hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-10 05:00:29 +01:00
Code Issues Packages Projects Releases Wiki Activity
18,954 Commits 1,679 Branches 158 Tags
13d0efe96da809a64f6ff55e91682fd30606b3a9
Commit Graph

183 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
e5b4975450 Merge pull request #4675 from luchua-bc/cleartext-storage-shared-prefs 
Java: Query to detect cleartext storage of sensitive information using Android SharedPreferences
 2021-01-08 12:41:34 +01:00
luchua-bc
b54e5b1c49 Revamp the library module 2021-01-07 12:44:59 +00:00
luchua-bc
f13b8814f5 Update class/method names in the module 2021-01-06 16:49:35 +00:00
luchua-bc
5690bf49f4 Optimize the query 2021-01-06 16:21:26 +00:00
Chris Smowton
e87fd86e63 Merge pull request #4814 from luchua-bc/java/password-in-configuration 
Java: Password in Java EE configuration files
 2021-01-05 11:42:27 +00:00
luchua-bc
bfb138d415 Update qldoc 2020-12-17 14:42:14 +00:00
luchua-bc
7b44ee50ea Revamp the functions to have a string parameter 2020-12-17 14:26:13 +00:00
luchua-bc
b44f01a87b Enhance the check for embedded passwords 2020-12-17 03:47:38 +00:00
luchua-bc
523f0fb247 Enhance the query and update qldoc 2020-12-14 17:01:30 +00:00
luchua-bc
d469e9b24e Format the code and minor text change 2020-12-13 21:15:18 +00:00
luchua-bc
e27ccd0a81 Format the code and update qldoc 2020-12-13 02:33:03 +00:00
luchua-bc
7ba237120b Password in Java EE configuration files 2020-12-12 05:15:04 +00:00
Anders Schack-Mulligen
0cc324b715 Merge pull request #3839 from luchua-bc/uncaught-servlet-exception 
Java: Uncaught servlet exception
 2020-12-02 15:12:59 +01:00
Anders Schack-Mulligen
0175a596ef Update java/ql/src/experimental/Security/CWE/CWE-600/UncaughtServletException.ql 2020-12-02 13:33:59 +01:00
Anders Schack-Mulligen
8f2094f0bf Autoformat. 2020-11-30 14:42:38 +01:00
luchua-bc
ad0ac5b874 Change kind to problem 2020-11-27 16:43:57 +00:00
Anders Schack-Mulligen
028a72bcdd Merge pull request #4610 from luchua-bc/java-nfe-local-android-dos 
Java: Query to detect Local Android DoS caused by NFE
 2020-11-27 14:20:23 +01:00
luchua-bc
a83ddd66eb Add comments about how the future promotion should go 2020-11-26 17:41:46 +00:00
luchua-bc
7ad031ca70 Move to experimental and update qldoc 2020-11-26 17:09:53 +00:00
Anders Schack-Mulligen
3f04099c25 Update java/ql/src/experimental/CWE-918/RequestForgery.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2020-11-24 13:18:58 +01:00
Anders Schack-Mulligen
0450489022 Java: Review fixes. 2020-11-24 11:31:44 +01:00
Porcupiney Hairs
ebc6c49555 include suggestions from review. 2020-11-19 03:37:00 +05:30
Porcupiney Hairs
4b25532b9f include suggestions from review. 2020-11-13 17:55:56 +05:30
Porcupiney Hairs
f8de94e906 refactor SpringWebClient 2020-11-13 00:32:27 +05:30
Porcupiney Hairs
2525cfd786 include suggestions from review. 2020-11-13 00:28:06 +05:30
luchua-bc
dcb7324643 Add the constraint that the caller method must throw an exception 2020-11-11 16:47:53 +00:00
luchua-bc
018d5c46da Simplify the query 2020-11-10 21:07:44 +00:00
Porcupiney Hairs
38de9b6433 add request forgery query 2020-11-10 01:19:35 +05:30
luchua-bc
bc899b6337 Move common code to a library and add more test cases 2020-11-09 14:14:54 +00:00
luchua-bc
b10552aa2e Specify exported Android components for local Android DoS 2020-11-09 14:10:01 +00:00
luchua-bc
76a0db84ee Query for detecting Local Android DoS caused by NFE 2020-11-09 14:10:00 +00:00
luchua-bc
a83f9ced96 Change the query to only catch the common exception rethrown case 2020-11-09 12:07:43 +00:00
Porcupiney Hairs
0a028dcb47 Java : Refactor all instances of java.net.URI into TypeUri 2020-11-04 18:23:26 +05:30
Anders Schack-Mulligen
22b4df0f3c Merge pull request #4512 from luchua-bc/sensitive-broadcast 
Java: Sensitive broadcast
 2020-11-04 10:47:48 +01:00
Anders Schack-Mulligen
26495225e0 Update java/ql/src/experimental/Security/CWE/CWE-927/SensitiveBroadcast.qhelp 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2020-11-04 10:05:55 +01:00
luchua-bc
3f0cdb6a1a Update qldoc and comments 2020-11-03 19:40:28 +00:00
luchua-bc
fa54c23a83 Handle the edge case that an exception is rethrown in a catch clause 2020-11-03 16:31:12 +00:00
luchua-bc
f8fd2ea821 Add qldoc and autoformat query 2020-11-03 12:23:40 +00:00
luchua-bc
6a8ce37428 Add query for initCause and addSuppressed 2020-11-02 11:59:14 +00:00
luchua-bc
78d7fe2fbb Detect rethrowing unprocessed exceptions in catch clause 2020-11-01 02:13:50 +00:00
luchua-bc
756db4c03a Simplify the query and add more test cases 2020-10-31 01:33:24 +00:00
luchua-bc
93d1393ded Add error-page check 2020-10-30 16:45:56 +00:00
luchua-bc
5a6339c1af Remove userid from the regex 2020-10-29 15:46:05 +00:00
luchua-bc
90d11812be Update the regex to be the original one 2020-10-29 13:04:15 +00:00
luchua-bc
908d659906 Minor updates 2020-10-28 20:23:22 +00:00
luchua-bc
99c79f4aa3 Enhance the dataflow sink and update test cases 2020-10-28 03:07:01 +00:00
luchua-bc
3cc3fe9d37 Switch to TaintPreservingCallable and add test cases 2020-10-28 00:33:07 +00:00
luchua-bc
07830aae05 Fix typo 2020-10-25 22:34:15 +00:00
luchua-bc
d9c140dc6c Enhance the query to use sanitizer and null/empty array flow 2020-10-25 15:33:09 +00:00
luchua-bc
478771ccc5 Fix issues with method signature check 2020-10-21 02:49:53 +00:00