5940 Commits

Author	SHA1	Message	Date
Chris Smowton	83498f58db	Add missing import	2022-08-03 08:53:43 +01:00
Chris Smowton	81f3bcd802	Don't require a PathCreation for every tainted-path sink	2022-08-02 21:30:06 +01:00
Chris Smowton	c95f17fdf2	Make java/path-injection recognise create-file MaD sinks	2022-08-02 21:28:00 +01:00
Anders Schack-Mulligen	aabdf84300	Java: Improve join-order for not haveIntersection.	2022-08-02 14:29:03 +02:00
Anders Schack-Mulligen	80bba605e3	Java: Fix join-order in SameNameAsSuper.	2022-08-02 12:49:21 +02:00
luchua-bc	b69eba9238	Add check for Spring redirect	2022-07-29 01:59:47 +00:00
github-actions[bot]	e8747d3176	Post-release preparation for codeql-cli-2.10.2	2022-07-28 20:00:09 +00:00
github-actions[bot]	212786ed91	Release preparation for version 2.10.2	2022-07-28 13:38:35 +00:00
luchua-bc	1ce31ec32c	Add sinks of servlet dispatcher and filter	2022-07-26 23:05:25 +00:00
luchua-bc	962069ccff	Add path check in a security context (redirect)	2022-07-22 23:10:52 +00:00
luchua-bc	48f143e7d4	Query to detect regex dot bypass	2022-07-20 22:39:24 +00:00
Shyam Mehta	09ec37943c	Partial Path Traversal split into 2 queries	2022-07-20 17:53:26 -04:00
smehta23	b7e522749f	Apply suggestions from code review ... Co-authored-by: Chris Smowton <smowton@github.com> Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2022-07-20 15:32:59 -04:00
Asger F	b9bdee6651	Merge branch 'main' into post-release-prep/codeql-cli-2.10.1	2022-07-19 16:24:35 +02:00
Raul Garcia	eefa659503	Update java/ql/src/experimental/Security/CWE/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql ... Co-authored-by: yo-h <55373593+yo-h@users.noreply.github.com>	2022-07-16 08:23:59 -07:00
Raul Garcia	fe789c8aa9	Update java/ql/src/experimental/Security/CWE/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql ... Co-authored-by: yo-h <55373593+yo-h@users.noreply.github.com>	2022-07-16 08:22:18 -07:00
github-actions[bot]	0ee476129a	Post-release preparation for codeql-cli-2.10.1	2022-07-14 14:38:49 +00:00
Erik Krogh Kristensen	85a652f3d1	remove a bunch of repeated words	2022-07-14 12:42:48 +02:00
Jeroen Ketema	fe1f1bb79d	Fix issues with change notes	2022-07-14 11:06:14 +02:00
github-actions[bot]	d1aa0d7dd3	Release preparation for version 2.10.1	2022-07-14 08:56:03 +00:00
Chris Smowton	a6970638cb	Improve description	2022-07-13 20:27:10 +01:00
Chris Smowton	01cec0490b	Abbreviate qhelp	2022-07-13 20:24:44 +01:00
Erik Krogh Kristensen	a4262f8d91	add some more references to the overly-large-range qhelp	2022-07-13 11:20:24 +02:00
Raul Garcia	0dbb03f732	Adding CVE information.	2022-07-12 21:49:19 -07:00
Raul Garcia	a4adf06713	Addressing feedback for the qhelp file.	2022-07-12 13:51:12 -07:00
Raul Garcia	64343e00f4	Update java/ql/src/experimental/Security/CWE/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql ... Co-authored-by: Chris Smowton <smowton@github.com>	2022-07-12 08:14:25 -07:00
Raul Garcia	8a48708014	Update java/ql/src/experimental/Security/CWE/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql ... Co-authored-by: Chris Smowton <smowton@github.com>	2022-07-12 08:14:13 -07:00
Raul Garcia	2bac181094	Update java/ql/src/experimental/Security/CWE/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql ... Co-authored-by: Chris Smowton <smowton@github.com>	2022-07-12 08:13:53 -07:00
Raul Garcia	a4e35a97ea	Update java/ql/src/experimental/Security/CWE/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql ... Co-authored-by: Chris Smowton <smowton@github.com>	2022-07-12 08:13:38 -07:00
Raul Garcia	a51d713925	Update java/ql/src/experimental/Security/CWE/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql ... Co-authored-by: Chris Smowton <smowton@github.com>	2022-07-12 08:13:12 -07:00
Erik Krogh Kristensen	220ff3cb2e	convert tabs to spaces in qhelp	2022-07-12 16:02:50 +02:00
Erik Krogh Kristensen	ff25451699	rename query to overly-large-range, and rewrite the @description	2022-07-12 16:02:46 +02:00
Shyam Mehta	65b9947428	Incorporate jksco's feedback	2022-07-12 02:02:31 -04:00
smehta23	781a2a73d3	Merge branch 'main' into feat/SM/java_partial_path_traversal_vulnerability	2022-07-12 01:48:12 -04:00
Raul Garcia	d5791e2d56	Addressing feedback from the PR	2022-07-11 15:45:15 -07:00
Raul Garcia	ac05577966	Making various changes based on the feedback. Pending: 2 non-trivial fixes for Java & Python.	2022-07-11 13:25:35 -07:00
Chris Smowton	74641ccfee	Simplify test for no-arg constructor	2022-07-11 11:01:19 +01:00
Raul Garcia	01da877d0e	Moving the new query to experimental. It was added to the wrong folder initially.	2022-07-06 14:07:14 -07:00
Raul Garcia	f5c6b45014	Update UnsafeUsageOfClientSideEncryptionVersion.qhelp	2022-07-05 13:58:11 -07:00
Raul Garcia	e43e5810cf	New queries to detect unsafe client side encryption in Azure Storage	2022-07-01 17:08:35 -07:00
Shyam Mehta	39f885413f	Change log	2022-07-01 11:34:56 -04:00
smehta23	391dd5b38d	Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversalGood.java ... Co-authored-by: Jonathan Leitschuh <jonathan.leitschuh@gmail.com>	2022-07-01 10:55:58 -04:00
smehta23	ebe48ec30a	Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.qhelp ... Co-authored-by: Jonathan Leitschuh <jonathan.leitschuh@gmail.com>	2022-07-01 10:53:43 -04:00
smehta23	48e16e52b5	Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.qhelp ... Co-authored-by: Jonathan Leitschuh <jonathan.leitschuh@gmail.com>	2022-07-01 10:52:41 -04:00
Shyam Mehta	1a41d4c379	Add CVE number	2022-07-01 10:51:33 -04:00
Shyam Mehta	300a14c35c	Add ESAPI reference	2022-07-01 10:43:59 -04:00
smehta23	209a21655a	Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversalGood.java ... Co-authored-by: Jonathan Leitschuh <jonathan.leitschuh@gmail.com>	2022-07-01 10:40:38 -04:00
smehta23	c6f2f61bfb	Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversalBad.java ... Co-authored-by: Jonathan Leitschuh <jonathan.leitschuh@gmail.com>	2022-07-01 10:39:46 -04:00
Shyam Mehta	16814071df	Fix typo in .qhelp	2022-06-29 18:03:57 -04:00
Shyam Mehta	7ab8f0262c	Fix duplicate class header and better fix using toPath()	2022-06-29 18:01:12 -04:00