hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,267 Commits 1,672 Branches 157 Tags
codeql-cli-2.21.1
Commit Graph

13070 Commits

Author SHA1 Message Date
Artem Smotrakov
6b66323ac3 Simplified JexlInjectionLib.qll and removed LocalUserInput 2021-03-02 21:22:46 +01:00
Joe Farebrother
81ff76814f Remove incorrect expectaton 2021-03-02 16:35:34 +00:00
Francis Alexander
173c4b7f2f More Play stubs improvements 2021-03-02 20:39:25 +05:30
Anders Schack-Mulligen
0eb2c06e20 Merge pull request #3945 from porcupineyhairs/structsDevMode 
Java: Add query to detect Apache Struts enabled Devmode
 2021-03-02 15:22:20 +01:00
Porcuiney Hairs
beb15e27eb remove tests 2021-03-02 18:13:33 +05:30
Francis Alexander
4384f78595 Play stubs improvements, cleanup and return values 2021-03-02 16:50:16 +05:30
Anders Schack-Mulligen
b0fa8dfeae Merge pull request #4214 from porcupineyhairs/springViewManipulation 
[Java] Add QL for detecting Spring View Manipulation Vulnerabilities.
 2021-03-02 11:31:42 +01:00
Anders Schack-Mulligen
394c82d564 Apply suggestions from code review 
Adjust qldoc.
 2021-03-02 10:17:07 +01:00
luchua-bc
95d1994196 Query to check sensitive cookies without the HttpOnly flag set 2021-03-01 22:06:52 +00:00
Porcuiney Hairs
5151a528ac Include suggestions from review 2021-03-01 22:59:30 +05:30
Chris Smowton
5d2f3421d8 Add change notes 2021-03-01 16:59:20 +00:00
Chris Smowton
cdccc1a064 Remove needless typecasts 2021-03-01 16:47:34 +00:00
Porcuiney Hairs
14ec148272 refactor to meet experimental guidelines. 2021-03-01 18:46:33 +05:30
Rasmus Wriedt Larsen
0874712c97 C++/Java/Python: Allow Python string prefix in InlineExpectationsTest 
I've been writing tests for crypto libraries in Python, and have wanted to write
code along the lines of

```py
md5.hash(b"some message") # $ HashInput=b"some message"
```

