1238 Commits

Author	SHA1	Message	Date
Jonathan Leitschuh	50ff2c2c68	Code cleanup from code review	2022-03-11 11:44:15 -05:00
Erik Krogh Kristensen	69353bb014	patch upper-case acronyms to be PascalCase	2022-03-11 11:10:33 +01:00
Joe Farebrother	4bf6c10896	Split configs into Query.qll library	2022-03-10 13:23:40 +00:00
Jonathan Leitschuh	b282c7f1b9	Apply suggestions from code review ... Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com> Co-authored-by: Chris Smowton <smowton@github.com>	2022-03-07 11:31:32 -05:00
Joe Farebrother	6c05f7a81a	remove url from sensitive info regex	2022-03-04 10:37:05 +00:00
Jonathan Leitschuh	31527a67e5	Refactor OS Checks & SystemProperty logic from review feedback	2022-03-03 17:15:35 -05:00
Jonathan Leitschuh	103c770ce7	Apply suggestions from code review ... Co-authored-by: Chris Smowton <smowton@github.com>	2022-03-03 16:39:45 -05:00
Joe Farebrother	4ad402f33f	Move from experimental to main	2022-03-03 12:13:14 +00:00
Jonathan Leitschuh	82d3cd8924	Improve system property lookup	2022-03-02 12:51:15 -05:00
Jonathan Leitschuh	dad9a02fbd	Update TempDirInfoDisclosure with new OS Guards	2022-03-02 12:51:15 -05:00
Jonathan Leitschuh	fd63107edf	Update OS Check from Review Feedback	2022-03-02 12:51:12 -05:00
Jonathan Leitschuh	39828fd596	Apply OS guard checks to TempDirLocalInformationDisclosure	2022-03-02 12:50:37 -05:00
Ian Lynagh	1e62b485a5	Merge pull request #8241 from igfoo/igfoo/stats4 ... Java: Update stats and make some performance tweaks	2022-02-28 12:58:06 +00:00
Ian Lynagh	7ce9b160d0	Java: Performance tweaks	2022-02-21 17:05:00 +00:00
Tony Torralba	bfa14fa066	Merge pull request #7823 from JLLeitschuh/improve/JLL/combined_http_headers ... Java: Add HTTP Request Splitting to Netty Query	2022-02-15 10:24:36 +01:00
Jonathan Leitschuh	2048aed0a9	Review feedback and improve temp dir vulnerable/safe code sugestion	2022-02-14 11:29:16 -05:00
Jonathan Leitschuh	76964d58f2	Apply suggestions from code review ... Co-authored-by: Felicity Chapman <felicitymay@github.com>	2022-02-14 11:04:31 -05:00
Jonathan Leitschuh	bb580ddbab	Apply suggestions from code review ... Co-authored-by: Felicity Chapman <felicitymay@github.com>	2022-02-14 11:02:05 -05:00
Jonathan Leitschuh	7dee22a130	Fix implicit 'this' usage	2022-02-14 11:00:41 -05:00
Jonathan Leitschuh	bafcce17d4	Apply suggestions from code review ... Co-authored-by: Chris Smowton <smowton@github.com>	2022-02-09 22:14:17 -05:00
Jonathan Leitschuh	ded8d64301	Remove CAPC and add CWE-93	2022-02-09 12:31:53 -05:00
Jonathan Leitschuh	03fdee3767	Cleanup Netty Response Splitting Query	2022-02-09 12:28:11 -05:00
Jonathan Leitschuh	8ffe878722	Apply suggestions from code review ... Co-authored-by: Matt Pollard <mattpollard@users.noreply.github.com>	2022-02-09 12:28:11 -05:00
Jonathan Leitschuh	c732cb7759	Add HTTP Request Splitting to Netty Query	2022-02-09 12:28:10 -05:00
Jonathan Leitschuh	49a73673b6	Fix FP from mkdirs call on exact temp directory	2022-02-09 11:04:23 -05:00
