hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-10 20:21:10 +01:00
Code Issues Packages Projects Releases Wiki Activity
22,278 Commits 1,690 Branches 160 Tags
328b69f46cb2486a1e74101030cbffb039e5f4b2
Commit Graph

438 Commits

Author SHA1 Message Date
Timo Müller
328b69f46c Update java/ql/src/experimental/Security/CWE/CWE-665/InsecureRmiJmxEnvironmentConfiguration.ql 2021-06-25 16:10:20 +02:00
Timo Mueller
5aeeb3a801 Fixed and validated qhelp 2021-06-25 15:37:47 +02:00
Timo Müller
d0478eac95 XML validation and spelling/ordering changes 
* XML validation and summary changes in qhelp file
;

* Encode entities within <code> snippet

* Updated minor descriptions and examples

* Implemented spelling review
 2021-06-25 09:45:46 +02:00
Chris Smowton
4ddf4558a7 Merged simplified query 2021-06-04 16:07:15 +02:00
Timo Müller
f44b97c1c3 Apply suggestions from code review 
Improved variable naming in examples and some documentation clearup

Co-authored-by: Chris Smowton <smowton@github.com>
 2021-05-25 13:03:07 +02:00
Timo Müller
e7021ffbee Apply suggestions from code review 
More clear or precise wording within the documentation

Co-authored-by: Chris Smowton <smowton@github.com>
 2021-05-25 12:53:47 +02:00
Timo Müller
a65481d24b Apply suggestions from code review more precise help text 2021-05-04 17:30:49 +02:00
Timo Müller
65642df1a0 Apply suggestions from code review for help text 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-05-04 17:28:34 +02:00
Timo Mueller
152f4862ec Reworked the references a bit 2021-05-04 16:10:15 +02:00
Timo Mueller
81363a8843 Some better (and more styleguide compliant) descriptions within the query. 2021-05-04 15:57:47 +02:00
Timo Mueller
f7437422c1 InstanceOf check instead of comparing classnames 2021-05-04 15:51:40 +02:00
Timo Mueller
fd52135f29 Removed unnecessary check for type 2021-05-04 15:45:30 +02:00
Timo Müller
c476b6c088 Fix accordance to style guide 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-05-04 14:00:01 +02:00
Timo Müller
030e2bdd9b Fix accordance to style guide 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-05-04 13:59:52 +02:00
Timo Müller
ab308b5e9e Fix accordance to style guide 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-05-04 13:59:43 +02:00
Timo Müller
485a3a139a Fixed content to confirm with the style guide 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-05-04 13:58:38 +02:00
Timo Müller
45443baf84 Fixed Typo 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-05-04 13:58:00 +02:00
Timo Müller
1fd2be3879 Added more clear reference 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-05-04 13:57:19 +02:00
Timo Müller
7026d82a72 Fixed typo 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-05-04 13:53:14 +02:00
Timo Müller
f28e994121 Update java/ql/src/experimental/Security/CWE/CWE-665/InsecureRmiJmxEnvironmentConfiguration.qhelp 
More descriptive (and PC) description.

Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-05-04 13:52:47 +02:00
Timo Mueller
c22eeacbfc Fixed accidential double init of variable 2021-04-30 16:28:56 +02:00
Timo Mueller
61d053f6b3 Fixed missing metadata description 2021-04-30 16:28:17 +02:00
Timo Mueller
15a3068f8a Added query for insecure environment configuration RMI JMX (CVE-2016-8735) 2021-04-30 16:23:17 +02:00
Chris Smowton
ad9ea40954 Merge pull request #5597 from intrigus-lgtm/java/jwt-insecure-parse 
[Java] JWT without signature check.
 2021-04-29 14:41:11 +01:00
intrigus
b1a3633495 Java: Remove redundant condition + docs. 2021-04-23 22:06:04 +02:00
intrigus
98dcd4e52b Java: Tighten definition of sink. 2021-04-23 00:14:48 +02:00
intrigus
a385b30c29 Java: Factor common expr into class. 2021-04-22 23:51:27 +02:00
intrigus-lgtm
958e2fab05 Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-22 23:36:17 +02:00
intrigus
231b07795c Java: Ignore results in test directories. 2021-04-20 23:25:13 +02:00
intrigus
fcaf5e7657 Java: Plural type name -> singular type name. 2021-04-20 23:09:44 +02:00
intrigus
3acec94773 Java: Fix typos. 2021-04-20 23:04:06 +02:00
intrigus
149c4491ce Java: Simplify qldoc. 2021-04-20 23:03:10 +02:00
intrigus
9e4fa90f6e Java: Refer to Java types in qldoc instead of ql types. 2021-04-20 23:02:18 +02:00
intrigus
26502881d7 Java: Consistently use this in charpred. 2021-04-20 22:56:58 +02:00
Chris Smowton
9bfb0d93ca Autoformat QL 2021-04-20 13:59:09 +01:00
Chris Smowton
0ec3ee29e4 Style last use of SecureASTCustomizer 2021-04-20 12:44:49 +01:00
Hayk Andriasyan
bb58a50503 Update GroovyInjection.qhelp 2021-04-20 15:41:58 +04:00
p0wn4j
f2de440886 [Java] CWE-094: Query to detect Groovy Code Injections 2021-04-20 19:18:24 +04:00
Mathias Vorreiter Pedersen
e36b42a03f Java: Fix invalid id in experimental query 
The invalid id broke CI here: https://github.com/github/codeql/pull/5703 (see https://github.slack.com/archives/CPSEA0G22/p1618602834224600)
 2021-04-17 09:47:15 +02:00
Anders Schack-Mulligen
605f28f741 Merge pull request #5686 from smowton/haby0/JsonHijacking 
Java: JSONP Injection w/cleanups
 2021-04-16 11:09:17 +02:00
Chris Smowton
c37994089c Revert changes to unrelated query 2021-04-15 16:24:29 +01:00
haby0
dedf765542 Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-15 22:59:22 +08:00
haby0
0e183ab4a4 Finish comment 2021-04-15 19:49:06 +08:00
Chris Smowton
fa36ba901a Merge pull request #5471 from artem-smotrakov/el-injection 
Java: Query for detecting Jakarta Expression Language injections
 2021-04-15 12:39:34 +01:00
haby0
d269a7e717 CWE-598 reduction 2021-04-15 19:33:15 +08:00
haby0
583d0889e2 delete tomcat-embed-core stub, update the ServletGetMethod class 2021-04-15 17:40:51 +08:00
haby0
5d05e4d224 Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-15 17:28:53 +08:00
haby0
b3bdf89fc2 rm VerificationMethodFlowConfig, use springframework-5.2.3 stub 2021-04-15 10:25:40 +08:00
haby0
77208bcc91 Fix the error that there is no VerificationMethodToIfFlowConfig 2021-04-14 13:14:43 +08:00
haby0
e2ed0d02b0 Delete existsFilterVerificationMethod and existsServletVerificationMethod, add from get handler to filter 2021-04-14 12:34:52 +08:00