hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
26,405 Commits 1,671 Branches 157 Tags
remove-javascript
Commit Graph

219 Commits

Author SHA1 Message Date
Owen Mansel-Chan
787f36f056 Add a change note 2021-09-28 07:32:28 +01:00
Anders Schack-Mulligen
cfa0d46b73 Merge pull request #6097 from atorralba/atorralba/promote-xslt-injection 
Java: Promote XSLT Injection from experimental
 2021-09-27 13:14:57 +02:00
Tony Torralba
ff21662b23 Refactor XsltInjection.qll 2021-09-27 12:00:18 +02:00
Tony Torralba
fc58ada92e Add change note 2021-09-27 11:58:20 +02:00
Tony Torralba
d10dbbdd9d Apply suggestions from code review 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-09-27 11:40:51 +02:00
Tony Torralba
b0852f6c16 Add change note 2021-09-27 11:37:46 +02:00
Chris Smowton
93daaf5b5b Merge pull request #6174 from joefarebrother/guava-collections 
Java: Model Guava collections package
 2021-09-23 09:13:24 +01:00
Anders Schack-Mulligen
2cbad4aed6 Merge pull request #6600 from atorralba/atorralba/fix-conditionalbypass 
Java: Fix performance of the query User-controlled bypass of sensitive method
 2021-09-17 16:07:39 +02:00
Joe Farebrother
7dded52de2 Add change note 2021-09-16 15:23:02 +01:00
Tony Torralba
e159351179 Update java/change-notes/2021-06-01-insecure-basic-auth-query.md 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-09-15 17:20:27 +02:00
Tony Torralba
49c6a56f97 Add change note 2021-09-15 17:20:27 +02:00
Chris Smowton
03db15af9a Merge pull request #6685 from smowton/smowton/admin/android-uri-model 
Java: Add models for android.net.Uri[.Builder]
 2021-09-15 10:48:33 +01:00
Anders Schack-Mulligen
3f7d6e6f85 Merge pull request #6136 from smowton/smowton/admin/spring-xss-content-type-sensitivity 
Spring HTTP: improve content-type sensitivity
 2021-09-15 09:50:56 +02:00
Chris Smowton
367a53dd71 Add models for android.net.Uri[.Builder] 2021-09-14 16:37:07 +01:00
Chris Smowton
6cff0d0376 Merge pull request #6393 from luchua-bc/java/xss-jsf 
Java: CWE-079 Query to detect XSS with JavaServer Faces (JSF)
 2021-09-14 15:15:56 +01:00
Anders Schack-Mulligen
26eafcb55a Merge pull request #6456 from smowton/smowton/admin/flexjson-unsafe-deserialization 
Java: add unsafe-deserialization support for Flexjson
 2021-09-14 14:33:22 +02:00
Chris Smowton
6af5c5fc86 Add change note 2021-09-14 12:36:38 +01:00
Tony Torralba
b740cf9664 Add change note 2021-09-14 13:16:47 +02:00
Chris Smowton
122ffca049 Merge pull request #6645 from Marcono1234/marcono1234/spurious-javadoc-param-generic-class 
Java: Detect spurious param Javadoc tag of generic classes
 2021-09-13 16:41:06 +01:00
Chris Smowton
3c7b39f089 Add change note 2021-09-13 15:36:26 +01:00
Ian Lynagh
3404bcf265 Merge pull request #6680 from github/igfoo/java_location 
Java: Use the standard URL format for Location.toString()
 2021-09-13 13:43:32 +01:00
Ian Lynagh
4fbb165dce Java: Use the standard URL format for Location.toString() 2021-09-13 12:53:50 +01:00
Chris Smowton
62ecab8432 Add change note 2021-09-10 16:36:36 +01:00
Chris Smowton
9b488207eb Add support for the Flexjson framework to the unsafe-deserialization query 2021-09-10 16:27:23 +01:00
Chris Smowton
9d31641bb1 Add change note 2021-09-10 16:10:56 +01:00
Chris Smowton
608d24f75e Rename QL elements that refer to local classes 2021-09-02 14:51:50 +01:00
Chris Smowton
474d983f8d Fix typo 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-09-02 14:51:48 +01:00
Chris Smowton
ac43ad6da2 Add change note 2021-09-02 14:51:47 +01:00
Chris Smowton
7f73efe3e1 Downgrade precision of java/concatenated-sql-query 2021-08-24 10:46:01 +01:00
Ian Lynagh
a9db1c52e5 All languages: Add getPrimaryQlClasses() 
This is a non-overridable predicate that concatenates all the
getAPrimaryQlClass() results into a comma-separated string.
