Chris Smowton
|
81f3bcd802
|
Don't require a PathCreation for every tainted-path sink
|
2022-08-02 21:30:06 +01:00 |
|
Chris Smowton
|
c95f17fdf2
|
Make java/path-injection recognise create-file MaD sinks
|
2022-08-02 21:28:00 +01:00 |
|
Anders Schack-Mulligen
|
aabdf84300
|
Java: Improve join-order for not haveIntersection.
|
2022-08-02 14:29:03 +02:00 |
|
Anders Schack-Mulligen
|
80bba605e3
|
Java: Fix join-order in SameNameAsSuper.
|
2022-08-02 12:49:21 +02:00 |
|
luchua-bc
|
b69eba9238
|
Add check for Spring redirect
|
2022-07-29 01:59:47 +00:00 |
|
github-actions[bot]
|
e8747d3176
|
Post-release preparation for codeql-cli-2.10.2
|
2022-07-28 20:00:09 +00:00 |
|
github-actions[bot]
|
212786ed91
|
Release preparation for version 2.10.2
|
2022-07-28 13:38:35 +00:00 |
|
luchua-bc
|
1ce31ec32c
|
Add sinks of servlet dispatcher and filter
|
2022-07-26 23:05:25 +00:00 |
|
luchua-bc
|
962069ccff
|
Add path check in a security context (redirect)
|
2022-07-22 23:10:52 +00:00 |
|
luchua-bc
|
48f143e7d4
|
Query to detect regex dot bypass
|
2022-07-20 22:39:24 +00:00 |
|
Shyam Mehta
|
09ec37943c
|
Partial Path Traversal split into 2 queries
|
2022-07-20 17:53:26 -04:00 |
|
smehta23
|
b7e522749f
|
Apply suggestions from code review
Co-authored-by: Chris Smowton <smowton@github.com>
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
|
2022-07-20 15:32:59 -04:00 |
|
Asger F
|
b9bdee6651
|
Merge branch 'main' into post-release-prep/codeql-cli-2.10.1
|
2022-07-19 16:24:35 +02:00 |
|
Raul Garcia
|
eefa659503
|
Update java/ql/src/experimental/Security/CWE/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql
Co-authored-by: yo-h <55373593+yo-h@users.noreply.github.com>
|
2022-07-16 08:23:59 -07:00 |
|
Raul Garcia
|
fe789c8aa9
|
Update java/ql/src/experimental/Security/CWE/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql
Co-authored-by: yo-h <55373593+yo-h@users.noreply.github.com>
|
2022-07-16 08:22:18 -07:00 |
|
github-actions[bot]
|
0ee476129a
|
Post-release preparation for codeql-cli-2.10.1
|
2022-07-14 14:38:49 +00:00 |
|
Erik Krogh Kristensen
|
85a652f3d1
|
remove a bunch of repeated words
|
2022-07-14 12:42:48 +02:00 |
|
Jeroen Ketema
|
fe1f1bb79d
|
Fix issues with change notes
|
2022-07-14 11:06:14 +02:00 |
|
github-actions[bot]
|
d1aa0d7dd3
|
Release preparation for version 2.10.1
|
2022-07-14 08:56:03 +00:00 |
|
Chris Smowton
|
a6970638cb
|
Improve description
|
2022-07-13 20:27:10 +01:00 |
|
Chris Smowton
|
01cec0490b
|
Abbreviate qhelp
|
2022-07-13 20:24:44 +01:00 |
|
Erik Krogh Kristensen
|
a4262f8d91
|
add some more references to the overly-large-range qhelp
|
2022-07-13 11:20:24 +02:00 |
|
Raul Garcia
|
0dbb03f732
|
Adding CVE information.
|
2022-07-12 21:49:19 -07:00 |
|
Raul Garcia
|
a4adf06713
|
Addressing feedback for the qhelp file.
