hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,676 Commits 1,671 Branches 157 Tags
yo-h/java15
Commit Graph

370 Commits

Author SHA1 Message Date
luchua-bc
12803f1f53 Merge Hardcoded AWS Credentials check into the mail source folder 2020-07-13 12:22:34 +00:00
Anders Schack-Mulligen
a1d272e870 Merge pull request #3918 from aibaars/organise-container-flow 
Java: Clean up ContainerFlow, consider more methods
 2020-07-10 14:19:44 +02:00
Arthur Baars
43b61038e9 Drop Map.merge as taint step 2020-07-10 13:00:14 +02:00
Arthur Baars
0d33a77ee3 Fix modelling of Stack.push 
Stack.push(E) returns its argument, it does not propagate taint from
the stack to the return value.
 2020-07-09 16:16:29 +02:00
Anders Schack-Mulligen
879551fc6a Merge pull request #3936 from aibaars/object-clone 
Java: model Object.clone
 2020-07-09 16:09:01 +02:00
Arthur Baars
e183171fea Java: model Object.clone 2020-07-09 14:50:29 +02:00
intrigus
641c5df79f Centralize and model additional path creations. 2020-07-09 14:48:47 +02:00
Arthur Baars
0bd103ac05 Java: add tests for Container taint steps 2020-07-09 12:15:38 +02:00
Anders Schack-Mulligen
777dc6305c Merge pull request #3893 from aibaars/set-map-list-copy-of 
Java: model some new Set,List,Map methods
 2020-07-09 10:18:12 +02:00
Arthur Baars
e8f216c761 Merge remote-tracking branch 'upstream/master' into set-map-list-copy-of 2020-07-08 15:11:13 +02:00
Anders Schack-Mulligen
bf5c5297d3 Merge pull request #3897 from aibaars/util-objects 
Java: data flow for `java.util.Objects`
 2020-07-08 15:07:50 +02:00
Anders Schack-Mulligen
b88ebd69c1 Java: Fix OgnlInjection qltest 2020-07-08 14:12:27 +02:00
Anders Schack-Mulligen
a4fe4f41b9 Java: Fix JndiInjection qltest 2020-07-08 14:09:08 +02:00
Anders Schack-Mulligen
581d496167 Java: Fix LdapInjection qltest 2020-07-08 14:04:01 +02:00
Arthur Baars
72a24972e7 Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2020-07-08 13:30:24 +02:00
semmle-qlci
6ef7288848 Merge pull request #3922 from aschackmull/java/stub-cleanup 
Approved by aibaars
 2020-07-08 12:04:39 +01:00
Anders Schack-Mulligen
6eac8e82a3 Java: Consolidate spring-ldap-2.3.2 stubs. 2020-07-08 10:08:44 +02:00
Anders Schack-Mulligen
40b9d34ab9 Java: Consolidate springframework-5.2.3 stubs 2020-07-08 09:57:48 +02:00
Arthur Baars
940fec5669 Drop taint tracking for Arrays.{deepToString,toString} 2020-07-07 17:26:49 +02:00
Arthur Baars
583f7f914e Drop taint tracking for Arrays.{setAll, parallelSetAll, parallelPrefix} 2020-07-07 17:22:30 +02:00
Arthur Baars
9cf6601d02 Java: Data flow for java.util.Objects 2020-07-07 16:58:22 +02:00
Arthur Baars
19a481f809 Java: Arrays: add tests 2020-07-03 17:15:17 +02:00
Arthur Baars
1485f7c876 Java: model some new Set,List,Map methods 
Models the taint propagation for the copyOf(..),
of(..), ofEntries(..) and entry(..) methods
 2020-07-03 17:14:53 +02:00
Arthur Baars
c629f6b13a Merge pull request #3869 from aibaars/util-collections 
Java: model java.util.Collections
 2020-07-03 17:09:14 +02:00
Arthur Baars
5fff41f35b Don't track taint on Map keys 2020-07-03 14:47:25 +02:00
Arthur Baars
5f2a5f1b55 Java: Collections: add tests 2020-07-02 19:18:02 +02:00
Mathias Vorreiter Pedersen
286c09183f Merge pull request #3837 from geoffw0/qldoc5 
C++/Java: Update QLDoc and terminology in Encryption.qll
 2020-06-30 17:44:59 +02:00
Geoffrey White
cf75397ef1 Java: Rename tests. 2020-06-30 14:33:05 +01:00
