Chris Smowton
|
0afe22d60c
|
Merge pull request #5710 from p0wn4j/jsch-os-injection
[Java] CWE-078: Add JSch lib OS Command Injection sink
|
2021-05-10 16:12:00 +01:00 |
|
Hayk Andriasyan
|
fd88b72101
|
Delete JSchOSInjection.qhelp
|
2021-05-08 12:51:15 +04:00 |
|
Tony Torralba
|
26c3ff2cee
|
Move from experimental to standard
|
2021-05-06 09:18:49 +02:00 |
|
Tony Torralba
|
215118c7ea
|
Fixes in QLDocs and imports
|
2021-05-06 09:18:49 +02:00 |
|
Tony Torralba
|
d739a8cac2
|
Moved configuration from XPath.qll back to XPath Injection query
|
2021-05-06 09:18:48 +02:00 |
|
Tony Torralba
|
ed5619498c
|
WIP: XPath Injection promotion
|
2021-05-06 09:18:48 +02:00 |
|
Felicity Chapman
|
8b2009cfb1
|
Minor updates to qhelp file
|
2021-05-05 12:36:29 +01:00 |
|
Jaroslav Lobačevski
|
38bce39baa
|
Update UncaughtServletException.qhelp
There is no single word in https://cwe.mitre.org/data/definitions/600.html about possible DoS or unexpected state.
|
2021-05-03 15:06:57 +03:00 |
|
Chris Smowton
|
b2c0259197
|
Merge pull request #5631 from haby0/UseOfLessTrustedSource
[Java] CWE-348: Using a client-supplied IP address in a security check
|
2021-04-30 15:20:53 +01:00 |
|
haby0
|
fdcc517b9f
|
UseOfLessTrustedSource -> ClientSuppliedIpUsedInSecurityCheck"
|
2021-04-30 17:43:34 +08:00 |
|
haby0
|
f41301f8f5
|
Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.java
Co-authored-by: Chris Smowton <smowton@github.com>
|
2021-04-30 16:55:17 +08:00 |
|
haby0
|
0691cac5ab
|
Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSourceLib.qll
Co-authored-by: Chris Smowton <smowton@github.com>
|
2021-04-30 16:54:41 +08:00 |
|
haby0
|
8142810455
|
Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.qhelp
Co-authored-by: Chris Smowton <smowton@github.com>
|
2021-04-30 16:54:28 +08:00 |
|
haby0
|
711a74c9c9
|
Eliminate false positives\
|
2021-04-30 10:31:40 +08:00 |
|
Chris Smowton
|
ad9ea40954
|
Merge pull request #5597 from intrigus-lgtm/java/jwt-insecure-parse
[Java] JWT without signature check.
|
2021-04-29 14:41:11 +01:00 |
|
haby0
|
e813257431
|
use hardCode
|
2021-04-29 21:23:52 +08:00 |
|
haby0
|
b0f745365d
|
Node type restriction
|
2021-04-28 14:32:25 +08:00 |
|
haby0
|
5be9fbbc5a
|
Remove LogOperationSink and PrintSink
|
2021-04-27 14:12:33 +08:00 |
|
Hayk Andriasyan
|
7455b1b4f0
|
Update JSchOSInjectionSanitized.java
|
2021-04-26 15:17:57 +04:00 |
|
p0wn4j
|
3d891f0b39
|
[Java] CWE-078: Add JSch OS command injection sink
|
2021-04-26 18:20:32 +04:00 |
|
intrigus
|
b1a3633495
|
Java: Remove redundant condition + docs.
|
2021-04-23 22:06:04 +02:00 |
|
intrigus
|
98dcd4e52b
|
Java: Tighten definition of sink.
|
2021-04-23 00:14:48 +02:00 |
|
intrigus
|
a385b30c29
|
Java: Factor common expr into class.
