hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,246 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.0
Commit Graph

13650 Commits

Author SHA1 Message Date
Tom Hvitved
431403f5db Data flow: Remove deprecated predicates 2020-05-19 15:42:59 +02:00
Bt2018
19d2a404c9 Add AndroidRString RefType to clarify the Android query 2020-05-19 08:44:26 -04:00
Anders Schack-Mulligen
6f03a0bc39 Merge pull request #3487 from luchua-bc/java-sensitive-jboss-logging 
Add JBoss logging
 2020-05-19 11:04:18 +02:00
Anders Schack-Mulligen
c36e6213f1 Merge pull request #3288 from ggolawski/jndi-injection 
CodeQL query to detect JNDI injections
 2020-05-19 11:03:29 +02:00
Anders Schack-Mulligen
9d7329de30 Java: Clean up deprecated overrides. 2020-05-19 10:41:41 +02:00
Grzegorz Golawski
73e736b47a Enhanced comments according to the review comment 2020-05-18 23:37:48 +02:00
Grzegorz Goławski
0075d35346 Update java/ql/src/experimental/Security/CWE/CWE-074/JndiInjectionLib.qll 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2020-05-18 23:18:16 +02:00
Grzegorz Golawski
ac329e81f8 Fixes FPs in SpringBootActuators query 
No evidence that Spring Actuators are being used, e.g. `http.authorizeRequests().anyRequest().permitAll()`
Only safe Actuators are enabled, e.g. `EndpointRequest.to("health", "info")`
 2020-05-18 22:55:33 +02:00
Bt2018
69f2525e62 Remove the ending blank lines for auto-format check 2020-05-18 10:02:37 -04:00
Bt2018
7a9381f1fb Add declaring type to the res.getString(R.string.key) call 2020-05-18 07:59:38 -04:00
Anders Schack-Mulligen
37c8917813 Java: Add test. 2020-05-18 13:19:19 +02:00
Anders Schack-Mulligen
bd114db862 Java: Add cfg edges for instanceof-pattern. 2020-05-18 09:49:32 +02:00
luchua-bc
6c24f36068 Java: CWE-297 insecure JavaMail SSL configuration 2020-05-17 02:43:26 +00:00
yo-h
4f00e40257 Merge pull request #3474 from aschackmull/java/string-formatted 
Java: Add taint steps for String.formatted.
 2020-05-15 22:04:36 -04:00
yo-h
69ab158910 Merge pull request #3473 from aschackmull/java/switchexpr 
Java: Extend library support for switch expressions.
 2020-05-15 20:46:37 -04:00
luchua-bc
4117cd73a7 Add JBoss logging 2020-05-15 16:14:41 +00:00
Tom Hvitved
cd9538d0d9 Merge remote-tracking branch 'upstream/master' into dataflow/precise-field-types 2020-05-15 15:24:05 +02:00
Grzegorz Golawski
14ce049fc6 Add support for Saxon 2020-05-15 00:12:08 +02:00
Anders Schack-Mulligen
1838a7455a Java: Add taint steps for String.formatted. 2020-05-14 16:17:03 +02:00
Tom Hvitved
e608c53c3f Java: Follow-up changes 2020-05-14 15:58:50 +02:00
Tom Hvitved
aa83cc1472 Data flow: Sync files 2020-05-14 15:58:50 +02:00
Anders Schack-Mulligen
0aad24e6db Java: Extend library support for switch expressions. 2020-05-14 15:40:26 +02:00
Bt2018
819a599e2c Correct the name tag and change the placeholders in the query 2020-05-14 08:13:21 -04:00
Bt2018
9a7ab4ee32 Correct comment of the HostVerificationMethodAccess method access 2020-05-14 07:43:17 -04:00
Anders Schack-Mulligen
5c9fb2312e Merge pull request #3090 from luchua-bc/java-insert-sensitive-info-into-log 
Java: CWE-532 sensitive info logging
 2020-05-14 11:43:47 +02:00
Bt2018
7b88988981 Convert to path-problem query 2020-05-13 08:09:22 -04:00
Bt2018
632cb8b666 Simplify CredentialExpr as the AddExpr step is included by TaintTracking::localTaintStep(node1, node2) 2020-05-13 07:55:32 -04:00
Bt2018
d9cc3c6f8d Add a comment for reasoning in why debug and trace are included and other variations are excluded 2020-05-13 07:46:44 -04:00
Anders Schack-Mulligen
f5e491caf0 Merge pull request #3448 from yo-h/java-qldoc-add 
Java: improve QLDoc completeness
 2020-05-13 08:26:02 +02:00
Bt2018
ffd442a17a Fine tuning criteria 
1. Change the regex pattern from variable contains "url" to variable starts with "url"
2. Add the logging trace method to sink
 2020-05-12 23:24:55 -04:00
Bt2018
491b67e658 Change string concatenation in the source to TaintTracking::Configuration 2020-05-12 22:57:07 -04:00
Bt2018
106c181ab1 Formatting with auto-format 2020-05-12 15:53:29 -04:00
yo-h
a884538238 Update java/ql/src/semmle/code/java/frameworks/javaee/ejb/EJBRestrictions.qll 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2020-05-12 14:14:26 -04:00
yo-h
facd429d0a Update java/ql/src/semmle/code/java/frameworks/javaee/ejb/EJBJarXML.qll 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2020-05-12 14:14:14 -04:00
Bt2018
d75841d6a7 Add sample usage and remove unused imports 2020-05-12 13:42:17 -04:00
jcreedcmu
3c233c762c Merge pull request #3431 from jcreedcmu/jcreed/jump-to-def-langs 
Java, Javascript, Csharp: Add jump-to-definition queries
 2020-05-12 10:54:11 -04:00
yo-h
1d55dffb98 Java: add missing QLDoc for J2ObjC.qll 2020-05-11 20:01:48 -04:00
yo-h
c55d01318c Java: add missing QLDoc for JavaServerFaces.qll and JSFAnnotations.qll 2020-05-11 20:01:48 -04:00
yo-h
53ccbeed6d Java: add missing QLDoc for JavadocCommon.qll 2020-05-11 20:01:47 -04:00
yo-h
e33ebdc803 Java: add missing QLDoc for NamingConventionsCommon.qll 2020-05-11 20:01:47 -04:00
yo-h
0e1ca44dfd Java: add missing QLDoc for UnusedMavenDependencies.qll 2020-05-11 20:01:46 -04:00
yo-h
1c9c87241f Java: add missing QLDoc for JdkInternals*.qll 2020-05-11 20:01:46 -04:00
yo-h
20a8438109 Java: add missing QLDoc for default.qll 2020-05-11 20:01:46 -04:00
yo-h
6c8a016ca6 Java: add missing QLDoc for JacksonSerializability.qll 2020-05-11 20:01:45 -04:00
yo-h
45b502a82f Java: add missing QLDoc for GWT.qll, GwtUiBinder.qll, GwtXml.qll 2020-05-11 20:01:45 -04:00
yo-h
0d8d5773b7 Java: add missing QLDoc for Clover.qll 2020-05-11 20:01:44 -04:00
yo-h
6e64f3dd05 Java: add missing QLDoc for JavaxAnnotations.qll 2020-05-11 20:01:44 -04:00
yo-h
537c657b19 Java: add missing QLDoc for EJBRestrictions.qll 2020-05-11 20:01:44 -04:00
yo-h
4594b51dfc Java: add missing QLDoc for EJB.qll 2020-05-11 20:01:43 -04:00
yo-h
3a82090087 Java: add missing QLDoc for EJBJarXML.qll 2020-05-11 20:01:42 -04:00