hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,294 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.3
Commit Graph

5839 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
a167577551 Java: Add java.lang.Number as a sanitizer for SQL injection. 2020-01-30 12:01:36 +01:00
Anders Schack-Mulligen
d8b842298c Java: Autoformat. 2020-01-30 10:54:54 +01:00
Anders Schack-Mulligen
75c549baa1 Java: Deprecate ParExpr. 2020-01-30 10:52:16 +01:00
ggolawski
ebd2b932e8 Update java/ql/src/Security/CWE/CWE-90/LdapInjection.qhelp 
Co-Authored-By: Felicity Chapman <felicitymay@github.com>
 2020-01-29 20:05:20 +01:00
Anders Schack-Mulligen
9b7a728609 Java: Autoformat. 2020-01-29 12:16:25 +01:00
Grzegorz Golawski
bbcfbd7a28 Apply suggestion from code review 2020-01-28 22:34:01 +01:00
yo-h
97069a7988 Merge pull request #2683 from aschackmull/java/lshift32 
Java: Add new query for large left shifts and bugfix ConstantExpAppearsNonConstant.
 2020-01-28 13:30:26 -05:00
Anders Schack-Mulligen
0b3c90b526 Java: Fix whitespace query. 2020-01-28 10:15:48 +01:00
Anders Schack-Mulligen
f8805ebb24 Java: Update 2 queries. 2020-01-28 10:15:48 +01:00
Anders Schack-Mulligen
4bd332ddca Java: Add Expr.isParenthesized, adjust VarAccess.toString, and fix tests. 2020-01-28 10:15:48 +01:00
Anders Schack-Mulligen
597d8e7d94 Java: Update dbscheme for ParExpr removal. 2020-01-28 10:15:48 +01:00
Anders Schack-Mulligen
dc7e8ad2ff Java: Reword help according to review comment. 2020-01-28 10:13:35 +01:00
Anders Schack-Mulligen
a99a6f79cd Apply suggestions from code review 
Co-Authored-By: Felicity Chapman <felicitymay@github.com>
 2020-01-28 10:13:35 +01:00
Anders Schack-Mulligen
4cb28d9b1d Java: Add new query for large left shifts and bugfix ConstantExpAppearsNonConstant. 2020-01-28 10:13:34 +01:00
Grzegorz Golawski
7b2192d2e3 Apply suggestion from code review 2020-01-27 22:34:15 +01:00
ggolawski
408c49a61c Apply suggestions from code review 
Co-Authored-By: Felicity Chapman <felicitymay@github.com>
 2020-01-27 22:31:51 +01:00
Chris Gavin
484333b192 Java: Update help and description of java/suspicious-date-format. 2020-01-27 11:57:59 +00:00
Chris Gavin
88146295f9 Java: Add a query for suspicious date format patterns. 2020-01-27 11:57:18 +00:00
Anders Schack-Mulligen
816a8d1f9e Merge pull request #2586 from ggolawski/spring_disable_csrf 
Add check for disabled CSRF protection in Spring
 2020-01-27 11:32:39 +01:00
Esben Sparre Andreasen
57b3a55b48 java: sharpen java/maven/non-https-url to allow localhost URLs 2020-01-24 08:51:54 +01:00
Grzegorz Golawski
968c18d208 Query to detect LDAP injections in Java 
Refactoring according to review comments.
 2020-01-23 22:51:10 +01:00
yo-h
eb6f8da080 Merge pull request #2679 from aschackmull/java/remove-depr-flow-fwd-back 
Java/C++/C#: Remove the deprecated hasFlowForward/hasFlowBackward.
 2020-01-23 14:10:28 -05:00
yo-h
50320c7828 Merge pull request #2628 from aschackmull/java/no-adhoc-testclass 
Java: Replace ad-hoc TestClass detection.
 2020-01-23 14:09:11 -05:00
Anders Schack-Mulligen
e7f7c7370a Java/C++/C#: Remove the deprecated hasFlowForward/hasFlowBackward. 2020-01-23 14:05:18 +01:00
yo-h
9a939534c7 Merge pull request #2670 from aschackmull/java/remove-parityanalysis 
Java: Remove the deprecated ParityAnalysis.
