hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity
45,584 Commits 1,673 Branches 157 Tags
530b29ccdfb42bcb8173f270e2f89d76bc20c2bc
Commit Graph

918 Commits

Author SHA1 Message Date
Raul Garcia
8a48708014 Update java/ql/src/experimental/Security/CWE/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-07-12 08:14:13 -07:00
Raul Garcia
2bac181094 Update java/ql/src/experimental/Security/CWE/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-07-12 08:13:53 -07:00
Raul Garcia
a4e35a97ea Update java/ql/src/experimental/Security/CWE/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-07-12 08:13:38 -07:00
Raul Garcia
a51d713925 Update java/ql/src/experimental/Security/CWE/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-07-12 08:13:12 -07:00
Raul Garcia
d5791e2d56 Addressing feedback from the PR 2022-07-11 15:45:15 -07:00
Raul Garcia
ac05577966 Making various changes based on the feedback. Pending: 2 non-trivial fixes for Java & Python. 2022-07-11 13:25:35 -07:00
Chris Smowton
74641ccfee Simplify test for no-arg constructor 2022-07-11 11:01:19 +01:00
Raul Garcia
01da877d0e Moving the new query to experimental. It was added to the wrong folder initially. 2022-07-06 14:07:14 -07:00
Anders Schack-Mulligen
df6d68b215 Merge pull request #9618 from aschackmull/dataflow/deprecate-barrierguard-class 
Dataflow: Deprecate BarrierGuard class
 2022-06-22 10:44:08 +02:00
Michael Nebel
b6ccaf14f6 Java: Update Log4J models with provenance information. 2022-06-20 16:20:02 +02:00
Michael Nebel
733fc16902 Java: Update ThreadResourceAbuse specific models with provenance information. 2022-06-20 16:20:02 +02:00
Michael Nebel
2e46e93f36 Java: Update java models with provenance column information. 2022-06-20 16:20:02 +02:00
Anders Schack-Mulligen
33deff9bae Java: Deprecate BarrierGuard class. 2022-06-16 11:25:28 +02:00
Tony Torralba
98f70dc7d3 Remove org.dom4j.DocumentHelper:parseText as XXE sink 2022-05-20 14:45:26 +02:00
Erik Krogh Kristensen
215a6a72cc Merge branch 'main' into useStringComp 2022-05-18 10:55:31 +02:00
Erik Krogh Kristensen
7245591468 Merge pull request #7763 from erik-krogh/unused-field 
QL: add unused-field query
 2022-05-18 09:15:16 +02:00
Erik Krogh Kristensen
86e97c32d6 fix all ql/use-string-compare 2022-05-17 14:11:05 +02:00
Nick Rolfe
128fac4414 Java: fix typos in comments 2022-05-12 14:28:49 +01:00
Ian Lynagh
cfde0a1491 Merge pull request #9109 from igfoo/igfoo/kotlin_merge 
Initial Kotlin support
 2022-05-11 16:16:22 +01:00
Tony Torralba
5be30209c1 Merge pull request #9036 from luchua-bc/java/hardcoded-jwt-key 
Java: CWE-321 Query to detect hardcoded JWT secret keys
 2022-05-11 16:31:34 +02:00
Chris Smowton
f7e1f3e1a5 Remove URL fragment from Google search 2022-05-11 14:38:09 +01:00
Ian Lynagh
c0a755e061 Merge remote-tracking branch 'upstream/main' into igfoo/kotlin_merge 
Resolving conflicts:
	java/ql/lib/semmle/code/java/Expr.qll
 2022-05-11 14:13:09 +01:00
luchua-bc
f85c01c975 Correct string source 2022-05-11 10:37:22 +00:00
Tony Torralba
a5a31db835 Rename AnyEqualsExpr and AnyNotEqualsExpr 2022-05-10 19:51:31 +01:00
Chris Smowton
7dec3f4835 Use EqualityTest for either value or ref comparions, and ReferenceEqualityTest for strictly ref comparison. 2022-05-10 19:51:17 +01:00
Chris Smowton
f95effcf82 Always extract ValueEQ/NEExpr for Kotlin ==/!= 
I introduce AnyEqualsExpr for either reference or value equality and AnyEqualityTest for the same concept including not-equals operators, and use them wherever the written QL clearly doesn't care about the difference between reference and value comparison, typically because it is concerned with testing against null or against a primitive constant.
 2022-05-10 19:51:17 +01:00
luchua-bc
75e7148912 Standardize the query and update qldoc 2022-05-09 16:10:11 +00:00
Marcono1234
c760d39d59 Merge remote-tracking branch 'remotes/origin/main' into marcono1234/statement-expression 2022-05-09 00:28:19 +02:00
Marcono1234
36f56b5a18 Java: Rename StmtExpr to ValueDiscardingExpr 
As mentioned by aschackmull during review, StatementExpression as defined
by the JLS only lists possible types of expressions, it does _not_ specify
that their value is discarded. Therefore, for example any method call could
be considered a StatementExpression.

