codeql

mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00

Author	SHA1	Message	Date
Benjamin Muskalla	18e3763f90	Expose whether APIs are already supported	2021-08-02 17:14:41 +02:00
Benjamin Muskalla	9b6ae9029f	Introduce query for capture JDK API usage	2021-08-02 17:14:40 +02:00
Chris Smowton	fad1622730	Merge pull request #5435 from haby0/DynamicallyLoadedClasses Java: CWE-470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')	2021-08-02 16:04:30 +01:00
Tony Torralba	08bdd1aa7a	Merge branch 'main' into atorralba/promote-ognl-injection	2021-08-02 16:05:38 +02:00
Chris Smowton	09a873138d	Add missing qldoc	2021-08-02 14:48:42 +01:00
Chris Smowton	8a78075d3d	Remove redundant method taint flow specifications	2021-08-02 14:30:31 +01:00
Anders Schack-Mulligen	53e6ddfeb6	Merge pull request #6001 from atorralba/atorralba/promote-mvel-injection Java: Promote MVEL injection query from experimental	2021-08-02 14:40:26 +02:00
Tony Torralba	9b384d84cc	Merge branch 'main' into atorralba/promote-ognl-injection	2021-08-02 14:06:45 +02:00
Tony Torralba	632ae747c7	Fix JacksonModel duplicate row	2021-08-02 12:53:30 +02:00
Anders Schack-Mulligen	3b676d432f	Merge pull request #5900 from artem-smotrakov/unsafe-jackson-deserialization Java: Unsafe deserialization with Jackson	2021-08-02 12:45:30 +02:00
Anders Schack-Mulligen	6c973b59ac	Update java/ql/src/semmle/code/java/frameworks/Jackson.qll	2021-08-02 10:16:42 +02:00
Tony Torralba	9fadb26325	Fix qhelp sample	2021-08-02 10:00:59 +02:00
Tony Torralba	4435853c8a	Apply suggestions from code review Co-authored-by: Felicity Chapman <felicitymay@github.com>	2021-08-02 09:56:40 +02:00
Fosstars	bd7e7b1371	Better qldoc for timing attacks	2021-08-01 10:18:37 +02:00
Fosstars	0fc487fb04	Better qhelp for timing attacks	2021-08-01 09:57:14 +02:00
Artem Smotrakov	9b953cf0fc	Apply suggestions from code review Co-authored-by: Chris Smowton <smowton@github.com>	2021-08-01 09:47:07 +02:00
Fosstars	ad54c9d937	Two queries for timing attacks	2021-08-01 09:47:07 +02:00
Artem Smotrakov	e3b6ceade5	Renamed NonConstantTimeCryptoComparison.ql to NonConstantTimeCheckOnSignature.ql	2021-08-01 09:47:06 +02:00
Artem Smotrakov	8b557765b3	Narrow NonConstantTimeCryptoComparison.ql to timing attack on signatures and MACs only	2021-08-01 09:47:06 +02:00
Artem Smotrakov	c359852608	Consider only Cipher.ENCRYPT_MODE in NonConstantTimeCryptoComparison.ql	2021-08-01 09:47:06 +02:00
Artem Smotrakov	1f2a9cdda7	Added taint propagation steps for hashes in NonConstantTimeCryptoComparison.ql	2021-08-01 09:47:06 +02:00
Artem Smotrakov	c96d939cf5	Covered custom fast-fail checks in NonConstantTimeCryptoComparison.ql Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>	2021-08-01 09:47:06 +02:00
Artem Smotrakov	6500a1bbbb	More references in NonConstantTimeCryptoComparison.qhelp	2021-08-01 09:47:05 +02:00
Artem Smotrakov	860e8f379e	Better signatures in java/non-constant-time-crypto-comparison	2021-08-01 09:47:05 +02:00
Artem Smotrakov	1b4ee05b80	Better docs for java/non-constant-time-crypto-comparison	2021-08-01 09:47:05 +02:00
Artem Smotrakov	295fd686ce	Make java/non-constant-time-crypto-comparison a warning	2021-08-01 09:47:04 +02:00
Artem Smotrakov	c977fd09cb	Better constant check in java/non-constant-time-crypto-comparison	2021-08-01 09:47:04 +02:00
Artem Smotrakov	d01dc35011	Less duplicate code in java/non-constant-time-crypto-comparison	2021-08-01 09:47:04 +02:00
Artem Smotrakov	40e513ba52	Added more taint propagation steps for InputStream and ByteBuffer	2021-08-01 09:47:04 +02:00
Artem Smotrakov	a4f3a5a88e	Take into account remote user input in java/non-constant-time-crypto-comparison	2021-08-01 09:47:03 +02:00
Artem Smotrakov	8e6d227dc0	More sinks for java/ql/src/experimental/Security/CWE/CWE-208/NonConstantTimeCryptoComparison.ql	2021-08-01 09:47:03 +02:00
Artem Smotrakov	dfa3b523d0	Renamed files	2021-08-01 09:47:03 +02:00
Artem Smotrakov	75f67959f3	Covered Arrays.deepEquals() in NonConstantTimeCryptoComparison.ql	2021-08-01 09:47:02 +02:00
Artem Smotrakov	5dbcf1d611	Covered Object.deepEquals() in NotConstantTimeCryptoComparison.ql	2021-08-01 09:47:02 +02:00
Artem Smotrakov	5c474f689d	Better comments and descriptions	2021-08-01 09:47:02 +02:00
Artem Smotrakov	f245dc3ac8	Removed hashes from NotConstantTimeCryptoComparison.ql	2021-08-01 09:47:02 +02:00
Artem Smotrakov	8a69b7b3ac	Added NotConstantTimeCryptoComparison.qhelp and examples	2021-08-01 09:47:01 +02:00
Artem Smotrakov	c2c85d32da	Java: Added a query for timing attacks	2021-08-01 09:47:01 +02:00
Artem Smotrakov	7959e76da8	Better qldoc in UnsafeDeserializationQuery.qll Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2021-07-30 09:30:59 +02:00
Fosstars	a4b0041120	Better looksLikeResolveClassStep() predicate	2021-07-30 09:28:03 +02:00
Fosstars	1d3eb570bf	hasJsonTypeInfoAnnotation() should check fields recursively Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2021-07-30 08:30:40 +02:00
Tony Torralba	29490e5872	Add suggestion from code review	2021-07-29 17:07:18 +02:00
Tony Torralba	3fcc9fae79	Refactor sinks to reuse code	2021-07-29 16:48:47 +02:00
Tony Torralba	6e3b6dcb98	Imporve qhelp	2021-07-29 16:36:38 +02:00
Tony Torralba	bdf0f582a4	QLDoc improvements from code review Co-authored-by: Felicity Chapman <felicitymay@github.com> Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2021-07-29 16:34:21 +02:00
Tony Torralba	90b5e02b6e	Improve qhelp	2021-07-29 16:28:10 +02:00
Tony Torralba	4ea6729c53	Update java/ql/src/Security/CWE/CWE-347/MissingJWTSignatureCheck.ql Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>	2021-07-29 16:10:49 +02:00
mc	0a986ad0e8	Update JndiInjection.qhelp Improve negation	2021-07-29 15:10:32 +01:00
Joe Farebrother	3bcb46f875	Model guava cache package	2021-07-29 14:52:26 +01:00
Tony Torralba	2628d3dc39	Improve csv sink models	2021-07-29 15:36:18 +02:00

... 65 66 67 68 69 ...

5917 Commits