codeql

mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00

Author	SHA1	Message	Date
Chris Smowton	a8fe10f353	Java template injection query: import pathgraph	2022-02-23 13:47:24 +00:00
Chris Smowton	50d9945625	Autoformat	2022-02-23 11:41:23 +00:00
Tony Torralba	f011bbc92c	Merge pull request #8055 from luchua-bc/java/unsafe-url-forward-with-shared-lib CWE-552: Switch to the shared PathSanitizer library	2022-02-23 11:00:23 +01:00
Porcupiney Hairs	c81d85f321	Include suggestions from review	2022-02-22 23:07:34 +05:30
Porcuiney Hairs	e536628a66	Java : Add SSTI query	2022-02-22 15:57:53 +05:30
Ian Lynagh	7ce9b160d0	Java: Performance tweaks	2022-02-21 17:05:00 +00:00
Asger Feldthaus	a121b73181	Java: update CSV rows to dot-separated syntax	2022-02-21 08:16:55 +01:00
Asger Feldthaus	7f808710ec	Java: update model generator	2022-02-21 08:16:54 +01:00
luchua-bc	f136ea0f6f	Switch to the shared PathSanitizer library	2022-02-16 16:06:28 +00:00
Tony Torralba	111aabb707	Merge pull request #7712 from luchua-bc/java/file-path-injection Java: CWE-073 File path injection with the JFinal framework	2022-02-16 12:01:34 +01:00
Arthur Baars	ebb87c4b36	Merge pull request #7975 from github/post-release-prep/codeql-cli-2.8.1 Post-release preparation for codeql-cli-2.8.1	2022-02-15 20:17:35 +01:00
luchua-bc	40bf093d34	Move shared code to the lib folder and update qldoc	2022-02-15 17:28:13 +00:00
luchua-bc	fd533f2ba8	Remove the same callable constraint	2022-02-15 12:44:23 +00:00
Tony Torralba	bfa14fa066	Merge pull request #7823 from JLLeitschuh/improve/JLL/combined_http_headers Java: Add HTTP Request Splitting to Netty Query	2022-02-15 10:24:36 +01:00
Chris Smowton	0bf6c83ef2	Merge pull request #4388 from JLLeitschuh/feat/JLL/java/CWE-200_temp_directory_local_information_disclosure Java: CWE-200: Temp directory local information disclosure vulnerability	2022-02-14 18:58:44 +00:00
Chris Smowton	fd4dc95d84	Merge pull request #6443 from artem-smotrakov/ignored-hostname-verifier Java: An experimental query for ignored hostname verification	2022-02-14 18:56:27 +00:00
Chris Smowton	f2bc5849ce	format	2022-02-14 17:00:14 +00:00
Jonathan Leitschuh	2048aed0a9	Review feedback and improve temp dir vulnerable/safe code sugestion	2022-02-14 11:29:16 -05:00
Chris Smowton	a62eae5a1e	Remove redundant conditions from HostnameVerificationCall.isIgnored	2022-02-14 16:26:41 +00:00
Jonathan Leitschuh	76964d58f2	Apply suggestions from code review Co-authored-by: Felicity Chapman <felicitymay@github.com>	2022-02-14 11:04:31 -05:00
Jonathan Leitschuh	bb580ddbab	Apply suggestions from code review Co-authored-by: Felicity Chapman <felicitymay@github.com>	2022-02-14 11:02:05 -05:00
Jonathan Leitschuh	7dee22a130	Fix implicit 'this' usage	2022-02-14 11:00:41 -05:00
luchua-bc	2b5982fd9d	Remove specified value step from additional taint step	2022-02-14 15:42:54 +00:00
luchua-bc	35a924292b	Model value passing between a setter and a getter call as a value step	2022-02-14 14:08:55 +00:00
Artem Smotrakov	48604cd7b3	Better HostnameVerificationCall.isIgnored()	2022-02-12 15:52:16 +00:00
Artem Smotrakov	36e565d673	Use classes from semmle.code.java.security.Encryption	2022-02-12 15:31:35 +00:00
Artem Smotrakov	651e43dee6	Clarify what verifier is	2022-02-12 12:24:48 +00:00
luchua-bc	78630f25dd	Match attribute name to reduce FP	2022-02-11 23:53:31 +00:00
luchua-bc	e3d0e9f083	Update normalized path node	2022-02-11 12:38:05 +00:00
github-actions[bot]	21bf29353f	Post-release preparation for codeql-cli-2.8.1	2022-02-11 11:07:31 +00:00
luchua-bc	12c53baba4	Simplify the query	2022-02-11 01:05:06 +00:00
github-actions[bot]	f25fc70b7c	Release preparation for version 2.8.1	2022-02-10 22:08:24 +00:00
Artem Smotrakov	0ba229a64b	Apply suggestions from code review (typos/formatting) Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com> Co-authored-by: Chris Smowton <smowton@github.com>	2022-02-10 18:37:12 +00:00
Jonathan Leitschuh	bafcce17d4	Apply suggestions from code review Co-authored-by: Chris Smowton <smowton@github.com>	2022-02-09 22:14:17 -05:00
luchua-bc	ce03aeb4d9	Fixed an issue related to normalized path	2022-02-09 23:19:40 +00:00
Jonathan Leitschuh	ded8d64301	Remove CAPC and add CWE-93	2022-02-09 12:31:53 -05:00
Jonathan Leitschuh	03fdee3767	Cleanup Netty Response Splitting Query	2022-02-09 12:28:11 -05:00
Jonathan Leitschuh	8ffe878722	Apply suggestions from code review Co-authored-by: Matt Pollard <mattpollard@users.noreply.github.com>	2022-02-09 12:28:11 -05:00
Jonathan Leitschuh	c732cb7759	Add HTTP Request Splitting to Netty Query	2022-02-09 12:28:10 -05:00
Jonathan Leitschuh	49a73673b6	Fix FP from mkdirs call on exact temp directory	2022-02-09 11:04:23 -05:00
Jonathan Leitschuh	787e3dac31	Update java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql Co-authored-by: Chris Smowton <smowton@github.com>	2022-02-09 10:07:56 -05:00
Tom Hvitved	9440a45015	Merge branch 'main' into post-release-prep/codeql-cli-2.8.0	2022-02-09 09:40:33 +01:00
luchua-bc	4609227e76	Use data model for request/session attribute operations	2022-02-09 03:24:46 +00:00
Jonathan Leitschuh	7f46640176	Consider calls to setReadable(false, false) then setReadable(true, true) to be safe	2022-02-08 17:57:10 -05:00
Chris Smowton	a6596ea7ce	Fix test requirements, formatting	2022-02-08 12:01:32 +00:00
Benjamin Muskalla	b62df5a9ad	Merge pull request #7872 from bmuskalla/fixCoverageCollection Collect framework coverage on demand	2022-02-08 11:27:48 +01:00
Henry Mercer	eff0ca01b1	Merge pull request #7417 from github/henrymercer/java/update-telemetry-query-metadata Java: Start running telemetry queries on Code Scanning	2022-02-08 10:26:30 +00:00
Chris Smowton	79654592d9	Apply suggestions from code review	2022-02-08 10:23:46 +00:00
Benjamin Muskalla	ff8a96b96d	Rename framework coverage query Move it to the other summary queries, update all references.	2022-02-08 11:14:03 +01:00
luchua-bc	ff4826d203	Correct the data model and update qldoc	2022-02-08 04:02:27 +00:00

... 50 51 52 53 54 ...

5817 Commits