Geoffrey White
f8425b8a58 Java: Update uses. 2020-06-30 13:02:48 +01:00
Anders Schack-Mulligen
13cb853af5 Merge pull request #3294 from ggolawski/ognl-injection 
CodeQL query to detect OGNL injections
 2020-06-30 09:46:02 +02:00
Anders Schack-Mulligen
d297ce2279 Merge pull request #3436 from artem-smotrakov/revocation-checking 
Java: Added a query for disabled certificate revocation checking
 2020-06-29 16:42:36 +02:00
Anders Schack-Mulligen
b53b90501b Merge pull request #3550 from luchua-bc/java-unsafe-cert-trust 
Java: CWE-273 Unsafe certificate trust
 2020-06-29 16:39:39 +02:00
Artem Smotrakov
a2fa03e4f5 Java: Improved the query for disabled certificate revocation checking 
- Added a taint propagation step for List.of() methods
- Added a testcase with one of the List.of() method
- Simplified conditions
- Fixed typos
 2020-06-27 11:37:20 +03:00
Artem Smotrakov
06e3f101ce Java: Added a query for disabled certificate revocation checking 
- Added experimental/Security/CWE/CWE-299/DisabledRevocationChecking.ql
  The query looks for PKIXParameters.setRevocationEnabled(false) calls.
- Added RevocationCheckingLib.qll
- Added a qhelp file with examples
- Added tests in java/ql/test/experimental/Security/CWE/CWE-299
 2020-06-27 11:37:20 +03:00
luchua-bc
0779aab28f Clean up the QL code 2020-06-24 15:02:16 +00:00
Anders Schack-Mulligen
791f31fa65 Merge pull request #3595 from luchua-bc/j2ee-server-directory-listing 
Java: Add check for J2EE server directory listing
 2020-06-24 16:45:34 +02:00
Anders Schack-Mulligen
941177ee25 Merge pull request #3762 from hvitved/dataflow/clear-contents 
Data flow: Model field clearing
 2020-06-24 10:19:50 +02:00
Anders Schack-Mulligen
3b62bd254c Merge pull request #3723 from JLLeitschuh/fix/JLL/gitignore_vs_code_generated_files 
Add .gitignore for VS Code Generated maven project files
 2020-06-24 09:35:01 +02:00
Tom Hvitved
c01f570d9e Java: Implement clearsContent() 2020-06-23 10:55:12 +02:00
Tom Hvitved
e578827626 Java: Add more field-flow tests 2020-06-23 10:55:11 +02:00
Anders Schack-Mulligen
8107fbadc2 Merge pull request #3456 from hvitved/dataflow/precise-field-types 
Data flow: Track precise types during field flow
 2020-06-19 11:50:10 +02:00
Anders Schack-Mulligen
74eab3cbc0 Dataflow: Fix qltest. 2020-06-17 17:23:35 +02:00
luchua-bc
f40e27a3c5 Hardcoded AWS credentials 2020-06-17 02:46:02 +00:00
Jonathan Leitschuh
c2052ed152 Add .gitignore for VS Code Generated maven project files 
When VS Code detects a Maven project, it automatically generates
a bunch of Eclipse files to describe the project.

These are now ignored in order to not pollute the repository
 2020-06-15 22:29:30 -04:00
Anders Schack-Mulligen
4b3ca13f25 Merge pull request #3491 from luchua-bc/java-insecure-smtp-ssl 
Java: CWE-297 insecure JavaMail SSL configuration
 2020-06-10 11:02:50 +02:00
luchua-bc
1fd9c7fdec Add all dependent class stubs 2020-06-09 20:12:05 +00:00
Anders Schack-Mulligen
f77f486c6b Merge pull request #3438 from artem-smotrakov/unsafe-tls 
Java: Added a query for unsafe TLS versions
 2020-06-09 14:07:17 +02:00
luchua-bc
5acfc52087 Add dependent stub classes for the test case 2020-06-08 16:17:40 +00:00
luchua-bc
1e4addb20d Add dependent stub classes for the test case 2020-06-08 16:17:01 +00:00
luchua-bc
cba81eeb97 Fix string/type match and add a test case 2020-06-06 03:56:12 +00:00