codeql

mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00

Author	SHA1	Message	Date
Chris Smowton	0a7350f3bf	Merge pull request #10041 from smowton/AddSensitiveApiCalls Java: support more libraries in hardcoded-credentials queries	2022-08-23 10:51:04 +01:00
Tony Torralba	3314b56ffe	Fix Fragment tests after androidx stubs update	2022-08-22 11:13:19 +02:00
Tony Torralba	794fd976a9	Add androidx Fragment support	2022-08-19 16:32:06 +02:00
Chris Smowton	c40ec728c6	Remove non-ascii char	2022-08-15 12:08:14 +01:00
Chris Smowton	0a6ccbca45	Add stubs and tests for new hardcoded-credential sinks	2022-08-13 12:39:15 +01:00
Joe Farebrother	498ad230c2	Update stubs	2022-08-05 12:56:19 +01:00
Chris Smowton	84a4b6a866	Make reporting locations consistent with PathCreation; add test	2022-08-03 10:42:09 +01:00
Joe Farebrother	810854d6b5	Add tests	2022-06-28 10:10:27 +02:00
Joe Farebrother	59e400d2e0	Merge pull request #7723 from joefarebrother/redos Java: Add ReDoS queries	2022-05-12 13:50:38 +01:00
Tony Torralba	5be30209c1	Merge pull request #9036 from luchua-bc/java/hardcoded-jwt-key Java: CWE-321 Query to detect hardcoded JWT secret keys	2022-05-11 16:31:34 +02:00
Tony Torralba	43b425d0e4	Merge pull request #9002 from atorralba/atorralba/https-urls-improvs Java: Add OkHttp and Retrofit models	2022-05-11 10:48:08 +02:00
Tony Torralba	ca2959cf37	Merge pull request #8537 from atorralba/atorralba/unsafe_android_access_improvs Java: Improvements to UnsafeAndroidAccess	2022-05-05 16:46:54 +02:00
luchua-bc	937ab417b1	Query to detect hardcoded JWT secret keys	2022-05-04 23:09:48 +00:00
Joe Farebrother	e23162d91b	Add test cases for PolynomialRedos dataflow logic; make fixes	2022-05-04 15:41:35 +01:00
Tony Torralba	49259a6575	Remove everything related to WebView CSV models This reverts commit c6c72eb.	2022-05-04 10:53:31 +02:00
Tony Torralba	7ba5a032ce	Add tests and stubs for the new sources and flow steps	2022-05-04 10:53:30 +02:00
Tony Torralba	b876431950	Merge pull request #8706 from luchua-bc/java/unsafe-get-resource Java: CWE-552 Add sources and sinks to to detect unsafe getResource calls in Java EE applications	2022-05-04 10:12:28 +02:00
Tony Torralba	9c92454fa7	Merge pull request #8872 from atorralba/atorralba/android-widget-flowstep Java: Add Editable.toString flow step	2022-05-03 15:27:52 +02:00
Tony Torralba	8602a6f6c9	Add models for OkHttp and Retrofit	2022-05-02 15:42:15 +02:00
luchua-bc	0aa1251ffe	Add more test cases	2022-04-29 02:31:43 +00:00
Jorge	193ea1a86e	Merge branch 'main' into mybatis-new-sinks	2022-04-28 22:26:38 +02:00
Tony Torralba	604a5fc71f	Merge pull request #8639 from atorralba/atorralba/spring-beans-improvements Java: Improve Spring models	2022-04-28 11:59:51 +02:00
Artem Smotrakov	52b7fbf484	Removed non-ASCII characters	2022-04-26 13:34:24 +01:00
Artem Smotrakov	b6bd4f92d1	Added sources and steps for JMS API	2022-04-26 13:34:21 +01:00
Artem Smotrakov	269143a19f	Java: Added sources and flow steps for RabbitMQ	2022-04-26 13:34:04 +01:00
Tony Torralba	2ee83e2ba2	Add Editable.toString flow step	2022-04-26 13:34:16 +02:00
Tony Torralba	9833fa2451	Add tests for SpringController	2022-04-07 18:17:50 +02:00
Chris Smowton	9309a652df	Merge pull request #8493 from JLLeitschuh/feat/JLL/test_assertion_guard_preconditions [Java]: Add precondition support for testing library asserts	2022-03-31 22:30:09 +01:00
Chris Smowton	9675f34cf5	Merge pull request #8257 from luchua-bc/java/insecure-webview-resource-response Java: CWE-200 Query to detect insecure WebResourceResponse implementation	2022-03-30 15:56:27 +01:00
Jonathan Leitschuh	1d0275344d	[Java]: Add precondition support for testing library asserts	2022-03-18 20:39:24 -04:00
Chris Smowton	767453520e	Merge pull request #8032 from JLLeitschuh/feat/JLL/check_os Java: Add Guard Classes for checking OS & unify System Property Access	2022-03-18 11:20:36 +00:00
Jonathan Leitschuh	09cc8ee09e	Add tests for StandardSystemProperty	2022-03-15 12:37:42 -04:00
jorgectf	d47fcedd21	Add tests	2022-03-14 21:31:51 +01:00
p0wn4j	ee67d27b56	Java: Add JDBC connection SSRF sinks	2022-03-12 16:35:32 +04:00
Jonathan Leitschuh	9f5022ee95	Review fixup and add test for apache SystemUtils	2022-03-02 12:50:38 -05:00
luchua-bc	88d9694628	Query to detect insecure WebResourceResponse implementation	2022-02-26 02:03:35 +00:00
Tony Torralba	111aabb707	Merge pull request #7712 from luchua-bc/java/file-path-injection Java: CWE-073 File path injection with the JFinal framework	2022-02-16 12:01:34 +01:00
luchua-bc	ff4826d203	Correct the data model and update qldoc	2022-02-08 04:02:27 +00:00
Tony Torralba	4f13bf8941	Merge pull request #6492 from atorralba/atorralba/android-cleartext-storage-database Java: Create new query Cleartext storage of sensitive information in Android databases	2022-02-02 16:23:05 +01:00
Tony Torralba	908b7c43f2	Fix stubs	2022-01-24 09:34:43 +01:00
luchua-bc	27043a09b3	File path injection with the JFinal framework	2022-01-23 18:07:48 +00:00
Tony Torralba	78d7e538a5	Remove some JNDI Injection sinks Add tests and stubs	2022-01-21 17:47:15 +01:00
Tony Torralba	c6dd7ddf7a	Fix stub	2022-01-21 16:55:43 +01:00
Tony Torralba	652a1d2dc2	Fix wrongly resolved rebase conflicts	2022-01-21 16:55:43 +01:00
Tony Torralba	ee84dae164	Fix predicate name	2022-01-21 16:55:42 +01:00
Tony Torralba	f0604e2e84	Added query for Cleartext Storage in Android Database	2022-01-21 16:55:42 +01:00
Tony Torralba	caab1c3332	Merge pull request #6963 from atorralba/atorralba/android-onactivityresult-source Android: Add the Intent parameter of the `onActivityResult` method as a source	2022-01-20 14:27:30 +01:00
Tony Torralba	1e2a956a30	Remove unused stub	2022-01-19 16:43:02 +01:00
Tony Torralba	d9e98ceacc	Consider setSslContextFactory and fix tests	2022-01-19 16:43:01 +01:00
Tony Torralba	4313baf622	Big refactor: - Move classes and predicates to appropriate libraries - Overhaul the endpoint identification algorithm logic to use taint tracking - Adapt tests	2022-01-19 16:42:00 +01:00

1 2 3 4 5 ...

510 Commits