hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
76,593 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.6
Commit Graph

4033 Commits

Author SHA1 Message Date
Tony Torralba
9b78cee37a Add tests 2021-05-05 11:59:57 +02:00
Tony Torralba
458b89bf5f Added Android stubs 2021-05-05 11:57:01 +02:00
Timo Mueller
787a4ede85 Fixed file reference in test cases 2021-05-04 15:33:53 +02:00
Timo Mueller
374ed851a0 Fixed file reference in test cases 2021-05-04 15:12:50 +02:00
luchua-bc
703fbf139a Add more methods and update the library name 2021-05-04 02:54:49 +00:00
Jonathan Leitschuh
dfad1fc740 [Java] Add support for com.google.common.base.MoreObjects#firstNonNull 2021-05-03 12:58:00 -04:00
Tony Torralba
e68c6e66a5 Remove qlref file 2021-05-03 17:53:37 +02:00
Tony Torralba
4d5ec87de9 Use InlineTest 2021-05-03 13:27:24 +02:00
Tony Torralba
4bfd34b1fe Moved from experimental 2021-05-03 13:15:24 +02:00
Tony Torralba
38e052482c More csv sinks and sources 2021-05-03 12:44:53 +02:00
luchua-bc
4709e8139d JPython code injection 2021-05-03 01:43:56 +00:00
Timo Mueller
15a3068f8a Added query for insecure environment configuration RMI JMX (CVE-2016-8735) 2021-04-30 16:23:17 +02:00
Chris Smowton
b2c0259197 Merge pull request #5631 from haby0/UseOfLessTrustedSource 
[Java] CWE-348: Using a client-supplied IP address in a security check
 2021-04-30 15:20:53 +01:00
haby0
fdcc517b9f UseOfLessTrustedSource -> ClientSuppliedIpUsedInSecurityCheck" 2021-04-30 17:43:34 +08:00
Chris Smowton
ad9ea40954 Merge pull request #5597 from intrigus-lgtm/java/jwt-insecure-parse 
[Java] JWT without signature check.
 2021-04-29 14:41:11 +01:00
haby0
e813257431 use hardCode 2021-04-29 21:23:52 +08:00
intrigus
a8865e2fa2 Java: Cleanup jwt stubs. 2021-04-28 20:46:09 +02:00
haby0
5be9fbbc5a Remove LogOperationSink and PrintSink 2021-04-27 14:12:33 +08:00
p0wn4j
3d891f0b39 [Java] CWE-078: Add JSch OS command injection sink 2021-04-26 18:20:32 +04:00
edvraa
ade238307f Add a test 2021-04-22 10:02:06 +03:00
haby0
454324781d delete IfStmt 2021-04-22 11:59:33 +08:00
Chris Smowton
6589460357 Add models for Commons ToStringBuilder 
These don't include support for reflectionToString yet, which is coming up in a subsequent PR.
 2021-04-21 15:47:19 +01:00
Tamas Vajk
e25305e3cc Java: Introduce LoC summary metric query 2021-04-21 14:27:00 +02:00
edvraa
13655b5d80 Add RegExUtils 2021-04-21 13:08:35 +03:00
p0wn4j
f2de440886 [Java] CWE-094: Query to detect Groovy Code Injections 2021-04-20 19:18:24 +04:00
yo-h
cb524b6c19 Merge pull request #5611 from github/yo-h/java16 
Java: adjust test `options` for JDK 16 upgrade
 2021-04-19 15:12:23 -04:00
haby0
8296abcea8 Fix Modify the ql query (the qhelp part is not modified). 2021-04-19 20:59:47 +08:00
Anders Schack-Mulligen
579c955892 Java: Adjust some tests. 2021-04-19 14:06:27 +02:00
Anders Schack-Mulligen
175c71221a Java: Adjust some test output with more edges/nodes. 2021-04-19 14:06:27 +02:00
haby0
23b508c5e7 Merge remote-tracking branch 'upstream/main' into UseOfLessTrustedSource 2021-04-19 20:05:49 +08:00
Anders Schack-Mulligen
29aec0d770 Java: Adjust expected output. 2021-04-19 13:16:46 +02:00
Anders Schack-Mulligen
c5193cf03f Apply suggestions from code review 2021-04-19 13:14:56 +02:00
Anders Schack-Mulligen
06514159be Java: Add XXE tests. 2021-04-19 10:58:21 +02:00
Anders Schack-Mulligen
daad62c4e0 Java: Add TaintedPath test. 2021-04-19 10:07:03 +02:00
edvraa
29e320627f Regex injection 2021-04-16 23:29:08 +03:00
Anders Schack-Mulligen
605f28f741 Merge pull request #5686 from smowton/haby0/JsonHijacking 
Java: JSONP Injection w/cleanups
 2021-04-16 11:09:17 +02:00
Chris Smowton
254de76078 Remove unnecessary stubs 2021-04-15 16:20:27 +01:00
Chris Smowton
fa36ba901a Merge pull request #5471 from artem-smotrakov/el-injection 
Java: Query for detecting Jakarta Expression Language injections
 2021-04-15 12:39:34 +01:00
haby0
216f204438 delete FilterClass 2021-04-15 19:28:25 +08:00
haby0
583d0889e2 delete tomcat-embed-core stub, update the ServletGetMethod class 2021-04-15 17:40:51 +08:00
haby0
b3bdf89fc2 rm VerificationMethodFlowConfig, use springframework-5.2.3 stub 2021-04-15 10:25:40 +08:00
Artem Smotrakov
97186b3d30 Added comments for tests 2021-04-14 19:30:58 +03:00
haby0
e2ed0d02b0 Delete existsFilterVerificationMethod and existsServletVerificationMethod, add from get handler to filter 2021-04-14 12:34:52 +08:00
Chris Smowton
58d198261e Merge pull request #5663 from smowton/luchua/java/sensitive-cookie-not-httponly 
Java: CWE-1004 Query to check sensitive cookies without the HttpOnly flag set w/minor corrections
 2021-04-13 12:08:53 +01:00
Chris Smowton
f22b11881e Minimise stubs 
By removing all business logic from the stubs, we better test that our analysis treats them as opaque and does not rely on their internal structure
 2021-04-13 10:36:28 +01:00
Chris Smowton
45e1a61d7b Mark test as bad-but-missed 
This test ought ideally to be caught, but isn't by the current version of the query.
 2021-04-13 10:36:27 +01:00
luchua-bc
d7f26dfc18 Update stub classes and qldoc 2021-04-12 16:19:23 +00:00
Chris Smowton
423ff32d04 Merge pull request #5384 from luchua-bc/java/insecure-spring-actuator-config 
Java: CWE-016 Query to detect insecure configuration of Spring Boot Actuator
 2021-04-12 17:04:47 +01:00
Chris Smowton
2656a52880 Merge pull request #5538 from luchua-bc/java/credentials-in-properties 
Java: CWE-555 Query to detect plaintext credentials in Java properties files
 2021-04-12 15:22:21 +01:00
luchua-bc
c281e54d22 Remove unused files and update qldoc 2021-04-12 13:05:01 +00:00