 2020-01-22 16:22:34 -05:00
Grzegorz Golawski
bed6a9886f Query to detect LDAP injections in Java 
Autoformat
 2020-01-22 21:42:47 +01:00
Grzegorz Golawski
5596944926 Add check for disabled CSRF protection in Spring 
Fix help and correct formatting.
 2020-01-22 21:27:34 +01:00
Anders Schack-Mulligen
b92203a87f Java: Allow null literals as sources in data flow. 2020-01-22 12:04:42 +01:00
Anders Schack-Mulligen
cf004ac9d8 Java: Remove the deprecated ParityAnalysis. 2020-01-22 11:45:18 +01:00
Grzegorz Golawski
c5a974788b Add check for disabled CSRF protection in Spring 
Fix the help according to review comments.
 2020-01-21 21:54:36 +01:00
Anders Schack-Mulligen
9cc0d3d1f4 Java/C++/C#: Remove DataFlowLocation as it's no longer needed. 2020-01-21 15:08:39 +01:00
Grzegorz Golawski
00ee3d2549 Query to detect LDAP injections in Java 
Cleanup
 2020-01-18 20:21:38 +01:00
Grzegorz Golawski
95723b08e1 Query to detect LDAP injections in Java 
Add help
 2020-01-18 19:01:35 +01:00
Grzegorz Golawski
8cec46342f Query to detect LDAP injections in Java 
Refactoring
 2020-01-18 17:14:22 +01:00
Tom Hvitved
f7278d36e1 Merge pull request #2498 from aschackmull/java/taint-getter 
Java/C++/C#: Add support for taint-getter/setter summaries in data flow.
 2020-01-15 09:55:19 +01:00
Grzegorz Golawski
b7325232d7 Query to detect LDAP injections in Java 
Consider DNs as injection points as well
Add more taint steps
 2020-01-14 23:07:21 +01:00
Anders Schack-Mulligen
a6526c60cb Java: Replace ad-hoc TestClass detection. 2020-01-14 14:26:22 +01:00
Anders Schack-Mulligen
241b8a05e4 Java/C++/C#: Address review comment. 2020-01-14 11:59:55 +01:00
Anders Schack-Mulligen
041bcc5812 Java/C++/C#: Small perf improvement and simplification. 2020-01-13 17:00:56 +01:00
Grzegorz Golawski
3e86dd1182 Query to detect LDAP injections in Java 
Apache LDAP API sink
 2020-01-12 20:19:25 +01:00
Grzegorz Golawski
c01aa3d2ee Query to detect LDAP injections in Java 
Spring LDAP sink
 2020-01-12 13:28:29 +01:00
Grzegorz Golawski
7570fa9137 Query to detect LDAP injections in Java 
JNDI and UnboundID sinks
JNDI, UnboundID and Spring LDAP sanitizers
 2020-01-11 21:55:54 +01:00
Anders Schack-Mulligen
ad92d6fe0f Merge pull request #2607 from yo-h/java-alert-suppression-block-comment 
Java: allow single-line `/* ... */` comments for alert suppression
 2020-01-10 11:05:23 +01:00
yo-h
7ffa517803 Merge pull request #2584 from aschackmull/java/nonnull-final-field 
Java: Include non-null final fields in clearlyNotNull.
 2020-01-09 18:48:45 -05:00
yo-h
1078424f79 Java: allow single-line /* ... */ comments for alert suppression 2020-01-08 09:19:25 -05:00
Anders Schack-Mulligen
d918cb1f6f Merge pull request #2550 from JLLeitschuh/task/JLL/improve_netty_response_splitting_detection 
Add io.netty.handler.codec.http.DefaultHttpResponse to Netty Response Splitting Detection
 2020-01-07 14:28:01 +01:00
Anders Schack-Mulligen
9ba169b346 Java: Fix bad join-order. 2020-01-06 16:52:06 +01:00
Grzegorz Golawski
4ce25c045d Simplify the query 2020-01-05 22:05:00 +01:00
Grzegorz Golawski
ab49397bb8 Add check for disabled CSRF protection in Spring 2020-01-03 21:52:50 +01:00
Anders Schack-Mulligen
e74aa33f9d Java: Include non-null final fields in clearlyNotNull. 2020-01-03 16:24:54 +01:00