hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-17 04:56:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
71,456 Commits 1,714 Branches 162 Tags
0e511d640be93441d044dcaeb50031ac3c5abb95
Commit Graph

1219 Commits

Author SHA1 Message Date
Jami Cogswell
335c59792c Java: remove unnecessary anchor and update page name 2024-10-18 09:26:56 -04:00
Jami Cogswell
88b7a9fcb5 Java: update qhelp link 2024-10-17 16:38:53 -04:00
Ian Lynagh
41ed6e6695 Java: Deprecate RefType.nestedName(), and add RefType.getNestedName() 2024-09-16 17:16:25 +01:00
erik-krogh
846882d22c delete imports to a deleted file 2024-09-03 20:31:00 +02:00
RobbingDaHood
1cb58922a2 Minor changes to formulations for java/error-message-exposure 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2024-07-29 16:48:15 +02:00
Daniel Winther Petersen
1c1ba7734f Now alerts about exposing exception.getMessage() in servlet responses are split out of java/stack-trace-exposure into its own alert java/error-message-exposure because this is a better fit. 2024-07-25 18:12:45 +02:00
Max Schaefer
d5d0cf5d90 Java: Tag java/non-https-url with CWE-345 2024-07-11 13:37:09 +01:00
Arthur Baars
b5b5fef642 Switch source and sink in TrustBoundaryViolation.ql 2024-05-23 15:53:12 +02:00
Arthur Baars
d540675b9e Update TrustBoundaryViolation.ql 2024-05-23 12:04:47 +00:00
Tony Torralba
5ec3335b07 Java: Reword recommendation section of XXE query 2024-05-22 11:34:19 +02:00
Michael Nebel
b1329fd806 Merge pull request #16362 from michaelnebel/java/removelocalqueries 
Java: Remove local query variants.
 2024-05-16 14:34:04 +02:00
Max Schaefer
3c47c1137d Simplify query. 2024-05-15 12:49:45 +01:00
Anders Schack-Mulligen
76e740bc1d Java: Clean up some instances of getQualifiedName. 2024-05-13 13:06:44 +02:00
Michael Nebel
d9c7401ea2 Java: Deprecate the local content of UrlRedirectLocalQuery and remove the local query variant. 2024-05-01 13:07:21 +02:00
Michael Nebel
ed7538d0b9 Java: Deprecate the local content of TaintedPathQuery and remove the local query variant. 2024-05-01 13:07:21 +02:00
Michael Nebel
5b89bd23c7 Java: Deprecate the content of SqlTaintedLocalQuery and remove the local query variant. 2024-05-01 13:07:21 +02:00
Michael Nebel
b68abab12a Java: Deprecate the content of ResponseSplittingLocalQuery and remove local query variant. 2024-05-01 13:07:21 +02:00
Michael Nebel
d05c5e3d94 Java: Deprecate the content of NumericCastTaintedLocalQuery, remove the local query variant and update the non-local query variant. 2024-05-01 13:07:21 +02:00
Michael Nebel
301a6cc191 Java: Deprecate the content of ImproperValidationOrArray and remove local query variants. 2024-05-01 13:07:21 +02:00
Michael Nebel
acd0fa4b7b Java: Deprecate the content of ExternallyControlledFormatStringLocalQuery and remove the externally controlled format string local query variant. 2024-05-01 13:07:21 +02:00
Michael Nebel
85a4dd0325 Java: Deprecate the local content of CommandLineQuery and remove the exec tainted local query variant. 2024-05-01 13:07:20 +02:00
Michael Nebel
072f19008a Java: Deprecate the content of ArithmeticTaintedLocalQuery and remove the arithmetic tainted local query variant. 2024-05-01 08:59:51 +02:00
Michael Nebel
93988e5834 Java: Deprecate the content of XxeLocalQuery and remove the Xxe local query variant. 2024-05-01 08:59:50 +02:00
