hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
76,207 Commits 1,672 Branches 157 Tags
codeql-cli-2.20.5
Commit Graph

1238 Commits

Author SHA1 Message Date
Jami Cogswell
0d38a9625e Java: copy files from experimental 2024-03-13 16:28:39 -04:00
erik-krogh
013ed7adb3 Java: update the url-redirection in the same style as the C# qhelp 2024-03-13 11:58:16 +01:00
Joe Farebrother
2ebb80b632 Merge pull request #15548 from joefarebrother/android-local-auth-keys 
Java: Add query for insecurely generated keys for local authentication.
 2024-02-22 14:04:17 +00:00
Felicity Chapman
4810657515 Remove period from 'name' 
This is an error for the Docs content linter and does not match the style guide for query help.
 2024-02-22 10:50:45 +00:00
Joe Farebrother
ef124695a5 Apply suggestions from documentation review 
Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com>
 2024-02-22 10:11:49 +00:00
Joe Farebrother
9ad05fe51c Address reveiws - Add BAD example to doc, add doc example to tests and fix typo. 2024-02-16 12:00:51 +00:00
Jonathan Leitschuh
50056d603e Fix typo in NettyRequestSplitting.java 2024-02-14 14:03:33 -05:00
Tony Torralba
b6385f7938 Merge pull request #15533 from JLLeitschuh/patch-5 
Reduce severity of `java/relative-path-command`
 2024-02-12 15:04:05 +01:00
Joe Farebrother
3a4a841844 Add change note + update severity 2024-02-12 14:01:27 +00:00
Joe Farebrother
16a7d68780 Add documentation 2024-02-12 13:58:01 +00:00
Joe Farebrother
2eb93b7a3b Add unit tests 2024-02-12 13:49:45 +00:00
Joe Farebrother
c79a3eb6ae Add query for insecure key generation 2024-02-12 13:49:44 +00:00
Joe Farebrother
75a2b9415c Merge pull request #15481 from joefarebrother/android-local-auth 
Java: Add query for insecure local authentication
 2024-02-12 13:48:53 +00:00
Joe Farebrother
d3fea4044e Apply suggestions from documentation review 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2024-02-12 10:27:56 +00:00
Joe Farebrother
16aed18821 Address reviews - Elaborate on docs and update severity 2024-02-09 13:53:36 +00:00
Anders Schack-Mulligen
b7d4a6926f Dataflow: Add empty provenance column to PathGraph. 2024-02-09 11:27:30 +01:00
Joe Farebrother
f4b6a85a48 Fix typo in qldoc 2024-02-09 10:09:24 +00:00
Tony Torralba
4c0d535cc2 Merge pull request #12886 from atorralba/atorralba/java/path-injection-mad-sinks 
Java: Refactor path injection sinks
 2024-02-09 10:48:49 +01:00
Jonathan Leitschuh
1484a169d7 Reduce severity of java/relative-path-command 
Significantly reduces the severity of `java/relative-path-command` from 9.8 to 5.4

https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
 2024-02-06 15:43:19 -05:00
Erik Krogh Kristensen
879d882fa4 Java: fix typo in JndiInjection.qhelp 2024-02-06 15:17:30 +01:00
Joe Farebrother
5022adba56 Fixes to qhelp example 2024-02-02 17:26:00 +00:00
Joe Farebrother
3878192810 Apply suggestions from documentation review 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2024-02-02 17:21:23 +00:00
Joe Farebrother
2a00375bb7 Add documentation 2024-02-02 14:34:43 +00:00
Joe Farebrother
9098428c2a Add security severity 2024-02-01 14:28:14 +00:00
Joe Farebrother
8bd79908a6 Implement local auth query 2024-01-30 16:49:55 +00:00
Joe Farebrother
8d201626e1 Add documentation 2024-01-29 16:25:38 +00:00
Joe Farebrother
6081f18089 Add unit tests + make some fixes 2024-01-29 16:25:37 +00:00
Joe Farebrother
5dd0addfc2 Add sensitive text flow query 2024-01-29 16:25:36 +00:00
Joe Farebrother
031bd8bd0c Merge pull request #15281 from joefarebrother/android-sensitive-ui-notif 
Java: Add query for exposure of sensitive information to android notifiactions
 2024-01-26 16:42:55 +00:00
Tony Torralba
19cb7adb6d Migrate path injection sinks to MaD 
Deprecate and stop using PathCreation

Path creation sinks are now summaries
 2024-01-26 12:19:54 +01:00
erik-krogh
73e3fada44 add missing </p> 2024-01-25 12:14:10 +01:00
erik-krogh
05a59d2a94 apply suggestions from doc review 2024-01-25 11:20:46 +01:00
erik-krogh
158ff0da0a add a trailing slash to the folder check in the QHelp for java/path-injection 2024-01-23 14:46:02 +01:00
erik-krogh
00dadeb3bf delete the markdown file again 2024-01-23 12:57:15 +01:00
erik-krogh
57e0b3cceb iterate on the java/path-injection qhelp 2024-01-23 12:56:43 +01:00
erik-krogh
4958c19c67 move the examples for the qhelps into an example/ folder 2024-01-23 12:56:23 +01:00
erik-krogh
6b66f5cbc5 check in the TaintedPath qhelp as markdown to get pretty diffs 2024-01-23 12:56:22 +01:00
Joe Farebrother
1190352b67 Add qhelp 2024-01-23 09:51:40 +00:00
Joe Farebrother
143ce0b94a Add sensitive notification query 2024-01-23 09:51:37 +00:00
Ed Minnix
55da62e9cf Remove stray comma 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2024-01-08 11:09:11 -05:00
Edward Minnix III
2440075402 Remove off-topic reference 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2024-01-08 09:39:10 -05:00
Edward Minnix III
3816271b3e Remove redundant CWE link 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2024-01-08 09:39:10 -05:00
Ed Minnix
2eff6b351c Add comment 2024-01-08 09:39:09 -05:00
Ed Minnix
16bb19e176 Add OWASP and CERT references 2024-01-08 09:39:08 -05:00
Ed Minnix
9f974415c0 Add references to CWE-454 (External Initialization of Trusted Variables) 2024-01-08 09:39:07 -05:00
Ed Minnix
97b29bb965 Add Java Tutorial reference 2024-01-08 09:39:06 -05:00
Edward Minnix III
938d52b86f Docs review suggestions 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2024-01-08 09:39:05 -05:00
Ed Minnix
e14be0e971 Add BAD markers to samples 2024-01-08 09:39:04 -05:00
Edward Minnix III
18e8a27fca Reworded name and description 2024-01-08 09:38:51 -05:00
Edward Minnix III
1f37e70d83 Fix typos 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2024-01-08 09:38:51 -05:00