hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,708 Commits 1,671 Branches 157 Tags
henrymercer/js-atm-update-api-graphs-usage
Commit Graph

4061 Commits

Author SHA1 Message Date
haby0
4ebf0ed7c5 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') 2021-07-22 21:45:29 +08:00
Chris Smowton
40173f7abb Remove stubbing script outputs 2021-07-22 14:33:34 +01:00
Chris Smowton
e2a533c7de Merge pull request #6346 from aschackmull/java/perf-fix 
Java: Fix bad magic.
 2021-07-22 10:15:16 +01:00
Chris Smowton
605f037af8 Merge pull request #6247 from p0wn4j/spring-responseentity-redirect-sink 
[Java] CWE-601: Add Spring URL Redirect ResponseEntity sink
 2021-07-22 09:45:30 +01:00
Anders Schack-Mulligen
dcfc027b5f Java: Fix bad magic. 2021-07-22 10:12:49 +02:00
Chris Smowton
c568a9463a Remove <> qualifier from ResponseEntity name 
This was an extractor bug that was fixed recently
 2021-07-21 17:58:06 +01:00
Tony Torralba
76905c47b4 Formatting 2021-07-21 09:47:45 +02:00
p0wn4j
f0d5520976 Add Spring URL Redirect ResponseEntity sink 
Copyedit qhelp
 2021-07-21 03:16:16 +04:00
Tony Torralba
4622d8590b Fix change note 2021-07-20 17:50:58 +02:00
Tony Torralba
26999c7ac4 Decouple UnsafeAndroidAccess.qll to reuse the taint tracking configuration 2021-07-20 17:46:35 +02:00
Tony Torralba
99e66cffa2 Merge branch 'main' into atorralba/promote-unsafe-android-webview-fetch 2021-07-20 17:30:56 +02:00
Tony Torralba
ed0db7c7b4 Fix release note 2021-07-20 17:24:24 +02:00
Tony Torralba
7a898a04f3 Fix release note 2021-07-20 17:23:47 +02:00
Tony Torralba
3259ead946 Decouple OgnlInjection.qll to reuse the taint tracking configuration 2021-07-20 17:21:10 +02:00
Tony Torralba
b6904a7992 Merge branch 'main' into atorralba/promote-ognl-injection 2021-07-20 17:17:17 +02:00
Tony Torralba
22c9baa462 Refactor JWT.qll 2021-07-20 17:14:34 +02:00
Tony Torralba
430d9f1834 Merge branch 'main' into atorralba/promote-missing-jwt-signature-check 2021-07-20 16:20:35 +02:00
Tony Torralba
8f1ecf529f QLDoc 2021-07-20 15:53:38 +02:00
Tony Torralba
42b6b26c10 Decouple JndiInjection.qll to reuse the taint tracking configuration 2021-07-20 15:38:34 +02:00
Anders Schack-Mulligen
77d53676ba Java: Remove deprecated ParExpr. 2021-07-20 15:27:31 +02:00
Tony Torralba
b8ea833a61 Merge branch 'main' into atorralba/promote-jndi-injection 2021-07-20 15:01:26 +02:00
Tony Torralba
68df8028d2 Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-07-20 14:47:16 +02:00
Artem Smotrakov
158a75e5a1 Import UnsafeDeserializationQuery in unsafeDeserialization.ql 2021-07-20 10:14:50 +02:00
Tony Torralba
0f199601f8 Refactor GroovyInjection.qll 2021-07-20 09:44:37 +02:00
github-actions[bot]
bed08a6f4f Add changed framework coverage reports 2021-07-20 00:06:37 +00:00
Chris Smowton
7819d32784 Make MediaType stub constants actually constant 
This is required to use them in annotations
 2021-07-19 18:28:30 +01:00
Chris Smowton
a0297d51e5 Note fixed test result 
the Optional type has now been modelled
 2021-07-19 18:28:06 +01:00
Chris Smowton
82ea2592ad Spring HTTP: Fix test mistakes 
Classes without RestController and methods without GetMapping or similar were never going to be detected.
 2021-07-19 18:21:13 +01:00
Chris Smowton
392e405f5d Add Spring-XSS test 
This covers the cases currently exercised in https://github.com/github/codeql-securitylab/blob/main/java/ql/src/pwntester/security/RestXSS.ql
 2021-07-19 18:21:11 +01:00
Chris Smowton
16c5952167 Add and improve Spring-web stubs 2021-07-19 18:20:37 +01:00
Chris Smowton
8051a7cd83 Add change note 2021-07-19 18:11:05 +01:00
Chris Smowton
34a4b71891 Add models of JSON-java, aka org.json 2021-07-19 17:57:27 +01:00
Tony Torralba
70081b6a1e Refactor MvelInjection.qll 2021-07-19 15:36:35 +02:00
Artem Smotrakov
47e4cf4180 Make UnsafeDeserializationSink public 2021-07-19 15:34:33 +02:00
Tony Torralba
45a72ff6eb Fix InsecureBasicAuth test expectations 2021-07-19 13:56:31 +02:00
Tony Torralba
46faf68d64 Decouple MvelInjection.qll to reuse the taint tracking configuration 2021-07-19 13:50:03 +02:00
Tony Torralba
5ca8b380e9 Merge branch 'main' into atorralba/promote-mvel-injection 2021-07-19 13:45:10 +02:00
Artem Smotrakov
035f7ac669 Refactored libs for unsafe deserialization 2021-07-19 13:19:36 +02:00
Tony Torralba
1c91e74269 Rename sink models class 2021-07-19 13:05:37 +02:00
Tony Torralba
441e8afe81 Decouple GrovyInjection.qll to reuse the taint tracking configuration 2021-07-19 12:53:37 +02:00
Anders Schack-Mulligen
db76b12f3f Merge pull request #6313 from aschackmull/java/fix-csv-dispatch 
Java: Fix a bug in call-context-sensitve dispatch to SummarizedCallable.
 2021-07-19 12:49:31 +02:00
Tony Torralba
b08f417a1e Merge branch 'main' into atorralba/promote-groovy-injection 2021-07-19 12:44:03 +02:00
Artem Smotrakov
e02530749b Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-07-19 11:52:12 +02:00
Anders Schack-Mulligen
0b89f96055 Merge pull request #6318 from Marcono1234/patch-1 
Java: Fix documentation mistake for `ProtoPom`
 2021-07-19 11:25:06 +02:00
Anders Schack-Mulligen
d1f21a854a Merge pull request #6042 from joefarebrother/spring-http 
[Java] Model spring `http` package
 2021-07-19 11:24:41 +02:00
Anders Schack-Mulligen
c32a75a1b3 Merge pull request #6183 from smowton/smowton/feature/javax-json-models 
Add models of the jakarta/javax.json package
 2021-07-19 11:19:21 +02:00
github-actions[bot]
9b7616bea4 Add changed framework coverage reports 2021-07-19 00:07:04 +00:00
Marcono1234
87d6b9ca5a Java: Fix documentation mistake for ProtoPom 2021-07-18 02:49:43 +02:00
Artem Smotrakov
cfe74b527a Use inline-expectation tests for StaticInitializationVector.ql 2021-07-17 01:04:52 +02:00
Artem Smotrakov
218731ca0a Added a query for static initialization vectors in encryption 
- Added StaticInitializationVector.ql
- Added StaticInitializationVector.qhelp
- Added tests
 2021-07-16 19:06:44 +02:00