codeql

mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00

Author	SHA1	Message	Date
Tony Torralba	4e29c39c78	Merge ZipSlip sanitization logic into PathSanitizer.qll Apply code review suggestions regarding weak sanitizers	2022-10-04 12:27:01 +02:00
erik-krogh	129cda00db	get a few more queries in sync with other languages	2022-10-01 11:17:48 +02:00
erik-krogh	7d643e41f3	Merge branch 'main' into java-followMsg	2022-10-01 10:48:06 +02:00
Jami	56e3334c6d	Merge pull request #10479 from jcogs33/android-service-sources Java: add Android service sources	2022-09-27 12:40:18 -04:00
erik-krogh	46b5bf32f9	update alert-messsages of java queries	2022-09-26 12:15:25 +02:00
Jami Cogswell	9b4201f880	update FileService	2022-09-23 22:46:55 -04:00
Jami Cogswell	1e01657577	add onBind to FileService to see if it fixes Java Language Tests failure	2022-09-23 18:59:27 -04:00
luchua-bc	e33d786745	Add test cases and reduce FPs	2022-09-23 12:31:16 +00:00
luchua-bc	b3572747f0	Simplify test case and minor update to the query	2022-09-23 12:31:15 +00:00
luchua-bc	311c9e4719	Query to detect unsafe resource loading in Java Spring applications	2022-09-23 12:31:15 +00:00
Tony Torralba	cd61bd0606	Move files from experimental	2022-09-07 13:13:40 +02:00
Tony Torralba	2ec53bf78c	Merge pull request #9873 from luchua-bc/java/permissive-dot-regex Java: CWE-625 Query to detect regex dot bypass	2022-08-31 10:24:18 +02:00
luchua-bc	e2e87980cc	Move pattern check to MatchRegexConfiguration::isSink	2022-08-30 22:48:12 +00:00
Erik Krogh Kristensen	06afe9c0f4	Merge pull request #9816 from erik-krogh/msgConsis Make alert messages consistent across languages	2022-08-25 15:20:01 +02:00
Ian Lynagh	237b3670b4	Make *.xml non-executable	2022-08-24 16:53:48 +01:00
Ian Lynagh	bb73767042	Make *.java non-executable	2022-08-24 16:38:03 +01:00
erik-krogh	27fcc90a97	Merge branch 'main' into msgConsis	2022-08-24 09:21:43 +02:00
Chris Smowton	0a7350f3bf	Merge pull request #10041 from smowton/AddSensitiveApiCalls Java: support more libraries in hardcoded-credentials queries	2022-08-23 10:51:04 +01:00
erik-krogh	7e0bd5bde4	update expected output of tests	2022-08-22 21:41:47 +02:00
Joe Farebrother	f8f21c7ee6	Move static init vector query and tests from experimental to main	2022-08-17 10:35:13 +01:00
Chris Smowton	38c0557d90	Adjust test to moved and expanded stubs	2022-08-15 12:08:14 +01:00
Tony Torralba	98b930cd67	Accept test changes in experimental query after AsyncTask improvements	2022-08-08 09:23:12 +02:00
luchua-bc	b69eba9238	Add check for Spring redirect	2022-07-29 01:59:47 +00:00
luchua-bc	1ce31ec32c	Add sinks of servlet dispatcher and filter	2022-07-26 23:05:25 +00:00
luchua-bc	962069ccff	Add path check in a security context (redirect)	2022-07-22 23:10:52 +00:00
luchua-bc	48f143e7d4	Query to detect regex dot bypass	2022-07-20 22:39:24 +00:00
Tony Torralba	98f70dc7d3	Remove org.dom4j.DocumentHelper:parseText as XXE sink	2022-05-20 14:45:26 +02:00
luchua-bc	937ab417b1	Query to detect hardcoded JWT secret keys	2022-05-04 23:09:48 +00:00
Tony Torralba	b876431950	Merge pull request #8706 from luchua-bc/java/unsafe-get-resource Java: CWE-552 Add sources and sinks to to detect unsafe getResource calls in Java EE applications	2022-05-04 10:12:28 +02:00
luchua-bc	920a7cd2e6	Put back the taint step removed during merge	2022-04-29 20:29:04 +00:00
luchua-bc	0aa1251ffe	Add more test cases	2022-04-29 02:31:43 +00:00
Jorge	193ea1a86e	Merge branch 'main' into mybatis-new-sinks	2022-04-28 22:26:38 +02:00
Tony Torralba	e99cee4913	Merge branch 'main' into java/unsafe-get-resource	2022-04-27 16:45:42 +02:00
luchua-bc	b76873fc8d	Add more test cases	2022-04-19 22:22:15 +00:00
luchua-bc	7029802f3b	Add sinks for getClass() and getClassLoader()	2022-04-11 21:03:48 +00:00
luchua-bc	eccd97c7b7	Query to detect unsafe getResource calls in Java EE applications	2022-04-09 01:14:15 +00:00
Tom Hvitved	b91858e7cf	Java: Implement `ContentSet`	2022-04-04 13:51:44 +02:00
luchua-bc	657f615703	Fine tune the query and update qldoc	2022-03-28 20:05:12 +00:00
jorgectf	f6eb83fd22	Update `MyBatisAnnotationSqlInjection.qlref` By adding more imports in the test file, the expected result's lines changed.	2022-03-16 10:12:38 +01:00
jorgectf	f10dac31f9	Format some tests	2022-03-14 22:12:22 +01:00
jorgectf	d47fcedd21	Add tests	2022-03-14 21:31:51 +01:00
luchua-bc	88d9694628	Query to detect insecure WebResourceResponse implementation	2022-02-26 02:03:35 +00:00
Chris Smowton	f981fee37d	Adjust test expectation	2022-02-25 20:05:06 +00:00
Chris Smowton	8fbd8c52dd	Fix test expectations	2022-02-25 17:35:52 +00:00
Chris Smowton	e02a3d0ddd	Rename qlref file	2022-02-25 17:33:08 +00:00
Ahmed Farid	3a2d514b18	Create ComparingValueOfSensetiveHeader.qlref	2022-02-25 17:33:08 +00:00
Ahmed Farid	0d278f6d61	Create Test.java	2022-02-25 17:33:08 +00:00
Ahmed Farid	1bc5fe13eb	Update and rename java/ql/test/experimental/query-tests/security/CWE-208/TimingAttackAgainstHeader.expected to java/ql/test/experimental/query-tests/security/CWE-208/TimingAttackAgainstHeader/TimingAttackAgainstHeader.expected	2022-02-25 17:33:08 +00:00
Ahmed Farid	63133f7e8b	Update TimingAttackAgainstHeader.expected	2022-02-25 17:33:08 +00:00
Ahmed Farid	f2457dafb5	Create TimingAttackAgainstHeader.expected	2022-02-25 17:33:08 +00:00

... 2 3 4 5 6 ...

601 Commits