445 Commits

Author	SHA1	Message	Date
Tony Torralba	215118c7ea	Fixes in QLDocs and imports	2021-05-06 09:18:49 +02:00
Tony Torralba	d739a8cac2	Moved configuration from XPath.qll back to XPath Injection query	2021-05-06 09:18:48 +02:00
Tony Torralba	ed5619498c	WIP: XPath Injection promotion	2021-05-06 09:18:48 +02:00
Felicity Chapman	8b2009cfb1	Minor updates to qhelp file	2021-05-05 12:36:29 +01:00
Jaroslav Lobačevski	38bce39baa	Update UncaughtServletException.qhelp ... There is no single word in https://cwe.mitre.org/data/definitions/600.html about possible DoS or unexpected state.	2021-05-03 15:06:57 +03:00
Chris Smowton	b2c0259197	Merge pull request #5631 from haby0/UseOfLessTrustedSource ... [Java] CWE-348: Using a client-supplied IP address in a security check	2021-04-30 15:20:53 +01:00
haby0	fdcc517b9f	UseOfLessTrustedSource -> ClientSuppliedIpUsedInSecurityCheck"	2021-04-30 17:43:34 +08:00
haby0	f41301f8f5	Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.java ... Co-authored-by: Chris Smowton <smowton@github.com>	2021-04-30 16:55:17 +08:00
haby0	0691cac5ab	Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSourceLib.qll ... Co-authored-by: Chris Smowton <smowton@github.com>	2021-04-30 16:54:41 +08:00
haby0	8142810455	Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.qhelp ... Co-authored-by: Chris Smowton <smowton@github.com>	2021-04-30 16:54:28 +08:00
haby0	711a74c9c9	Eliminate false positives\	2021-04-30 10:31:40 +08:00
Chris Smowton	ad9ea40954	Merge pull request #5597 from intrigus-lgtm/java/jwt-insecure-parse ... [Java] JWT without signature check.	2021-04-29 14:41:11 +01:00
haby0	e813257431	use hardCode	2021-04-29 21:23:52 +08:00
haby0	b0f745365d	Node type restriction	2021-04-28 14:32:25 +08:00
haby0	5be9fbbc5a	Remove LogOperationSink and PrintSink	2021-04-27 14:12:33 +08:00
intrigus	b1a3633495	Java: Remove redundant condition + docs.	2021-04-23 22:06:04 +02:00
intrigus	98dcd4e52b	Java: Tighten definition of sink.	2021-04-23 00:14:48 +02:00
intrigus	a385b30c29	Java: Factor common expr into class.	2021-04-22 23:51:27 +02:00
intrigus-lgtm	958e2fab05	Apply suggestions from code review ... Co-authored-by: Chris Smowton <smowton@github.com>	2021-04-22 23:36:17 +02:00
haby0	407dcea751	add String type startsWith	2021-04-22 19:20:54 +08:00
haby0	9b4442be8b	Fix some errors	2021-04-22 19:01:55 +08:00
haby0	454324781d	delete IfStmt	2021-04-22 11:59:33 +08:00
haby0	84f00c21df	update IfConditionSink.	2021-04-21 15:38:41 +08:00
intrigus	231b07795c	Java: Ignore results in test directories.	2021-04-20 23:25:13 +02:00
intrigus	fcaf5e7657	Java: Plural type name -> singular type name.	2021-04-20 23:09:44 +02:00
intrigus	3acec94773	Java: Fix typos.	2021-04-20 23:04:06 +02:00
intrigus	149c4491ce	Java: Simplify qldoc.	2021-04-20 23:03:10 +02:00
intrigus	9e4fa90f6e	Java: Refer to Java types in qldoc instead of ql types.	2021-04-20 23:02:18 +02:00
intrigus	26502881d7	Java: Consistently use this in charpred.	2021-04-20 22:56:58 +02:00
Chris Smowton	9bfb0d93ca	Autoformat QL	2021-04-20 13:59:09 +01:00
Chris Smowton	0ec3ee29e4	Style last use of SecureASTCustomizer	2021-04-20 12:44:49 +01:00
Hayk Andriasyan	bb58a50503	Update GroovyInjection.qhelp	2021-04-20 15:41:58 +04:00
p0wn4j	f2de440886	[Java] CWE-094: Query to detect Groovy Code Injections	2021-04-20 19:18:24 +04:00
haby0	3e376f95c4	Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.ql ... Co-authored-by: Chris Smowton <smowton@github.com>	2021-04-20 19:36:16 +08:00
haby0	b1ee864ad9	Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.ql ... Co-authored-by: Chris Smowton <smowton@github.com>	2021-04-20 19:35:52 +08:00
haby0	9e87f4ec4e	Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.ql ... Co-authored-by: Chris Smowton <smowton@github.com>	2021-04-20 19:35:34 +08:00
haby0	408dd31d3c	Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.qhelp ... Co-authored-by: Chris Smowton <smowton@github.com>	2021-04-20 19:34:37 +08:00
haby0	9ece4dac0f	Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.qhelp ... Co-authored-by: Chris Smowton <smowton@github.com>	2021-04-20 19:33:47 +08:00
haby0	d82878ac3b	Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.qhelp ... Co-authored-by: Chris Smowton <smowton@github.com>	2021-04-20 19:33:06 +08:00
haby0	0b1637a409	Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.qhelp ... Co-authored-by: Chris Smowton <smowton@github.com>	2021-04-20 19:32:39 +08:00
haby0	b60bffaf83	Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSourceLib.qll ... Co-authored-by: Chris Smowton <smowton@github.com>	2021-04-20 19:31:59 +08:00
haby0	0053158884	update qhelp file and ql comments	2021-04-20 10:58:54 +08:00
haby0	8296abcea8	Fix Modify the ql query (the qhelp part is not modified).	2021-04-19 20:59:47 +08:00
haby0	23b508c5e7	Merge remote-tracking branch 'upstream/main' into UseOfLessTrustedSource	2021-04-19 20:05:49 +08:00
Mathias Vorreiter Pedersen	e36b42a03f	Java: Fix invalid id in experimental query ... The invalid id broke CI here: https://github.com/github/codeql/pull/5703 (see https://github.slack.com/archives/CPSEA0G22/p1618602834224600)	2021-04-17 09:47:15 +02:00
Anders Schack-Mulligen	605f28f741	Merge pull request #5686 from smowton/haby0/JsonHijacking ... Java: JSONP Injection w/cleanups	2021-04-16 11:09:17 +02:00
Chris Smowton	c37994089c	Revert changes to unrelated query	2021-04-15 16:24:29 +01:00
haby0	dedf765542	Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll ... Co-authored-by: Chris Smowton <smowton@github.com>	2021-04-15 22:59:22 +08:00
haby0	0e183ab4a4	Finish comment	2021-04-15 19:49:06 +08:00
Chris Smowton	fa36ba901a	Merge pull request #5471 from artem-smotrakov/el-injection ... Java: Query for detecting Jakarta Expression Language injections	2021-04-15 12:39:34 +01:00