hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-10 13:10:26 +01:00
Code Issues Packages Projects Releases Wiki Activity
47,381 Commits 1,679 Branches 158 Tags
07578f11d44e99624f8a9e6cdebe9371f5eb2004
Commit Graph

931 Commits

Author SHA1 Message Date
Michael Nebel
07578f11d4 Java: Convert hardcoded-jwt-key models to data extensions. 2022-11-28 12:30:35 +01:00
Michael Nebel
ab12b6cc2b Java: Convert android-web-resource-response to data extensions. 2022-11-28 12:30:35 +01:00
Michael Nebel
5c15ad412c Java: Convert log4j-injection to data extensions. 2022-11-28 12:30:35 +01:00
Michael Nebel
665d40dc4b Java: Convert file-path-injection to data extensions. 2022-11-28 12:30:35 +01:00
Tony Torralba
adf905d838 Merge pull request #11368 from ka1n4t/main 
Java: Add binding between annotation and sink-param in MyBatis SQL Injection query
 2022-11-24 14:34:57 +01:00
Tony Torralba
17218fa663 Formatting 2022-11-24 11:14:16 +01:00
Tony Torralba
443d0f50c1 Apply suggestions from code review 2022-11-24 11:10:07 +01:00
Ian Lynagh
d401be1845 Java: Fix typo: ceritificate 2022-11-23 12:12:32 +00:00
ka1n4t
ce2ba21240 Add binding between annotation and sink-param 2022-11-22 18:32:14 +08:00
Jami
8a73675483 Merge pull request #11070 from jcogs33/java-regex-injection 
Java: Promote regex injection query from experimental
 2022-11-21 15:04:26 -05:00
Jami
cfbaf5e53b Merge pull request #10785 from jcogs33/insuff-key-size-globalflow-keysize 
Java: Promote insufficient key size query from experimental
 2022-11-08 18:05:01 -05:00
Jami Cogswell
32b140045e move files out of experimental 2022-11-08 15:29:32 -05:00
Josh Soref
9eac158d7c spelling: revocation 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 04:40:26 -04:00
Josh Soref
08a79531cf spelling: response 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 04:40:26 -04:00
Jami Cogswell
9b7df354e6 move files 2022-10-11 16:56:10 -04:00
Josh Soref
8f7e76f0cb spelling: initialization 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 03:59:08 -04:00
Josh Soref
3b9546f02e spelling: deserialization 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:36 -04:00
Josh Soref
3e6477f878 spelling: currently 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:36 -04:00
Josh Soref
5755159f08 spelling: authentication 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:36 -04:00
Josh Soref
6db36616cd spelling: arbitrary 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:35 -04:00
Josh Soref
c2a0dbe715 spelling: application 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:35 -04:00
Anders Schack-Mulligen
5b67ba2939 Merge pull request #10177 from atorralba/atorralba/path-sanitizer 
Java: Promote `PathSanitizer.qll` from experimental
 2022-10-06 10:29:33 +02:00
Tony Torralba
9db65eae7f Address review comments 2022-10-04 12:27:01 +02:00
Tony Torralba
5706e8b377 Improve PathSanitizer 
Rename PathTraversalSanitizer to PathInjectionSanitizer
 2022-10-04 12:26:17 +02:00
Tony Torralba
50ad234694 Move PathSanitizer to the main library 2022-10-04 12:26:17 +02:00
Dilan Bhalla
bff2633f8d java guidance: experimental version of exectainted 2022-10-03 11:18:17 -07:00
erik-krogh
129cda00db get a few more queries in sync with other languages 2022-10-01 11:17:48 +02:00
erik-krogh
7d643e41f3 Merge branch 'main' into java-followMsg 2022-10-01 10:48:06 +02:00
Tony Torralba
7ff82bbed3 Update java/ql/src/experimental/Security/CWE/CWE-552/UnsafeUrlForward.qll 2022-09-27 13:26:21 +02:00
erik-krogh
46b5bf32f9 update alert-messsages of java queries 2022-09-26 12:15:25 +02:00
luchua-bc
8effbff817 Remove unused code and update qldoc 2022-09-23 12:43:39 +00:00
luchua-bc
e33d786745 Add test cases and reduce FPs 2022-09-23 12:31:16 +00:00
luchua-bc
251f67dcf3 Use the new CSV model 2022-09-23 12:31:16 +00:00
luchua-bc
b3572747f0 Simplify test case and minor update to the query 2022-09-23 12:31:15 +00:00
luchua-bc
311c9e4719 Query to detect unsafe resource loading in Java Spring applications 2022-09-23 12:31:15 +00:00
Tony Torralba
cbb64cc8c1 Merge pull request #10352 from atorralba/atorralba/promote-template-injection 
Java: Promote Server-side template injection from experimental
 2022-09-20 16:11:58 +02:00
Marcono1234
e3c1b96830 Java: Fix incorrect annotation handling for SpringControllerRequestMappingGetMethod 2022-09-16 15:49:16 +01:00
Marcono1234
b96061aa7e Java: Rename Annotation value predicates 2022-09-16 15:49:16 +01:00
Marcono1234
536f5c7f89 Java: Add Annotation value convenience predicates 2022-09-16 15:49:15 +01:00
Tony Torralba
cd61bd0606 Move files from experimental 2022-09-07 13:13:40 +02:00
Anders Schack-Mulligen
6ffaa6918a Apply suggestions from code review 2022-09-06 14:11:48 +02:00
Tony Torralba
04c230b128 Docs fixes 2022-09-01 09:57:32 +02:00
Tony Torralba
2ec53bf78c Merge pull request #9873 from luchua-bc/java/permissive-dot-regex 
Java: CWE-625 Query to detect regex dot bypass
 2022-08-31 10:24:18 +02:00
luchua-bc
e2e87980cc Move pattern check to MatchRegexConfiguration::isSink 2022-08-30 22:48:12 +00:00
erik-krogh
cc7a9ef97a rename more acronyms 2022-08-25 20:52:27 +02:00
erik-krogh
1c0f2251e2 Merge branch 'main' into msgConsis 2022-08-24 14:38:57 +02:00
erik-krogh
82a5b7838c don't add deprecated alias in experimental folder 2022-08-23 10:38:23 +02:00
erik-krogh
5a0183f1e2 update java/password-in-configuration to match csharp 2022-08-22 21:41:46 +02:00
erik-krogh
e52fa9a469 update {cs/java}/regex-injection to match javascript 2022-08-22 21:41:45 +02:00
erik-krogh
e89e0eb7fb make some acronyms camelCase 2022-08-22 21:22:35 +02:00