hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-18 19:31:11 +02:00
Code Issues Packages Projects Releases Wiki Activity
41,972 Commits 1,780 Branches 169 Tags
02cd7bc7d22ad103f9dcce1bb266c345378db7c8
Commit Graph

637 Commits

Author SHA1 Message Date
Sid Shankar
02cd7bc7d2 Remove reference to infosecwriters.com 
infosecwriters.com now redirects to a completely unrelated page. The broken link was replaced with a mailing list post from Diabolical Crab (DCrab) diving into HTTP response splitting.
 2022-08-15 14:41:50 -04:00
Chris Smowton
774e379eb1 Merge pull request #9742 from smehta23/feat/SM/java_partial_path_traversal_vulnerability 
[JAVA] Partial Path Traversal Vuln Query
 2022-08-15 12:56:16 +01:00
Erik Krogh Kristensen
0adb588fe8 Merge pull request #9712 from erik-krogh/badRange 
JS/RB/PY/Java: add suspicious range query
 2022-08-15 13:55:44 +02:00
Chris Smowton
1a3dc1d6eb Remove extra closing tag 2022-08-15 11:31:53 +01:00
Chris Smowton
5677e38994 Style edit 2022-08-15 10:37:55 +01:00
Chris Smowton
3cf871e9e5 Apply docs suggestions 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-08-15 10:34:55 +01:00
Chris Smowton
09e4c6b66b Add dataflow path-graph 2022-08-10 10:37:55 +01:00
Chris Smowton
2ca0b0c6b5 Inline qhelp overview 
A <p> at the top isn't allowed, and for some reason the inclusion is required to be a valid qhelp file.
 2022-08-10 10:37:48 +01:00
smehta23
cf68a11267 Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.qhelp 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-08-09 11:59:28 -07:00
smehta23
4d80fd0b00 Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.qhelp 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-08-09 11:59:14 -07:00
smehta23
7da07400ea Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversalFromRemote.qhelp 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-08-09 11:59:03 -07:00
smehta23
c2b670eff8 Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversalFromRemote.qhelp 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-08-09 11:58:55 -07:00
Erik Krogh Kristensen
0abbd50ca1 apply changes based on docs review 2022-08-09 13:51:40 +02:00
Shyam Mehta
af92fc389b Update PartialPathTraversalFromRemote.qhelp 2022-08-08 17:37:57 -04:00
Shyam Mehta
50b4df52f0 Fixed precision labels 2022-08-08 17:36:04 -04:00
Shyam Mehta
9d3e8ec475 Update PartialPathTraversalFromRemote.qhelp 2022-08-08 17:35:36 -04:00
smehta23
4f1bc3022c Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversalFromRemote.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-08-08 17:09:43 -04:00
Joe Farebrother
e9f9e681ef Change man-in-the-middle back to machine-in-the-middle 
(gender-neutral language)

This reverts commit d5ab330450d3f5c1d36d0d9b6a8f1dc32bc908e3.
 2022-08-05 12:56:21 +01:00
Joe Farebrother
79b1f24133 Change machine-in-the-middle to man-in-the-middle 2022-08-05 12:56:20 +01:00
Joe Farebrother
04df556861 Add suggested reference 2022-08-05 12:56:20 +01:00
Joe Farebrother
abf894a64c Fix typos 2022-08-05 12:56:20 +01:00
Joe Farebrother
f8ccbcba70 Add qhelp 2022-08-05 12:56:19 +01:00
Joe Farebrother
16e16f08dc Add webview cert validation query 2022-08-05 12:56:18 +01:00
Shyam Mehta
76cecc170e Fix documentation 2022-08-03 14:30:17 -04:00
Chris Smowton
84a4b6a866 Make reporting locations consistent with PathCreation; add test 2022-08-03 10:42:09 +01:00
Chris Smowton
83498f58db Add missing import 2022-08-03 08:53:43 +01:00
Chris Smowton
81f3bcd802 Don't require a PathCreation for every tainted-path sink 2022-08-02 21:30:06 +01:00
Chris Smowton
c95f17fdf2 Make java/path-injection recognise create-file MaD sinks 2022-08-02 21:28:00 +01:00
Shyam Mehta
09ec37943c Partial Path Traversal split into 2 queries 2022-07-20 17:53:26 -04:00
smehta23
b7e522749f Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2022-07-20 15:32:59 -04:00
Chris Smowton
a6970638cb Improve description 2022-07-13 20:27:10 +01:00
Chris Smowton
01cec0490b Abbreviate qhelp 2022-07-13 20:24:44 +01:00
Erik Krogh Kristensen
a4262f8d91 add some more references to the overly-large-range qhelp 2022-07-13 11:20:24 +02:00
Erik Krogh Kristensen
220ff3cb2e convert tabs to spaces in qhelp 2022-07-12 16:02:50 +02:00
Erik Krogh Kristensen
ff25451699 rename query to overly-large-range, and rewrite the @description 2022-07-12 16:02:46 +02:00
Shyam Mehta
65b9947428 Incorporate jksco's feedback 2022-07-12 02:02:31 -04:00
smehta23
781a2a73d3 Merge branch 'main' into feat/SM/java_partial_path_traversal_vulnerability 2022-07-12 01:48:12 -04:00
smehta23
391dd5b38d Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversalGood.java 
Co-authored-by: Jonathan Leitschuh <jonathan.leitschuh@gmail.com>
 2022-07-01 10:55:58 -04:00
smehta23
ebe48ec30a Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.qhelp 
Co-authored-by: Jonathan Leitschuh <jonathan.leitschuh@gmail.com>
 2022-07-01 10:53:43 -04:00
smehta23
48e16e52b5 Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.qhelp 
Co-authored-by: Jonathan Leitschuh <jonathan.leitschuh@gmail.com>
 2022-07-01 10:52:41 -04:00
Shyam Mehta
1a41d4c379 Add CVE number 2022-07-01 10:51:33 -04:00
Shyam Mehta
300a14c35c Add ESAPI reference 2022-07-01 10:43:59 -04:00
smehta23
209a21655a Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversalGood.java 
Co-authored-by: Jonathan Leitschuh <jonathan.leitschuh@gmail.com>
 2022-07-01 10:40:38 -04:00
smehta23
c6f2f61bfb Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversalBad.java 
Co-authored-by: Jonathan Leitschuh <jonathan.leitschuh@gmail.com>
 2022-07-01 10:39:46 -04:00
Shyam Mehta
16814071df Fix typo in .qhelp 2022-06-29 18:03:57 -04:00
Shyam Mehta
7ab8f0262c Fix duplicate class header and better fix using toPath() 2022-06-29 18:01:12 -04:00
Shyam Mehta
955e614563 Add documentation of the Partial Path Traversal vuln 2022-06-29 17:31:04 -04:00
Erik Krogh Kristensen
9ecc3a2671 filter out potential misparses from java/suspicious-regexp-range 2022-06-29 13:16:40 +02:00
Tony Torralba
12fa6967dc Merge pull request #8669 from joefarebrother/intent-verification 
Java: Add query for Improper Verification of Intent by Broadcast Receiver (CWE-925)
 2022-06-29 09:43:07 +02:00
Shyam Mehta
b5ca2c3d9d Add additional tests from real world query run 2022-06-28 17:32:20 -04:00