hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
76,207 Commits 1,672 Branches 157 Tags
codeql-cli-2.20.5
Commit Graph

1238 Commits

Author SHA1 Message Date
Tony Torralba
fc03b92e11 Moved from experimental to standard 2021-05-11 15:42:13 +02:00
Tony Torralba
6884edf52a Merge branch 'main' into atorralba/promote-unsafe-android-webview-fetch 2021-05-07 16:31:55 +02:00
Tony Torralba
1f1a1bdb41 Remove unnecessary CWE reference 2021-05-07 16:29:00 +02:00
luchua-bc
fc7d340a89 Query to detect hard-coded Azure credentials 2021-05-07 13:16:41 +00:00
Tony Torralba
e78e5b9ee4 Merge branch 'main' into promote-jexl-injection 2021-05-07 12:36:49 +02:00
Tony Torralba
b37b15cea4 Re-structure imports, add some new comments to tests 2021-05-07 12:33:51 +02:00
Tony Torralba
b69be30b88 Fix imports as suggested in code review 2021-05-07 11:07:06 +02:00
Tony Torralba
f16605b3c1 Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2021-05-06 15:17:55 +02:00
Tony Torralba
76468559ba Add safe example for dom4j 2021-05-06 10:17:25 +02:00
Tony Torralba
26c3ff2cee Move from experimental to standard 2021-05-06 09:18:49 +02:00
Tony Torralba
c138ed3e4d QLDocs 2021-05-05 16:51:15 +02:00
Tony Torralba
03ce8d689f Refactored to use CSV sink model 2021-05-05 16:34:30 +02:00
Tony Torralba
be50e8f30c Moved from experimental to standard 2021-05-05 11:59:49 +02:00
Tony Torralba
f79d2e06f9 Fix failing checks 2021-05-04 11:29:09 +02:00
Tony Torralba
745a6f6fb4 Getters called on parameters propagate taint 2021-05-03 17:43:33 +02:00
Tony Torralba
4d5ec87de9 Use InlineTest 2021-05-03 13:27:24 +02:00
Tony Torralba
4bfd34b1fe Moved from experimental 2021-05-03 13:15:24 +02:00
Tamás Vajk
4cc88662e2 Merge pull request #5557 from tamasvajk/feature/java-sinks-csv 
Java: convert sinks to CSV
 2021-04-27 15:58:09 +02:00
Tamas Vajk
5b79094f34 Fix naming in HTTPS URL check 2021-04-27 14:59:52 +02:00
Tamas Vajk
e08b629cb5 Add documentation for URL opening sinks 2021-04-27 10:32:41 +02:00
Chris Smowton
455b840712 Fix all dead qhelp links 
For those documents with no obvious new home I've pointed the links to the Internet Archive.
 2021-04-23 15:20:21 +01:00
Tamás Vajk
cb28bc80b7 Merge branch 'main' into feature/java-sinks-csv 2021-04-22 11:41:18 +02:00
Tamas Vajk
7134eb9079 Improve documentation of csv sink models 2021-04-22 11:37:41 +02:00
Tamas Vajk
1caa5c4780 Adjust hostname verifier sink identifier name 2021-04-22 11:22:18 +02:00
Marcono1234
9349e6922d Java: Add ToStringMethod 2021-04-10 04:00:44 +02:00
Tamas Vajk
351f35d9bc Revert "Java: Convert other sinks" 
This reverts commit 87d42b02c0.
 2021-04-09 13:13:49 +02:00
Tamas Vajk
87d42b02c0 Java: Convert other sinks 2021-04-09 13:13:39 +02:00
Tamas Vajk
e544faed6d Java: Convert unsafe hostname verification sinks to CSV format 2021-04-09 13:10:44 +02:00
Tamas Vajk
f329c3fdab Java: Convert insecure bean validation sink to CSV format 2021-04-09 13:06:04 +02:00
Tamas Vajk
9e2832a82d Java: Convert zipslip sinks to CSV format 2021-04-09 11:43:29 +02:00
Tamas Vajk
b9ce1aefc0 Java: Convert unsafe URL opening sinks to CSV format 2021-04-09 11:43:29 +02:00
Marcono1234
cd059eb965 Java: Add StringBuildingType 2021-03-22 00:19:23 +01:00
Chris Smowton
e3cf5c235e Add support for Commons-Lang's RandomUtils 
This is realised by somewhat generalising our interfaces for modelling RNGs. We also add tests for randomness-related queries that didn't have any, and addtest cases checking the Apache random-number generators are interchangeable with the stdlib ones.
 2021-03-05 12:09:33 +00:00
Marcono1234
53dc2ce9b6 Java: Use .inc.qhelp extension for included help files 2021-02-26 00:43:51 +01:00
Marcono1234
e21cbe82a9 Update Java documentation links to Java 11 
Where possible update Java documentation links to Java 11.
Additionally update some other links to use HTTPS.
 2021-02-26 00:43:51 +01:00
Anders Schack-Mulligen
f0d3841369 Merge pull request #5105 from JLLeitschuh/feat/JLL/depricated_bintray_usage 
CWE-1104: Maven POM dependence upon Bintray/JCenter
 2021-02-25 09:08:31 +01:00
Jonathan Leitschuh
73fba3a3c0 Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2021-02-15 10:01:03 -05:00
Marcono1234
7a6db061b5 Address review feedback 2021-02-12 20:15:10 +01:00
Marcono1234
905648e452 Add ConditionalExpr.getBranchExpr(boolean) 2021-02-12 04:50:41 +01:00
Jonathan Leitschuh
3b92f97967 Refactor DeclaredRepository to library 2021-02-10 11:41:50 -05:00
Jonathan Leitschuh
21b6f35ddc Update java/ql/src/Security/CWE/CWE-1104/MavenPomDependsOnBintray.qhelp 2021-02-10 10:52:27 -05:00
Jonathan Leitschuh
49985a77e3 Apply suggestions from code review 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2021-02-10 10:51:37 -05:00
Jonathan Leitschuh
f00b0baaea Update java/ql/src/Security/CWE/CWE-1104/MavenPomDependsOnBintray.qhelp 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2021-02-05 16:31:37 -05:00
Jonathan Leitschuh
bfa9324266 CWE-1104: Maven POM dependence upon Bintray/JCenter 2021-02-05 13:05:51 -05:00
Anders Schack-Mulligen
29935e1388 Merge pull request #4771 from intrigus-lgtm/split-cwe-295 
Java: Add unsafe hostname verification query and remove existing overlapping query
 2021-01-13 11:31:38 +01:00
intrigus
1901f6bf55 Java: Make @id @name of query more similar. 2021-01-12 15:36:55 +01:00
intrigus
85286f362c Java: Replace global flow by local flow 2021-01-11 19:02:07 +01:00
intrigus-lgtm
722bd4dafa Java: Revise qhelp 2021-01-11 18:57:24 +01:00
intrigus-lgtm
4cfdb10ddc Java: Improve QLDoc & simplify code 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-01-11 18:50:43 +01:00
intrigus
5c1e746c96 Java: Rename to EnvReadMethod 2021-01-11 13:42:08 +01:00