hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-21 06:57:09 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,222 Commits 1,712 Branches 163 Tags
254de76078cbc7825565b4e75481b0cf22c1fa8f
Commit Graph

1979 Commits

Author SHA1 Message Date
Chris Smowton
254de76078 Remove unnecessary stubs 2021-04-15 16:20:27 +01:00
haby0
dedf765542 Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-15 22:59:22 +08:00
haby0
0e183ab4a4 Finish comment 2021-04-15 19:49:06 +08:00
haby0
d269a7e717 CWE-598 reduction 2021-04-15 19:33:15 +08:00
haby0
216f204438 delete FilterClass 2021-04-15 19:28:25 +08:00
haby0
583d0889e2 delete tomcat-embed-core stub, update the ServletGetMethod class 2021-04-15 17:40:51 +08:00
haby0
5d05e4d224 Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-15 17:28:53 +08:00
haby0
b3bdf89fc2 rm VerificationMethodFlowConfig, use springframework-5.2.3 stub 2021-04-15 10:25:40 +08:00
haby0
77208bcc91 Fix the error that there is no VerificationMethodToIfFlowConfig 2021-04-14 13:14:43 +08:00
haby0
e2ed0d02b0 Delete existsFilterVerificationMethod and existsServletVerificationMethod, add from get handler to filter 2021-04-14 12:34:52 +08:00
haby0
37dae67a0d Fix RequestResponseFlowConfig.isSink error 2021-04-14 09:55:24 +08:00
haby0
00235ed3b3 Update java/ql/src/semmle/code/java/frameworks/Servlets.qll 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-13 23:58:52 +08:00
haby0
25b012db48 Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-13 23:58:28 +08:00
haby0
7be45e7c5e Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-13 23:56:17 +08:00
haby0
6e73d13670 Update java/ql/src/semmle/code/java/frameworks/Servlets.qll 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-13 23:48:45 +08:00
haby0
be39883166 Change the class name and comment,Use .(CompileTimeConstantExpr).getStringValue() 2021-04-13 14:10:10 +08:00
haby0
1b948ac2e2 Combine two Configurations into one 2021-04-12 15:44:39 +08:00
haby0
d90527bead JsonpInjectionExpr updated to JsonpBuilderExpr 2021-04-10 10:33:21 +08:00
haby0
eeae91e620 Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-10 09:48:55 +08:00
haby0
046aeaa38c Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-10 09:37:29 +08:00
haby0
8b756d7f1b Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-10 09:27:03 +08:00
haby0
650446f761 Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-10 09:26:32 +08:00
haby0
a5ebe8c600 Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-10 09:26:08 +08:00
haby0
8a7d28a2ed Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-10 04:29:49 +08:00
haby0
4c21980d4f Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-10 04:29:30 +08:00
haby0
9635a36044 Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-10 04:29:06 +08:00
haby0
760231c004 Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-10 04:28:17 +08:00
haby0
c77c7b0a98 Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-10 04:27:16 +08:00
haby0
837f20108d Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-10 04:25:43 +08:00
haby0
157e4670fd Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.qhelp 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-10 04:25:11 +08:00
haby0
79c1374925 Update java/ql/src/semmle/code/java/frameworks/Servlets.qll 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-10 04:24:49 +08:00
haby0
1510048f7a Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.qhelp 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-10 04:23:13 +08:00
haby0
d8165145c7 Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.qhelp 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-10 04:22:44 +08:00
haby0
ebd38eaf3b Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.qhelp 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-10 04:22:08 +08:00
haby0
b8c11503f0 Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.qhelp 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-10 04:21:49 +08:00
haby0
0775d35591 update VerificationMethodFlowConfig, add if test 2021-03-29 12:02:37 +08:00
haby0
3df23eecb6 Merge remote-tracking branch 'upstream/main' into JsonHijacking 2021-03-24 15:52:01 +08:00
Chris Smowton
fa90655dd0 Partial revert: only introduce inferred taint edges from callsite-crossing value edges if an original taint edge targets the *start* of the value edge. 
Previously we would also take a taint edge targeting a result and a value-preserving edge propagating another argument to the result to imply a taint edge targeting that argument.
 2021-03-23 14:35:03 +00:00
Anders Schack-Mulligen
27408fefe2 Merge pull request #5008 from torque59/cwe-346 
Java: Queries to detect remote source flow origins to CORS header.
 2021-03-23 13:54:00 +01:00
Anders Schack-Mulligen
9a56601dd3 Merge pull request #5164 from luchua-bc/java/insecure-ldap-endpoint 
Java: CWE-297 Query to detect insecure LDAP endpoint configuration
 2021-03-23 13:53:51 +01:00
Anders Schack-Mulligen
1e6b5391d6 Merge pull request #4994 from haby0/main 
Java: CWE-652: Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')
 2021-03-23 12:05:53 +01:00
yo-h
b495e1efab Merge pull request #5411 from aschackmull/java/dataflow-lambda-dispatch 
Java: Bugfix dispatch to lambda in call context.
 2021-03-22 08:25:21 -04:00
Anders Schack-Mulligen
f681d584bd Merge pull request #5474 from Marcono1234/marcono1234/string-building-type 
Java: Add StringBuildingType
 2021-03-22 13:16:54 +01:00
haby0
fe046ec71e Merge remote-tracking branch 'upstream/main' into main 2021-03-22 17:25:37 +08:00
Marcono1234
cd059eb965 Java: Add StringBuildingType 2021-03-22 00:19:23 +01:00
Marcono1234
fa98443bb7 Java: Add value predicates for float and double literals; improve tests 2021-03-21 18:07:55 +01:00
Tom Hvitved
09a49e4580 Merge pull request #5311 from hvitved/dataflow/lambda 
Data flow: Move C# lambda flow logic into shared library
 2021-03-19 11:44:15 +01:00
haby0
c516d69b98 Merge remote-tracking branch 'upstream/main' into main 2021-03-17 16:42:48 +08:00
haby0
15206fd2ce JsonpInjection.ql autoformatted 2021-03-17 15:52:05 +08:00
haby0
98204a15a6 Fix the problem 2021-03-17 15:28:04 +08:00