hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-14 22:21:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,652 Commits 1,690 Branches 160 Tags
037e6369ce657381a15fe2df4ea0b09ed24d9802
Commit Graph

207 Commits

Author SHA1 Message Date
Marcono1234
cd059eb965 Java: Add StringBuildingType 2021-03-22 00:19:23 +01:00
Chris Smowton
e3cf5c235e Add support for Commons-Lang's RandomUtils 
This is realised by somewhat generalising our interfaces for modelling RNGs. We also add tests for randomness-related queries that didn't have any, and addtest cases checking the Apache random-number generators are interchangeable with the stdlib ones.
 2021-03-05 12:09:33 +00:00
Marcono1234
53dc2ce9b6 Java: Use .inc.qhelp extension for included help files 2021-02-26 00:43:51 +01:00
Marcono1234
e21cbe82a9 Update Java documentation links to Java 11 
Where possible update Java documentation links to Java 11.
Additionally update some other links to use HTTPS.
 2021-02-26 00:43:51 +01:00
Anders Schack-Mulligen
f0d3841369 Merge pull request #5105 from JLLeitschuh/feat/JLL/depricated_bintray_usage 
CWE-1104: Maven POM dependence upon Bintray/JCenter
 2021-02-25 09:08:31 +01:00
Jonathan Leitschuh
73fba3a3c0 Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2021-02-15 10:01:03 -05:00
Marcono1234
7a6db061b5 Address review feedback 2021-02-12 20:15:10 +01:00
Marcono1234
905648e452 Add ConditionalExpr.getBranchExpr(boolean) 2021-02-12 04:50:41 +01:00
Jonathan Leitschuh
3b92f97967 Refactor DeclaredRepository to library 2021-02-10 11:41:50 -05:00
Jonathan Leitschuh
21b6f35ddc Update java/ql/src/Security/CWE/CWE-1104/MavenPomDependsOnBintray.qhelp 2021-02-10 10:52:27 -05:00
Jonathan Leitschuh
49985a77e3 Apply suggestions from code review 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2021-02-10 10:51:37 -05:00
Jonathan Leitschuh
f00b0baaea Update java/ql/src/Security/CWE/CWE-1104/MavenPomDependsOnBintray.qhelp 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2021-02-05 16:31:37 -05:00
Jonathan Leitschuh
bfa9324266 CWE-1104: Maven POM dependence upon Bintray/JCenter 2021-02-05 13:05:51 -05:00
Anders Schack-Mulligen
29935e1388 Merge pull request #4771 from intrigus-lgtm/split-cwe-295 
Java: Add unsafe hostname verification query and remove existing overlapping query
 2021-01-13 11:31:38 +01:00
intrigus
1901f6bf55 Java: Make @id @name of query more similar. 2021-01-12 15:36:55 +01:00
intrigus
85286f362c Java: Replace global flow by local flow 2021-01-11 19:02:07 +01:00
intrigus-lgtm
722bd4dafa Java: Revise qhelp 2021-01-11 18:57:24 +01:00
intrigus-lgtm
4cfdb10ddc Java: Improve QLDoc & simplify code 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-01-11 18:50:43 +01:00
intrigus
5c1e746c96 Java: Rename to EnvReadMethod 2021-01-11 13:42:08 +01:00
intrigus
1eb2b75389 Java: Further reduce FPs, simply Flag2Guard flow 2021-01-11 13:42:08 +01:00
intrigus
b4692734b2 Java: Add QLDoc improve query message 2021-01-11 13:42:08 +01:00
intrigus-lgtm
f4b912cd8a Apply suggestions from doc review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2021-01-11 13:42:08 +01:00
intrigus
e11304a1ca Java: Autoformat 2021-01-11 13:42:08 +01:00
intrigus-lgtm
b8f3e64a0f Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2021-01-11 13:42:08 +01:00
intrigus
502e4c39f5 Java: Fix Qhelp 2021-01-11 13:42:08 +01:00
intrigus-lgtm
355cb6eeec Fix Qhelp format 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2021-01-11 13:42:07 +01:00
intrigus-lgtm
10fc2cf9f8 Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-01-11 13:42:07 +01:00
intrigus
9e2ef9bd74 Java: Filter results by feature flags. 
This ignores results that are guarded by a feature flag
that suggests an intentionally insecure feature.
Inspired by Go's `InsecureFeatureFlag.qll` and
`DisabledCertificateCheck.ql`.
 2021-01-11 13:42:07 +01:00
intrigus
a62a2e58dd Java: Improve QL-Doc 2021-01-11 13:42:07 +01:00
intrigus
0a9df07df7 Apply suggestions from review. 2021-01-11 13:42:07 +01:00
intrigus
3da1cb0879 Java: Add unsafe hostname verification query 2021-01-11 13:42:07 +01:00
luchua-bc
6b77922a25 Fix typo and update qldoc 2020-12-16 14:04:45 +00:00
luchua-bc
d7facb42d6 Add missing broken crypto algorithms 2020-12-16 04:32:11 +00:00
Anders Schack-Mulligen
8f2094f0bf Autoformat. 2020-11-30 14:42:38 +01:00
Anders Schack-Mulligen
f70072a2db Merge pull request #3454 from porcupineyhairs/javaSSRf 
Java : add request forgery query
 2020-11-26 08:52:15 +01:00
Anders Schack-Mulligen
0450489022 Java: Review fixes. 2020-11-24 11:31:44 +01:00
Porcupiney Hairs
4b25532b9f include suggestions from review. 2020-11-13 17:55:56 +05:30
Alvaro Muñoz
30d8dce389 check that either there are no custom message interpolator configured, or there is at least one that is insecure 2020-11-11 12:53:54 +01:00
Alvaro Muñoz
c3bc0d6c15 Apply formatting 2020-11-11 12:06:39 +01:00
Alvaro Muñoz
5b1858a514 Do not report the issue only if all message interpolators are secure 2020-11-11 11:50:15 +01:00
Alvaro Muñoz
02cf49a773 apply codeql formatting 2020-11-10 11:46:42 +01:00
Alvaro Muñoz
24a47fbb0f additional qldoc commentes 2020-11-10 10:48:47 +01:00
Alvaro Muñoz
3545edb92c address code review suggestions 2020-11-10 10:45:14 +01:00
Porcupiney Hairs
38de9b6433 add request forgery query 2020-11-10 01:19:35 +05:30
Alvaro Muñoz
9db340c9ca add some improvements to the bean validation query 2020-11-06 13:08:45 +01:00
Anders Schack-Mulligen
0d926dcf70 Java: Tweak qhelp to make it markdown-compatible. 2020-10-29 14:39:01 +01:00
Anders Schack-Mulligen
34ae6e0576 Apply suggestions from code review 
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2020-10-28 09:15:08 +01:00
Alvaro Muñoz
77b551b693 Update java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.qhelp 
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2020-10-27 21:12:17 +01:00
Alvaro Muñoz
b9c75ea462 Update java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.qhelp 
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2020-10-27 21:12:00 +01:00
Alvaro Muñoz
ac116da0dc Update java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.qhelp 
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2020-10-27 21:11:48 +01:00