hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
31,240 Commits 1,672 Branches 157 Tags
codeql-cli-2.7.6
Commit Graph

4152 Commits

Author SHA1 Message Date
Chris Smowton
dee974ff2d Make Call a subclass of ExprParent. All of its subclasses are in any case (via Expr or Stmt) 2021-04-13 09:13:47 +01:00
Marcono1234
c37dbb2e68 Java: Override getAPrimaryQlClass() for more classes 2021-04-13 08:46:01 +01:00
haby0
be39883166 Change the class name and comment,Use .(CompileTimeConstantExpr).getStringValue() 2021-04-13 14:10:10 +08:00
Artem Smotrakov
b96b665262 Renaming in java/ql/src/experimental/Security/CWE/CWE-094 2021-04-12 21:40:49 +03:00
luchua-bc
d7f26dfc18 Update stub classes and qldoc 2021-04-12 16:19:23 +00:00
Chris Smowton
423ff32d04 Merge pull request #5384 from luchua-bc/java/insecure-spring-actuator-config 
Java: CWE-016 Query to detect insecure configuration of Spring Boot Actuator
 2021-04-12 17:04:47 +01:00
Chris Smowton
bb23866cec Add missing doc comments 2021-04-12 16:33:01 +01:00
Chris Smowton
2656a52880 Merge pull request #5538 from luchua-bc/java/credentials-in-properties 
Java: CWE-555 Query to detect plaintext credentials in Java properties files
 2021-04-12 15:22:21 +01:00
Chris Smowton
abeefcaced Merge pull request #4947 from porcupineyhairs/DexLoading 
Java : add query to detect insecure loading of Dex File
 2021-04-12 15:22:12 +01:00
Chris Smowton
11bf982728 Remove superfluous linebreaks in qhelp file 2021-04-12 14:36:42 +01:00
luchua-bc
c281e54d22 Remove unused files and update qldoc 2021-04-12 13:05:01 +00:00
Tom Hvitved
7d2a60e910 Merge pull request #5640 from hvitved/dataflow/path-step-perf 
Data flow: Prevent bad join-order in `pathStep`
 2021-04-12 14:40:46 +02:00
Anders Schack-Mulligen
acd4cf2878 Merge pull request #5636 from aschackmull/java/shared-flow-summaries 
Java: Adopt shared flow summaries
 2021-04-12 13:35:31 +02:00
Anders Schack-Mulligen
e003b04061 Merge pull request #5637 from Marcono1234/marcono1234/toString-method 
Java: Add ToStringMethod
 2021-04-12 11:43:55 +02:00
haby0
1b948ac2e2 Combine two Configurations into one 2021-04-12 15:44:39 +08:00
yo-h
4f2060f96b Merge commit '2d618d6b928d8b76ac8033b3b63d9bde71caa325' into yo-h/java16 2021-04-11 23:55:33 -04:00
intrigus
8d11bc97ca [Java] Add "missing jwt signature check" qhelp. 2021-04-10 13:36:22 +02:00
haby0
d90527bead JsonpInjectionExpr updated to JsonpBuilderExpr 2021-04-10 10:33:21 +08:00
Marcono1234
9349e6922d Java: Add ToStringMethod 2021-04-10 04:00:44 +02:00
haby0
eeae91e620 Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-10 09:48:55 +08:00
haby0
046aeaa38c Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-10 09:37:29 +08:00
haby0
8b756d7f1b Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-10 09:27:03 +08:00
haby0
650446f761 Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-10 09:26:32 +08:00
haby0
a5ebe8c600 Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-10 09:26:08 +08:00
porcupineyhairs
8687c5c145 Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-10 04:18:35 +05:30
haby0
8a7d28a2ed Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-10 04:29:49 +08:00
haby0
4c21980d4f Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-10 04:29:30 +08:00
haby0
9635a36044 Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-10 04:29:06 +08:00
haby0
760231c004 Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-10 04:28:17 +08:00
haby0
c77c7b0a98 Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-10 04:27:16 +08:00
haby0
837f20108d Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-10 04:25:43 +08:00
haby0
157e4670fd Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.qhelp 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-10 04:25:11 +08:00
haby0
79c1374925 Update java/ql/src/semmle/code/java/frameworks/Servlets.qll 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-10 04:24:49 +08:00
haby0
1510048f7a Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.qhelp 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-10 04:23:13 +08:00
haby0
d8165145c7 Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.qhelp 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-10 04:22:44 +08:00
haby0
ebd38eaf3b Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.qhelp 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-10 04:22:08 +08:00
haby0
b8c11503f0 Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.qhelp 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-10 04:21:49 +08:00
luchua-bc
4e3791dc0d Remove LoadCredentialsConfiguration and update qldoc 2021-04-09 19:36:35 +00:00
luchua-bc
04b0682bbf Use isAdditionalTaintStep and make the query more readable 2021-04-09 16:14:51 +00:00
Tom Hvitved
fd8f745468 Java: Adopt shared flow summary library and refactor data-flow nodes. 2021-04-09 16:57:03 +02:00
Tom Hvitved
f130616369 Data flow: Make getLocalCc private again 2021-04-09 16:22:58 +02:00
Anders Schack-Mulligen
701e815368 Merge pull request #5628 from hvitved/java/remove-unique 
Java: Remove `unique` wrapper from `DataFlow::Node::getEnclosingCallable()`
 2021-04-09 15:21:26 +02:00
Tom Hvitved
6874b8d4b3 Data flow: Prevent bad join-order in pathStep 2021-04-09 14:24:47 +02:00
Tamas Vajk
351f35d9bc Revert "Java: Convert other sinks" 
This reverts commit 87d42b02c0.
 2021-04-09 13:13:49 +02:00
Tamas Vajk
87d42b02c0 Java: Convert other sinks 2021-04-09 13:13:39 +02:00
Tamas Vajk
3e53484bb3 Java: Convert Google HTTP client API parseAs sink to CSV format 2021-04-09 13:10:44 +02:00
Tamas Vajk
e544faed6d Java: Convert unsafe hostname verification sinks to CSV format 2021-04-09 13:10:44 +02:00
Tamas Vajk
17fd758df1 Java: Convert XSS sinks to CSV format 2021-04-09 13:10:44 +02:00
Tamas Vajk
0b7a6671dd Java: Convert header splitting sinks to CSV format 2021-04-09 13:06:05 +02:00
Tamas Vajk
f329c3fdab Java: Convert insecure bean validation sink to CSV format 2021-04-09 13:06:04 +02:00