hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-06 06:05:19 +02:00
Code Issues Packages Projects Releases Wiki Activity
18,758 Commits 1,747 Branches 166 Tags
1901f6bf55fdee3de7e22a2bab7935b878f7c03e
Commit Graph

170 Commits

Author SHA1 Message Date
intrigus
0a9df07df7 Apply suggestions from review. 2021-01-11 13:42:07 +01:00
intrigus
70b0703952 Java: Remove overlapping code 2021-01-11 13:42:07 +01:00
Anders Schack-Mulligen
0cc324b715 Merge pull request #3839 from luchua-bc/uncaught-servlet-exception 
Java: Uncaught servlet exception
 2020-12-02 15:12:59 +01:00
Anders Schack-Mulligen
0175a596ef Update java/ql/src/experimental/Security/CWE/CWE-600/UncaughtServletException.ql 2020-12-02 13:33:59 +01:00
Anders Schack-Mulligen
8f2094f0bf Autoformat. 2020-11-30 14:42:38 +01:00
Anders Schack-Mulligen
028a72bcdd Merge pull request #4610 from luchua-bc/java-nfe-local-android-dos 
Java: Query to detect Local Android DoS caused by NFE
 2020-11-27 14:20:23 +01:00
Anders Schack-Mulligen
3f04099c25 Update java/ql/src/experimental/CWE-918/RequestForgery.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2020-11-24 13:18:58 +01:00
Anders Schack-Mulligen
0450489022 Java: Review fixes. 2020-11-24 11:31:44 +01:00
Porcupiney Hairs
ebc6c49555 include suggestions from review. 2020-11-19 03:37:00 +05:30
Porcupiney Hairs
4b25532b9f include suggestions from review. 2020-11-13 17:55:56 +05:30
Porcupiney Hairs
f8de94e906 refactor SpringWebClient 2020-11-13 00:32:27 +05:30
Porcupiney Hairs
2525cfd786 include suggestions from review. 2020-11-13 00:28:06 +05:30
luchua-bc
dcb7324643 Add the constraint that the caller method must throw an exception 2020-11-11 16:47:53 +00:00
luchua-bc
018d5c46da Simplify the query 2020-11-10 21:07:44 +00:00
Porcupiney Hairs
38de9b6433 add request forgery query 2020-11-10 01:19:35 +05:30
luchua-bc
bc899b6337 Move common code to a library and add more test cases 2020-11-09 14:14:54 +00:00
luchua-bc
b10552aa2e Specify exported Android components for local Android DoS 2020-11-09 14:10:01 +00:00
luchua-bc
76a0db84ee Query for detecting Local Android DoS caused by NFE 2020-11-09 14:10:00 +00:00
luchua-bc
a83f9ced96 Change the query to only catch the common exception rethrown case 2020-11-09 12:07:43 +00:00
Porcupiney Hairs
0a028dcb47 Java : Refactor all instances of java.net.URI into TypeUri 2020-11-04 18:23:26 +05:30
Anders Schack-Mulligen
22b4df0f3c Merge pull request #4512 from luchua-bc/sensitive-broadcast 
Java: Sensitive broadcast
 2020-11-04 10:47:48 +01:00
Anders Schack-Mulligen
26495225e0 Update java/ql/src/experimental/Security/CWE/CWE-927/SensitiveBroadcast.qhelp 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2020-11-04 10:05:55 +01:00
luchua-bc
3f0cdb6a1a Update qldoc and comments 2020-11-03 19:40:28 +00:00
luchua-bc
fa54c23a83 Handle the edge case that an exception is rethrown in a catch clause 2020-11-03 16:31:12 +00:00
luchua-bc
f8fd2ea821 Add qldoc and autoformat query 2020-11-03 12:23:40 +00:00
luchua-bc
6a8ce37428 Add query for initCause and addSuppressed 2020-11-02 11:59:14 +00:00
luchua-bc
78d7fe2fbb Detect rethrowing unprocessed exceptions in catch clause 2020-11-01 02:13:50 +00:00
luchua-bc
756db4c03a Simplify the query and add more test cases 2020-10-31 01:33:24 +00:00
luchua-bc
93d1393ded Add error-page check 2020-10-30 16:45:56 +00:00
luchua-bc
5a6339c1af Remove userid from the regex 2020-10-29 15:46:05 +00:00
luchua-bc
90d11812be Update the regex to be the original one 2020-10-29 13:04:15 +00:00
luchua-bc
908d659906 Minor updates 2020-10-28 20:23:22 +00:00
luchua-bc
99c79f4aa3 Enhance the dataflow sink and update test cases 2020-10-28 03:07:01 +00:00
luchua-bc
3cc3fe9d37 Switch to TaintPreservingCallable and add test cases 2020-10-28 00:33:07 +00:00
luchua-bc
07830aae05 Fix typo 2020-10-25 22:34:15 +00:00
luchua-bc
d9c140dc6c Enhance the query to use sanitizer and null/empty array flow 2020-10-25 15:33:09 +00:00
luchua-bc
478771ccc5 Fix issues with method signature check 2020-10-21 02:49:53 +00:00
luchua-bc
2c2aab6ffc Sensitive broadcast 2020-10-19 16:16:13 +00:00
Chris Smowton
5a480bfb13 Give query an id and PathGraph query predicates 2020-10-16 16:19:58 +01:00
luchua-bc
6f6ec9d51a Change the source class type and simplify the data-flow step 2020-10-15 14:53:32 +01:00
luchua-bc
f5e9690594 Update the doc comments 2020-10-15 14:53:32 +01:00
luchua-bc
c7750fd8c2 Fine tune the query 2020-10-15 14:53:32 +01:00
luchua-bc
5338332648 Enhance the query and add more test cases 2020-10-15 14:53:31 +01:00
luchua-bc
55af37312b Text changes to the help file 2020-10-15 14:53:31 +01:00
luchua-bc
ebc2bd9a58 Text changes to the help file 2020-10-15 14:53:31 +01:00
luchua-bc
bd0c577ffd Unsafe resource loading in Android webview 2020-10-15 14:53:30 +01:00
Chris Smowton
578ea1ae43 Fix OWASP broken links 2020-10-01 13:09:52 +01:00
Rasmus Wriedt Larsen
7a54d0b493 Java: Move files in experiemntal dirs to be consistent 2020-09-02 13:19:21 +02:00
Grzegorz Golawski
5e462a897d Merge branch 'main' into xslt-injection 2020-08-30 22:45:31 +02:00
Anders Schack-Mulligen
3469ad7ca6 Merge pull request #3600 from luchua-bc/java-sensitive-log4j2-logging 
Add Log4J 2 and a new search string secret
 2020-08-13 13:35:52 +02:00