	2022-08-09 11:59:03 -07:00
smehta23	c2b670eff8	Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversalFromRemote.qhelp ... Co-authored-by: Chris Smowton <smowton@github.com>	2022-08-09 11:58:55 -07:00
Erik Krogh Kristensen	49276b1f38	Merge branch 'main' into refacReDoS	2022-08-09 16:18:46 +02:00
Erik Krogh Kristensen	0abbd50ca1	apply changes based on docs review	2022-08-09 13:51:40 +02:00
Shyam Mehta	af92fc389b	Update PartialPathTraversalFromRemote.qhelp	2022-08-08 17:37:57 -04:00
Shyam Mehta	50b4df52f0	Fixed precision labels	2022-08-08 17:36:04 -04:00
Shyam Mehta	9d3e8ec475	Update PartialPathTraversalFromRemote.qhelp	2022-08-08 17:35:36 -04:00
smehta23	4f1bc3022c	Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversalFromRemote.ql ... Co-authored-by: Chris Smowton <smowton@github.com>	2022-08-08 17:09:43 -04:00
Joe Farebrother	e9f9e681ef	Change man-in-the-middle back to machine-in-the-middle ... (gender-neutral language) This reverts commit d5ab330450d3f5c1d36d0d9b6a8f1dc32bc908e3.	2022-08-05 12:56:21 +01:00
Joe Farebrother	79b1f24133	Change machine-in-the-middle to man-in-the-middle	2022-08-05 12:56:20 +01:00
Joe Farebrother	04df556861	Add suggested reference	2022-08-05 12:56:20 +01:00
Joe Farebrother	abf894a64c	Fix typos	2022-08-05 12:56:20 +01:00
Joe Farebrother	f8ccbcba70	Add qhelp	2022-08-05 12:56:19 +01:00
Joe Farebrother	16e16f08dc	Add webview cert validation query	2022-08-05 12:56:18 +01:00
Shyam Mehta	76cecc170e	Fix documentation	2022-08-03 14:30:17 -04:00
Chris Smowton	84a4b6a866	Make reporting locations consistent with PathCreation; add test	2022-08-03 10:42:09 +01:00
Chris Smowton	83498f58db	Add missing import	2022-08-03 08:53:43 +01:00
Chris Smowton	81f3bcd802	Don't require a PathCreation for every tainted-path sink	2022-08-02 21:30:06 +01:00
Chris Smowton	c95f17fdf2	Make java/path-injection recognise create-file MaD sinks	2022-08-02 21:28:00 +01:00
Shyam Mehta	09ec37943c	Partial Path Traversal split into 2 queries	2022-07-20 17:53:26 -04:00
smehta23	b7e522749f	Apply suggestions from code review ... Co-authored-by: Chris Smowton <smowton@github.com> Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2022-07-20 15:32:59 -04:00
Chris Smowton	a6970638cb	Improve description	2022-07-13 20:27:10 +01:00
Chris Smowton	01cec0490b	Abbreviate qhelp	2022-07-13 20:24:44 +01:00
Erik Krogh Kristensen	a4262f8d91	add some more references to the overly-large-range qhelp	2022-07-13 11:20:24 +02:00
Erik Krogh Kristensen	220ff3cb2e	convert tabs to spaces in qhelp	2022-07-12 16:02:50 +02:00
Erik Krogh Kristensen	ff25451699	rename query to overly-large-range, and rewrite the @description	2022-07-12 16:02:46 +02:00
Shyam Mehta	65b9947428	Incorporate jksco's feedback	2022-07-12 02:02:31 -04:00
smehta23	781a2a73d3	Merge branch 'main' into feat/SM/java_partial_path_traversal_vulnerability	2022-07-12 01:48:12 -04:00
smehta23	391dd5b38d	Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversalGood.java ... Co-authored-by: Jonathan Leitschuh <jonathan.leitschuh@gmail.com>	2022-07-01 10:55:58 -04:00
smehta23	ebe48ec30a	Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.qhelp ... Co-authored-by: Jonathan Leitschuh <jonathan.leitschuh@gmail.com>	2022-07-01 10:53:43 -04:00
smehta23	48e16e52b5	Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.qhelp ... Co-authored-by: Jonathan Leitschuh <jonathan.leitschuh@gmail.com>	2022-07-01 10:52:41 -04:00
Shyam Mehta	1a41d4c379	Add CVE number	2022-07-01 10:51:33 -04:00
Shyam Mehta	300a14c35c	Add ESAPI reference	2022-07-01 10:43:59 -04:00
smehta23	209a21655a	Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversalGood.java ... Co-authored-by: Jonathan Leitschuh <jonathan.leitschuh@gmail.com>	2022-07-01 10:40:38 -04:00
smehta23	c6f2f61bfb	Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversalBad.java ... Co-authored-by: Jonathan Leitschuh <jonathan.leitschuh@gmail.com>	2022-07-01 10:39:46 -04:00
Shyam Mehta	16814071df	Fix typo in .qhelp	2022-06-29 18:03:57 -04:00
Shyam Mehta	7ab8f0262c	Fix duplicate class header and better fix using toPath()	2022-06-29 18:01:12 -04:00
Shyam Mehta	955e614563	Add documentation of the Partial Path Traversal vuln	2022-06-29 17:31:04 -04:00
Erik Krogh Kristensen	9ecc3a2671	filter out potential misparses from java/suspicious-regexp-range	2022-06-29 13:16:40 +02:00
Tony Torralba	12fa6967dc	Merge pull request #8669 from joefarebrother/intent-verification ... Java: Add query for Improper Verification of Intent by Broadcast Receiver (CWE-925)	2022-06-29 09:43:07 +02:00
Shyam Mehta	b5ca2c3d9d	Add additional tests from real world query run	2022-06-28 17:32:20 -04:00