hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-24 02:43:40 +01:00
Code Issues Packages Projects Releases Wiki Activity
66,843 Commits 1,693 Branches 161 Tags
1b22e0879af8297cffc152f030b44cfd97542356
Commit Graph

885 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
76e740bc1d Java: Clean up some instances of getQualifiedName. 2024-05-13 13:06:44 +02:00
Michael Nebel
8def1c2c13 Java: Address review comments and some other code quality improvements. 2024-05-03 11:11:52 +02:00
Michael Nebel
f95b33049e Java: Improve the Api sources and sinks implementation. 2024-04-26 14:12:41 +02:00
Michael Nebel
9db32f4d26 Java: Identify more APIs as supported in the telemetry queries (as QL defined sinks). 2024-04-26 12:39:46 +02:00
Michael Nebel
acb2bbb2a3 Java: Identify more APIs as supported in the telemetry queries (as QL defined sources). 2024-04-26 12:39:46 +02:00
Anders Schack-Mulligen
2925e45434 Java/Dataflow: Propagate MaD-id/model-id to PathGraph. 2024-04-12 09:19:51 +02:00
Jami
d889e3cf98 Merge pull request #14854 from jcogs33/jcogs33/unsafe-url-forward-promotion 
Java: Promote Unsafe URL Forward query from experimental
 2024-03-29 16:34:06 -04:00
Jami Cogswell
40c932a5f9 Java: move UrlForward.qll code to UrlForwardQuery.qll 2024-03-27 10:12:28 -04:00
Jami Cogswell
121b24ea7c Java: remove parentheses 2024-03-27 08:16:06 -04:00
Jami Cogswell
35fbc95cc7 Java: remove redundant line 2024-03-27 08:09:40 -04:00
Owen Mansel-Chan
ac6c4add14 Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2024-03-24 20:20:37 +00:00
Owen Mansel-Chan
4832dc51ed Whitelist variable name tokenImage 2024-03-23 21:33:02 +00:00
Jami Cogswell
55f7369df0 Java: performance fix 2024-03-15 14:06:36 -04:00
Jami Cogswell
1b01f26d09 Java: adjust BarrierPrefix to handle prepended chars 2024-03-13 16:28:45 -04:00
Jami Cogswell
04d27f2d65 Java: adjust prefix barriers 2024-03-13 16:28:44 -04:00
Jami Cogswell
e99cea340b Java: update UrlPathBarrier to include FollowsBarrierPrefix 2024-03-13 16:28:44 -04:00
Jami Cogswell
c5a59d6c51 Java: add QLDoc 2024-03-13 16:28:44 -04:00
Jami Cogswell
7310c155e2 Java: rename SpringUrlForwardSink 2024-03-13 16:28:44 -04:00
Jami Cogswell
a8075969d8 Java: add QLDocs to UrlPathBarrier code 2024-03-13 16:28:44 -04:00
Jami Cogswell
042dcf9cd9 Java: some updates to UrlPathBarrier code 2024-03-13 16:28:44 -04:00
Jami Cogswell
052452b186 Java: create UrlDecodeMethod 2024-03-13 16:28:44 -04:00
Jami Cogswell
d220b3a298 Java: some updates to test cases 2024-03-13 16:28:43 -04:00
Jami Cogswell
43b49628fc Java: use new 'SimpleTypeSanitizer', and update some non-extending subtype relationships 2024-03-13 16:28:43 -04:00
Jami Cogswell
2708e53c7f Java: remove redundant imports 2024-03-13 16:28:43 -04:00
Jami Cogswell
911a61df22 Java: initial update of barrier and test cases to remove FN 2024-03-13 16:28:42 -04:00
Jami Cogswell
5fa63ab5c2 Java: update/add some TODO comments 2024-03-13 16:28:41 -04:00
Jami Cogswell
09bc21dbd3 Java: rename 'UnsafeUrlForward' to 'UrlForward' 2024-03-13 16:28:41 -04:00
Jami Cogswell
5a9d7552b3 Java: add some comments and minor code reorg 2024-03-13 16:28:41 -04:00
Jami Cogswell
1da1e896cb Java: convert SpringModelAndViewSink to MaD 2024-03-13 16:28:41 -04:00
Jami Cogswell
8d66097483 Java: switch StaplerResponse.forward from request-forgery sink to url-forward sink 2024-03-13 16:28:41 -04:00
Jami Cogswell
42e3825ea3 Java: convert RequestDispatcherSink to MaD 2024-03-13 16:28:40 -04:00
Jami Cogswell
4ff884e26c Java: remove more path-injection related classes (will maybe add some of these back in a separate PR) 2024-03-13 16:28:40 -04:00
Jami Cogswell
915e106ab3 Java: remove path-injection related models and tests for now 2024-03-13 16:28:40 -04:00
Jami Cogswell
2793f28428 Java: move config to Query.qll file 2024-03-13 16:28:40 -04:00
Erik Krogh Kristensen
863e3f79e5 Merge pull request #15731 from erik-krogh/java-url 
Java: More sanitizers for request-forgery
 2024-03-12 19:31:52 +01:00
erik-krogh
f613823047 add explicit QLDoc that any method named "contains" is matched 2024-03-12 15:25:27 +01:00
erik-krogh
52f71e4553 small fixes based on review 2024-03-12 15:07:29 +01:00
Owen Mansel-Chan
c7efde3b7a Remove variables with "null" in their name as sources 2024-03-03 20:55:04 +00:00
erik-krogh
b4b5ae2a2c add some request-forgery sanitizers, inspired from C# 2024-02-27 10:05:26 +01:00
Joe Farebrother
2ebb80b632 Merge pull request #15548 from joefarebrother/android-local-auth-keys 
Java: Add query for insecurely generated keys for local authentication.
 2024-02-22 14:04:17 +00:00
Anders Schack-Mulligen
71f8ccf45f Merge pull request #15654 from aschackmull/java/static-init-vec-query-perf 
Java: Switch helper flow from Global to SimpleGlobal in StaticInitializationVectorQuery.
 2024-02-21 10:51:16 +01:00
Anders Schack-Mulligen
66010b5c96 Java: Switch helper flow from Global to SimpleGlobal in StaticInitializationVectorQuery. 2024-02-19 14:04:43 +01:00
Owen Mansel-Chan
22692b9d55 Simplify definition of source and improve QLDoc 
This is also slightly faster to evaluate (217s instead of 228s on apache/geode on my machine).
 2024-02-16 16:47:41 +00:00
Tony Torralba
90a9d82b9d Java: Expand ExactPathSanitizer to work on the argument of 'equals' too 2024-02-15 10:00:24 +01:00
Joe Farebrother
2eb93b7a3b Add unit tests 2024-02-12 13:49:45 +00:00
Joe Farebrother
d8985f9f5b Move tests for local auth to a folder 2024-02-12 13:49:45 +00:00
Joe Farebrother
c79a3eb6ae Add query for insecure key generation 2024-02-12 13:49:44 +00:00
Joe Farebrother
75a2b9415c Merge pull request #15481 from joefarebrother/android-local-auth 
Java: Add query for insecure local authentication
 2024-02-12 13:48:53 +00:00
Tony Torralba
cf7091ae5f Merge branch 'main' into atorralba/java/open-redirect-sanitizer 2024-02-12 10:31:52 +01:00
Joe Farebrother
16aed18821 Address reviews - Elaborate on docs and update severity 2024-02-09 13:53:36 +00:00