 2021-08-23 15:49:10 +01:00
Owen Mansel-Chan
714e126088 Merge pull request #6370 from owen-mc/java/model/apache-collections 
Java: Model more of Apache Commons Collections
 2021-08-19 15:09:06 +01:00
Joe Farebrother
9dc28eb9b5 Merge pull request #6387 from joefarebrother/guava-cache 
Java: Model guava cache package
 2021-08-19 10:53:48 +01:00
Chris Smowton
48818ebd6d Merge pull request #6434 from smowton/smowton/admin/jodd-unsafe-deserialization 
Java: Unsafe deserialization: add support for Jodd JSON library
 2021-08-18 17:26:02 +01:00
Chris Smowton
cc4fe7375c Merge pull request #5953 from github/sauyon/java/spring-webutil 
Java: Add models for the Spring `web.util` package
 2021-08-18 15:07:28 +01:00
Sauyon Lee
eb980e2a40 Add change note 2021-08-12 11:20:49 -07:00
Chris Smowton
021e405294 Elaborate change note a little 2021-08-09 15:33:21 +01:00
Chris Smowton
5ba9347281 Merge pull request #6006 from artem-smotrakov/timing-attacks 
Java: Timing attacks while comparing results of cryptographic operations
 2021-08-09 15:30:47 +01:00
Owen Mansel-Chan
26f5ac9ff2 Add change note 2021-08-06 07:06:35 +01:00
Chris Smowton
0b6c991ac4 Unsafe deserialization: add support for Jodd JSON library 2021-08-05 16:01:14 +01:00
Tony Torralba
0356ed7f9e Merge pull request #5911 from atorralba/atorralba/promote-missing-jwt-signature-check 
Java: Promote Missing JWT signature check query from experimental
 2021-08-05 09:43:03 +02:00
Anders Schack-Mulligen
1932f604dc Merge pull request #6419 from smowton/smowton/admin/unsafe-deserialization-jabsorb 
Add unsafe-deserialization support for Jabsorb
 2021-08-05 09:04:23 +02:00
Chris Smowton
69549e9ce3 Add unsafe-deserialization support for Jabsorb 
This is partly extracted from https://github.com/github/codeql/pull/5954
 2021-08-04 15:35:50 +01:00
Anders Schack-Mulligen
6a09a5667d Merge pull request #5931 from atorralba/atorralba/promote-jndi-injection 
Java: Promote JNDI Injection query from experimental
 2021-08-04 15:48:44 +02:00
Chris Smowton
eaf3d3cc03 Merge pull request #6162 from smowton/smowton/feature/jax-rs-content-type-sensitivity-fixes 
Jax-RS: implement content-type tracking
 2021-08-03 14:53:31 +01:00
Anders Schack-Mulligen
7fb1e1578e Merge pull request #5894 from atorralba/atorralba/promote-ognl-injection 
Java: Promote OGNL Injection query from experimental
 2021-08-03 15:31:40 +02:00
Anders Schack-Mulligen
c0d76da1a6 Merge pull request #5846 from atorralba/atorralba/promote-unsafe-android-webview-fetch 
Java: Promote Unsafe resource loading in Android WebView from experimental
 2021-08-03 14:24:34 +02:00
Anders Schack-Mulligen
fb9feabe64 Merge pull request #6062 from atorralba/atorralba/promote-groovy-injection 
Java: Promote Groovy Code Injection from experimental
 2021-08-03 14:19:15 +02:00
Chris Smowton
f83f950be6 Merge pull request #6325 from smowton/smowton/feature/org-json-models 
Java: add models of JSON-java, aka `org.json`
 2021-08-03 10:33:49 +01:00
Tony Torralba
084cda6daa Merge branch 'main' into atorralba/promote-groovy-injection 2021-08-03 09:53:46 +02:00
Tony Torralba
08bdd1aa7a Merge branch 'main' into atorralba/promote-ognl-injection 2021-08-02 16:05:38 +02:00