hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
76,207 Commits 1,672 Branches 157 Tags
codeql-cli-2.20.5
Commit Graph

1238 Commits

Author SHA1 Message Date
Ed Minnix
51006aa088 Formatting fix 2024-01-08 09:38:50 -05:00
Ed Minnix
4fc6f710a4 Fix alert message 2024-01-08 09:38:48 -05:00
Ed Minnix
1550f5df2a Environment variable injection query documentation 2024-01-08 09:38:47 -05:00
Ed Minnix
818c5de8d5 security-severity metadata 2024-01-08 09:38:46 -05:00
Ed Minnix
8ed3f3c865 Move to library 2024-01-08 09:38:44 -05:00
Ed Minnix
b482b36b5f Initial ProcessBuilder support 2024-01-08 09:38:41 -05:00
Ed Minnix
93025cc8cf Argument injection initial commit 2024-01-08 09:38:40 -05:00
Tony Torralba
8ad787f3b8 Java: Generelize MaybeBrokenCryptoAlgorithmQuery.qll 2023-12-22 10:15:40 +01:00
Ed Minnix
8051cfcef5 Fix tests and fix getStringValue method 2023-12-21 22:48:08 -05:00
Tony Torralba
0524289a73 Update java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql 2023-12-18 08:50:10 +01:00
Ed Minnix
02581a3850 Move class for getProperty method call to Properties.qll 2023-12-15 11:09:08 -05:00
Ed Minnix
83c6ece405 Move weak hashing into MaybeBrokenCryptoAlgorithm 2023-12-15 11:09:07 -05:00
Ed Minnix
cb0ea350b5 Improve docs 2023-12-15 11:09:07 -05:00
Ed Minnix
0efca8200d Weak Hashing query wording 2023-12-15 11:09:07 -05:00
Ed Minnix
93cf5b8eb9 Weak Hashing Property initial query 2023-12-15 11:09:07 -05:00
Edward Minnix III
06eef93f89 Docs review suggestions 2023-12-11 11:18:40 -05:00
Edward Minnix III
ce20c4ae03 Docs review suggestions 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2023-12-11 11:18:40 -05:00
Ed Minnix
3ca039bc8f Rename to InsecureRandomness 2023-12-11 11:18:40 -05:00
Edward Minnix III
4678302edb Update query metadata 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2023-12-11 11:18:39 -05:00
Ed Minnix
e69ff7b601 Move to library and add docs 2023-12-11 11:18:38 -05:00
Ed Minnix
9f986ca527 Add Weak Randomness Query 2023-12-11 11:18:38 -05:00
Max Schaefer
ca334021ad Merge pull request #14793 from github/max-schaefer/tainted-path-qhelp 
Java: Improve QHelp for `java/path-injection` to mention less disruptive fixes.
 2023-11-16 14:09:55 +00:00
Max Schaefer
a5e7ef424e Revert "Add additional example." 
This reverts commit 947b094387.
 2023-11-16 11:54:16 +00:00
Max Schaefer
143e1680bd Apply suggestions from code review 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2023-11-16 11:42:35 +00:00
Max Schaefer
947b094387 Add additional example. 2023-11-16 10:06:19 +00:00
Max Schaefer
009d58034f Address suggestions from review. 2023-11-16 10:05:54 +00:00
Max Schaefer
a46a7fadb2 Java: Improve QHelp for java/path-injection to mention less disruptive fixes. 2023-11-15 11:25:13 +00:00
Tony Torralba
5442cdb49c Merge pull request #14610 from atorralba/atorralba/java/jms-deserialization 
Java: Add JMS sink to java/unsafe-deserialization
 2023-11-08 09:10:20 +01:00
Geoffrey White
e8a466a02c Update dead link. 2023-11-07 09:26:07 +00:00
Tony Torralba
7af3d239ab Java: Add JMS sink to java/unsafe-deserialization 2023-10-26 16:46:19 +02:00
Chris Smowton
e8c9708282 Autoformat 2023-10-24 11:06:19 +01:00
Chris Smowton
ac38d4c9c6 Mass rename L/RValue -> VarWrite/Read 2023-10-24 10:58:29 +01:00
Chris Smowton
59a49eef0b Add aliases for public, importable renamed classes and predicates. 
Also rename and aliases a couple of uses of Access noted along the way.
 2023-10-24 10:54:35 +01:00
Chris Smowton
f552a15aae Mass-rename MethodAccess -> MethodCall 2023-10-24 10:30:26 +01:00
Tony Torralba
d08ee76b16 Java: Improve java/spring-disabled-csrf-protection 2023-10-16 16:01:14 +02:00
intrigus-lgtm
874f91c7ae Java: Further alert message improvement 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2023-09-18 12:25:31 +02:00
intrigus-lgtm
b6417ca212 Java: Fix alert message 
The signing key that is being set, is _not_ what is being parsed.
A _JWT_ is being parsed, that will then be verified using the set key.
(Or in our case not, because we're looking for security problems :P)
 2023-09-12 02:23:37 +02:00
Edward Minnix III
8d88af1af0 Apply docs review suggestions 
Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com>
 2023-08-17 13:05:38 -04:00
Ed Minnix
b305962c9a Use more appropriate description 2023-08-17 13:05:37 -04:00
Edward Minnix III
929090a847 Typos and style fixes 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2023-08-17 13:05:37 -04:00
Ed Minnix
172b8a6967 Documentation fixes 2023-08-17 13:05:37 -04:00
Ed Minnix
b567ec875a Documentation 2023-08-17 13:05:37 -04:00
Ed Minnix
f58590c6a9 Trust Boundary Work 2023-08-17 13:05:37 -04:00
Ed Minnix
3e7444cd66 Style fixes 2023-08-17 13:05:36 -04:00
Ed Minnix
15370506b8 Add missing security severity 2023-08-17 13:05:36 -04:00
Ed Minnix
a8b7e70d01 Convert trust boundary models to MaD 2023-08-17 13:05:36 -04:00
Ed Minnix
76438f13b6 Trust Boundary Query 2023-08-17 13:05:36 -04:00
Anders Schack-Mulligen
91de43f918 C#/Java/Ruby: Remove superfluous module members. 2023-07-13 11:38:35 +02:00
Tony Torralba
a7c2a25cac Merge pull request #12879 from atorralba/atorralba/java/command-injection-mad-sinks 
Java: Convert all command injection sinks to MaD format
 2023-06-27 14:06:45 +02:00
Tony Torralba
8f6d2ed2f9 Adjust ZipSlip query description according to review suggestions. 2023-06-19 10:27:41 +02:00