hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
32,907 Commits 1,671 Branches 157 Tags
codeql-cli-2.8.2
Commit Graph

1576 Commits

Author SHA1 Message Date
Chris Smowton
7b425a80bc Note path query expectations 2022-02-23 16:02:54 +00:00
Chris Smowton
476997a599 Replace more non-breaking spaces 2022-02-23 11:02:17 +00:00
Porcupiney Hairs
c81d85f321 Include suggestions from review 2022-02-22 23:07:34 +05:30
Porcuiney Hairs
e536628a66 Java : Add SSTI query 2022-02-22 15:57:53 +05:30
Asger Feldthaus
a121b73181 Java: update CSV rows to dot-separated syntax 2022-02-21 08:16:55 +01:00
Asger Feldthaus
7f808710ec Java: update model generator 2022-02-21 08:16:54 +01:00
Tony Torralba
111aabb707 Merge pull request #7712 from luchua-bc/java/file-path-injection 
Java: CWE-073 File path injection with the JFinal framework
 2022-02-16 12:01:34 +01:00
Tony Torralba
5f0ab522f3 Merge pull request #7988 from Marcono1234/marcono1234/sealed-types-predicates 
Java: Add predicates for sealed classes
 2022-02-15 15:11:56 +01:00
luchua-bc
fd533f2ba8 Remove the same callable constraint 2022-02-15 12:44:23 +00:00
Marcono1234
a496b1d1a1 Java: Add predicates for sealed classes 2022-02-14 21:04:38 +01:00
Chris Smowton
0bf6c83ef2 Merge pull request #4388 from JLLeitschuh/feat/JLL/java/CWE-200_temp_directory_local_information_disclosure 
Java: CWE-200: Temp directory local information disclosure vulnerability
 2022-02-14 18:58:44 +00:00
Chris Smowton
fd4dc95d84 Merge pull request #6443 from artem-smotrakov/ignored-hostname-verifier 
Java: An experimental query for ignored hostname verification
 2022-02-14 18:56:27 +00:00
luchua-bc
35a924292b Model value passing between a setter and a getter call as a value step 2022-02-14 14:08:55 +00:00
luchua-bc
78630f25dd Match attribute name to reduce FP 2022-02-11 23:53:31 +00:00
Jonathan Leitschuh
eee521e6ce Fix test failure for TempDirLocalInformationDisclosure 2022-02-10 10:40:40 -05:00
luchua-bc
ce03aeb4d9 Fixed an issue related to normalized path 2022-02-09 23:19:40 +00:00
Jonathan Leitschuh
49a73673b6 Fix FP from mkdirs call on exact temp directory 2022-02-09 11:04:23 -05:00
luchua-bc
4609227e76 Use data model for request/session attribute operations 2022-02-09 03:24:46 +00:00
Jonathan Leitschuh
7f46640176 Consider calls to setReadable(false, false) then setReadable(true, true) to be safe 2022-02-08 17:57:10 -05:00
Chris Smowton
a6596ea7ce Fix test requirements, formatting 2022-02-08 12:01:32 +00:00
luchua-bc
ff4826d203 Correct the data model and update qldoc 2022-02-08 04:02:27 +00:00
Jonathan Leitschuh
c4112e6d4c Post refactor fixiup 2022-02-07 15:02:13 -05:00
Chris Smowton
de38638db6 Combine CWE-200 queries 2022-02-07 14:22:36 -05:00
Artem Smotrakov
f53b2fcc62 Updated IgnoredHostnameVerification.ql to cover more uses of HostnameVerifier.verify() 2022-02-06 11:23:20 +00:00
Jonathan Leitschuh
0268dd9f0a Add file creation sanitizer 2022-02-04 17:10:27 -05:00
Jonathan Leitschuh
9299c7996d Add information disclosure test fix suggestions 2022-02-04 17:10:27 -05:00
Jonathan Leitschuh
79db76dcf8 Fix test failures TempDirLocalInformationDisclosureFromSystemProperty 2022-02-04 17:10:27 -05:00
Jonathan Leitschuh
7e514e9ef9 Add QLdoc and fix Compiler Errors in Tests 2022-02-04 17:10:26 -05:00
Jonathan Leitschuh
f910fd4719 Remove path flow tracking in 'TempDirLocalInformationDisclosureFromMethodCall' 2022-02-04 17:10:25 -05:00
Jonathan Leitschuh
13fed0e9b6 Temp Dir Info Disclosure: Final pass and add documentation 2022-02-04 17:10:24 -05:00
Jonathan Leitschuh
bc12e994b0 Add java.nio.file.Files API checks 2022-02-04 17:10:24 -05:00
Jonathan Leitschuh
ecad7534ae Add mkdirs check 2022-02-04 17:10:24 -05:00
Jonathan Leitschuh
cf0ed81575 Add TempDir taint tracking for Files.write 2022-02-04 17:10:24 -05:00
Jonathan Leitschuh
3a15678b1e Java: CWE-200: Temp directory local information disclosure vulnerability 2022-02-04 17:10:23 -05:00
Harry Maclean
ab7fd89653 Merge pull request #7663 from github/hmac/api-graph-subclass 
Ruby: Add basic subclassing support to API Graphs
 2022-02-04 10:19:07 +13:00
Arthur Baars
6acf49d4da Merge pull request #7814 from aibaars/fix-ql-alerts 
Ruby: fix all QL-QL alerts
 2022-02-02 18:25:38 +01:00
Tony Torralba
4f13bf8941 Merge pull request #6492 from atorralba/atorralba/android-cleartext-storage-database 
Java: Create new query Cleartext storage of sensitive information in Android databases
 2022-02-02 16:23:05 +01:00
Arthur Baars
33b97f3e0c Update synchronized files 2022-02-02 13:30:45 +01:00
Alvaro Muñoz Sanchez
ba90fecc98 retab Test.java 2022-01-26 11:20:10 +01:00
Alvaro Muñoz Sanchez
9ee967d6db update test file 2022-01-25 12:42:41 +01:00
Alvaro Muñoz Sanchez
c49c7903a8 add java.util.regex models and tests 2022-01-25 10:50:39 +01:00
Harry Maclean
517f2d0823 Add optional results to InlineExpectationsTest 
The idea behind optional results is that there may be instances where
each line of source code has many results and you don't want to annotate
all of them, but you still want to ensure that any annotations you do
have are correct.