|
2021-04-22 23:51:27 +02:00 |
|
intrigus-lgtm
|
958e2fab05
|
Apply suggestions from code review
Co-authored-by: Chris Smowton <smowton@github.com>
|
2021-04-22 23:36:17 +02:00 |
|
haby0
|
407dcea751
|
add String type startsWith
|
2021-04-22 19:20:54 +08:00 |
|
haby0
|
9b4442be8b
|
Fix some errors
|
2021-04-22 19:01:55 +08:00 |
|
haby0
|
454324781d
|
delete IfStmt
|
2021-04-22 11:59:33 +08:00 |
|
haby0
|
84f00c21df
|
update IfConditionSink.
|
2021-04-21 15:38:41 +08:00 |
|
intrigus
|
231b07795c
|
Java: Ignore results in test directories.
|
2021-04-20 23:25:13 +02:00 |
|
intrigus
|
fcaf5e7657
|
Java: Plural type name -> singular type name.
|
2021-04-20 23:09:44 +02:00 |
|
intrigus
|
3acec94773
|
Java: Fix typos.
|
2021-04-20 23:04:06 +02:00 |
|
intrigus
|
149c4491ce
|
Java: Simplify qldoc.
|
2021-04-20 23:03:10 +02:00 |
|
intrigus
|
9e4fa90f6e
|
Java: Refer to Java types in qldoc instead of ql types.
|
2021-04-20 23:02:18 +02:00 |
|
intrigus
|
26502881d7
|
Java: Consistently use this in charpred.
|
2021-04-20 22:56:58 +02:00 |
|
Chris Smowton
|
9bfb0d93ca
|
Autoformat QL
|
2021-04-20 13:59:09 +01:00 |
|
Chris Smowton
|
0ec3ee29e4
|
Style last use of SecureASTCustomizer
|
2021-04-20 12:44:49 +01:00 |
|
Hayk Andriasyan
|
bb58a50503
|
Update GroovyInjection.qhelp
|
2021-04-20 15:41:58 +04:00 |
|
p0wn4j
|
f2de440886
|
[Java] CWE-094: Query to detect Groovy Code Injections
|
2021-04-20 19:18:24 +04:00 |
|
haby0
|
3e376f95c4
|
Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.ql
Co-authored-by: Chris Smowton <smowton@github.com>
|
2021-04-20 19:36:16 +08:00 |
|
haby0
|
b1ee864ad9
|
Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.ql
Co-authored-by: Chris Smowton <smowton@github.com>
|
2021-04-20 19:35:52 +08:00 |
|
haby0
|
9e87f4ec4e
|
Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.ql
Co-authored-by: Chris Smowton <smowton@github.com>
|
2021-04-20 19:35:34 +08:00 |
|
haby0
|
408dd31d3c
|
Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.qhelp
Co-authored-by: Chris Smowton <smowton@github.com>
|
2021-04-20 19:34:37 +08:00 |
|
haby0
|
9ece4dac0f
|
Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.qhelp
Co-authored-by: Chris Smowton <smowton@github.com>
|
2021-04-20 19:33:47 +08:00 |
|
haby0
|
d82878ac3b
|
Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.qhelp
Co-authored-by: Chris Smowton <smowton@github.com>
|
2021-04-20 19:33:06 +08:00 |
|
haby0
|
0b1637a409
|
Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.qhelp
Co-authored-by: Chris Smowton <smowton@github.com>
|
2021-04-20 19:32:39 +08:00 |
|
haby0
|
b60bffaf83
|
Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSourceLib.qll
Co-authored-by: Chris Smowton <smowton@github.com>
|
2021-04-20 19:31:59 +08:00 |
|
haby0
|
0053158884
|
update qhelp file and ql comments
|
2021-04-20 10:58:54 +08:00 |
|
haby0
|
8296abcea8
|
Fix Modify the ql query (the qhelp part is not modified).
|
2021-04-19 20:59:47 +08:00 |
|
haby0
|
23b508c5e7
|
Merge remote-tracking branch 'upstream/main' into UseOfLessTrustedSource
|
2021-04-19 20:05:49 +08:00 |
|
Mathias Vorreiter Pedersen
|
e36b42a03f
|
Java: Fix invalid id in experimental query
The invalid id broke CI here: https://github.com/github/codeql/pull/5703 (see https://github.slack.com/archives/CPSEA0G22/p1618602834224600)
|
2021-04-17 09:47:15 +02:00 |
|