Jonathan Leitschuh	787e3dac31	Update java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql ... Co-authored-by: Chris Smowton <smowton@github.com>	2022-02-09 10:07:56 -05:00
Jonathan Leitschuh	7f46640176	Consider calls to setReadable(false, false) then setReadable(true, true) to be safe	2022-02-08 17:57:10 -05:00
Chris Smowton	a6596ea7ce	Fix test requirements, formatting	2022-02-08 12:01:32 +00:00
Chris Smowton	79654592d9	Apply suggestions from code review	2022-02-08 10:23:46 +00:00
Jonathan Leitschuh	c4112e6d4c	Post refactor fixiup	2022-02-07 15:02:13 -05:00
Chris Smowton	de38638db6	Combine CWE-200 queries	2022-02-07 14:22:36 -05:00
Jonathan Leitschuh	0268dd9f0a	Add file creation sanitizer	2022-02-04 17:10:27 -05:00
Jonathan Leitschuh	0a621c2801	Fix the formatting in TempDirLocalInformationDisclosureFromMethodCall	2022-02-04 17:10:27 -05:00
Jonathan Leitschuh	d5c9af31b2	Fixup documentation/code from PR feedback	2022-02-04 17:10:26 -05:00
Jonathan Leitschuh	f7a4aac525	Apply suggestions from code review ... Co-authored-by: Chris Smowton <smowton@github.com>	2022-02-04 17:10:26 -05:00
Jonathan Leitschuh	a4b5573f53	Apply suggestions from code review ... Co-authored-by: Chris Smowton <smowton@github.com>	2022-02-04 17:10:26 -05:00
Jonathan Leitschuh	a8d25b63ac	Apply suggestions from code review ... Co-authored-by: Chris Smowton <smowton@github.com>	2022-02-04 17:10:26 -05:00
Chris Smowton	e795823d97	Autoformat TempDirUtils.qll	2022-02-04 17:10:26 -05:00
Jonathan Leitschuh	7e514e9ef9	Add QLdoc and fix Compiler Errors in Tests	2022-02-04 17:10:26 -05:00
Jonathan Leitschuh	cb30385684	Update java/ql/src/Security/CWE/CWE-200/TempDirUtils.qll ... Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2022-02-04 17:10:26 -05:00
Jonathan Leitschuh	66831989b7	Add QLdoc to TempDirUtils	2022-02-04 17:10:25 -05:00
Jonathan Leitschuh	7e55c92eb4	Apply suggestions from code review ... Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2022-02-04 17:10:25 -05:00
Jonathan Leitschuh	f6067d28f9	Fix file names and formatting from PR feedback	2022-02-04 17:10:25 -05:00
Jonathan Leitschuh	41b5011b81	Apply suggestions from code review ... Co-authored-by: Felicity Chapman <felicitymay@github.com>	2022-02-04 17:10:25 -05:00
Jonathan Leitschuh	7929faedc0	Apply suggestions from code review ... Co-authored-by: Felicity Chapman <felicitymay@github.com>	2022-02-04 17:10:25 -05:00
Jonathan Leitschuh	f910fd4719	Remove path flow tracking in 'TempDirLocalInformationDisclosureFromMethodCall'	2022-02-04 17:10:25 -05:00
Jonathan Leitschuh	e4c017e888	Apply suggestions from code review ... Co-authored-by: Arthur Baars <aibaars@github.com>	2022-02-04 17:10:24 -05:00
Jonathan Leitschuh	13fed0e9b6	Temp Dir Info Disclosure: Final pass and add documentation	2022-02-04 17:10:24 -05:00
Jonathan Leitschuh	bc12e994b0	Add java.nio.file.Files API checks	2022-02-04 17:10:24 -05:00
Jonathan Leitschuh	ecad7534ae	Add mkdirs check	2022-02-04 17:10:24 -05:00