hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-10 13:10:26 +01:00
Code Issues Packages Projects Releases Wiki Activity
9,174 Commits 1,679 Branches 158 Tags
0e2c5db7b17f12fd98e51ca0336fd52b0a4df65a
Commit Graph

47 Commits

Author SHA1 Message Date
Jonathan Leitschuh
0e2c5db7b1 Netty Response Splitting use CompileTimeConstantExpr 
Co-Authored-By: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2020-01-03 07:51:55 -05:00
Jonathan Leitschuh
b218374772 Add io.netty.handler.codec.http.DefaultHttpResponse to Netty Response Splitting Detection 
Related: #2185
Related: https://github.com/github/security-lab/issues/22
 2019-12-17 12:12:04 -05:00
Anders Schack-Mulligen
deb6a6e5c6 Java: Improve performance by normalizing import order to reduce cache invalidation. 2019-11-26 17:20:01 +01:00
Anders Schack-Mulligen
b0fecbce28 Merge pull request #2230 from yh-semmle/java-move-cwe502-lib 
Java: move `UnsafeDeserialization.qll` to standard library location
 2019-11-11 10:44:52 +01:00
Sauyon Lee
0040c9fb4c Update links to OWASP cheat sheet 2019-11-06 20:21:47 -08:00
yh-semmle
8620b0513e Java: move UnsafeDeserialization.qll to standard library location 2019-10-30 11:18:36 -04:00
Jonathan Leitschuh
934eed97df Apply suggestions from code review for netty DefaultHttpHeaders 
Co-Authored-By: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2019-10-25 12:30:16 -04:00
Jonathan Leitschuh
dcbd6e0a11 Add CWE-113 check for io.netty.handler.codec.http.DefaultHttpHeaders 
Closes #2185
 2019-10-24 10:27:40 -04:00
alexey
715f1ddaca Move qll file to support import from custom QL queries 2019-10-15 14:55:09 +01:00
Jonas Jensen
9ac0cdd2a2 Java: Don't use the deprecated Configuration2 2019-08-20 13:45:37 +02:00
Anders Schack-Mulligen
4550175b16 Java/C++/C#: Add support for BarrierGuards. 2019-08-13 16:57:48 +02:00
yh-semmle
5e910a4808 Merge pull request #1724 from aschackmull/java/google-xmlreader 
Java: Treat SecureJDKXercesXMLReader as a secure XMLReader.
 2019-08-13 09:52:32 -04:00
Anders Schack-Mulligen
41763e6025 Java: Treat SecureJDKXercesXMLReader as a secure XMLReader. 2019-08-09 16:00:41 +02:00
Anders Schack-Mulligen
b3e56d5b04 Java: Fix copy-paste typo. 2019-08-08 11:44:44 +02:00
Anders Schack-Mulligen
20e6f5594f Java: Improve barriers for the CWE-190 Arithmetic* queries. 2019-08-07 15:22:23 +02:00
yh-semmle
033879f5a6 Merge pull request #1639 from aschackmull/java/in-out-barriers 
Java/C++/C# DataFlow: Add support for in/out barriers on sources and sinks.
 2019-08-07 01:07:19 -04:00
Anders Schack-Mulligen
f8804943ee Java: Change in/out barriers to be explicit in the configuration. 2019-08-05 12:05:12 +02:00
Anders Schack-Mulligen
b1b1ede6b0 Java: Improve the precision of java/hardcoded-credential-api-call. 2019-08-02 16:50:58 +02:00
yh-semmle
dc45ba5627 Java: update XXE qhelp with note on processing limits 2019-07-31 15:45:28 -04:00
Anders Schack-Mulligen
7c30c1a01c Java: Deprecate isBarrierEdge. 2019-07-26 13:16:19 +02:00
Anders Schack-Mulligen
85eac80be9 Java: Add simple sanitizer for java/http-response-splitting. 2019-06-27 14:03:48 +02:00
Anders Schack-Mulligen
f367427fb8 Java: Deprecate RemoteUserInput. 2019-05-06 13:43:58 +02:00
yh-semmle
6d59b4e049 Java 12: tweak queries to preserve behavior 
This accounts for the changes in af8faee1.
 2019-04-30 10:59:08 -04:00
Anders Schack-Mulligen
0a569f6c1a Java: Change TCs of Stmt.getParent to Stmt.getEnclosingStmt. 2019-04-30 10:59:06 -04:00
Felicity Chapman
ffeb61c698 Fix typo in query description 2019-04-03 10:46:48 +01:00
Anders Schack-Mulligen
25469637db Java: Autoformat qls. 2019-02-12 14:38:08 +01:00
Anders Schack-Mulligen
63a4dd09ad Java: Autoformat qlls. 2019-02-12 14:38:08 +01:00
Robin Neatherway
409733838b Java: Add a flow step for Path::toFile in ZipSlip 2019-02-11 10:33:44 +00:00
Anders Schack-Mulligen
ab44e5603c Java: Reduce precision of java/user-controlled-bypass. 2019-01-08 13:07:34 +01:00
yh-semmle
c2116f0d91 Merge pull request #560 from aschackmull/java/normalize-parentheses 
Java: Normalize parentheses.
 2018-12-06 12:38:26 -05:00
Anders Schack-Mulligen
d3fcfb0957 Java: Fix FP in UseSSL. 2018-12-04 17:44:05 +01:00
Anders Schack-Mulligen
ae44b90456 Java: Normalize parentheses. 2018-11-28 15:01:25 +01:00
Anders Schack-Mulligen
5e03b6f681 Java: Convert security queries to path-problems. 2018-11-16 13:48:50 +01:00
Anders Schack-Mulligen
437b2c1503 Java: Cosmetic changes and missing overrides. 2018-11-16 13:48:50 +01:00
Anders Schack-Mulligen
92f265844b Java: Fix mixed tabs/spaces in qhelp examples. 2018-11-07 09:02:41 +01:00
Anders Schack-Mulligen
41c89475fe Java: Rerun autoformat. 2018-11-01 17:01:12 +01:00
Anders Schack-Mulligen
c3f71c2d42 Java: Change main ZipSlip location to the source. 2018-10-31 11:38:28 +01:00
Anders Schack-Mulligen
36f41a3e16 Java: Fix performance issue, and add Path.resolve as taint step. 2018-10-31 11:38:27 +01:00
Anders Schack-Mulligen
bf6b7c4734 Java: Add ZipSlip query. 2018-10-31 11:38:27 +01:00
semmle-qlci
905911014d Merge pull request #358 from aschackmull/java/sql-sinks 
Approved by yh-semmle
 2018-10-26 01:42:37 +01:00
Anders Schack-Mulligen
1188e18837 Java: Whitelist Cookie::getName for HTTP response splitting. 2018-10-25 12:02:33 +02:00
Anders Schack-Mulligen
263de5219a Java: Add additional SQL injection sinks. 2018-10-24 13:58:21 +02:00
semmle-qlci
a8be7f2434 Merge pull request #312 from aschackmull/java/autoformat-libs 
Approved by yh-semmle
 2018-10-12 20:02:52 +01:00
Anders Schack-Mulligen
482733569a Java: Adjust comment style. 2018-10-12 13:40:32 +02:00
Anders Schack-Mulligen
67d1c72e64 Java: Autoformat libs outside semmle.code.java. 2018-10-12 13:40:32 +02:00
Anders Schack-Mulligen
dd5a8f0c14 Java: Autoformat most queries. 2018-10-11 11:31:37 +02:00
Pavel Avgustinov
846c9d5860 Migrate Java code to separate QL repo. 2018-08-30 10:48:05 +01:00