hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
76,207 Commits 1,672 Branches 157 Tags
codeql-cli-2.20.5
Commit Graph

5479 Commits

Author SHA1 Message Date
Chris Smowton
774e379eb1 Merge pull request #9742 from smehta23/feat/SM/java_partial_path_traversal_vulnerability 
[JAVA] Partial Path Traversal Vuln Query
 2022-08-15 12:56:16 +01:00
Erik Krogh Kristensen
0adb588fe8 Merge pull request #9712 from erik-krogh/badRange 
JS/RB/PY/Java: add suspicious range query
 2022-08-15 13:55:44 +02:00
Chris Smowton
1a3dc1d6eb Remove extra closing tag 2022-08-15 11:31:53 +01:00
Chris Smowton
5677e38994 Style edit 2022-08-15 10:37:55 +01:00
Chris Smowton
3cf871e9e5 Apply docs suggestions 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-08-15 10:34:55 +01:00
Chris Smowton
b62e9dc92c Convert tests to inline expectations and fix one bug revealed doing so 
Specifically Apache sshd defines its sensitive api calls on an inherited interface, and they need to be described that way for us to pick them up.
 2022-08-13 14:02:05 +01:00
Chris Smowton
ddb0846e06 Split up hardcoded creds queries, ready for conversion to inline expectations 2022-08-13 12:39:16 +01:00
Daniel Santos
60e0f09586 Additional hardcoded credentials candidates 3rd-party api calls 2022-08-13 12:39:15 +01:00
erik-krogh
b54f037424 Merge branch 'main' into refacReDoS 2022-08-12 20:28:30 +02:00
github-actions[bot]
21d0c78376 Post-release preparation for codeql-cli-2.10.3 2022-08-11 23:20:39 +00:00
github-actions[bot]
57c4f9145b Release preparation for version 2.10.3 2022-08-11 11:12:15 +00:00
Anders Schack-Mulligen
ecc15a1f95 Java: Remove SensitiveLoggingQuery results that flow through a source. 2022-08-10 14:28:07 +02:00
Chris Smowton
09e4c6b66b Add dataflow path-graph 2022-08-10 10:37:55 +01:00
Chris Smowton
2ca0b0c6b5 Inline qhelp overview 
A <p> at the top isn't allowed, and for some reason the inclusion is required to be a valid qhelp file.
 2022-08-10 10:37:48 +01:00
Erik Krogh Kristensen
559ec7ba56 Merge branch 'main' into repeatedWord 2022-08-09 21:22:47 +02:00
smehta23
cf68a11267 Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.qhelp 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-08-09 11:59:28 -07:00
smehta23
4d80fd0b00 Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.qhelp 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-08-09 11:59:14 -07:00
smehta23
7da07400ea Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversalFromRemote.qhelp 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-08-09 11:59:03 -07:00
smehta23
c2b670eff8 Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversalFromRemote.qhelp 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-08-09 11:58:55 -07:00
Erik Krogh Kristensen
49276b1f38 Merge branch 'main' into refacReDoS 2022-08-09 16:18:46 +02:00
Erik Krogh Kristensen
0abbd50ca1 apply changes based on docs review 2022-08-09 13:51:40 +02:00
Shyam Mehta
af92fc389b Update PartialPathTraversalFromRemote.qhelp 2022-08-08 17:37:57 -04:00
Shyam Mehta
50b4df52f0 Fixed precision labels 2022-08-08 17:36:04 -04:00
Shyam Mehta
9d3e8ec475 Update PartialPathTraversalFromRemote.qhelp 2022-08-08 17:35:36 -04:00
smehta23
4f1bc3022c Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversalFromRemote.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-08-08 17:09:43 -04:00
Joe Farebrother
e9f9e681ef Change man-in-the-middle back to machine-in-the-middle 
(gender-neutral language)

This reverts commit d5ab330450d3f5c1d36d0d9b6a8f1dc32bc908e3.
 2022-08-05 12:56:21 +01:00
Joe Farebrother
79b1f24133 Change machine-in-the-middle to man-in-the-middle 2022-08-05 12:56:20 +01:00
Joe Farebrother
04df556861 Add suggested reference 2022-08-05 12:56:20 +01:00
Joe Farebrother
abf894a64c Fix typos 2022-08-05 12:56:20 +01:00
Joe Farebrother
0d09484efc Add change note 2022-08-05 12:56:19 +01:00
Joe Farebrother
f8ccbcba70 Add qhelp 2022-08-05 12:56:19 +01:00
Joe Farebrother
16e16f08dc Add webview cert validation query 2022-08-05 12:56:18 +01:00
Anders Schack-Mulligen
43d4324f65 Java: Improve performance of ConfusingOverloading. 2022-08-04 16:05:30 +02:00
Anders Schack-Mulligen
c2b99747d4 Merge pull request #9951 from aschackmull/java/notintersect-perf 
Java: Improve join-order for `not haveIntersection`.
 2022-08-04 11:08:02 +02:00
Chris Smowton
af274354a0 Merge pull request #9956 from github/smowton/feature/tainted-path-query-mad 
Make java/path-injection recognise create-file MaD sinks
 2022-08-04 08:59:59 +01:00
Shyam Mehta
76cecc170e Fix documentation 2022-08-03 14:30:17 -04:00
Chris Smowton
977823bd76 Create 2022-08-03-tainted-path-mad.md 2022-08-03 10:54:35 +01:00
Chris Smowton
84a4b6a866 Make reporting locations consistent with PathCreation; add test 2022-08-03 10:42:09 +01:00
Rasmus Wriedt Larsen
8fb85a98d8 Merge branch 'main' into post-release-prep/codeql-cli-2.10.2 2022-08-03 10:42:02 +02:00
Chris Smowton
83498f58db Add missing import 2022-08-03 08:53:43 +01:00
Chris Smowton
81f3bcd802 Don't require a PathCreation for every tainted-path sink 2022-08-02 21:30:06 +01:00
Chris Smowton
c95f17fdf2 Make java/path-injection recognise create-file MaD sinks 2022-08-02 21:28:00 +01:00
Anders Schack-Mulligen
aabdf84300 Java: Improve join-order for not haveIntersection. 2022-08-02 14:29:03 +02:00
Anders Schack-Mulligen
80bba605e3 Java: Fix join-order in SameNameAsSuper. 2022-08-02 12:49:21 +02:00
luchua-bc
b69eba9238 Add check for Spring redirect 2022-07-29 01:59:47 +00:00
github-actions[bot]
e8747d3176 Post-release preparation for codeql-cli-2.10.2 2022-07-28 20:00:09 +00:00
github-actions[bot]
212786ed91 Release preparation for version 2.10.2 2022-07-28 13:38:35 +00:00
luchua-bc
1ce31ec32c Add sinks of servlet dispatcher and filter 2022-07-26 23:05:25 +00:00
luchua-bc
962069ccff Add path check in a security context (redirect) 2022-07-22 23:10:52 +00:00
luchua-bc
48f143e7d4 Query to detect regex dot bypass 2022-07-20 22:39:24 +00:00