hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
76,207 Commits 1,672 Branches 157 Tags
codeql-cli-2.20.5
Commit Graph

1238 Commits

Author SHA1 Message Date
intrigus
d37d922e8f Java: Fix Typos 2021-06-25 16:47:22 +02:00
intrigus-lgtm
030c286902 Java: Use machine-in-the-middle consistently 2021-06-25 16:47:22 +02:00
intrigus-lgtm
f52e438f3e Java: Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-06-25 16:47:22 +02:00
intrigus
87554a78d4 Java: Add insecure trust manager query. 2021-06-25 16:47:22 +02:00
Calum Grant
32f6a465b0 Merge pull request #6080 from github/calumgrant/security-severities 
Update security-severity scores
 2021-06-18 09:40:40 +01:00
Tony Torralba
3ec2c1308e Add RequestForgerySanitizer 2021-06-17 14:58:27 +02:00
Tony Torralba
0c71393171 Merge branch 'main' into atorralba/promote-unsafe-android-webview-fetch 2021-06-17 14:54:25 +02:00
Chris Smowton
b66dcbe5b6 Factor request-forgery config so it can be used in an inline-expectations test 2021-06-17 11:43:32 +01:00
Chris Smowton
a665d5d111 Improve RequestForgery.qhelp recommendation 2021-06-17 11:41:05 +01:00
Chris Smowton
fb2989c16b Copyedit comments and function names 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2021-06-17 11:41:04 +01:00
Chris Smowton
575198a0e4 Java SSRF query: Server Side -> Server-Side everywhere. 2021-06-17 11:41:04 +01:00
Chris Smowton
7899e17f3a Java SSRF query: move RequestForgery qll file into semmle/code hierarchy 
This makes it importable by people wishing to extend the query.
 2021-06-17 11:41:04 +01:00
Chris Smowton
532a10bfdf Java SSRF query: Provide hook for custom taint-propagating steps; make all default sinks/sanitizers/steps private. 2021-06-17 11:41:04 +01:00
Chris Smowton
e8613367e8 Java SSRF query: copyedit qhelp 2021-06-17 11:41:04 +01:00
Chris Smowton
3333e7d186 Java SSRF query: sanitize primitives 
Even 'char' isn't a realistic vector for an exploit, unless somebody is copying out a string char by char.
 2021-06-17 11:41:04 +01:00
Chris Smowton
6933d06a46 Add exactly the string '/' as a sanitizing prefix. 
Usually this is ignored for suspicion that it could be taken for a protocol specifier, but on balance the context `(something) + "/" + tainted()` is more likely to be taken for a user-controlled location within a host the user does not control.
 2021-06-17 11:41:03 +01:00
Chris Smowton
bc43b6d760 Fix typo 2021-06-17 11:41:03 +01:00
Chris Smowton
e6249eed79 Add doc comments 2021-06-17 11:41:03 +01:00
Chris Smowton
26e10f3ad5 SSRF: don't consider results of fetches we initiated to be untrustworthy 2021-06-17 11:41:03 +01:00
Chris Smowton
c63d5986cf Sanitize StringBuilder appends that follow directly from a constructor. 
Note that some of this logic ought to be incorporated into StringBuilderVar once that code can be reviewed.
 2021-06-17 11:41:03 +01:00
Chris Smowton
b5a450b881 SSRF query: add sanitizer looking for a variety of ways of prepending a sanitizing prefix, such as one that restricts the hostname a URI will refer to. 2021-06-17 11:41:03 +01:00
Chris Smowton
487c1db6ed Promote SSRF query to main query set 2021-06-17 11:41:01 +01:00
Tony Torralba
47fffb04a6 Merge branch 'main' into atorralba/promote-ognl-injection 2021-06-16 15:46:33 +02:00
Tony Torralba
91ba30a781 Merge branch 'main' into atorralba/promote-missing-jwt-signature-check 2021-06-16 15:46:14 +02:00
Tony Torralba
dab33b21fb Merge branch 'main' into atorralba/promote-mvel-injection 2021-06-16 15:44:43 +02:00
Tony Torralba
bf2be6ec7c Merge branch 'main' into atorralba/promote-jndi-injection 2021-06-16 15:34:37 +02:00
Tony Torralba
7031e0a91d Refactor to use CSV sink models 2021-06-16 13:01:38 +02:00
Tony Torralba
356601ce15 Moved from experimental 2021-06-16 13:01:38 +02:00
haby0
c1ada6d85b Merge branch 'main' into java/UnsafeDeserialization 2021-06-16 16:37:03 +08:00
Calum Grant
771e686946 Update security-severity scores 2021-06-15 13:25:17 +01:00
Calum Grant
a594afb828 Add security-severity metadata 2021-06-10 20:11:08 +01:00
Tony Torralba
56a429a5f9 Merge branch 'main' into promote-jexl-injection 2021-06-03 11:10:56 +02:00
Tony Torralba
b30c92e69e Refactored into MvelInjection.qll using CSV models 2021-06-02 11:33:01 +02:00
Alvaro Muñoz
a3a215afea HTTP -> Http 2021-06-02 11:12:39 +02:00
Tony Torralba
59e6e1ffac Moved from experimental 2021-06-02 09:58:30 +02:00
Alvaro Muñoz
9aba92397d lift XssSink check to InformationLeakSink 2021-06-01 17:16:41 +02:00
Alvaro Muñoz
0fb692400c fix failing test 2021-06-01 13:57:13 +02:00
haby0
d6782767b7 Fix typos 2021-05-31 11:12:22 +08:00
Alvaro Muñoz
41d034d5a0 Attempt to use information-leak sink category 2021-05-30 00:22:40 +02:00
Tony Torralba
3f0b803796 Refactored to use CSV sink models 2021-05-20 12:00:05 +02:00
Tony Torralba
1351516e9a Moved JNDI injection related files from experimental to standard 2021-05-19 11:32:51 +02:00
Tony Torralba
ed13c17ea8 Fix qhelp file 2021-05-17 16:52:08 +02:00
Tony Torralba
897cd5384f Created JWT.qll and refactored to use CSV models 2021-05-17 14:44:33 +02:00
Tony Torralba
3e4ccaf9a8 Move from experimental to standard 2021-05-17 10:41:54 +02:00
haby0
58d774ae85 add change notes 2021-05-17 14:52:05 +08:00
luchua-bc
1a072f3bb9 Move APIs from predicates flagged auto-generated to the other section 2021-05-14 20:38:23 +00:00
luchua-bc
9ef58e378c Remove the sample Java file in the src folder 2021-05-14 11:01:25 +00:00
haby0
60fc607449 Modify ql 2021-05-14 18:17:05 +08:00
luchua-bc
4d014717b6 Add a change note and reset the qhelp file 2021-05-12 15:50:40 +00:00
haby0
12f47bcf24 Add UnsafeDeserialization 2021-05-12 12:37:16 +08:00