hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,294 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.3
Commit Graph

567 Commits

Author SHA1 Message Date
luchua-bc
2ace10fcdf Use PostUpdateNode for wrapper method calls 2021-02-03 12:21:31 +00:00
luchua-bc
ab7d257569 Add more cases and change EC to 256 bits 2021-01-28 04:06:27 +00:00
luchua-bc
058f3af4b2 Refactor the hasShortSymmetricKey method 2021-01-28 04:06:27 +00:00
luchua-bc
cbaee937d0 Optimize the query 2021-01-28 04:06:27 +00:00
luchua-bc
cfc950f803 Query for weak encryption: Insufficient key size 2021-01-28 03:25:15 +00:00
haby0
b76854a384 *)add CWE-652 test case 2021-01-27 10:14:33 +08:00
luchua-bc
fee0b94cd4 Use isRequestGetParamMethod as the source 2021-01-26 04:41:44 +00:00
luchua-bc
b9809b071e Update the query to work with wrapper classes 2021-01-18 19:22:34 +00:00
luchua-bc
048167d39a Revamp the query to reduce FPs introduced by wrapper calls 2021-01-18 04:23:30 +00:00
Artem Smotrakov
7d2d27394b Java: Added a source and a taint step for JexlInjectionConfig 
- Added TaintedSpringRequestBody source
- Added returningTaintedDataFromBean() taint step
- Added tests
 2021-01-17 22:28:42 +01:00
Artem Smotrakov
99401f6e84 Java: Query for detecting JEXL injections 2021-01-17 14:19:26 +01:00
intrigus
a4cbd7037b Java: Add tests for different versions. 
Adds a test for version 6.24, because that version is not vulnerable.
The other test is for versions < 6.24, because these versions are
vulnerable.
 2021-01-15 17:20:57 +01:00
luchua-bc
3af8773dd6 Add more cases 2021-01-15 16:20:31 +00:00
luchua-bc
e5a703e49c Revamp the query 2021-01-15 04:05:11 +00:00
Anders Schack-Mulligen
29935e1388 Merge pull request #4771 from intrigus-lgtm/split-cwe-295 
Java: Add unsafe hostname verification query and remove existing overlapping query
 2021-01-13 11:31:38 +01:00
luchua-bc
babe744a30 Add SECURITY_PROTOCOL check 2021-01-13 03:49:08 +00:00
intrigus
5b3086a93a Java: Fix capitalization of JxBrowser 2021-01-12 22:43:41 +01:00
intrigus
4fa8f5eab2 Java: Accept test changes 2021-01-12 15:29:03 +01:00
intrigus
b30872806d Java: Add tests and test stubs. 2021-01-12 14:49:12 +01:00
luchua-bc
86c04e6971 Detect the scenario of passwords concatenated with a salt to reduce FPs 2021-01-11 16:59:57 +00:00
intrigus
70b0703952 Java: Remove overlapping code 2021-01-11 13:42:07 +01:00
luchua-bc
39103af718 Remove additional taint step 2021-01-08 13:02:57 +00:00
Anders Schack-Mulligen
e5b4975450 Merge pull request #4675 from luchua-bc/cleartext-storage-shared-prefs 
Java: Query to detect cleartext storage of sensitive information using Android SharedPreferences
 2021-01-08 12:41:34 +01:00
luchua-bc
ce2db21f15 Query to detect hash without salt 2021-01-06 17:30:04 +00:00
luchua-bc
3d26e5b8a4 Update qldoc 2021-01-06 12:41:00 +00:00
luchua-bc
f1763ae354 Use the sensitive info sink 2021-01-06 01:48:19 +00:00
luchua-bc
367ff99909 Change the source to be the request variable 2021-01-05 17:30:19 +00:00
Chris Smowton
e87fd86e63 Merge pull request #4814 from luchua-bc/java/password-in-configuration 
Java: Password in Java EE configuration files
 2021-01-05 11:42:27 +00:00
luchua-bc
195755d687 Revamp the query to be more selective 2021-01-05 00:04:08 +00:00
luchua-bc
c069a5b4c6 Factor private host regex into the networking library and enhance the query 2021-01-04 14:51:32 +00:00
luchua-bc
ffe9d4a310 Sensitive GET Query 2020-12-26 16:51:30 +00:00
luchua-bc
4ec78d04f8 Insecure LDAP authentication 2020-12-21 00:15:15 +00:00
luchua-bc
b44f01a87b Enhance the check for embedded passwords 2020-12-17 03:47:38 +00:00
luchua-bc
d469e9b24e Format the code and minor text change 2020-12-13 21:15:18 +00:00
luchua-bc
e27ccd0a81 Format the code and update qldoc 2020-12-13 02:33:03 +00:00
luchua-bc
7ba237120b Password in Java EE configuration files 2020-12-12 05:15:04 +00:00
Anders Schack-Mulligen
0cc324b715 Merge pull request #3839 from luchua-bc/uncaught-servlet-exception 
Java: Uncaught servlet exception
 2020-12-02 15:12:59 +01:00
luchua-bc
ad0ac5b874 Change kind to problem 2020-11-27 16:43:57 +00:00
Anders Schack-Mulligen
028a72bcdd Merge pull request #4610 from luchua-bc/java-nfe-local-android-dos 
Java: Query to detect Local Android DoS caused by NFE
 2020-11-27 14:20:23 +01:00
luchua-bc
7ad031ca70 Move to experimental and update qldoc 2020-11-26 17:09:53 +00:00
Anders Schack-Mulligen
0450489022 Java: Review fixes. 2020-11-24 11:31:44 +01:00
luchua-bc
a311462791 Move to query-test folder and update qldoc 2020-11-19 13:12:42 +00:00
luchua-bc
85434ca410 Format the source code and update qldoc 2020-11-17 21:20:53 +00:00
luchua-bc
0bd6255c41 Query for cleartext storage using Android SharedPreferences 2020-11-16 17:23:01 +00:00
Porcupiney Hairs
2525cfd786 include suggestions from review. 2020-11-13 00:28:06 +05:30
Porcupiney Hairs
38de9b6433 add request forgery query 2020-11-10 01:19:35 +05:30
luchua-bc
bc899b6337 Move common code to a library and add more test cases 2020-11-09 14:14:54 +00:00
luchua-bc
76a0db84ee Query for detecting Local Android DoS caused by NFE 2020-11-09 14:10:00 +00:00
luchua-bc
a83f9ced96 Change the query to only catch the common exception rethrown case 2020-11-09 12:07:43 +00:00
Anders Schack-Mulligen
22b4df0f3c Merge pull request #4512 from luchua-bc/sensitive-broadcast 
Java: Sensitive broadcast
 2020-11-04 10:47:48 +01:00