hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
81,307 Commits 1,671 Branches 157 Tags
codeql-cli-2.22.2
Commit Graph

13513 Commits

Author SHA1 Message Date
intrigus
8df5d77398 Java: Model HostnameVerifier method 
Model `HostnameVerifier#setDefaultHostnameVerifier`
 2021-01-11 13:42:06 +01:00
Anders Schack-Mulligen
3a2dd8f1ed Merge pull request #4867 from RasmusWL/java-externalapis-taint-step 
Java: Fix taint-step handling for untrusted-data-external-api
 2021-01-11 13:36:59 +01:00
Rasmus Wriedt Larsen
00c253a710 Java: Don't ignore local taint steps (fixup) 2021-01-08 15:29:01 +01:00
luchua-bc
39103af718 Remove additional taint step 2021-01-08 13:02:57 +00:00
Anders Schack-Mulligen
e5b4975450 Merge pull request #4675 from luchua-bc/cleartext-storage-shared-prefs 
Java: Query to detect cleartext storage of sensitive information using Android SharedPreferences
 2021-01-08 12:41:34 +01:00
luchua-bc
b56fe2b25f Remove specific method name in additional taint step 2021-01-07 16:31:21 +00:00
luchua-bc
606d0946fc Update qldoc 2021-01-07 14:05:12 +00:00
luchua-bc
19ff00bad4 Enhance the additional step flow and update qldoc 2021-01-07 13:15:30 +00:00
luchua-bc
b54e5b1c49 Revamp the library module 2021-01-07 12:44:59 +00:00
Francis Alexander
435502e070 missing new lines 2021-01-06 23:05:09 +05:30
luchua-bc
ce2db21f15 Query to detect hash without salt 2021-01-06 17:30:04 +00:00
Francis Alexander
1f5a466e46 Playframework test cases & review fixes 2021-01-06 22:57:14 +05:30
luchua-bc
f13b8814f5 Update class/method names in the module 2021-01-06 16:49:35 +00:00
luchua-bc
5690bf49f4 Optimize the query 2021-01-06 16:21:26 +00:00
luchua-bc
3d26e5b8a4 Update qldoc 2021-01-06 12:41:00 +00:00
luchua-bc
f1763ae354 Use the sensitive info sink 2021-01-06 01:48:19 +00:00
luchua-bc
367ff99909 Change the source to be the request variable 2021-01-05 17:30:19 +00:00
Chris Smowton
e87fd86e63 Merge pull request #4814 from luchua-bc/java/password-in-configuration 
Java: Password in Java EE configuration files
 2021-01-05 11:42:27 +00:00
Jonathan Leitschuh
ba4a562c9a Update PrintAst.actual with new test output 2021-01-04 23:37:58 -05:00
luchua-bc
195755d687 Revamp the query to be more selective 2021-01-05 00:04:08 +00:00
luchua-bc
496db4b42f Factor isGetServletMethod into the servlet library 2021-01-04 16:14:13 +00:00
Jonathan Leitschuh
028e4756bb Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-01-04 10:13:52 -05:00
luchua-bc
c069a5b4c6 Factor private host regex into the networking library and enhance the query 2021-01-04 14:51:32 +00:00
Jonathan Leitschuh
54950c2f42 Add MethodAccessSystemGetProperty predicate 2021-01-01 20:07:45 -05:00
luchua-bc
ffe9d4a310 Sensitive GET Query 2020-12-26 16:51:30 +00:00
Rasmus Wriedt Larsen
874af7637f Java: Fix taint-step handling for untrusted-data-external-api 
The previous implementation would not handle any `AdditionalTaintStep`
subclasses.
 2020-12-22 11:02:50 +01:00
luchua-bc
4ec78d04f8 Insecure LDAP authentication 2020-12-21 00:15:15 +00:00
luchua-bc
bfb138d415 Update qldoc 2020-12-17 14:42:14 +00:00
luchua-bc
7b44ee50ea Revamp the functions to have a string parameter 2020-12-17 14:26:13 +00:00
luchua-bc
b44f01a87b Enhance the check for embedded passwords 2020-12-17 03:47:38 +00:00
luchua-bc
bed8a68d28 Exclude broken algorithms from the list of secure algorithms 2020-12-17 00:41:23 +00:00
luchua-bc
6b77922a25 Fix typo and update qldoc 2020-12-16 14:04:45 +00:00
luchua-bc
d7facb42d6 Add missing broken crypto algorithms 2020-12-16 04:32:11 +00:00
luchua-bc
523f0fb247 Enhance the query and update qldoc 2020-12-14 17:01:30 +00:00
luchua-bc
d469e9b24e Format the code and minor text change 2020-12-13 21:15:18 +00:00
luchua-bc
e27ccd0a81 Format the code and update qldoc 2020-12-13 02:33:03 +00:00
luchua-bc
7ba237120b Password in Java EE configuration files 2020-12-12 05:15:04 +00:00
Joe Farebrother
732542adcb Add change note 2020-12-09 16:41:31 +00:00
Joe Farebrother
24dc631a8f Java: Fix false positive in XXE query 2020-12-08 16:38:42 +00:00
Joe Farebrother
2fd5d26b1b Add FP as a test case 2020-12-08 16:37:53 +00:00
yo-h
54d7cac46d Merge pull request #4718 from aschackmull/java/cleanup-deprecated 
Java: Remove some deprecated classes.
 2020-12-04 11:17:14 -05:00
yo-h
a5393b4661 Merge pull request #4746 from aschackmull/java/ssa-perf 
Java: Improve performance of SSA.
 2020-12-04 11:16:39 -05:00
Anders Schack-Mulligen
0cc324b715 Merge pull request #3839 from luchua-bc/uncaught-servlet-exception 
Java: Uncaught servlet exception
 2020-12-02 15:12:59 +01:00
Anders Schack-Mulligen
0175a596ef Update java/ql/src/experimental/Security/CWE/CWE-600/UncaughtServletException.ql 2020-12-02 13:33:59 +01:00
yo-h
cdeeefc235 Merge commit '8f2094f' into yo-h/java15-merge 2020-12-01 17:47:58 -05:00
Anders Schack-Mulligen
8f2094f0bf Autoformat. 2020-11-30 14:42:38 +01:00
Anders Schack-Mulligen
88e0759365 Java: Change RemoteUserInput to private instead of removing. 2020-11-30 13:40:53 +01:00
Anders Schack-Mulligen
5a66d6ab93 Java: Improve performance of SSA. 2020-11-30 11:26:03 +01:00
Anders Schack-Mulligen
931322e4c5 Merge pull request #4668 from aschackmull/dataflow/refactor-pruning 
Dataflow: Refactor pruning stages.
 2020-11-30 09:37:04 +01:00
yo-h
7e8bc4a61b Merge commit '2fa9037' into yo-h/java15-merge 2020-11-29 18:42:20 -05:00