hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
81,475 Commits 1,671 Branches 157 Tags
js/move-cors-query-from-experimental
Commit Graph

5747 Commits

Author SHA1 Message Date
Tony Torralba
8ad787f3b8 Java: Generelize MaybeBrokenCryptoAlgorithmQuery.qll 2023-12-22 10:15:40 +01:00
Ed Minnix
8051cfcef5 Fix tests and fix getStringValue method 2023-12-21 22:48:08 -05:00
Aditya Sharad
b1803d0ac2 Merge rc/3.12 into main 2023-12-21 16:40:51 -08:00
masterofnow
0fd09759df Added sample java file for qhelp to render correctly. 2023-12-22 08:31:23 +08:00
masterofnow
cb5733d647 Apply suggestions from code review 
Update to documentation.

Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2023-12-22 08:25:05 +08:00
masterofnow
7162540faf Added options, .qhelp and .expected file for unit test. 2023-12-21 19:57:37 +08:00
Tony Torralba
39708524e7 Minor fixes 
- Query ID
- MethodAccess -> MethodCall
- Redundant import
- Formatting
 2023-12-20 15:31:09 +01:00
masterofnow
e85c4b5bf6 Update query from code review feedback to express it as a dataflow problem. 2023-12-20 18:28:16 +08:00
github-actions[bot]
8f72b0e4f7 Post-release preparation for codeql-cli-2.15.5 2023-12-19 10:32:57 +00:00
github-actions[bot]
19af35b29a Release preparation for version 2.15.5 2023-12-18 21:22:44 +00:00
Edward Minnix III
56921a6e21 Merge pull request #14040 from egregius313/egregius313/weak-hashing-properties 
Java: Add support for algorithm names specified in `.properties` files to `java/potentially-weak-cryptographic-algorithm`
 2023-12-18 09:38:58 -05:00
Tony Torralba
9446249e94 Merge pull request #15012 from atorralba/atorralba/java/fix-missing-pinning-fp 
Java: Fix FPs in Missing certificate pinning
 2023-12-18 09:37:18 +01:00
Tony Torralba
0524289a73 Update java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql 2023-12-18 08:50:10 +01:00
masterofnow
4a77f45aa6 Minor adjustment to resolve error for codeql version 2.15.4 2023-12-16 12:41:39 +08:00
masterofnow
99b273d308 Apply suggestions from code review 
Added suggestion from atorralba.

Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2023-12-16 12:00:45 +08:00
Ed Minnix
02581a3850 Move class for getProperty method call to Properties.qll 2023-12-15 11:09:08 -05:00
Ed Minnix
fc53727b9d Bump change note date 2023-12-15 11:09:08 -05:00
Ed Minnix
afefccf8f7 Update change note 2023-12-15 11:09:08 -05:00
Ed Minnix
0d12981d6a Bump change note 2023-12-15 11:09:08 -05:00
Ed Minnix
078a33eecc Updated change note 2023-12-15 11:09:07 -05:00
Ed Minnix
83c6ece405 Move weak hashing into MaybeBrokenCryptoAlgorithm 2023-12-15 11:09:07 -05:00
Ed Minnix
c20ea1f629 Bump change note date 2023-12-15 11:09:07 -05:00
Ed Minnix
cb0ea350b5 Improve docs 2023-12-15 11:09:07 -05:00
Ed Minnix
0efca8200d Weak Hashing query wording 2023-12-15 11:09:07 -05:00
Ed Minnix
86b57a11ac Bump change note date 2023-12-15 11:09:07 -05:00
Ed Minnix
93cf5b8eb9 Weak Hashing Property initial query 2023-12-15 11:09:07 -05:00
Anders Schack-Mulligen
7623432c76 Java: Remove/deprecate FlowStateString-based extension points. 2023-12-14 15:15:58 +01:00
Tom Hvitved
c8b4a215bc Merge pull request #14573 from hvitved/flow-summary-impl-param 
Move `FlowSummaryImpl.qll` to `dataflow` pack
 2023-12-14 12:24:15 +01:00
Jeroen Ketema
99e65df6ce Merge remote-tracking branch 'upstream/rc/3.12' into mb12 2023-12-13 15:43:39 +01:00
masterofnow
e1b8fabf7f Use global instead of local taint tracking. 2023-12-13 13:50:34 +08:00
masterofnow
8538c12267 Merge branch 'github:main' into LoadClassNoSignatureCheck 2023-12-13 13:47:40 +08:00
Tony Torralba
bd8f35bef7 Java: Fix FPs in Missing certificate pinning 
Local URIs should never require pinning
 2023-12-12 18:02:12 +01:00
Tony Torralba
27be5ba14b Merge pull request #15073 from atorralba/atorralba/java/remove-invalid-ognl-sinks 
Java: Remove invalid OGNL sinks
 2023-12-12 16:52:31 +01:00
Tony Torralba
103110f9c2 Java: Remove invalid OGNL sinks 
Fixes #15053
 2023-12-12 13:39:51 +01:00
Edward Minnix III
06eef93f89 Docs review suggestions 2023-12-11 11:18:40 -05:00
Edward Minnix III
ce20c4ae03 Docs review suggestions 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2023-12-11 11:18:40 -05:00
Ed Minnix
3ca039bc8f Rename to InsecureRandomness 2023-12-11 11:18:40 -05:00
Edward Minnix III
4678302edb Update query metadata 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2023-12-11 11:18:39 -05:00
Ed Minnix
4bdf2b5e18 Bump change note date 2023-12-11 11:18:39 -05:00
Ed Minnix
14fdfa4428 Add new sink kind and change note 2023-12-11 11:18:38 -05:00
Ed Minnix
e69ff7b601 Move to library and add docs 2023-12-11 11:18:38 -05:00
Ed Minnix
9f986ca527 Add Weak Randomness Query 2023-12-11 11:18:38 -05:00
Tom Hvitved
f9dbf676a6 Java: Use FlowSummaryImpl from dataflow pack 2023-12-10 11:25:45 +01:00
Ed Minnix
1b8f3f3450 Deprecate or remove imports of dataflow library copies 2023-12-08 10:42:10 -05:00
github-actions[bot]
92af5f5386 Post-release preparation for codeql-cli-2.15.4 2023-12-06 22:59:22 +00:00
github-actions[bot]
c04457e9e7 Release preparation for version 2.15.4 2023-12-06 21:11:50 +00:00
Tony Torralba
649dc9d1d4 Merge pull request #14993 from github/shati-patel/fix-cwe-tags 
Update inconsistent CWE tags
 2023-12-04 14:30:32 +01:00
Shati Patel
6284781a9b Update inconsistent CWE tags 
Most tags use the "external/cwe/cwe-xxx" format, except for these few queries. Updating them for consistency.
 2023-12-04 11:52:31 +00:00
Chris Smowton
ad713a7a93 Java: report any extracted file as successfully extracted 2023-12-01 22:35:00 +00:00
Chris Smowton
bbc0f29f16 Restrict getCheckedType to unrestricted records, introduce getSyntacticCheckedType and use that where appropriate 2023-11-30 11:24:05 +00:00