This change makes that possible by exposing a new predicate
`hasOptionalResult`, which has the same signature as `hasResult`.

Results produced by `hasOptionalResult` will be matched against any
annotations, but the lack of a matching annotation will not cause a
failure.

We will use this in the inline tests for the API edge getASubclass,
because for each API path that uses getASubclass there is always a
shorter path that does not use it, and thus we can't use the normal
shortest-path matching approach that works for other API Graph tests.
 2022-01-25 16:41:49 +13:00
Tony Torralba
b59fd4070f Merge pull request #7136 from atorralba/atorralba/promote-insecure-trustmanager 
Java: Promote Insecure TrustManager from experimental
 2022-01-24 14:05:14 +01:00
Anders Schack-Mulligen
7af6dc7164 Merge pull request #7702 from atorralba/atorralba/fix-jndi-injection-sinks 
Java: Remove some JNDI Injection sinks
 2022-01-24 10:53:58 +01:00
Tony Torralba
908b7c43f2 Fix stubs 2022-01-24 09:34:43 +01:00
luchua-bc
27043a09b3 File path injection with the JFinal framework 2022-01-23 18:07:48 +00:00
Tony Torralba
78d7e538a5 Remove some JNDI Injection sinks 
Add tests and stubs
 2022-01-21 17:47:15 +01:00
Tony Torralba
c6dd7ddf7a Fix stub 2022-01-21 16:55:43 +01:00
Tony Torralba
4f253590f1 Fix method name in LocalDatabaseOpenMethodAccess 2022-01-21 16:55:43 +01:00
Tony Torralba
652a1d2dc2 Fix wrongly resolved rebase conflicts 2022-01-21 16:55:43 +01:00