hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 03:06:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
81,788 Commits 1,672 Branches 157 Tags
codeql-cli-2.22.4
Commit Graph

5752 Commits

Author SHA1 Message Date
Chris Smowton
fd4dc95d84 Merge pull request #6443 from artem-smotrakov/ignored-hostname-verifier 
Java: An experimental query for ignored hostname verification
 2022-02-14 18:56:27 +00:00
Chris Smowton
f2bc5849ce format 2022-02-14 17:00:14 +00:00
Jonathan Leitschuh
2048aed0a9 Review feedback and improve temp dir vulnerable/safe code sugestion 2022-02-14 11:29:16 -05:00
Chris Smowton
a62eae5a1e Remove redundant conditions from HostnameVerificationCall.isIgnored 2022-02-14 16:26:41 +00:00
Jonathan Leitschuh
76964d58f2 Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2022-02-14 11:04:31 -05:00
Jonathan Leitschuh
bb580ddbab Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2022-02-14 11:02:05 -05:00
Jonathan Leitschuh
7dee22a130 Fix implicit 'this' usage 2022-02-14 11:00:41 -05:00
luchua-bc
2b5982fd9d Remove specified value step from additional taint step 2022-02-14 15:42:54 +00:00
luchua-bc
35a924292b Model value passing between a setter and a getter call as a value step 2022-02-14 14:08:55 +00:00
Artem Smotrakov
48604cd7b3 Better HostnameVerificationCall.isIgnored() 2022-02-12 15:52:16 +00:00
Artem Smotrakov
36e565d673 Use classes from semmle.code.java.security.Encryption 2022-02-12 15:31:35 +00:00
Artem Smotrakov
651e43dee6 Clarify what verifier is 2022-02-12 12:24:48 +00:00
luchua-bc
78630f25dd Match attribute name to reduce FP 2022-02-11 23:53:31 +00:00
luchua-bc
e3d0e9f083 Update normalized path node 2022-02-11 12:38:05 +00:00
github-actions[bot]
21bf29353f Post-release preparation for codeql-cli-2.8.1 2022-02-11 11:07:31 +00:00
luchua-bc
12c53baba4 Simplify the query 2022-02-11 01:05:06 +00:00
github-actions[bot]
f25fc70b7c Release preparation for version 2.8.1 2022-02-10 22:08:24 +00:00
Artem Smotrakov
0ba229a64b Apply suggestions from code review (typos/formatting) 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-02-10 18:37:12 +00:00
Jonathan Leitschuh
bafcce17d4 Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-02-09 22:14:17 -05:00
luchua-bc
ce03aeb4d9 Fixed an issue related to normalized path 2022-02-09 23:19:40 +00:00
Jonathan Leitschuh
ded8d64301 Remove CAPC and add CWE-93 2022-02-09 12:31:53 -05:00
Jonathan Leitschuh
03fdee3767 Cleanup Netty Response Splitting Query 2022-02-09 12:28:11 -05:00
Jonathan Leitschuh
8ffe878722 Apply suggestions from code review 
Co-authored-by: Matt Pollard <mattpollard@users.noreply.github.com>
 2022-02-09 12:28:11 -05:00
Jonathan Leitschuh
c732cb7759 Add HTTP Request Splitting to Netty Query 2022-02-09 12:28:10 -05:00
Jonathan Leitschuh
49a73673b6 Fix FP from mkdirs call on exact temp directory 2022-02-09 11:04:23 -05:00
Jonathan Leitschuh
787e3dac31 Update java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-02-09 10:07:56 -05:00
Tom Hvitved
9440a45015 Merge branch 'main' into post-release-prep/codeql-cli-2.8.0 2022-02-09 09:40:33 +01:00
luchua-bc
4609227e76 Use data model for request/session attribute operations 2022-02-09 03:24:46 +00:00
Jonathan Leitschuh
7f46640176 Consider calls to setReadable(false, false) then setReadable(true, true) to be safe 2022-02-08 17:57:10 -05:00
Chris Smowton
a6596ea7ce Fix test requirements, formatting 2022-02-08 12:01:32 +00:00
Benjamin Muskalla
b62df5a9ad Merge pull request #7872 from bmuskalla/fixCoverageCollection 
Collect framework coverage on demand
 2022-02-08 11:27:48 +01:00
Henry Mercer
eff0ca01b1 Merge pull request #7417 from github/henrymercer/java/update-telemetry-query-metadata 
Java: Start running telemetry queries on Code Scanning
 2022-02-08 10:26:30 +00:00
Chris Smowton
79654592d9 Apply suggestions from code review 2022-02-08 10:23:46 +00:00
Benjamin Muskalla
ff8a96b96d Rename framework coverage query 
Move it to the other summary queries, update all references.
 2022-02-08 11:14:03 +01:00
luchua-bc
ff4826d203 Correct the data model and update qldoc 2022-02-08 04:02:27 +00:00
Jonathan Leitschuh
c4112e6d4c Post refactor fixiup 2022-02-07 15:02:13 -05:00
Chris Smowton
de38638db6 Combine CWE-200 queries 2022-02-07 14:22:36 -05:00
Benjamin Muskalla
9af50f5216 Turn framework coverage into metric query 2022-02-07 12:08:18 +01:00
github-actions[bot]
b4ab86c020 Post-release preparation for codeql-cli-2.8.0 2022-02-06 23:34:07 +00:00
Artem Smotrakov
f53b2fcc62 Updated IgnoredHostnameVerification.ql to cover more uses of HostnameVerifier.verify() 2022-02-06 11:23:20 +00:00
Jonathan Leitschuh
1f47ea5164 Update to new change note format 2022-02-04 17:16:12 -05:00
Jonathan Leitschuh
0268dd9f0a Add file creation sanitizer 2022-02-04 17:10:27 -05:00
Jonathan Leitschuh
0a621c2801 Fix the formatting in TempDirLocalInformationDisclosureFromMethodCall 2022-02-04 17:10:27 -05:00
Jonathan Leitschuh
d5c9af31b2 Fixup documentation/code from PR feedback 2022-02-04 17:10:26 -05:00
Jonathan Leitschuh
f7a4aac525 Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-02-04 17:10:26 -05:00
Jonathan Leitschuh
a4b5573f53 Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-02-04 17:10:26 -05:00
Jonathan Leitschuh
a8d25b63ac Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-02-04 17:10:26 -05:00
Chris Smowton
e795823d97 Autoformat TempDirUtils.qll 2022-02-04 17:10:26 -05:00
Jonathan Leitschuh
7e514e9ef9 Add QLdoc and fix Compiler Errors in Tests 2022-02-04 17:10:26 -05:00
Jonathan Leitschuh
cb30385684 Update java/ql/src/Security/CWE/CWE-200/TempDirUtils.qll 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2022-02-04 17:10:26 -05:00