hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,540 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.8
Commit Graph

601 Commits

Author SHA1 Message Date
Artem Smotrakov
67579dd1d8 Added tests for NotConstantTimeCryptoComparison.ql 2021-08-01 09:47:01 +02:00
haby0
eda3d864f5 Model written using smowton 2021-07-28 15:55:47 +08:00
haby0
00f13e1e6e Modify isAdditionalTaintStep 2021-07-27 10:59:38 +08:00
haby0
291ca3830a Modify according to suggestions 2021-07-23 09:28:55 +08:00
haby0
2a50cf8244 Fix 2021-07-22 22:24:09 +08:00
haby0
e160352b38 Fix 2021-07-22 21:48:46 +08:00
haby0
4ebf0ed7c5 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') 2021-07-22 21:45:29 +08:00
p0wn4j
f0d5520976 Add Spring URL Redirect ResponseEntity sink 
Copyedit qhelp
 2021-07-21 03:16:16 +04:00
Tony Torralba
99e66cffa2 Merge branch 'main' into atorralba/promote-unsafe-android-webview-fetch 2021-07-20 17:30:56 +02:00
Tony Torralba
b6904a7992 Merge branch 'main' into atorralba/promote-ognl-injection 2021-07-20 17:17:17 +02:00
Tony Torralba
430d9f1834 Merge branch 'main' into atorralba/promote-missing-jwt-signature-check 2021-07-20 16:20:35 +02:00
Tony Torralba
42b6b26c10 Decouple JndiInjection.qll to reuse the taint tracking configuration 2021-07-20 15:38:34 +02:00
Tony Torralba
b8ea833a61 Merge branch 'main' into atorralba/promote-jndi-injection 2021-07-20 15:01:26 +02:00
Tony Torralba
45a72ff6eb Fix InsecureBasicAuth test expectations 2021-07-19 13:56:31 +02:00
Tony Torralba
46faf68d64 Decouple MvelInjection.qll to reuse the taint tracking configuration 2021-07-19 13:50:03 +02:00
Tony Torralba
5ca8b380e9 Merge branch 'main' into atorralba/promote-mvel-injection 2021-07-19 13:45:10 +02:00
Tony Torralba
b08f417a1e Merge branch 'main' into atorralba/promote-groovy-injection 2021-07-19 12:44:03 +02:00
Artem Smotrakov
cfe74b527a Use inline-expectation tests for StaticInitializationVector.ql 2021-07-17 01:04:52 +02:00
Artem Smotrakov
218731ca0a Added a query for static initialization vectors in encryption 
- Added StaticInitializationVector.ql
- Added StaticInitializationVector.qhelp
- Added tests
 2021-07-16 19:06:44 +02:00
Sauyon Lee
60db9e1851 Rename springframework-5.2.3 to 5.3.8 2021-06-28 08:26:39 -07:00
Chris Smowton
8aa9cd52b5 Merge pull request #5811 from mogwailabs/insecureJmxRmiServerEnvironment 
Java: Add query - insecure environment configuration during JMX/RMI server init
 2021-06-25 22:09:20 +01:00
intrigus
5aa711a956 Accept test changes. 2021-06-25 17:04:36 +02:00
intrigus
5106aec319 Fix test location. 2021-06-25 16:47:25 +02:00
intrigus
36575bb26f Move back to experimental......... 2021-06-25 16:47:25 +02:00
intrigus
592fd1e8ca Java: Accept test changes 2021-06-25 16:47:22 +02:00
intrigus
1b96d0ac54 Java: Remove overlapping code 2021-06-25 16:47:22 +02:00
Chris Smowton
2acb4de2cb Merge pull request #5955 from haby0/java/JShellCodeInjection 
Java: JShell Injection
 2021-06-24 17:03:30 +01:00
Anders Schack-Mulligen
95ad8b55fe Merge pull request #6107 from aschackmull/dataflow/implicit-reads 
Dataflow: Add support for implicit reads
 2021-06-24 15:38:35 +02:00
haby0
3cf71c50b8 Mobile stubs 2021-06-24 19:24:38 +08:00
Artem Smotrakov
14e724bce6 Added sinks for RmiBasedExporter and HessianExporter 2021-06-23 09:53:47 +02:00
Anders Schack-Mulligen
27c973e157 Java: Fix some qltests. 2021-06-21 16:08:52 +02:00
haby0
1750efad2a fix 2021-06-18 21:46:48 +08:00
haby0
dca737190b Modify JShellInjection.expected 2021-06-18 21:36:45 +08:00
haby0
ed0aabef46 add isAdditionalTaintStep 2021-06-18 21:36:44 +08:00
haby0
921b8e80a2 Jshell Injection 2021-06-18 21:36:44 +08:00
haby0
a73cb3f04a Fix error 2021-06-18 17:22:26 +08:00
haby0
0d18e4ff9c BeanShell Injection 2021-06-18 15:54:13 +08:00
Tony Torralba
0c71393171 Merge branch 'main' into atorralba/promote-unsafe-android-webview-fetch 2021-06-17 14:54:25 +02:00
Chris Smowton
7509e36382 Remove no-longer-needed BasicRequestLine model from InsecureBasicAuth.ql; adjust test expectations accordingly 2021-06-17 11:43:33 +01:00
Chris Smowton
487c1db6ed Promote SSRF query to main query set 2021-06-17 11:41:01 +01:00
Anders Schack-Mulligen
8fe2f4a554 Merge pull request #6034 from owen-mc/java/jax-rs 
Improve JAX-WS and JAX-RS models
 2021-06-17 12:35:34 +02:00
Tony Torralba
47fffb04a6 Merge branch 'main' into atorralba/promote-ognl-injection 2021-06-16 15:46:33 +02:00
Tony Torralba
91ba30a781 Merge branch 'main' into atorralba/promote-missing-jwt-signature-check 2021-06-16 15:46:14 +02:00
Tony Torralba
dab33b21fb Merge branch 'main' into atorralba/promote-mvel-injection 2021-06-16 15:44:43 +02:00
Tony Torralba
bf2be6ec7c Merge branch 'main' into atorralba/promote-jndi-injection 2021-06-16 15:34:37 +02:00
Tony Torralba
66d49aa4e8 Fix InsecureBasicAuth tests affected by the new URL summary 2021-06-16 13:01:40 +02:00
Tony Torralba
357b0e1a90 Fix SSRF tests affected by the new URL summary 2021-06-16 13:01:40 +02:00
Tony Torralba
356601ce15 Moved from experimental 2021-06-16 13:01:38 +02:00
Chris Smowton
76838809bb Merge pull request #5818 from artem-smotrakov/rmi-deserialization 
Java: Unsafe RMI deserialization
 2021-06-11 13:43:07 +01:00
Owen Mansel-Chan
e0130a932e Update experimental query using NewCookie 2021-06-10 13:33:20 +01:00