hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,868 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.4
Commit Graph

13956 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
68441bdf99 Merge pull request #3987 from Marcono1234/patch-1 
[Java] Improve InsecureJavaMail.qhelp references
 2020-08-04 12:12:38 +02:00
Luke Cartey
5a96ee1a7b Remove parameter names from signatures 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2020-08-04 09:41:40 +01:00
Luke Cartey
368572f1f0 Update java/ql/src/Security/CWE/CWE-020/UntrustedDataToExternalAPI.qhelp 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2020-08-04 09:40:59 +01:00
Luke Cartey
7928a02424 Add missing full stop. 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2020-08-04 09:40:51 +01:00
Luke Cartey
e0c081a2af Add missing </p> tag 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2020-08-04 09:40:28 +01:00
Anders Schack-Mulligen
cdea0f05b0 Merge pull request #3946 from aibaars/util-collections-2 
Java: Clean up ContainerFlow: address outstanding comments
 2020-08-04 10:27:22 +02:00
luchua-bc
ff0dacf1d7 Optimize the TaintTracking 2020-08-03 00:52:47 +00:00
luchua-bc
b65a033302 Shorten the regex private domain match 2020-08-01 03:42:13 +00:00
luchua-bc
ff58abb7d3 Revamp the sink code 2020-08-01 03:25:02 +00:00
luchua-bc
81de1b14d9 Revamp the source of path query 2020-07-30 19:16:48 +00:00
Arthur Baars
7e72ef350e Merge pull request #3975 from aibaars/lgtm-suites 
CodeQL: complete LGTM suites
 2020-07-30 18:39:01 +02:00
Arthur Baars
5bad003c0c Add qlpack.yml files for example queries 2020-07-29 16:57:04 +02:00
Marcono1234
5942bc6a43 Improve InsecureJavaMail.qhelp references 2020-07-29 01:45:27 +02:00
Arthur Baars
c4041e55ba CodeQL: complete LGTM suites 2020-07-28 20:40:44 +02:00
luchua-bc
5520504658 Update expected results 2020-07-28 15:41:23 +00:00
luchua-bc
a91cc9b7ec Convert the query to path-problem 2020-07-28 15:36:12 +00:00
luchua-bc
7f911f00ee Rename to insecure basic auth 2020-07-28 11:40:21 +00:00
luchua-bc
248628b11e Enhance basic auth string search with a recursive method 2020-07-27 20:31:07 +00:00
luchua-bc
3a23451395 Enhance the query 2020-07-27 18:50:47 +00:00
luchua-bc
01fb51829c Unsecure basic authentication 2020-07-24 20:35:09 +00:00
Remco Vermeulen
3320061178 Add and adjust QL docs for classes and predicates 2020-07-22 16:04:55 +02:00
Remco Vermeulen
2c42d3cca5 Extract additional taint steps 
This is done for logical cohesion. We already have the capability of
extending additional taint steps by extending
`TaintTracking::AdditionalTaintStep`.
 2020-07-22 16:04:55 +02:00
Remco Vermeulen
57e7411c0a Extract Ldap injection sanitizers to importable lib 
This includes a new abstract class that represents all the Ldap injection
santizers and can be used to add additional santizers through
extension.
 2020-07-22 16:04:55 +02:00
Remco Vermeulen
0d5f9113a3 Extract ldap injection sink into importable library 2020-07-22 16:04:55 +02:00
Remco Vermeulen
c2733ad22e Apply grammar suggestions 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2020-07-20 14:55:00 +02:00
intrigus
f94055fa2c Move tainted path ad-hoc guard back. 2020-07-19 00:19:29 +02:00
intrigus
33526f61a8 Make path creation subclasses private. 2020-07-19 00:11:04 +02:00
intrigus
b705f7f3e9 Improve "PathCreation" Test. 2020-07-19 00:10:39 +02:00
intrigus
4570444c7e Rename to getAnInput and clarify doc. 2020-07-19 00:10:13 +02:00
Arthur Baars
67b6018079 Merge pull request #3729 from luchua-bc/java-hardcoded-aws-credentials 
Java: Hardcoded AWS credentials
 2020-07-13 18:04:42 +02:00
Arthur Baars
c585b2e483 Java: stack trace exposure: address false positives 2020-07-13 15:26:55 +02:00
luchua-bc
12803f1f53 Merge Hardcoded AWS Credentials check into the mail source folder 2020-07-13 12:22:34 +00:00
Arthur Baars
b1e604b490 Java: treat Stack.push as data flow instead of taint flow 2020-07-13 11:36:34 +02:00
Arthur Baars
a484aff76d Java: improve comments 2020-07-13 11:09:05 +02:00
Jonathan Leitschuh
1f6615b3b8 Merge branch 'master' into feat/JLL/jOOQ_SQL_injection 
* master: (485 commits)
  C++: Remove @stmt_while from the TConditionalStmt union type.
