hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
81,788 Commits 1,672 Branches 157 Tags
codeql-cli-2.22.4
Commit Graph

5752 Commits

Author SHA1 Message Date
Joe Farebrother
04df556861 Add suggested reference 2022-08-05 12:56:20 +01:00
Joe Farebrother
abf894a64c Fix typos 2022-08-05 12:56:20 +01:00
Joe Farebrother
0d09484efc Add change note 2022-08-05 12:56:19 +01:00
Joe Farebrother
f8ccbcba70 Add qhelp 2022-08-05 12:56:19 +01:00
Joe Farebrother
16e16f08dc Add webview cert validation query 2022-08-05 12:56:18 +01:00
Anders Schack-Mulligen
43d4324f65 Java: Improve performance of ConfusingOverloading. 2022-08-04 16:05:30 +02:00
Anders Schack-Mulligen
c2b99747d4 Merge pull request #9951 from aschackmull/java/notintersect-perf 
Java: Improve join-order for `not haveIntersection`.
 2022-08-04 11:08:02 +02:00
Chris Smowton
af274354a0 Merge pull request #9956 from github/smowton/feature/tainted-path-query-mad 
Make java/path-injection recognise create-file MaD sinks
 2022-08-04 08:59:59 +01:00
Shyam Mehta
76cecc170e Fix documentation 2022-08-03 14:30:17 -04:00
Chris Smowton
977823bd76 Create 2022-08-03-tainted-path-mad.md 2022-08-03 10:54:35 +01:00
Chris Smowton
84a4b6a866 Make reporting locations consistent with PathCreation; add test 2022-08-03 10:42:09 +01:00
Rasmus Wriedt Larsen
8fb85a98d8 Merge branch 'main' into post-release-prep/codeql-cli-2.10.2 2022-08-03 10:42:02 +02:00
Chris Smowton
83498f58db Add missing import 2022-08-03 08:53:43 +01:00
Chris Smowton
81f3bcd802 Don't require a PathCreation for every tainted-path sink 2022-08-02 21:30:06 +01:00
Chris Smowton
c95f17fdf2 Make java/path-injection recognise create-file MaD sinks 2022-08-02 21:28:00 +01:00
Anders Schack-Mulligen
aabdf84300 Java: Improve join-order for not haveIntersection. 2022-08-02 14:29:03 +02:00
Anders Schack-Mulligen
80bba605e3 Java: Fix join-order in SameNameAsSuper. 2022-08-02 12:49:21 +02:00
luchua-bc
b69eba9238 Add check for Spring redirect 2022-07-29 01:59:47 +00:00
github-actions[bot]
e8747d3176 Post-release preparation for codeql-cli-2.10.2 2022-07-28 20:00:09 +00:00
github-actions[bot]
212786ed91 Release preparation for version 2.10.2 2022-07-28 13:38:35 +00:00
luchua-bc
1ce31ec32c Add sinks of servlet dispatcher and filter 2022-07-26 23:05:25 +00:00
luchua-bc
962069ccff Add path check in a security context (redirect) 2022-07-22 23:10:52 +00:00
luchua-bc
48f143e7d4 Query to detect regex dot bypass 2022-07-20 22:39:24 +00:00
Shyam Mehta
09ec37943c Partial Path Traversal split into 2 queries 2022-07-20 17:53:26 -04:00
smehta23
b7e522749f Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2022-07-20 15:32:59 -04:00
Asger F
b9bdee6651 Merge branch 'main' into post-release-prep/codeql-cli-2.10.1 2022-07-19 16:24:35 +02:00
Raul Garcia
eefa659503 Update java/ql/src/experimental/Security/CWE/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql 
Co-authored-by: yo-h <55373593+yo-h@users.noreply.github.com>
 2022-07-16 08:23:59 -07:00
Raul Garcia
fe789c8aa9 Update java/ql/src/experimental/Security/CWE/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql 
Co-authored-by: yo-h <55373593+yo-h@users.noreply.github.com>
 2022-07-16 08:22:18 -07:00
github-actions[bot]
0ee476129a Post-release preparation for codeql-cli-2.10.1 2022-07-14 14:38:49 +00:00
Erik Krogh Kristensen
85a652f3d1 remove a bunch of repeated words 2022-07-14 12:42:48 +02:00
Jeroen Ketema
fe1f1bb79d Fix issues with change notes 2022-07-14 11:06:14 +02:00
github-actions[bot]
d1aa0d7dd3 Release preparation for version 2.10.1 2022-07-14 08:56:03 +00:00
Chris Smowton
a6970638cb Improve description 2022-07-13 20:27:10 +01:00
Chris Smowton
01cec0490b Abbreviate qhelp 2022-07-13 20:24:44 +01:00
Erik Krogh Kristensen
a4262f8d91 add some more references to the overly-large-range qhelp 2022-07-13 11:20:24 +02:00
Raul Garcia
0dbb03f732 Adding CVE information. 2022-07-12 21:49:19 -07:00
Raul Garcia
a4adf06713 Addressing feedback for the qhelp file. 2022-07-12 13:51:12 -07:00
Raul Garcia
64343e00f4 Update java/ql/src/experimental/Security/CWE/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-07-12 08:14:25 -07:00
Raul Garcia
8a48708014 Update java/ql/src/experimental/Security/CWE/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-07-12 08:14:13 -07:00
Raul Garcia
2bac181094 Update java/ql/src/experimental/Security/CWE/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-07-12 08:13:53 -07:00
Raul Garcia
a4e35a97ea Update java/ql/src/experimental/Security/CWE/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-07-12 08:13:38 -07:00
Raul Garcia
a51d713925 Update java/ql/src/experimental/Security/CWE/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-07-12 08:13:12 -07:00
Erik Krogh Kristensen
220ff3cb2e convert tabs to spaces in qhelp 2022-07-12 16:02:50 +02:00
Erik Krogh Kristensen
ff25451699 rename query to overly-large-range, and rewrite the @description 2022-07-12 16:02:46 +02:00
Shyam Mehta
65b9947428 Incorporate jksco's feedback 2022-07-12 02:02:31 -04:00
smehta23
781a2a73d3 Merge branch 'main' into feat/SM/java_partial_path_traversal_vulnerability 2022-07-12 01:48:12 -04:00
Raul Garcia
d5791e2d56 Addressing feedback from the PR 2022-07-11 15:45:15 -07:00
Raul Garcia
ac05577966 Making various changes based on the feedback. Pending: 2 non-trivial fixes for Java & Python. 2022-07-11 13:25:35 -07:00
Chris Smowton
74641ccfee Simplify test for no-arg constructor 2022-07-11 11:01:19 +01:00
Raul Garcia
01da877d0e Moving the new query to experimental. It was added to the wrong folder initially. 2022-07-06 14:07:14 -07:00