hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-15 06:23:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,840 Commits 1,690 Branches 160 Tags
38de9b64335051d9d09b341bff8eb6db7b162ffd
Commit Graph

163 Commits

Author SHA1 Message Date
Porcupiney Hairs
38de9b6433 add request forgery query 2020-11-10 01:19:35 +05:30
Anders Schack-Mulligen
0d926dcf70 Java: Tweak qhelp to make it markdown-compatible. 2020-10-29 14:39:01 +01:00
Anders Schack-Mulligen
34ae6e0576 Apply suggestions from code review 
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2020-10-28 09:15:08 +01:00
Alvaro Muñoz
77b551b693 Update java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.qhelp 
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2020-10-27 21:12:17 +01:00
Alvaro Muñoz
b9c75ea462 Update java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.qhelp 
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2020-10-27 21:12:00 +01:00
Alvaro Muñoz
ac116da0dc Update java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.qhelp 
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2020-10-27 21:11:48 +01:00
Alvaro Muñoz
d5b470ea0c Update java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.qhelp 
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2020-10-27 21:11:27 +01:00
Alvaro Muñoz
9785013c29 Update java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.qhelp 
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2020-10-27 21:11:15 +01:00
Alvaro Muñoz
d221930c81 Update java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.qhelp 
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2020-10-27 21:10:56 +01:00
Alvaro Muñoz
1fdf0556d2 more fixes to make qlhelp linter happy 2020-10-27 17:05:00 +01:00
Alvaro Muñoz
aa981caea5 more fixes to make qlhelp linter happy 2020-10-27 16:32:13 +01:00
Alvaro Muñoz
8974f252ac fix format and qlhelp errors blocking the merge 2020-10-27 16:19:39 +01:00
Alvaro Muñoz
11e57bd2f8 add change note for new Insecure Bean Validation query 2020-10-27 16:11:51 +01:00
Alvaro Muñoz
a274a1516a move source to FlowSources.qll 2020-10-27 15:47:54 +01:00
Alvaro Muñoz
2bab9d22e9 move query out of experimental 2020-10-27 15:47:54 +01:00
Anders Schack-Mulligen
a806a4f086 Merge pull request #4312 from JLLeitschuh/feat/JLL/java/jhipster_CVE-2019-16303 
Java: QL Query Detector for JHipster Generated CVE-2019-16303
 2020-10-16 15:47:09 +02:00
Jonathan Leitschuh
48f4b6c058 Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2020-10-12 11:16:21 -04:00
Jonathan Leitschuh
895f4d0ea6 JHipster Vuln: Add GOOD/BAD & release note links 2020-10-12 11:00:05 -04:00
Jonathan Leitschuh
8272d591b6 Apply suggestions from code review 
https://github.com/github/codeql/pull/4312