  C++: Remove abstract classes from Stmt.qll
  Drop Map.merge as taint step
  Add the printAst.ql contextual query for C++
  Fix modelling of Stack.push
  C#: Sync identical files
  C++: Replace getResultType() with getResultIRType() in IR dataflow
  C++: Replace getResultType() with getResultIRType() in IR range analysis
  C++: Introduce isSigned() and isUnsigned() predicates on IRIntegerType to mirror IntegralType
  Add missing java import
  Add missing java import
  Mark ServletUrlRedirectSink private
  Java: model Object.clone
  Add file-level qldoc
  Optimize imports
  Join ServletUrlRedirectSink with UrlRedirectSink
  Extend UrlRedirectSink from DataFlow::Node
  Remove superfluous imports
  Java: ContainerFlow add comments
  Generalize QueryInjectionSink
  ...
 2020-07-10 14:37:41 -04:00
Anders Schack-Mulligen
a1d272e870 Merge pull request #3918 from aibaars/organise-container-flow 
Java: Clean up ContainerFlow, consider more methods
 2020-07-10 14:19:44 +02:00
Arthur Baars
43b61038e9 Drop Map.merge as taint step 2020-07-10 13:00:14 +02:00
Remco Vermeulen
c739c733fe Update class qldocs 
Change the ql docs to meet the style-guide points 1 and 3 for
classes.
 2020-07-09 17:31:37 +02:00
Arthur Baars
0d33a77ee3 Fix modelling of Stack.push 
Stack.push(E) returns its argument, it does not propagate taint from
the stack to the return value.
 2020-07-09 16:16:29 +02:00
Remco Vermeulen
b3bb4cbf54 Rename and update qldoc of default safe header splitting source 2020-07-09 16:14:21 +02:00
Anders Schack-Mulligen
879551fc6a Merge pull request #3936 from aibaars/object-clone 
Java: model Object.clone
 2020-07-09 16:09:01 +02:00
Anders Schack-Mulligen
c8b9b779ae Merge pull request #3927 from rvermeulen/java-importable-cwe-601 
Java: Move `UrlRedirectSink` into importable library
 2020-07-09 16:03:29 +02:00
Anders Schack-Mulligen
99a4f8fd0b Merge pull request #3926 from rvermeulen/java-importable-cwe-089 
Java: Move `QueryInjectionSink` into importable library
 2020-07-09 16:00:56 +02:00
Remco Vermeulen
b147be6fea Restrict SafeHeaderSplittingSource to RemoteFlowSource 2020-07-09 15:13:18 +02:00
Remco Vermeulen
7428a8cd95 Add missing java import 2020-07-09 15:06:26 +02:00
Remco Vermeulen
d3db4fa5b2 Add missing java import 2020-07-09 15:04:16 +02:00
Remco Vermeulen
54d6c8b5f4 Mark ServletUrlRedirectSink private 2020-07-09 15:03:51 +02:00
Remco Vermeulen
782573ed43 Add and format qldocs according to the style guide. 2020-07-09 14:58:53 +02:00
Remco Vermeulen
4ad6357cd7 Add missing Java import 2020-07-09 14:54:46 +02:00
Remco Vermeulen
7435dac3d2 Move source and sink into importable library 2020-07-09 14:53:59 +02:00