hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-20 22:46:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
24,326 Commits 1,712 Branches 163 Tags
1dd4bf00acf99deee3b2d9d7ca92eb80f7476a05
Commit Graph

22 Commits

Author SHA1 Message Date
Fosstars
1dd4bf00ac Simplify StaticInitializationVectorSource 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-08-26 09:42:23 +02:00
Artem Smotrakov
23e2322635 Simplify ArrayUpdate 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-08-25 19:43:43 +02:00
Artem Smotrakov
f41828e5db Better qldoc in StaticInitializationVectorQuery.qll 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-08-25 19:38:33 +02:00
Fosstars
f97c8bb049 Removed sanitizer in StaticInitializationVectorConfig 2021-08-25 12:40:48 +02:00
Fosstars
86b7b2b86d Updated qldoc for ArrayUpdate 2021-08-25 12:14:36 +02:00
Fosstars
c80a1da483 Don't consider copyOf() and clone() in ArrayUpdate 2021-08-25 12:11:34 +02:00
Fosstars
fbac5891b8 Fixed a typo in qldoc 2021-08-14 21:28:30 +02:00
Fosstars
e2dc9753ac Covered copyOfRange() and clone() in ArrayUpdate 2021-08-14 13:25:46 +02:00
Fosstars
d218813320 Updated qldoc for ArrayUpdate 2021-08-14 13:09:14 +02:00
Fosstars
11992404ec Be precise when checking for Cipher.ENCRYPT_MODE 2021-08-14 12:18:02 +02:00
Fosstars
4e69081c22 Support multi-dimensional arrays 2021-08-13 20:52:27 +02:00
Artem Smotrakov
cfe74b527a Use inline-expectation tests for StaticInitializationVector.ql 2021-07-17 01:04:52 +02:00
luchua-bc
4e3791dc0d Remove LoadCredentialsConfiguration and update qldoc 2021-04-09 19:36:35 +00:00
luchua-bc
1349bf7b0b Create a .qll file to reuse the code and add check of Spring properties 2021-03-30 11:25:29 +00:00
Porcuiney Hairs
84c9137152 Include suggestions from review 2021-03-18 16:12:00 +05:30
porcupineyhairs
f27d2bdf6d Update java/ql/src/experimental/semmle/code/java/Logging.qll 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-03-18 16:12:00 +05:30
Porcuiney Hairs
d0c82d3756 Add flogger and android logging support 2021-03-18 16:12:00 +05:30
Porcuiney Hairs
17d7ba8049 Add Log Injection Vulnerability 2021-03-18 16:12:00 +05:30
Porcuiney Hairs
5151a528ac Include suggestions from review 2021-03-01 22:59:30 +05:30
Porcupiney Hairs
42a84a18b0 JAVA : Add query to detect Apache Structs enabled DEvmode 
This query detects cases where the development mode is enabled for a
struts configuration. I can't find a CVE per se but, at present, [Github's fuzzy search](https://github.com/search?q=%3Cconstant+name%3D%22struts.devMode%22+value%3D%22true%22+%2F%3E+language%3Axml&type=Code) returns more
than 44000 results. Some of them look like they are classroom projects,
so they may be ineligible for a CVE. But we should be flagging them
anyways as setting the development on in a production system is a very
bad practice and can often lead to remote code execution.
So these should be fixed anyways.
 2021-02-26 16:30:04 +05:30
Grzegorz Golawski
df9921f870 Update according to the review comments 2020-05-07 23:19:13 +02:00
Grzegorz Golawski
af48bc3e57 CodeQL query to detect JNDI injections 2020-04-17 21:45:42 +02:00