codeql

mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00

Author	SHA1	Message	Date
Tony Torralba	09b40601a7	Consider ExpressionAccessor	2021-05-12 12:32:38 +02:00
Tony Torralba	8754c85a57	Use InlineExpectationsTest	2021-05-11 16:23:12 +02:00
Tony Torralba	fc03b92e11	Moved from experimental to standard	2021-05-11 15:42:13 +02:00
Tony Torralba	53da3b661a	Refactor to CSV sink model	2021-05-11 15:33:49 +02:00
Anders Schack-Mulligen	744c495ac2	Merge pull request #5824 from JLLeitschuh/feat/JLL/guava_first_non_null [Java] Add support for com.google.common.base.MoreObjects#firstNonNull	2021-05-11 09:42:20 +02:00
Anders Schack-Mulligen	7d6a497136	Merge pull request #5857 from dbartol/container/work Java: Fix QLDoc for `Container.toString()`	2021-05-11 08:37:41 +02:00
Dave Bartolomeo	f85aff869c	Java: Fix PR feedback	2021-05-10 16:37:23 -04:00
Chris Smowton	0afe22d60c	Merge pull request #5710 from p0wn4j/jsch-os-injection [Java] CWE-078: Add JSch lib OS Command Injection sink	2021-05-10 16:12:00 +01:00
Dave Bartolomeo	d9f243d18a	Java: Fix QLDoc for `Container.toString()` Fixes #5828 The QLDoc was just too specific about the default implementation. I've improved the wording.	2021-05-08 11:14:02 -04:00
Hayk Andriasyan	fd88b72101	Delete JSchOSInjection.qhelp	2021-05-08 12:51:15 +04:00
Tony Torralba	2a501956b3	Mark a MISSING test result as suggested in code review	2021-05-07 11:17:51 +02:00
Tony Torralba	b69be30b88	Fix imports as suggested in code review	2021-05-07 11:07:06 +02:00
Tony Torralba	f16605b3c1	Apply suggestions from code review Co-authored-by: Felicity Chapman <felicitymay@github.com>	2021-05-06 15:17:55 +02:00
Tony Torralba	f1fab854c4	Fix tests for XXE, introduced a dependency with jaxen	2021-05-06 12:11:55 +02:00
Tony Torralba	76468559ba	Add safe example for dom4j	2021-05-06 10:17:25 +02:00
Tony Torralba	926fedb7fb	Update java/ql/test/query-tests/security/CWE-643/XPathInjectionTest.java Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>	2021-05-06 09:18:50 +02:00
Tony Torralba	00a7576679	Rename XPath Injection test file	2021-05-06 09:18:50 +02:00
Tony Torralba	8af7f4a484	New sinks and test cases	2021-05-06 09:18:49 +02:00
Tony Torralba	ccb3ea4453	Fix XPath Injection tests classpath	2021-05-06 09:18:49 +02:00
Tony Torralba	509fc8a640	Add missing docs to stubs	2021-05-06 09:18:49 +02:00
Tony Torralba	26c3ff2cee	Move from experimental to standard	2021-05-06 09:18:49 +02:00
Tony Torralba	215118c7ea	Fixes in QLDocs and imports	2021-05-06 09:18:49 +02:00
Tony Torralba	720b5d6da3	Refactored sto use CSV sink model. Also, added more sinks	2021-05-06 09:18:49 +02:00
Tony Torralba	ab62bb66f4	Consider second parameter of Node.selectNodes	2021-05-06 09:18:49 +02:00
Tony Torralba	d72dd9b861	javax.xml.xpath.XPath is an interface	2021-05-06 09:18:49 +02:00
Tony Torralba	2bb2baf6f7	Support more methods that evaluate XPath expressions	2021-05-06 09:18:49 +02:00
Tony Torralba	3705970bfd	Refactored XPath.qll to remove redundant classes and restrict visibility	2021-05-06 09:18:49 +02:00
Tony Torralba	d739a8cac2	Moved configuration from XPath.qll back to XPath Injection query	2021-05-06 09:18:48 +02:00
Tony Torralba	ee269fbc69	Added missing doc comments	2021-05-06 09:18:48 +02:00
Tony Torralba	fb3e56eac8	Fix imports and stubs so that tests pass	2021-05-06 09:18:48 +02:00
Tony Torralba	a62997463f	Remove unused imports; use set literals in hasName	2021-05-06 09:18:48 +02:00
Tony Torralba	ed5619498c	WIP: XPath Injection promotion	2021-05-06 09:18:48 +02:00
Felicity Chapman	8b2009cfb1	Minor updates to qhelp file	2021-05-05 12:36:29 +01:00
Anders Schack-Mulligen	5bcf810a7c	Merge pull request #5821 from JarLob/patch-1 Update UncaughtServletException.qhelp	2021-05-04 10:39:02 +02:00
Anders Schack-Mulligen	9ee9186a1a	Merge pull request #5825 from github/yo-h/java-diagnostic-queries Java: split extractor diagnostics query into two	2021-05-04 10:12:32 +02:00
yo-h	edf1a90161	Java: split extractor diagnostics query into two	2021-05-03 20:27:07 -04:00
Jonathan Leitschuh	dfad1fc740	[Java] Add support for com.google.common.base.MoreObjects#firstNonNull	2021-05-03 12:58:00 -04:00
Jaroslav Lobačevski	38bce39baa	Update UncaughtServletException.qhelp There is no single word in https://cwe.mitre.org/data/definitions/600.html about possible DoS or unexpected state.	2021-05-03 15:06:57 +03:00
Chris Smowton	b2c0259197	Merge pull request #5631 from haby0/UseOfLessTrustedSource [Java] CWE-348: Using a client-supplied IP address in a security check	2021-04-30 15:20:53 +01:00
haby0	fdcc517b9f	UseOfLessTrustedSource -> ClientSuppliedIpUsedInSecurityCheck"	2021-04-30 17:43:34 +08:00
haby0	f41301f8f5	Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.java Co-authored-by: Chris Smowton <smowton@github.com>	2021-04-30 16:55:17 +08:00
haby0	0691cac5ab	Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSourceLib.qll Co-authored-by: Chris Smowton <smowton@github.com>	2021-04-30 16:54:41 +08:00
haby0	8142810455	Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.qhelp Co-authored-by: Chris Smowton <smowton@github.com>	2021-04-30 16:54:28 +08:00
haby0	711a74c9c9	Eliminate false positives\	2021-04-30 10:31:40 +08:00
intrigus	08731fc6cf	Fix typo.	2021-04-29 20:26:34 +02:00
Chris Smowton	ad9ea40954	Merge pull request #5597 from intrigus-lgtm/java/jwt-insecure-parse [Java] JWT without signature check.	2021-04-29 14:41:11 +01:00
haby0	e813257431	use hardCode	2021-04-29 21:23:52 +08:00
Anders Schack-Mulligen	404a6c1506	Merge pull request #5805 from smowton/smowton/admin/spring-setter-method-docs Document `SpringProperty::getSetterMethod`.	2021-04-29 15:10:58 +02:00
Anders Schack-Mulligen	c78285e557	Merge pull request #5784 from Marcono1234/marcono1234/switch-expr-stmt-parent Java: Add StmtParent as superclass of SwitchExpr	2021-04-29 15:02:05 +02:00
Chris Smowton	2787c2f874	Document `SpringProperty::getSetterMethod`.	2021-04-29 12:28:26 +01:00

1 2 3 4 5 ...

2255 Commits