Co-authored-by: Felicity Chapman <felicitymay@github.com>
Co-authored-by: Arthur Baars <aibaars@github.com>
 2020-10-05 14:12:03 -04:00
Jonathan Leitschuh
ab3772eaeb Update JHipster CodeQL query from code review 2020-10-01 15:38:56 -04:00
Chris Smowton
578ea1ae43 Fix OWASP broken links 2020-10-01 13:09:52 +01:00
Jonathan Leitschuh
17603c8091 Update java/ql/src/Security/CWE/CWE-338/JHipsterGeneratedPRNG.qhelp 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2020-09-23 13:59:49 -04:00
Jonathan Leitschuh
8578bc5cf0 Update java/ql/src/Security/CWE/CWE-338/JHipsterGeneratedPRNG.qhelp 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2020-09-22 15:02:00 -04:00
Jonathan Leitschuh
24fe3d0663 Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2020-09-22 13:11:11 -04:00
Anders Schack-Mulligen
47506a859e Merge pull request #4287 from joefarebrother/exectainted-array 
Java: Improve the ExecTainted query
 2020-09-22 13:16:05 +02:00
Jonathan Leitschuh
ab618dcf2f Java: QL Query Detector for JHipster Generated CVE-2019-16303 2020-09-21 18:46:13 -04:00
lcartey@github.com
39200566c3 Java: Update CWE claims for XXE. 
This matches the claims in the C# equivalent.
 2020-09-18 12:30:52 +01:00
lcartey@github.com
32f43a84be Java: Add CWE 564 (SQL Injection: Hibernate) 2020-09-18 10:20:21 +01:00
Joe
b6cf1cce20 Java: Make the equivalent changes to ExecTaintedLocal 2020-09-17 15:53:04 +01:00
Joe
6bfc0afaeb Java: Improve the ExecTainted query 2020-09-17 15:39:35 +01:00
Mathias Vorreiter Pedersen
9de1fb7c18 Merge pull request #4222 from jbj/BlockStmt 
C++/Java/JS: Rename Block -> BlockStmt
 2020-09-09 10:02:37 +02:00
Jonas Jensen
464d3630a2 Java: Rename Block -> BlockStmt 2020-09-08 08:40:20 +02:00
Anders Schack-Mulligen
89829e870d Java: Clean up SqlInjectionLib. 2020-09-02 11:17:56 +02:00
Anders Schack-Mulligen
cc61e6117e Merge pull request #3542 from porcupineyhairs/mongoJava 
Java : add MongoDB injection sinks
 2020-09-01 16:19:17 +02:00
Anders Schack-Mulligen
beca44ec2f Merge pull request #4172 from rvermeulen/java/xss-sink-extensible 
Java: Customizable XSS analysis
 2020-09-01 09:27:50 +02:00
CodeQL CI
9d6b2e7684 Merge pull request #4042 from aschackmull/java/xsssink-extensible 
Approved by aibaars
 2020-08-31 11:54:25 +01:00
Porcupiney Hairs
441825919c Java : add MongoDB injection sinks 2020-08-31 02:24:23 +05:30
Remco Vermeulen
8db5c4f2e2 Abstract additional taint step 2020-08-17 10:41:27 +02:00
Remco Vermeulen
518459c0f7 Abstract Xss sanitizer 
Turn the Xss sanitizer into an abstract class to support customizations
and provide a default implementation.
 2020-08-17 10:31:44 +02:00
Anders Schack-Mulligen
8891ae70b6 Merge pull request #3938 from lcartey/java/untrusted-data-to-external-api 
Java: Untrusted data used in external APIs
 2020-08-13 09:53:57 +02:00
lcartey@github.com
6f83c55ebd Java: Switch to low as a precision 
Code Scanning doesn't support "very-low"
 2020-08-12 13:48:59 +01:00
Luke Cartey
56ff8cf084 Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2020-08-12 13:12:06 +01:00
lcartey@github.com
6b6172fa5b Java: ExternalAPIs: Further review comments 
- Extra qldoc
 - Remove unnecessary module
 2020-08-12 09:21:14 +01:00
lcartey@github.com
e1d4b98923 Java: Add further missing </p> to qhelp 2020-08-11 15:28:55 +01:00
lcartey@github.com
8a65dd2cd6 Java: Address review comments 2020-08-11 15:28:06 +01:00
Anders Schack-Mulligen
99c9524639 Java: Make XssSink extensible. 2020-08-11 13:09:27 +02:00
Anders Schack-Mulligen
77db87efb7 Merge pull request #3968 from rvermeulen/java-importable-cwe-090 
Java: Move LDAP injection sinks, sanitizers, and additional taint steps to importable location
 2020-08-07 11:57:51 +02:00
Anders Schack-Mulligen
f9de8eb3b4 Java: Update precision of java/weak-cryptographic-algorithm. 2020-08-07 09:40:21 +02:00
Remco Vermeulen
7f7ad88dea Limit LdapAdditionalTaintStep to Ldap configuration 2020-08-06 11:35:03 +02:00
Anders Schack-Mulligen
205dd1aead Merge pull request #3881 from intrigus-lgtm/more-pathcreations 
Java: Centralize and model additional path creations.
 2020-08-06 11:21:39 +02:00