The name ValueDiscardingExpr was chosen as replacement because the JLS uses
the phrase "if the expression has a value, the value is discarded" multiple
times.
 2022-05-09 00:27:15 +02:00
luchua-bc
937ab417b1 Query to detect hardcoded JWT secret keys 2022-05-04 23:09:48 +00:00
Tony Torralba
b876431950 Merge pull request #8706 from luchua-bc/java/unsafe-get-resource 
Java: CWE-552 Add sources and sinks to to detect unsafe getResource calls in Java EE applications
 2022-05-04 10:12:28 +02:00
Tony Torralba
02822c6284 Merge pull request #9013 from atorralba/atorralba/private-externalflow-imports 
Java: Make more ExternalFlow imports private
 2022-05-03 16:02:09 +02:00
Tony Torralba
c66e583aea Make more ExternalFlow imports private 2022-05-03 10:31:29 +02:00
luchua-bc
920a7cd2e6 Put back the taint step removed during merge 2022-04-29 20:29:04 +00:00
luchua-bc
0aa1251ffe Add more test cases 2022-04-29 02:31:43 +00:00
Chuan-kai Lin
d6f0bbb816 Fix syntax errors in QL comments 2022-04-28 11:53:36 -07:00
luchua-bc
590b9d8519 Standardize the query and update qldoc 2022-04-27 22:17:17 +00:00
Tony Torralba
e99cee4913 Merge branch 'main' into java/unsafe-get-resource 2022-04-27 16:45:42 +02:00
Tony Torralba
b69d81ce24 Make all imports of ExternalFlow private 2022-04-26 13:48:44 +02:00
luchua-bc
f0c4b1955b Change getResource() to be a taint step 2022-04-19 15:55:09 +00:00
luchua-bc
7029802f3b Add sinks for getClass() and getClassLoader() 2022-04-11 21:03:48 +00:00
Marcono1234
7bed14bbf0 Merge remote-tracking branch 'remotes/origin/main' into marcono1234/statement-expression 2022-04-10 18:23:45 +02:00
luchua-bc
eccd97c7b7 Query to detect unsafe getResource calls in Java EE applications 2022-04-09 01:14:15 +00:00
Tom Hvitved
b91858e7cf Java: Implement ContentSet 2022-04-04 13:51:44 +02:00
Anders Schack-Mulligen
f28da00ec4 Java: Fix qldoc as followup to https://github.com/github/codeql/pull/8323 2022-03-31 12:50:36 +02:00
Chris Smowton
9675f34cf5 Merge pull request #8257 from luchua-bc/java/insecure-webview-resource-response 
Java: CWE-200 Query to detect insecure WebResourceResponse implementation
 2022-03-30 15:56:27 +01:00
luchua-bc
fa2a6a7da3 Remove unnecessary taint step and update qldoc 2022-03-29 17:52:49 +00:00
Tony Torralba
e564481e9f Organize imports 2022-03-29 11:38:24 +02:00
Tony Torralba
6799838ece Simplification 2022-03-29 09:43:37 +02:00
luchua-bc
833d842113 Drop the getPath check from the library 2022-03-28 20:14:40 +00:00