|
2022-07-12 13:51:12 -07:00 |
|
Raul Garcia
|
64343e00f4
|
Update java/ql/src/experimental/Security/CWE/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql
Co-authored-by: Chris Smowton <smowton@github.com>
|
2022-07-12 08:14:25 -07:00 |
|
Raul Garcia
|
8a48708014
|
Update java/ql/src/experimental/Security/CWE/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql
Co-authored-by: Chris Smowton <smowton@github.com>
|
2022-07-12 08:14:13 -07:00 |
|
Raul Garcia
|
2bac181094
|
Update java/ql/src/experimental/Security/CWE/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql
Co-authored-by: Chris Smowton <smowton@github.com>
|
2022-07-12 08:13:53 -07:00 |
|
Raul Garcia
|
a4e35a97ea
|
Update java/ql/src/experimental/Security/CWE/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql
Co-authored-by: Chris Smowton <smowton@github.com>
|
2022-07-12 08:13:38 -07:00 |
|
Raul Garcia
|
a51d713925
|
Update java/ql/src/experimental/Security/CWE/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql
Co-authored-by: Chris Smowton <smowton@github.com>
|
2022-07-12 08:13:12 -07:00 |
|
Erik Krogh Kristensen
|
220ff3cb2e
|
convert tabs to spaces in qhelp
|
2022-07-12 16:02:50 +02:00 |
|
Erik Krogh Kristensen
|
ff25451699
|
rename query to overly-large-range, and rewrite the @description
|
2022-07-12 16:02:46 +02:00 |
|
Shyam Mehta
|
65b9947428
|
Incorporate jksco's feedback
|
2022-07-12 02:02:31 -04:00 |
|
smehta23
|
781a2a73d3
|
Merge branch 'main' into feat/SM/java_partial_path_traversal_vulnerability
|
2022-07-12 01:48:12 -04:00 |
|
Raul Garcia
|
d5791e2d56
|
Addressing feedback from the PR
|
2022-07-11 15:45:15 -07:00 |
|
Raul Garcia
|
ac05577966
|
Making various changes based on the feedback. Pending: 2 non-trivial fixes for Java & Python.
|
2022-07-11 13:25:35 -07:00 |
|
Chris Smowton
|
74641ccfee
|
Simplify test for no-arg constructor
|
2022-07-11 11:01:19 +01:00 |
|
Raul Garcia
|
01da877d0e
|
Moving the new query to experimental. It was added to the wrong folder initially.
|
2022-07-06 14:07:14 -07:00 |
|
Raul Garcia
|
f5c6b45014
|
Update UnsafeUsageOfClientSideEncryptionVersion.qhelp
|
2022-07-05 13:58:11 -07:00 |
|
Raul Garcia
|
e43e5810cf
|
New queries to detect unsafe client side encryption in Azure Storage
|
2022-07-01 17:08:35 -07:00 |
|
Shyam Mehta
|
39f885413f
|
Change log
|
2022-07-01 11:34:56 -04:00 |
|
smehta23
|
391dd5b38d
|
Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversalGood.java
Co-authored-by: Jonathan Leitschuh <jonathan.leitschuh@gmail.com>
|
2022-07-01 10:55:58 -04:00 |
|
smehta23
|
ebe48ec30a
|
Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.qhelp
Co-authored-by: Jonathan Leitschuh <jonathan.leitschuh@gmail.com>
|
2022-07-01 10:53:43 -04:00 |
|
smehta23
|
48e16e52b5
|
Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.qhelp
Co-authored-by: Jonathan Leitschuh <jonathan.leitschuh@gmail.com>
|
2022-07-01 10:52:41 -04:00 |
|
Shyam Mehta
|
1a41d4c379
|
Add CVE number
|
2022-07-01 10:51:33 -04:00 |
|
Shyam Mehta
|
300a14c35c
|
Add ESAPI reference
|
2022-07-01 10:43:59 -04:00 |
|
smehta23
|
209a21655a
|
Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversalGood.java
Co-authored-by: Jonathan Leitschuh <jonathan.leitschuh@gmail.com>
|
2022-07-01 10:40:38 -04:00 |
|
smehta23
|
c6f2f61bfb
|
Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversalBad.java
Co-authored-by: Jonathan Leitschuh <jonathan.leitschuh@gmail.com>
|
2022-07-01 10:39:46 -04:00 |
|
Shyam Mehta
|
16814071df
|
Fix typo in .qhelp
|
2022-06-29 18:03:57 -04:00 |
|
Shyam Mehta
|
7ab8f0262c
|
Fix duplicate class header and better fix using toPath()
|
2022-06-29 18:01:12 -04:00 |
|
Shyam Mehta
|
955e614563
|
Add documentation of the Partial Path Traversal vuln
|
2022-06-29 17:31:04 -04:00 |
|