3671 Commits

Author	SHA1	Message	Date
Erik Krogh Kristensen	f106e064fa	Merge pull request #9422 from erik-krogh/refacReDoS ... Refactorizations of the ReDoS libraries	2022-08-16 09:32:08 +02:00
Chris Smowton	774e379eb1	Merge pull request #9742 from smehta23/feat/SM/java_partial_path_traversal_vulnerability ... [JAVA] Partial Path Traversal Vuln Query	2022-08-15 12:56:16 +01:00
Erik Krogh Kristensen	0adb588fe8	Merge pull request #9712 from erik-krogh/badRange ... JS/RB/PY/Java: add suspicious range query	2022-08-15 13:55:44 +02:00
Chris Smowton	1a3dc1d6eb	Remove extra closing tag	2022-08-15 11:31:53 +01:00
Chris Smowton	5677e38994	Style edit	2022-08-15 10:37:55 +01:00
Chris Smowton	3cf871e9e5	Apply docs suggestions ... Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>	2022-08-15 10:34:55 +01:00
erik-krogh	b54f037424	Merge branch 'main' into refacReDoS	2022-08-12 20:28:30 +02:00
Anders Schack-Mulligen	ecc15a1f95	Java: Remove SensitiveLoggingQuery results that flow through a source.	2022-08-10 14:28:07 +02:00
Chris Smowton	09e4c6b66b	Add dataflow path-graph	2022-08-10 10:37:55 +01:00
Chris Smowton	2ca0b0c6b5	Inline qhelp overview ... A <p> at the top isn't allowed, and for some reason the inclusion is required to be a valid qhelp file.	2022-08-10 10:37:48 +01:00
Erik Krogh Kristensen	559ec7ba56	Merge branch 'main' into repeatedWord	2022-08-09 21:22:47 +02:00
smehta23	cf68a11267	Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.qhelp ... Co-authored-by: Chris Smowton <smowton@github.com>	2022-08-09 11:59:28 -07:00
smehta23	4d80fd0b00	Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.qhelp ... Co-authored-by: Chris Smowton <smowton@github.com>	2022-08-09 11:59:14 -07:00
smehta23	7da07400ea	Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversalFromRemote.qhelp ... Co-authored-by: Chris Smowton <smowton@github.com>	2022-08-09 11:59:03 -07:00
smehta23	c2b670eff8	Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversalFromRemote.qhelp ... Co-authored-by: Chris Smowton <smowton@github.com>	2022-08-09 11:58:55 -07:00
Erik Krogh Kristensen	49276b1f38	Merge branch 'main' into refacReDoS	2022-08-09 16:18:46 +02:00
Erik Krogh Kristensen	0abbd50ca1	apply changes based on docs review	2022-08-09 13:51:40 +02:00
Shyam Mehta	af92fc389b	Update PartialPathTraversalFromRemote.qhelp	2022-08-08 17:37:57 -04:00
Shyam Mehta	50b4df52f0	Fixed precision labels	2022-08-08 17:36:04 -04:00
Shyam Mehta	9d3e8ec475	Update PartialPathTraversalFromRemote.qhelp	2022-08-08 17:35:36 -04:00
smehta23	4f1bc3022c	Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversalFromRemote.ql ... Co-authored-by: Chris Smowton <smowton@github.com>	2022-08-08 17:09:43 -04:00
Joe Farebrother	e9f9e681ef	Change man-in-the-middle back to machine-in-the-middle ... (gender-neutral language) This reverts commit d5ab330450d3f5c1d36d0d9b6a8f1dc32bc908e3.	2022-08-05 12:56:21 +01:00
Joe Farebrother	79b1f24133	Change machine-in-the-middle to man-in-the-middle	2022-08-05 12:56:20 +01:00
Joe Farebrother	04df556861	Add suggested reference	2022-08-05 12:56:20 +01:00
Joe Farebrother	abf894a64c	Fix typos	2022-08-05 12:56:20 +01:00
Joe Farebrother	0d09484efc	Add change note	2022-08-05 12:56:19 +01:00
Joe Farebrother	f8ccbcba70	Add qhelp	2022-08-05 12:56:19 +01:00
Joe Farebrother	16e16f08dc	Add webview cert validation query	2022-08-05 12:56:18 +01:00
Anders Schack-Mulligen	43d4324f65	Java: Improve performance of ConfusingOverloading.	2022-08-04 16:05:30 +02:00
Anders Schack-Mulligen	c2b99747d4	Merge pull request #9951 from aschackmull/java/notintersect-perf ... Java: Improve join-order for `not haveIntersection`.	2022-08-04 11:08:02 +02:00
Chris Smowton	af274354a0	Merge pull request #9956 from github/smowton/feature/tainted-path-query-mad ... Make java/path-injection recognise create-file MaD sinks	2022-08-04 08:59:59 +01:00
Shyam Mehta	76cecc170e	Fix documentation	2022-08-03 14:30:17 -04:00
Chris Smowton	977823bd76	Create 2022-08-03-tainted-path-mad.md	2022-08-03 10:54:35 +01:00
Chris Smowton	84a4b6a866	Make reporting locations consistent with PathCreation; add test	2022-08-03 10:42:09 +01:00
Rasmus Wriedt Larsen	8fb85a98d8	Merge branch 'main' into post-release-prep/codeql-cli-2.10.2	2022-08-03 10:42:02 +02:00
Chris Smowton	83498f58db	Add missing import	2022-08-03 08:53:43 +01:00
Chris Smowton	81f3bcd802	Don't require a PathCreation for every tainted-path sink	2022-08-02 21:30:06 +01:00
Chris Smowton	c95f17fdf2	Make java/path-injection recognise create-file MaD sinks	2022-08-02 21:28:00 +01:00
Anders Schack-Mulligen	aabdf84300	Java: Improve join-order for not haveIntersection.	2022-08-02 14:29:03 +02:00
Anders Schack-Mulligen	80bba605e3	Java: Fix join-order in SameNameAsSuper.	2022-08-02 12:49:21 +02:00
github-actions[bot]	e8747d3176	Post-release preparation for codeql-cli-2.10.2	2022-07-28 20:00:09 +00:00
github-actions[bot]	212786ed91	Release preparation for version 2.10.2	2022-07-28 13:38:35 +00:00
Shyam Mehta	09ec37943c	Partial Path Traversal split into 2 queries	2022-07-20 17:53:26 -04:00
smehta23	b7e522749f	Apply suggestions from code review ... Co-authored-by: Chris Smowton <smowton@github.com> Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2022-07-20 15:32:59 -04:00
Asger F	b9bdee6651	Merge branch 'main' into post-release-prep/codeql-cli-2.10.1	2022-07-19 16:24:35 +02:00
Raul Garcia	eefa659503	Update java/ql/src/experimental/Security/CWE/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql ... Co-authored-by: yo-h <55373593+yo-h@users.noreply.github.com>	2022-07-16 08:23:59 -07:00
Raul Garcia	fe789c8aa9	Update java/ql/src/experimental/Security/CWE/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql ... Co-authored-by: yo-h <55373593+yo-h@users.noreply.github.com>	2022-07-16 08:22:18 -07:00
github-actions[bot]	0ee476129a	Post-release preparation for codeql-cli-2.10.1	2022-07-14 14:38:49 +00:00
Erik Krogh Kristensen	85a652f3d1	remove a bunch of repeated words	2022-07-14 12:42:48 +02:00
Jeroen Ketema	fe1f1bb79d	Fix issues with change notes	2022-07-14 11:06:14 +02:00