codeql

mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00

Author	SHA1	Message	Date
Owen Mansel-Chan	ee6019a2d8	Fix tests for experimental httponly query	2021-06-10 13:31:28 +01:00
Anders Schack-Mulligen	96da85449d	Merge pull request #5823 from atorralba/promote-jexl-injection Java: Promote JEXL Injection query from experimental	2021-06-07 10:03:12 +02:00
Chris Smowton	4ddf4558a7	Merged simplified query	2021-06-04 16:07:15 +02:00
Tony Torralba	56a429a5f9	Merge branch 'main' into promote-jexl-injection	2021-06-03 11:10:56 +02:00
Tony Torralba	59e6e1ffac	Moved from experimental	2021-06-02 09:58:30 +02:00
Anders Schack-Mulligen	43d1b0ab27	Java: Update qltests.	2021-06-01 11:47:52 +02:00
Anders Schack-Mulligen	a4661e1aca	Merge pull request #5704 from edvraa/regexj Java: Regex injection	2021-06-01 11:45:59 +02:00
Timo Mueller	75f6ec1f0d	Updated test cases to include test for java10+ CREDENTIALS_FILTER_PATTERN constant	2021-05-25 17:08:58 +02:00
Timo Mueller	59ebe08c78	Added stup for RMIConnectorServer for valid test case	2021-05-25 16:40:41 +02:00
Artem Smotrakov	c837605c85	Added test cases with sanitizers for UnsafeDeserializationRmi.ql	2021-05-23 13:01:22 +02:00
Artem Smotrakov	d2e29fc72c	Renamed RmiUnsafeDeserialization.ql -> UnsafeDeserializationRmi.ql	2021-05-23 10:21:05 +02:00
Artem Smotrakov	e28f919f3d	Look for remote callable method only in RmiUnsafeDeserialization.ql	2021-05-23 10:21:05 +02:00
Artem Smotrakov	5ffe04d6a5	Updated expected output for RmiUnsafeDeserialization.java test	2021-05-23 10:21:04 +02:00
Artem Smotrakov	3d20330a92	More tests for RmiUnsafeDeserialization	2021-05-23 10:21:04 +02:00
Artem Smotrakov	ec6186a1c5	Draft of tests for RmiUnsafeDeserialization.ql	2021-05-23 10:21:04 +02:00
Tony Torralba	1351516e9a	Moved JNDI injection related files from experimental to standard	2021-05-19 11:32:51 +02:00
Tony Torralba	e58746508d	Merge branch 'main' into atorralba/promote-ognl-injection	2021-05-19 10:41:08 +02:00
luchua-bc	e4699f7fa9	Optimize the query	2021-05-18 16:12:22 +00:00
luchua-bc	d664aa6d6a	Include more scenarios and update qldoc	2021-05-18 16:12:22 +00:00
luchua-bc	852bcfb5c7	Refactor the ScriptEngine query and the Rhino code injection query into one	2021-05-18 16:12:22 +00:00
luchua-bc	b0b5338359	Rhino code injection	2021-05-18 16:12:22 +00:00
Chris Smowton	4230869ee2	Merge pull request #5819 from luchua-bc/java/jpython-injection Java: CWE-094 Jython code injection	2021-05-18 16:38:40 +01:00
Chris Smowton	71f540a755	Merge pull request #5844 from haby0/SpringRedirects [Java] CWE-601 Spring url redirection detect	2021-05-18 16:37:40 +01:00
haby0	a0cd551bae	Add filtering of String.format	2021-05-18 11:05:10 +08:00
Tony Torralba	3e4ccaf9a8	Move from experimental to standard	2021-05-17 10:41:54 +02:00
haby0	498c99e26c	Add left value, Add return expression tracing flow	2021-05-14 16:31:59 +08:00
haby0	effa2b162a	Add spring url redirection detect	2021-05-13 09:55:37 +08:00
luchua-bc	e7cd6c9972	Optimize the query	2021-05-11 16:56:12 +00:00
Tony Torralba	fc03b92e11	Moved from experimental to standard	2021-05-11 15:42:13 +02:00
Chris Smowton	0afe22d60c	Merge pull request #5710 from p0wn4j/jsch-os-injection [Java] CWE-078: Add JSch lib OS Command Injection sink	2021-05-10 16:12:00 +01:00
Tony Torralba	d99b5bfc66	Reuse previous tests from experimental	2021-05-10 11:17:20 +02:00
Tony Torralba	e78e5b9ee4	Merge branch 'main' into promote-jexl-injection	2021-05-07 12:36:49 +02:00
Timo Mueller	787a4ede85	Fixed file reference in test cases	2021-05-04 15:33:53 +02:00
Timo Mueller	374ed851a0	Fixed file reference in test cases	2021-05-04 15:12:50 +02:00
luchua-bc	703fbf139a	Add more methods and update the library name	2021-05-04 02:54:49 +00:00
Tony Torralba	4bfd34b1fe	Moved from experimental	2021-05-03 13:15:24 +02:00
Tony Torralba	38e052482c	More csv sinks and sources	2021-05-03 12:44:53 +02:00
luchua-bc	4709e8139d	JPython code injection	2021-05-03 01:43:56 +00:00
Timo Mueller	15a3068f8a	Added query for insecure environment configuration RMI JMX (CVE-2016-8735)	2021-04-30 16:23:17 +02:00
Chris Smowton	b2c0259197	Merge pull request #5631 from haby0/UseOfLessTrustedSource [Java] CWE-348: Using a client-supplied IP address in a security check	2021-04-30 15:20:53 +01:00
haby0	fdcc517b9f	UseOfLessTrustedSource -> ClientSuppliedIpUsedInSecurityCheck"	2021-04-30 17:43:34 +08:00
Chris Smowton	ad9ea40954	Merge pull request #5597 from intrigus-lgtm/java/jwt-insecure-parse [Java] JWT without signature check.	2021-04-29 14:41:11 +01:00
haby0	e813257431	use hardCode	2021-04-29 21:23:52 +08:00
haby0	5be9fbbc5a	Remove LogOperationSink and PrintSink	2021-04-27 14:12:33 +08:00
p0wn4j	3d891f0b39	[Java] CWE-078: Add JSch OS command injection sink	2021-04-26 18:20:32 +04:00
edvraa	ade238307f	Add a test	2021-04-22 10:02:06 +03:00
haby0	454324781d	delete IfStmt	2021-04-22 11:59:33 +08:00
edvraa	13655b5d80	Add RegExUtils	2021-04-21 13:08:35 +03:00
p0wn4j	f2de440886	[Java] CWE-094: Query to detect Groovy Code Injections	2021-04-20 19:18:24 +04:00
haby0	8296abcea8	Fix Modify the ql query (the qhelp part is not modified).	2021-04-19 20:59:47 +08:00

... 6 7 8 9 10 ...

601 Commits