hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
31,029 Commits 1,671 Branches 157 Tags
z80coder/query-pack-release-candidate-2
Commit Graph

4135 Commits

Author SHA1 Message Date
Artem Smotrakov
75f67959f3 Covered Arrays.deepEquals() in NonConstantTimeCryptoComparison.ql 2021-08-01 09:47:02 +02:00
Artem Smotrakov
5dbcf1d611 Covered Object.deepEquals() in NotConstantTimeCryptoComparison.ql 2021-08-01 09:47:02 +02:00
Artem Smotrakov
5c474f689d Better comments and descriptions 2021-08-01 09:47:02 +02:00
Artem Smotrakov
f245dc3ac8 Removed hashes from NotConstantTimeCryptoComparison.ql 2021-08-01 09:47:02 +02:00
Artem Smotrakov
8a69b7b3ac Added NotConstantTimeCryptoComparison.qhelp and examples 2021-08-01 09:47:01 +02:00
Artem Smotrakov
67579dd1d8 Added tests for NotConstantTimeCryptoComparison.ql 2021-08-01 09:47:01 +02:00
Artem Smotrakov
c2c85d32da Java: Added a query for timing attacks 2021-08-01 09:47:01 +02:00
Artem Smotrakov
7959e76da8 Better qldoc in UnsafeDeserializationQuery.qll 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-07-30 09:30:59 +02:00
Fosstars
a4b0041120 Better looksLikeResolveClassStep() predicate 2021-07-30 09:28:03 +02:00
Fosstars
1d3eb570bf hasJsonTypeInfoAnnotation() should check fields recursively 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-07-30 08:30:40 +02:00
Joe Farebrother
227818adb4 Add change note 2021-07-29 16:41:33 +01:00
Joe Farebrother
e23f666f67 Replace get and newWith methods with real implementations 2021-07-29 16:39:50 +01:00
Tony Torralba
29490e5872 Add suggestion from code review 2021-07-29 17:07:18 +02:00
Joe Farebrother
f1ca29a846 Add more stubs 2021-07-29 15:58:42 +01:00
Tony Torralba
3fcc9fae79 Refactor sinks to reuse code 2021-07-29 16:48:47 +02:00
Tony Torralba
6e3b6dcb98 Imporve qhelp 2021-07-29 16:36:38 +02:00
Tony Torralba
bdf0f582a4 QLDoc improvements from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-07-29 16:34:21 +02:00
Tony Torralba
90b5e02b6e Improve qhelp 2021-07-29 16:28:10 +02:00
Tony Torralba
4ea6729c53 Update java/ql/src/Security/CWE/CWE-347/MissingJWTSignatureCheck.ql 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2021-07-29 16:10:49 +02:00
mc
0a986ad0e8 Update JndiInjection.qhelp 
Improve negation
 2021-07-29 15:10:32 +01:00
Joe Farebrother
096509b9aa Generate tests and stubs 2021-07-29 15:01:50 +01:00
Joe Farebrother
3bcb46f875 Model guava cache package 2021-07-29 14:52:26 +01:00
Tony Torralba
2628d3dc39 Improve csv sink models 2021-07-29 15:36:18 +02:00
Tony Torralba
3edc8bc679 Doc improvements 2021-07-29 15:35:39 +02:00
Tony Torralba
d9fb650dfb JacksonCreateParserMethod converted to CSV summay model 2021-07-29 15:19:30 +02:00
Tony Torralba
b20d53cfd4 Update java/ql/src/semmle/code/java/security/OgnlInjection.qll 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-07-29 15:08:27 +02:00
mc
8f1fc9e893 Update MvelInjection.qhelp 
Minor tweaks
 2021-07-29 11:30:19 +01:00
Joe Farebrother
3b430d4925 Use getComponentType 2021-07-29 10:11:22 +01:00
Joe Farebrother
f7099f459f Java: Test generator: use getComponentType 2021-07-29 10:08:45 +01:00
Artem Smotrakov
83a9b0ee28 Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-07-29 11:04:21 +02:00
mc
ebf004a4df Update MissingJWTSignatureCheck.qhelp 
Using same syntax as on other queries for 'BAD' and 'GOOD'.
 2021-07-29 09:13:00 +01:00
Benjamin Muskalla
b7b74b51a3 Track taint for String.valueOf(..) 2021-07-29 09:14:03 +02:00
Fosstars
893f84fbf4 Merge branch 'unsafe-jackson-deserialization' of github.com:artem-smotrakov/ql into unsafe-jackson-deserialization 2021-07-28 18:25:53 +02:00
Fosstars
50497eb747 Make imports as private as possible 2021-07-28 18:25:05 +02:00
Joe Farebrother
d900fcaf42 Merge pull request #6374 from joefarebrother/test-gen-improvements 
Java: Add support for synthetic fields to the test generator
 2021-07-28 16:02:47 +01:00
Artem Smotrakov
7fec575df8 Simplify JsonTypeInfo stub 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-07-28 14:23:50 +02:00
Joe Farebrother
9ddae3e9f6 Fix spelling 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-07-28 10:12:17 +01:00
Tony Torralba
3248f458a5 Update java/change-notes/2021-06-14-groovy-code-injection-query.md 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2021-07-28 10:45:03 +02:00
haby0
eda3d864f5 Model written using smowton 2021-07-28 15:55:47 +08:00
Joe Farebrother
2d862ef119 Support synthetic fields 2021-07-27 17:28:53 +01:00
Chris Smowton
23de0859ea Add missing models and other minor improvements per Marcono1234's review 2021-07-27 16:03:39 +01:00
Joe Farebrother
a8cca4ba0e Merge pull request #6373 from joefarebrother/test-gen-improvements 
Java: Test generator improvements
 2021-07-27 15:44:56 +01:00
Joe Farebrother
309f0e7c26 Fix handling of arrays 2021-07-27 15:05:57 +01:00
Joe Farebrother
9ffcfbcd33 Add --force option 2021-07-27 15:05:57 +01:00
Joe Farebrother
8ab0fd54b4 Improvements to the test generator: 
- Only reference public methods
- Report rows for which test cases could not be generated
- Add a blanket `throws Exception` clause to the generated method
 2021-07-27 15:05:55 +01:00
Joe Farebrother
2036aa1e4a Format test generator 2021-07-27 15:04:19 +01:00
mc
10a3dcb188 Update GroovyInjection.qhelp 2021-07-27 14:26:49 +01:00
Chris Smowton
97d603cafb Add test-case generator check for non-parseable rows 2021-07-27 14:26:22 +01:00
Anders Schack-Mulligen
a5f0a4ea71 Merge pull request #6087 from smowton/smowton/admin/rest-xss-tests 
Java: Add Spring XSS tests
 2021-07-27 14:09:34 +02:00
Anders Schack-Mulligen
aa8fa26a2a Merge pull request #6355 from intrigus-lgtm/patch-6 
Update broken link
 2021-07-27 09:05:02 +02:00