hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-10 12:11:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
23,488 Commits 1,689 Branches 160 Tags
2b77f7d1bc73d7616d507c9348a47a017f667959
Commit Graph

513 Commits

Author SHA1 Message Date
haby0
2b77f7d1bc Modify isAdditionalTaintStep 2021-06-18 21:36:44 +08:00
haby0
a71757f0f4 Update java/ql/src/experimental/Security/CWE/CWE-094/JShellInjection.qhelp 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-06-18 21:36:44 +08:00
haby0
bfe0d40987 using isAdditionalTaintStep 2021-06-18 21:36:44 +08:00
haby0
3a2a99e289 Fix 1 2021-06-18 21:36:44 +08:00
haby0
ed0aabef46 add isAdditionalTaintStep 2021-06-18 21:36:44 +08:00
haby0
921b8e80a2 Jshell Injection 2021-06-18 21:36:44 +08:00
haby0
a73cb3f04a Fix error 2021-06-18 17:22:26 +08:00
haby0
0d18e4ff9c BeanShell Injection 2021-06-18 15:54:13 +08:00
Chris Smowton
7509e36382 Remove no-longer-needed BasicRequestLine model from InsecureBasicAuth.ql; adjust test expectations accordingly 2021-06-17 11:43:33 +01:00
Chris Smowton
487c1db6ed Promote SSRF query to main query set 2021-06-17 11:41:01 +01:00
Anders Schack-Mulligen
8fe2f4a554 Merge pull request #6034 from owen-mc/java/jax-rs 
Improve JAX-WS and JAX-RS models
 2021-06-17 12:35:34 +02:00
Chris Smowton
76838809bb Merge pull request #5818 from artem-smotrakov/rmi-deserialization 
Java: Unsafe RMI deserialization
 2021-06-11 13:43:07 +01:00
Owen Mansel-Chan
e0130a932e Update experimental query using NewCookie 2021-06-10 13:33:20 +01:00
Owen Mansel-Chan
ee6019a2d8 Fix tests for experimental httponly query 2021-06-10 13:31:28 +01:00
Tony Torralba
56a429a5f9 Merge branch 'main' into promote-jexl-injection 2021-06-03 11:10:56 +02:00
Anders Schack-Mulligen
5e96e28792 Java: Add missing metadata. 2021-06-02 10:24:46 +02:00
Anders Schack-Mulligen
a4661e1aca Merge pull request #5704 from edvraa/regexj 
Java: Regex injection
 2021-06-01 11:45:59 +02:00
Artem Smotrakov
8dc1451d42 Better recommendation in UnsafeDeserializationRmi.qhelp 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-06-01 12:16:09 +03:00
Artem Smotrakov
b28d639166 Fixed errors in UnsafeDeserializationRmi.qhelp 2021-05-29 09:32:08 +02:00
Artem Smotrakov
62c6bee5f8 Simplified UnsafeDeserializationRmi.ql 2021-05-29 09:21:20 +02:00
Artem Smotrakov
1b51dd47ec Added an example with deserialization filter to UnsafeDeserializationRmi.qhelp 2021-05-23 13:24:42 +02:00
Artem Smotrakov
c837605c85 Added test cases with sanitizers for UnsafeDeserializationRmi.ql 2021-05-23 13:01:22 +02:00
Artem Smotrakov
d2e29fc72c Renamed RmiUnsafeDeserialization.ql -> UnsafeDeserializationRmi.ql 2021-05-23 10:21:05 +02:00
Artem Smotrakov
2d93eeae33 Covered deserialization filters in RmiUnsafeDeserialization.ql 2021-05-23 10:21:05 +02:00
Artem Smotrakov
e28f919f3d Look for remote callable method only in RmiUnsafeDeserialization.ql 2021-05-23 10:21:05 +02:00
Artem Smotrakov
0182dfe1c0 Added RmiUnsafeDeserialization.qhelp 2021-05-23 10:21:04 +02:00
Artem Smotrakov
efa4b4f414 Cover Registry in RmiUnsafeDeserialization.ql 2021-05-23 10:21:04 +02:00
Artem Smotrakov
8b96ff9601 First draft of RmiUnsafeDeserialization.ql 2021-05-23 10:21:04 +02:00
luchua-bc
02aa9c6fc7 Optimize the sink and update qldoc 2021-05-18 16:12:23 +00:00
luchua-bc
d4323a4a54 Update qldoc 2021-05-18 16:12:23 +00:00
luchua-bc
9d392263a5 Refactor inconsistent method names 2021-05-18 16:12:23 +00:00
luchua-bc
2fa249a8eb Update method name and qldoc 2021-05-18 16:12:23 +00:00
luchua-bc
2c1374bdcf Use inline implementation for ScriptEngineFactory 2021-05-18 16:12:23 +00:00
luchua-bc
0ac8453398 Allow all arguments of methods in ScriptEngineFactory 2021-05-18 16:12:23 +00:00
luchua-bc
e4699f7fa9 Optimize the query 2021-05-18 16:12:22 +00:00
luchua-bc
d664aa6d6a Include more scenarios and update qldoc 2021-05-18 16:12:22 +00:00
luchua-bc
852bcfb5c7 Refactor the ScriptEngine query and the Rhino code injection query into one 2021-05-18 16:12:22 +00:00
luchua-bc
b0b5338359 Rhino code injection 2021-05-18 16:12:22 +00:00
Chris Smowton
4230869ee2 Merge pull request #5819 from luchua-bc/java/jpython-injection 
Java: CWE-094 Jython code injection
 2021-05-18 16:38:40 +01:00
Chris Smowton
71f540a755 Merge pull request #5844 from haby0/SpringRedirects 
[Java] CWE-601 Spring url redirection detect
 2021-05-18 16:37:40 +01:00
luchua-bc
2a0721b2ae Optimize the sink and update method name 2021-05-18 12:18:14 +00:00
haby0
e46de44473 Solve errors caused by private ownership 2021-05-18 19:56:32 +08:00
haby0
caf5f4d605 modified comment 2021-05-18 19:10:03 +08:00
haby0
a0cd551bae Add filtering of String.format 2021-05-18 11:05:10 +08:00
luchua-bc
e652d8771c Update method name and qldoc 2021-05-17 20:36:15 +00:00
luchua-bc
1497fba6f2 Remove the isAdditionalTaintStep predicate 2021-05-14 11:43:49 +00:00
haby0
498c99e26c Add left value, Add return expression tracing flow 2021-05-14 16:31:59 +08:00
haby0
02e415045f Delete RedirectBuilderFlowConfig 2021-05-13 15:48:15 +08:00
haby0
effa2b162a Add spring url redirection detect 2021-05-13 09:55:37 +08:00
luchua-bc
e7cd6c9972 Optimize the query 2021-05-11 16:56:12 +00:00