codeql

mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00

Author	SHA1	Message	Date
Jonathan Leitschuh	67e9f06304	[Java] Fix Kryo FP & Kryo 5 Support Closes #4992	2021-05-05 17:38:34 -04:00
Tony Torralba	c138ed3e4d	QLDocs	2021-05-05 16:51:15 +02:00
Tony Torralba	03ce8d689f	Refactored to use CSV sink model	2021-05-05 16:34:30 +02:00
Felicity Chapman	8b2009cfb1	Minor updates to qhelp file	2021-05-05 12:36:29 +01:00
Tony Torralba	be50e8f30c	Moved from experimental to standard	2021-05-05 11:59:49 +02:00
Timo Müller	a65481d24b	Apply suggestions from code review more precise help text	2021-05-04 17:30:49 +02:00
Timo Müller	65642df1a0	Apply suggestions from code review for help text Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>	2021-05-04 17:28:34 +02:00
Timo Mueller	152f4862ec	Reworked the references a bit	2021-05-04 16:10:15 +02:00
Timo Mueller	81363a8843	Some better (and more styleguide compliant) descriptions within the query.	2021-05-04 15:57:47 +02:00
Timo Mueller	f7437422c1	InstanceOf check instead of comparing classnames	2021-05-04 15:51:40 +02:00
Timo Mueller	fd52135f29	Removed unnecessary check for type	2021-05-04 15:45:30 +02:00
Timo Müller	c476b6c088	Fix accordance to style guide Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>	2021-05-04 14:00:01 +02:00
Timo Müller	030e2bdd9b	Fix accordance to style guide Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>	2021-05-04 13:59:52 +02:00
Timo Müller	ab308b5e9e	Fix accordance to style guide Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>	2021-05-04 13:59:43 +02:00
Timo Müller	485a3a139a	Fixed content to confirm with the style guide Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>	2021-05-04 13:58:38 +02:00
Timo Müller	45443baf84	Fixed Typo Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>	2021-05-04 13:58:00 +02:00
Timo Müller	1fd2be3879	Added more clear reference Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>	2021-05-04 13:57:19 +02:00
Timo Müller	7026d82a72	Fixed typo Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>	2021-05-04 13:53:14 +02:00
Timo Müller	f28e994121	Update java/ql/src/experimental/Security/CWE/CWE-665/InsecureRmiJmxEnvironmentConfiguration.qhelp More descriptive (and PC) description. Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>	2021-05-04 13:52:47 +02:00
Tony Torralba	6e94dc5b85	Autoformatting	2021-05-04 13:15:20 +02:00
Tony Torralba	f79d2e06f9	Fix failing checks	2021-05-04 11:29:09 +02:00
Anders Schack-Mulligen	5bcf810a7c	Merge pull request #5821 from JarLob/patch-1 Update UncaughtServletException.qhelp	2021-05-04 10:39:02 +02:00
Anders Schack-Mulligen	9ee9186a1a	Merge pull request #5825 from github/yo-h/java-diagnostic-queries Java: split extractor diagnostics query into two	2021-05-04 10:12:32 +02:00
Tony Torralba	6b79ca6403	Fix warning	2021-05-04 09:32:03 +02:00
luchua-bc	703fbf139a	Add more methods and update the library name	2021-05-04 02:54:49 +00:00
yo-h	edf1a90161	Java: split extractor diagnostics query into two	2021-05-03 20:27:07 -04:00
Jonathan Leitschuh	dfad1fc740	[Java] Add support for com.google.common.base.MoreObjects#firstNonNull	2021-05-03 12:58:00 -04:00
Tony Torralba	745a6f6fb4	Getters called on parameters propagate taint	2021-05-03 17:43:33 +02:00
Jaroslav Lobačevski	38bce39baa	Update UncaughtServletException.qhelp There is no single word in https://cwe.mitre.org/data/definitions/600.html about possible DoS or unexpected state.	2021-05-03 15:06:57 +03:00
Tony Torralba	4d5ec87de9	Use InlineTest	2021-05-03 13:27:24 +02:00
Tony Torralba	4bfd34b1fe	Moved from experimental	2021-05-03 13:15:24 +02:00
Tony Torralba	38e052482c	More csv sinks and sources	2021-05-03 12:44:53 +02:00
luchua-bc	4709e8139d	JPython code injection	2021-05-03 01:43:56 +00:00
Tony Torralba	53e04d0d96	Refactor to CSV sink model	2021-04-30 17:53:43 +02:00
Timo Mueller	c22eeacbfc	Fixed accidential double init of variable	2021-04-30 16:28:56 +02:00
Timo Mueller	61d053f6b3	Fixed missing metadata description	2021-04-30 16:28:17 +02:00
Timo Mueller	15a3068f8a	Added query for insecure environment configuration RMI JMX (CVE-2016-8735)	2021-04-30 16:23:17 +02:00
Chris Smowton	b2c0259197	Merge pull request #5631 from haby0/UseOfLessTrustedSource [Java] CWE-348: Using a client-supplied IP address in a security check	2021-04-30 15:20:53 +01:00
haby0	fdcc517b9f	UseOfLessTrustedSource -> ClientSuppliedIpUsedInSecurityCheck"	2021-04-30 17:43:34 +08:00
haby0	f41301f8f5	Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.java Co-authored-by: Chris Smowton <smowton@github.com>	2021-04-30 16:55:17 +08:00
haby0	0691cac5ab	Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSourceLib.qll Co-authored-by: Chris Smowton <smowton@github.com>	2021-04-30 16:54:41 +08:00
haby0	8142810455	Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.qhelp Co-authored-by: Chris Smowton <smowton@github.com>	2021-04-30 16:54:28 +08:00
haby0	711a74c9c9	Eliminate false positives\	2021-04-30 10:31:40 +08:00
intrigus	08731fc6cf	Fix typo.	2021-04-29 20:26:34 +02:00
Chris Smowton	ad9ea40954	Merge pull request #5597 from intrigus-lgtm/java/jwt-insecure-parse [Java] JWT without signature check.	2021-04-29 14:41:11 +01:00
haby0	e813257431	use hardCode	2021-04-29 21:23:52 +08:00
Anders Schack-Mulligen	404a6c1506	Merge pull request #5805 from smowton/smowton/admin/spring-setter-method-docs Document `SpringProperty::getSetterMethod`.	2021-04-29 15:10:58 +02:00
Anders Schack-Mulligen	c78285e557	Merge pull request #5784 from Marcono1234/marcono1234/switch-expr-stmt-parent Java: Add StmtParent as superclass of SwitchExpr	2021-04-29 15:02:05 +02:00
Chris Smowton	2787c2f874	Document `SpringProperty::getSetterMethod`.	2021-04-29 12:28:26 +01:00
haby0	b0f745365d	Node type restriction	2021-04-28 14:32:25 +08:00

... 78 79 80 81 82 ...

5944 Commits