which didn't work before this commit, forcing me to store my text in a variable
like below. This turned out to be really annoying when dealing with more complex
examples, so therefore I'm adding this new functionality to allow this behavior.

```py
msg = b"some message"
md5.hash(msg) # $ HashInput=msg
```
 2021-03-01 13:44:28 +01:00
Chris Smowton
aab9deceef Remove package from test Java file 2021-03-01 10:32:44 +00:00
Chris Smowton
c32514bf66 Sync dataflow library files 2021-03-01 10:27:28 +00:00
Chris Smowton
e6b1fe9b5f Fluent interface dataflow: support argument-output flow directly declared by the simpleLocalFlowStep relation 
This means we will treat fluent interfaces that are modelled the same as those where we determine an argument flows to an output by inspection of the function body.
 2021-03-01 10:23:38 +00:00
Chris Smowton
54caf501e7 Switch fluent-methods test to use a plain DataFlow::Configuration 
No taint edges are involved, so TaintTracking was unnecessary.
 2021-03-01 10:16:02 +00:00
Chris Smowton
fadbb32bd6 Add backward dataflow edges through fluent function invocations. 
This means that much as obj.getA().setB(...) already has a side-effect on `obj`, all three setters in obj.setA(...).setB(...).setC(...) will have a side-effect on `obj`.
 2021-03-01 10:11:28 +00:00
Artem Smotrakov
15a43ffe36 Simplified returnsRemoteInvocationSerializingExporter() 2021-02-27 13:41:20 +01:00
haby0
f795d5e0d3 update JSONP Injection ql 2021-02-27 16:25:17 +08:00
Porcupiney Hairs
42a84a18b0 JAVA : Add query to detect Apache Structs enabled DEvmode 
This query detects cases where the development mode is enabled for a
struts configuration. I can't find a CVE per se but, at present, [Github's fuzzy search](https://github.com/search?q=%3Cconstant+name%3D%22struts.devMode%22+value%3D%22true%22+%2F%3E+language%3Axml&type=Code) returns more
than 44000 results. Some of them look like they are classroom projects,
so they may be ineligible for a CVE. But we should be flagging them
anyways as setting the development on in a production system is a very
bad practice and can often lead to remote code execution.
So these should be fixed anyways.
 2021-02-26 16:30:04 +05:30
Porcupiney Hairs
602f63ad45 [Java] Add QL for detecting Spring View Manipulation Vulnerabilities. 2021-02-26 16:29:18 +05:30
Marcono1234
53dc2ce9b6 Java: Use .inc.qhelp extension for included help files 2021-02-26 00:43:51 +01:00
Marcono1234
e21cbe82a9 Update Java documentation links to Java 11 
Where possible update Java documentation links to Java 11.
Additionally update some other links to use HTTPS.
 2021-02-26 00:43:51 +01:00
intrigus
141f057f7b Java: Remove duplicate code. 2021-02-25 21:29:26 +01:00
Marcono1234
fa189ded9d Java: Add Class and Interface.isPackageProtected() 2021-02-25 18:21:18 +01:00
Tamás Vajk
505d04b13e Merge pull request #5102 from luchua-bc/java/main-method-in-servlet 
Java: CWE-489 Query to detect main() method in servlets
 2021-02-25 16:05:06 +01:00
Joe Farebrother
41b7db144d Allow for array types in model signatures 2021-02-25 11:40:48 +00:00
haby0
0521ef87da Merge remote-tracking branch 'upstream/main' into JsonHijacking 2021-02-25 16:31:14 +08:00
Anders Schack-Mulligen
f0d3841369 Merge pull request #5105 from JLLeitschuh/feat/JLL/depricated_bintray_usage 
CWE-1104: Maven POM dependence upon Bintray/JCenter
 2021-02-25 09:08:31 +01:00
Artem Smotrakov
e02b51f42b Improved SpringHttpInvokerUnsafeDeserialization.qhelp 2021-02-24 22:35:20 +01:00
Artem Smotrakov
aac0c27dcd Added tests for SpringHttpInvokerUnsafeDeserialization.ql 2021-02-24 22:35:20 +01:00
Artem Smotrakov
95284ad71d Added SpringHttpInvokerUnsafeDeserialization.qhelp and example 2021-02-24 22:35:20 +01:00
Artem Smotrakov
476309af6d Added SpringHttpInvokerUnsafeDeserialization.ql 2021-02-24 22:35:20 +01:00
Artem Smotrakov
34b6ed0a05 Removed commented code from JexlUberspect 2021-02-24 22:31:03 +01:00
luchua-bc
e34a203731 Refactor the check of a main method in a test program to improve maintainability 2021-02-24 17:15:08 +00:00
Joe Farebrother
caa6f00292 Switch to CSV based modelling 2021-02-24 16:59:49 +00:00
Jonathan Leitschuh
237fefbcf1 Add release notes 2021-02-24 11:19:20 -05:00
haby0
6fe8bafc7d *)update 2021-02-24 20:59:51 +08:00
haby0
872a000a33 *)update to JSONP injection 2021-02-24 20:36:12 +08:00
Anders Schack-Mulligen
add960bc4d Merge pull request #4880 from luchua-bc/java/sensitive-query-with-get 
Java: Sensitive GET Query
 2021-02-24 11:08:47 +01:00
yo-h
1d654febfd Merge pull request #5195 from aschackmull/java/cwe-548-test 
Java: Add empty file to test.
 2021-02-23 21:12:40 -05:00
Joe Farebrother
e13c779f0f Add additional unit tests 2021-02-23 16:17:13 +00:00
luchua-bc
56e3b301e9 Resolve ambiguous method access 2021-02-23 15:18:07 +00:00
luchua-bc
45f9125bfa Update test program 2021-02-23 14:41:44 +00:00
luchua-bc
9eb8ec7da5 Create a separate file for EJB check 2021-02-23 14:38:15 +00:00
Joe Farebrother
ee651da23f Remove TODO comment 2021-02-23 14:27:11 +00:00
Joe Farebrother
459c0afc55 Add change note 2021-02-23 14:26:12 +00:00
Joe Farebrother
a3b8d4ab2d Switch to inline test expectations; fix failing test outputs 2021-02-23 14:26:12 +00:00