codeql

mirror of https://github.com/github/codeql.git synced 2025-12-28 14:46:33 +01:00

Author	SHA1	Message	Date
Chris Smowton	402f20c5e2	Merge pull request #5154 from smowton/smowton/admin/deprecate-old-maven-predicate-names Java: Re-introduce deprecated versions of old Maven predicate names	2021-02-12 17:22:05 +00:00
Chris Smowton	80978c7c35	Merge pull request #5153 from smowton/smowton/admin/move-misplaced-experimental-query Move misplaced experimental query into the conventional directory	2021-02-12 17:21:57 +00:00
Anders Schack-Mulligen	085286ab58	Merge pull request #5135 from pwntester/guava_preconditions Add support for the Preconditions Class in the Guava framework	2021-02-12 14:15:17 +01:00
Chris Smowton	655cfb3a47	Re-introduce deprecated versions of old Maven predicate names	2021-02-12 12:24:19 +00:00
Chris Smowton	97df60f9d6	Move misplaced experimental query into the conventional directory	2021-02-12 12:12:16 +00:00
Marcono1234	e89891fa1f	Address review comments	2021-02-12 01:30:47 +01:00
Marcono1234	2a1c11b517	Improve MavenPom documentation, rename inconsistent predicates	2021-02-10 23:56:45 +01:00
Anders Schack-Mulligen	b74911204a	Merge pull request #4945 from intrigus-lgtm/java/insecure-jxbrowser Java: Insecure JXBrowser	2021-02-10 15:48:17 +01:00
intrigus	5c82ff83de	Java: Fix qhelp, fix CWE reference	2021-02-10 13:57:51 +01:00
Alvaro Muñoz	645b021845	Add support for the Preconditions Class in the Guava framework	2021-02-10 13:20:29 +01:00
Tom Hvitved	1f9b42f9ab	Data flow: Sync files	2021-02-09 20:10:23 +01:00
intrigus	2e30f2d9ce	Java: Fix QHelp & accept test output Accept test output for changed alert message.	2021-02-08 00:05:02 +01:00
Anders Schack-Mulligen	35e620a19c	Merge pull request #4854 from luchua-bc/java/insecure-ldap-auth Java: Insecure LDAP authentication	2021-02-04 14:56:38 +01:00
luchua-bc	724c3e00e0	Update help file	2021-02-03 16:45:15 +00:00
Anders Schack-Mulligen	40d02e7e32	Merge pull request #4926 from luchua-bc/java/insufficient-key-size Java: Query to detect weak encryption: insufficient key size	2021-02-03 15:16:10 +01:00
Anders Schack-Mulligen	0df7e9fa4e	Merge pull request #4989 from lcartey/lcartey/spring-inheritence-improvements Java: Track taint through Spring Java bean getters on super types	2021-02-03 15:06:03 +01:00
luchua-bc	2ace10fcdf	Use PostUpdateNode for wrapper method calls	2021-02-03 12:21:31 +00:00
luchua-bc	3151aeff48	Enhance the query	2021-02-02 18:26:29 +00:00
luchua-bc	5e3b6fa341	Update qldoc	2021-02-02 16:20:39 +00:00
luchua-bc	50be54385a	Update qldoc	2021-02-02 14:49:50 +00:00
Luke Cartey	76c9b6466e	Reformat TaintTrackingUtil.qll with more recent CodeQL CLI	2021-01-29 11:27:30 +00:00
Anders Schack-Mulligen	bbdd7c9b57	Merge pull request #4963 from joefarebrother/guava-collections Java: Add flow steps for Guava collection utilities	2021-01-28 11:01:03 +01:00
luchua-bc	ab7d257569	Add more cases and change EC to 256 bits	2021-01-28 04:06:27 +00:00
luchua-bc	2ac7b4bab4	Update qldoc	2021-01-28 04:06:27 +00:00
luchua-bc	058f3af4b2	Refactor the hasShortSymmetricKey method	2021-01-28 04:06:27 +00:00
luchua-bc	cbaee937d0	Optimize the query	2021-01-28 04:06:27 +00:00
luchua-bc	cfc950f803	Query for weak encryption: Insufficient key size	2021-01-28 03:25:15 +00:00
luchua-bc	6a93099b64	Simplify the query and update qldoc	2021-01-28 03:02:53 +00:00
intrigus	d3e6e594b2	Java: Improve QLDoc	2021-01-27 11:57:32 +01:00
intrigus	bdba7e14fe	Java: Switch to data flow	2021-01-27 11:54:40 +01:00
Henning Makholm	54f00de3e0	Add "tests" fields to test qlpacks This will allow `codeql resolve tests --ignore-dubious-cases` (and thus the VSCode extension) to recognize all `.ql` files in those packs as test cases, even if they don't have accompanying `.expected` files. CLI versions prior to 2.1.0 will choke on this, but it's almost 10 months since that came out.	2021-01-26 18:15:22 +01:00
Joe Farebrother	d69ecde5c1	Java: Add additional flow steps for guava collection methods and more unit tests	2021-01-25 16:37:40 +00:00
Joe Farebrother	7e11d8ed07	Java: Add modelling for guava `Sets`	2021-01-25 16:37:40 +00:00
Joe Farebrother	d1427fcd93	Java: Add modelling for Guava's collection classes	2021-01-25 16:37:40 +00:00
Luke Cartey	5c6f5b7b33	Java: Track taint through Spring Java bean getters on super types	2021-01-20 16:53:03 +00:00
Anders Schack-Mulligen	9b2f69ca94	Merge pull request #4978 from github/yo-h/struts-xml-change-note Java: add change note for `struts.xml` extraction	2021-01-20 08:59:45 +01:00
yo-h	91fa12b1be	Java: add change note for `struts.xml` extraction	2021-01-19 10:19:18 -05:00
Anders Schack-Mulligen	dde8d320f3	Apply suggestions from code review Minor qldoc fixes.	2021-01-19 08:24:24 +01:00
Marcono1234	703336a77f	Add ArrayInit.getSize(), improve documentation	2021-01-18 16:44:53 +01:00
intrigus	a4cbd7037b	Java: Add tests for different versions. Adds a test for version 6.24, because that version is not vulnerable. The other test is for versions < 6.24, because these versions are vulnerable.	2021-01-15 17:20:57 +01:00
luchua-bc	32c54628f8	Drop fieldName from the function for runtime evaluation	2021-01-15 12:33:00 +00:00
luchua-bc	e5a703e49c	Revamp the query	2021-01-15 04:05:11 +00:00
yo-h	27fd16ae87	Java: update documentation on supported language versions	2021-01-14 20:29:16 -05:00
intrigus-lgtm	b8076481bf	Java: Suggestions from Review	2021-01-13 20:32:23 +01:00
Anders Schack-Mulligen	29935e1388	Merge pull request #4771 from intrigus-lgtm/split-cwe-295 Java: Add unsafe hostname verification query and remove existing overlapping query	2021-01-13 11:31:38 +01:00
luchua-bc	babe744a30	Add SECURITY_PROTOCOL check	2021-01-13 03:49:08 +00:00
intrigus	5b3086a93a	Java: Fix capitalization of JxBrowser	2021-01-12 22:43:41 +01:00
intrigus	1ebc9f4d93	Java: Only detect JxBrowser < 6.24	2021-01-12 22:39:08 +01:00
intrigus	2931e1f3fb	Java: Add change note for #4771	2021-01-12 15:37:45 +01:00
intrigus	1901f6bf55	Java: Make @id @name of query more similar.	2021-01-12 15:36:55 +01:00

1 2 3 4 5 ...

1617 Commits