hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,517 Commits 1,671 Branches 157 Tags
sauyon/java-spring-stringutils
Commit Graph

596 Commits

Author SHA1 Message Date
haby0
2c96e6cf96 Merge remote-tracking branch 'upstream/main' into main 2021-02-16 17:54:01 +08:00
luchua-bc
5ce3af0591 Enhance the query and update qldoc 2021-02-15 21:38:54 +00:00
Francis Alexander
dae6771a19 test file name changes 2021-02-15 23:17:08 +05:30
Francis Alexander
c45be91d6f more filename changes 2021-02-15 23:09:11 +05:30
Francis Alexander
0004efc2ac filename changes 2021-02-15 22:43:39 +05:30
Francis Alexander
f32c77c266 Qldoc and formatting changes 2021-02-15 22:35:58 +05:30
luchua-bc
2f17943abc Update qldoc 2021-02-15 16:58:09 +00:00
Jonathan Leitschuh
d82e8216ed Merge branch 'main' into feat/JLL/depricated_bintray_usage 2021-02-15 10:48:28 -05:00
Alvaro Muñoz
00a0b12dad update expected results 2021-02-15 11:23:40 +01:00
Alvaro Muñoz
c7072aef16 update A.java test 2021-02-15 10:34:20 +01:00
Anders Schack-Mulligen
161e756c4b Merge pull request #5141 from github/yo-h/java-flow-check-fix 
Java: prepare to enforce additional compiler checks in test code
 2021-02-15 09:41:03 +01:00
luchua-bc
23f620d255 Query to detect insecure LDAP endpoint configuration 2021-02-15 05:31:29 +00:00
yo-h
1d007b6e72 Java: delete two test cases as per code review 2021-02-14 21:42:58 -05:00
luchua-bc
6a6727fc80 Reduce the scope of the query to reduce FPs 2021-02-14 15:01:06 +00:00
Chris Smowton
97df60f9d6 Move misplaced experimental query into the conventional directory 2021-02-12 12:12:16 +00:00
haby0
22e741c7a3 *)add XQExpression.executeCommand(0) sink 2021-02-12 11:17:42 +08:00
Artem Smotrakov
042c0b005e Covered sandboxes for JEXL 2 
- Updated SandboxedJexlFlowConfig to cover JEXL 2
- Added SandboxedJexl2 test
 2021-02-11 22:57:26 +01:00
Artem Smotrakov
7543df60da Callable.call() should not be a sink in JexlInjection.ql 2021-02-11 20:37:23 +01:00
haby0
a6a0fa28c4 *)add XQExpression.executeQuery(0) sink 2021-02-11 16:05:48 +08:00
Artem Smotrakov
af0f361ac8 Updated JexlInjection.ql to check for sandboxes 
- Added a dataflow config to track setting a sandbox
  on JexlBuilder
- Added SandboxedJexl3.java test
 2021-02-10 22:19:45 +01:00
Anders Schack-Mulligen
b74911204a Merge pull request #4945 from intrigus-lgtm/java/insecure-jxbrowser 
Java: Insecure JXBrowser
 2021-02-10 15:48:17 +01:00
Anders Schack-Mulligen
3a6fa9d99b Java: Add support for framework modelling through csv data. 2021-02-10 13:25:03 +01:00
yo-h
e5331a4735 Java: accept changes in expected output 2021-02-09 09:17:35 -05:00
yo-h
e194411cfa Java: fix javac errors in test code 2021-02-09 09:16:57 -05:00
luchua-bc
cb01613aa6 Exclude FP token patterns 2021-02-09 13:53:23 +00:00
intrigus
2e30f2d9ce Java: Fix QHelp & accept test output 
Accept test output for changed alert message.
 2021-02-08 00:05:02 +01:00
Jonathan Leitschuh
bfa9324266 CWE-1104: Maven POM dependence upon Bintray/JCenter 2021-02-05 13:05:51 -05:00
luchua-bc
a183b00166 Query to detect main method in servlets 2021-02-05 03:53:01 +00:00
Francis Alexander
683233333c test case return statements and feedback 2021-02-04 22:28:10 +05:30
Anders Schack-Mulligen
35e620a19c Merge pull request #4854 from luchua-bc/java/insecure-ldap-auth 
Java: Insecure LDAP authentication
 2021-02-04 14:56:38 +01:00
Anders Schack-Mulligen
40d02e7e32 Merge pull request #4926 from luchua-bc/java/insufficient-key-size 
Java: Query to detect weak encryption: insufficient key size
 2021-02-03 15:16:10 +01:00
luchua-bc
2ace10fcdf Use PostUpdateNode for wrapper method calls 2021-02-03 12:21:31 +00:00
Anders Schack-Mulligen
bbdd7c9b57 Merge pull request #4963 from joefarebrother/guava-collections 
Java: Add flow steps for Guava collection utilities
 2021-01-28 11:01:03 +01:00
luchua-bc
ab7d257569 Add more cases and change EC to 256 bits 2021-01-28 04:06:27 +00:00
luchua-bc
058f3af4b2 Refactor the hasShortSymmetricKey method 2021-01-28 04:06:27 +00:00
luchua-bc
cbaee937d0 Optimize the query 2021-01-28 04:06:27 +00:00
luchua-bc
cfc950f803 Query for weak encryption: Insufficient key size 2021-01-28 03:25:15 +00:00
haby0
b76854a384 *)add CWE-652 test case 2021-01-27 10:14:33 +08:00
Henning Makholm
54f00de3e0 Add "tests" fields to test qlpacks 
This will allow `codeql resolve tests --ignore-dubious-cases`
(and thus the VSCode extension) to recognize all `.ql` files in those
packs as test cases, even if they don't have accompanying `.expected`
files.

CLI versions prior to 2.1.0 will choke on this, but it's almost 10
months since that came out.
 2021-01-26 18:15:22 +01:00
Francis Alexander
19872e9aed More Feedback integration 2021-01-26 17:24:17 +05:30
luchua-bc
fee0b94cd4 Use isRequestGetParamMethod as the source 2021-01-26 04:41:44 +00:00
Joe Farebrother
d69ecde5c1 Java: Add additional flow steps for guava collection methods and more unit tests 2021-01-25 16:37:40 +00:00
Francis Alexander
81e372d078 Formatting changes 2021-01-24 20:44:21 +05:30
Francis Alexander
a64fc2b24e Java: Queries to detect remote source flow to CORS header 2021-01-24 18:58:39 +05:30
luchua-bc
b9809b071e Update the query to work with wrapper classes 2021-01-18 19:22:34 +00:00
luchua-bc
048167d39a Revamp the query to reduce FPs introduced by wrapper calls 2021-01-18 04:23:30 +00:00
Artem Smotrakov
7d2d27394b Java: Added a source and a taint step for JexlInjectionConfig 
- Added TaintedSpringRequestBody source
- Added returningTaintedDataFromBean() taint step
- Added tests
 2021-01-17 22:28:42 +01:00
Artem Smotrakov
99401f6e84 Java: Query for detecting JEXL injections 2021-01-17 14:19:26 +01:00
intrigus
a4cbd7037b Java: Add tests for different versions. 
Adds a test for version 6.24, because that version is not vulnerable.
The other test is for versions < 6.24, because these versions are
vulnerable.
 2021-01-15 17:20:57 +01:00
luchua-bc
3af8773dd6 Add more cases 2021-01-15 16:20:31 +00:00