hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
18,252 Commits 1,672 Branches 157 Tags
revert-4653-feature/csharp9-relational-pattern
Commit Graph

1429 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
4947e1d817 Java: Temporarily move a qltest. 2020-08-14 09:25:32 +02:00
Anders Schack-Mulligen
ecbbcc2f61 Merge pull request #4066 from Marcono1234/marcono1234/simplify-VarAccess-isLValue 
[Java] Simplify VarAccess.isLValue()
 2020-08-13 16:40:28 +02:00
Anders Schack-Mulligen
3469ad7ca6 Merge pull request #3600 from luchua-bc/java-sensitive-log4j2-logging 
Add Log4J 2 and a new search string secret
 2020-08-13 13:35:52 +02:00
Marcono1234
cca2d9d825 Simplify VarAccess.isLValue() 2020-08-13 13:12:57 +02:00
Anders Schack-Mulligen
8891ae70b6 Merge pull request #3938 from lcartey/java/untrusted-data-to-external-api 
Java: Untrusted data used in external APIs
 2020-08-13 09:53:57 +02:00
lcartey@github.com
6f83c55ebd Java: Switch to low as a precision 
Code Scanning doesn't support "very-low"
 2020-08-12 13:48:59 +01:00
Luke Cartey
56ff8cf084 Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2020-08-12 13:12:06 +01:00
lcartey@github.com
6b6172fa5b Java: ExternalAPIs: Further review comments 
- Extra qldoc
 - Remove unnecessary module
 2020-08-12 09:21:14 +01:00
lcartey@github.com
e1d4b98923 Java: Add further missing </p> to qhelp 2020-08-11 15:28:55 +01:00
lcartey@github.com
8a65dd2cd6 Java: Address review comments 2020-08-11 15:28:06 +01:00
Anders Schack-Mulligen
21246624b4 Java: Add PrintWriter.format as XSS sink. 2020-08-11 15:15:39 +02:00
Anders Schack-Mulligen
99c9524639 Java: Make XssSink extensible. 2020-08-11 13:09:27 +02:00
Arthur Baars
5874ecc28b Merge pull request #3976 from luchua-bc/java-unsecure-basic-auth 
Java: Insecure basic authentication
 2020-08-07 21:39:23 +02:00
lcartey@github.com
bdcf4198e6 Add additional Hibernate SQL sinks 2020-08-07 14:03:24 +02:00
Anders Schack-Mulligen
e3a12c5fea Merge pull request #4004 from Marcono1234/patch-2 
[Java] Clarify Wildcard.hasUpperBound() doc
 2020-08-07 13:06:13 +02:00
Anders Schack-Mulligen
77db87efb7 Merge pull request #3968 from rvermeulen/java-importable-cwe-090 
Java: Move LDAP injection sinks, sanitizers, and additional taint steps to importable location
 2020-08-07 11:57:51 +02:00
Anders Schack-Mulligen
f9de8eb3b4 Java: Update precision of java/weak-cryptographic-algorithm. 2020-08-07 09:40:21 +02:00
Anders Schack-Mulligen
05e956b374 Merge pull request #4022 from aibaars/int-to-long 
Java: remove security tag from java/integer-multiplication-cast-to-long
 2020-08-07 09:32:43 +02:00
Marcono1234
0e54b498b7 Clarify Wildcard.hasTypeBound() doc 2020-08-06 23:15:25 +02:00
Marcono1234
f477e09190 Clarify Wildcard.hasUpperBound() doc 2020-08-06 23:15:16 +02:00
Remco Vermeulen
3ae3a879d2 Fix qldoc grammar and style mistakes 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2020-08-06 23:00:03 +02:00
Arthur Baars
f16c263393 Java: remove security tag from java/integer-multiplication-cast-to-long 2020-08-06 17:42:01 +02:00
Remco Vermeulen
408db412dc Add missing predicate qldoc 2020-08-06 13:29:02 +02:00
Remco Vermeulen
5a819422c1 Reuse Unit class from TaintTracking 2020-08-06 12:02:34 +02:00
Remco Vermeulen
7f7ad88dea Limit LdapAdditionalTaintStep to Ldap configuration 2020-08-06 11:35:03 +02:00
Anders Schack-Mulligen
205dd1aead Merge pull request #3881 from intrigus-lgtm/more-pathcreations 
Java: Centralize and model additional path creations.
 2020-08-06 11:21:39 +02:00
luchua-bc
b821f918e5 Address issues with matching empty host and host in a concatenated string 2020-08-06 01:53:29 +00:00
luchua-bc
9a8eed8440 Enhance address match 2020-08-05 19:57:31 +00:00
intrigus
1011325cf7 Accept test changes. 2020-08-05 21:45:41 +02:00
Remco Vermeulen
a1411407c1 Consolidate sanitizers into default sanitizer 2020-08-05 17:07:05 +02:00
Remco Vermeulen
0c09d66d43 Consolidate different sinks into a default sink. 2020-08-05 16:53:50 +02:00
Anders Schack-Mulligen
9e78341e43 Merge pull request #3928 from rvermeulen/java-importable-cwe-113 
Java: Move `HeaderSplittingSink` and `WhitelistedSource` into importable library
 2020-08-05 10:16:00 +02:00
Anders Schack-Mulligen
32d9d270fc Merge pull request #3948 from aibaars/java-3941 
Java: stack trace exposure: address false positives
 2020-08-05 09:31:01 +02:00
Anders Schack-Mulligen
68441bdf99 Merge pull request #3987 from Marcono1234/patch-1 
[Java] Improve InsecureJavaMail.qhelp references
 2020-08-04 12:12:38 +02:00
Luke Cartey
5a96ee1a7b Remove parameter names from signatures 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2020-08-04 09:41:40 +01:00
Luke Cartey
368572f1f0 Update java/ql/src/Security/CWE/CWE-020/UntrustedDataToExternalAPI.qhelp 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2020-08-04 09:40:59 +01:00
Luke Cartey
7928a02424 Add missing full stop. 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2020-08-04 09:40:51 +01:00
Luke Cartey
e0c081a2af Add missing </p> tag 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2020-08-04 09:40:28 +01:00
Anders Schack-Mulligen
cdea0f05b0 Merge pull request #3946 from aibaars/util-collections-2 
Java: Clean up ContainerFlow: address outstanding comments
 2020-08-04 10:27:22 +02:00
luchua-bc
ff0dacf1d7 Optimize the TaintTracking 2020-08-03 00:52:47 +00:00
luchua-bc
b65a033302 Shorten the regex private domain match 2020-08-01 03:42:13 +00:00
luchua-bc
ff58abb7d3 Revamp the sink code 2020-08-01 03:25:02 +00:00
luchua-bc
81de1b14d9 Revamp the source of path query 2020-07-30 19:16:48 +00:00
Arthur Baars
7e72ef350e Merge pull request #3975 from aibaars/lgtm-suites 
CodeQL: complete LGTM suites
 2020-07-30 18:39:01 +02:00
Arthur Baars
5bad003c0c Add qlpack.yml files for example queries 2020-07-29 16:57:04 +02:00
Marcono1234
5942bc6a43 Improve InsecureJavaMail.qhelp references 2020-07-29 01:45:27 +02:00
Arthur Baars
c4041e55ba CodeQL: complete LGTM suites 2020-07-28 20:40:44 +02:00
luchua-bc
5520504658 Update expected results 2020-07-28 15:41:23 +00:00
luchua-bc
a91cc9b7ec Convert the query to path-problem 2020-07-28 15:36:12 +00:00
luchua-bc
7f911f00ee Rename to insecure basic auth 2020-07-28 11:40:21 +00:00