Michael Nebel
e0c2a43780 Java: Deprecate the content of XssLocalQuery and remove the Xss local query variant. 2024-05-01 08:59:50 +02:00
Jami
d889e3cf98 Merge pull request #14854 from jcogs33/jcogs33/unsafe-url-forward-promotion 
Java: Promote Unsafe URL Forward query from experimental
 2024-03-29 16:34:06 -04:00
Jami
2f8c4df309 docs wording updates 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2024-03-28 16:15:05 -04:00
erik-krogh
ef8368cfc4 fix typo 2024-03-13 22:37:13 +01:00
Jami Cogswell
c331393cfd Java: update qhelp 2024-03-13 16:28:41 -04:00
Jami Cogswell
09bc21dbd3 Java: rename 'UnsafeUrlForward' to 'UrlForward' 2024-03-13 16:28:41 -04:00
Jami Cogswell
6e7c05467b Java: update query metadata and alert message 2024-03-13 16:28:41 -04:00
Jami Cogswell
2793f28428 Java: move config to Query.qll file 2024-03-13 16:28:40 -04:00
Jami Cogswell
0d38a9625e Java: copy files from experimental 2024-03-13 16:28:39 -04:00
erik-krogh
013ed7adb3 Java: update the url-redirection in the same style as the C# qhelp 2024-03-13 11:58:16 +01:00
Joe Farebrother
2ebb80b632 Merge pull request #15548 from joefarebrother/android-local-auth-keys 
Java: Add query for insecurely generated keys for local authentication.
 2024-02-22 14:04:17 +00:00
Felicity Chapman
4810657515 Remove period from 'name' 
This is an error for the Docs content linter and does not match the style guide for query help.
 2024-02-22 10:50:45 +00:00
Joe Farebrother
ef124695a5 Apply suggestions from documentation review 
Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com>
 2024-02-22 10:11:49 +00:00
Joe Farebrother
9ad05fe51c Address reveiws - Add BAD example to doc, add doc example to tests and fix typo. 2024-02-16 12:00:51 +00:00
Jonathan Leitschuh
50056d603e Fix typo in NettyRequestSplitting.java 2024-02-14 14:03:33 -05:00
Tony Torralba
b6385f7938 Merge pull request #15533 from JLLeitschuh/patch-5 
Reduce severity of `java/relative-path-command`
 2024-02-12 15:04:05 +01:00
Joe Farebrother
3a4a841844 Add change note + update severity 2024-02-12 14:01:27 +00:00
Joe Farebrother
16a7d68780 Add documentation 2024-02-12 13:58:01 +00:00
Joe Farebrother
2eb93b7a3b Add unit tests 2024-02-12 13:49:45 +00:00
Joe Farebrother
c79a3eb6ae Add query for insecure key generation 2024-02-12 13:49:44 +00:00
Joe Farebrother
75a2b9415c Merge pull request #15481 from joefarebrother/android-local-auth 
Java: Add query for insecure local authentication
 2024-02-12 13:48:53 +00:00
Joe Farebrother
d3fea4044e Apply suggestions from documentation review 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2024-02-12 10:27:56 +00:00
Joe Farebrother
16aed18821 Address reviews - Elaborate on docs and update severity 2024-02-09 13:53:36 +00:00
Anders Schack-Mulligen
b7d4a6926f Dataflow: Add empty provenance column to PathGraph. 2024-02-09 11:27:30 +01:00
Joe Farebrother
f4b6a85a48 Fix typo in qldoc 2024-02-09 10:09:24 +00:00
Tony Torralba
4c0d535cc2 Merge pull request #12886 from atorralba/atorralba/java/path-injection-mad-sinks 
Java: Refactor path injection sinks
 2024-02-09 10:48:49 +01:00
Jonathan Leitschuh
1484a169d7 Reduce severity of java/relative-path-command 
Significantly reduces the severity of `java/relative-path-command` from 9.8 to 5.4

https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
 2024-02-06 15:43:19 -05:00