hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-25 19:33:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,285 Commits 1,692 Branches 161 Tags
54aefe0dce9012b3dba28b828ea2d3b5d35023d2
Commit Graph

1276 Commits

Author SHA1 Message Date
Joe Farebrother
54aefe0dce Copy experimental query to main 2025-10-13 14:50:51 +01:00
Jami
3675e4bb4f Merge branch 'main' into jcogs33/java/insecure-spring-actuator-config-promotion 2025-08-26 08:02:17 -04:00
Owen Mansel-Chan
472a6b5fe1 Merge pull request #20018 from owen-mc/java/snakeyaml-safe-unsafe-deserialization 
Java: Update qhelp: SnakeYaml is safe from version 2.0
 2025-07-21 12:22:36 +01:00
Nora Dimitrijević
fbee6bbe21 Merge pull request #20077 from d10c/d10c/diff-informed-phase-3-java 
Java: Diff-informed queries: phase 3 (non-trivial locations)
 2025-07-21 11:23:12 +02:00
Jami Cogswell
0dd33b2734 Java: remove version debugging from alert message 2025-07-19 13:01:00 -04:00
Jami Cogswell
70d51504a7 Java: rename to align with 'java/spring-boot-exposed-actuators' query 2025-07-18 17:50:12 -04:00
Jami Cogswell
ea529b047b Java: adjust metadata and alert msg 2025-07-18 17:50:10 -04:00
Jami Cogswell
7d5e939a86 Java: minor refactoring 2025-07-18 17:50:09 -04:00
Jami Cogswell
afa6610cb9 Java: update qhelp 2025-07-18 17:49:54 -04:00
Jami Cogswell
0d2a4222fd Java: add related location to alert message 2025-07-17 19:22:18 -04:00
Jami Cogswell
2bfc4b4ee2 Java: fix test case for version 1.4 
Need the existence of an ApplicationProperties File, not an ApplicationProperties ConfigPair
 2025-07-17 19:22:15 -04:00
Jami Cogswell
1b90a30d45 Java: move code to .qll file 2025-07-17 19:22:11 -04:00
Jami Cogswell
38260e76bf Java: remove deprecation 2025-07-17 19:22:05 -04:00
Jami Cogswell
a39cb40177 Java: copy out of experimental 2025-07-17 19:22:01 -04:00
Nora Dimitrijević
05df1d3cb9 [DIFF-INFORMED] Java: AndroidWebViewSettingsAllowsContentAccess 2025-07-17 19:02:15 +02:00
Anders Schack-Mulligen
996de78a66 Java: Prune PathGraph for CsrfUnprotectedRequestType.ql 2025-07-17 15:06:38 +02:00
Owen Mansel-Chan
9ef22fff8e Update SnakeYaml reference to note that it is outdated 2025-07-15 15:27:01 +01:00
Owen Mansel-Chan
c39e5a7d97 Update qhelp: SnakeYaml is safe from version 2.0 2025-07-10 16:54:00 +01:00
Kasper Svendsen
425448a10a Fix java/netty-http-request-or-response-splitting overlay compilation regression 2025-07-03 10:47:33 +02:00
Owen Mansel-Chan
538a5af1d1 Merge pull request #19738 from owen-mc/pr/felickz/19530 
Set CWE-134 from 9.3 to 7.3 CVSS score for memory safe languages (#2)
 2025-06-12 10:27:28 +01:00
Ana Scolari
857b51be58 Update ExecUnescaped.ql - causing FPs with hard coded strings 
This query is generating False positives with hard coded strings declared within the function - issue reported by customer. We had a discussion on code_scanning channel on 6/5/25 and the team agreed upon reducing its precision to Medium.
 2025-06-10 16:06:22 -07:00
Chad Bentz
77e49f1f90 Merge branch 'main' into cwe-134 2025-06-06 11:16:10 -04:00
Chad Bentz
8a81aa1762 Set CWE-134 from 9.3 to 7.3 CVSS score for memory safe languages 
- Sync up to score given to javascript/ruby
 2025-05-19 14:43:08 -04:00
Michael Nebel
03ecd24469 Lower the precision of a range of harcoded password queries to remove them from query suites. 2025-05-19 09:26:45 +02:00
Owen Mansel-Chan
cf614a596d Fix cwe tags to include leading zero 2025-04-30 16:43:03 +01:00
Nick Rolfe
361fbba39b Java: fix comma splice in alert message 2025-03-21 14:23:32 +00:00
Owen Mansel-Chan
7702e9da7d Address review comments 2025-03-14 11:44:01 +00:00
Owen Mansel-Chan
a8e993c942 Fix FP for always-locked fields 2025-03-13 15:03:32 +00:00
Jami
ad63dd946c Apply suggestions from docs review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2025-03-10 09:01:04 -04:00
Jami Cogswell
746f022cfa Java: add 'Spring' prefix to public class names 2025-03-04 10:34:16 -05:00
Jami Cogswell
26e396732a Java: edit qhelp 2025-02-24 18:33:43 -05:00
Jami Cogswell
53cb30dcd0 Java: update metadata, move from CWE-016 to CWE-200 2025-02-24 18:33:41 -05:00
Jami Cogswell
8dfb920e05 Java: refactor QL, move code to libraries 2025-02-24 18:24:48 -05:00
Jami Cogswell
8064e8f1f9 Java: convert tests to inline expectations 2025-02-24 18:24:26 -05:00
Jami Cogswell
978834bd9c Java: remove deprecations 2025-02-24 18:24:14 -05:00
Jami Cogswell
2ce5920c5e Java: copy out of experimental 2025-02-24 18:24:12 -05:00
Jami
485ee5c5ed Merge pull request #18692 from jcogs33/jcogs33/spring-csrf-qhelp-update 
Java: update `java/spring-disabled-csrf-protection` QHelp
 2025-02-19 11:39:11 -05:00
Owen Mansel-Chan
dd102c4cea Merge pull request #18645 from fabienpe/main 
Added missing "GOOD" and "BAD" to some examples
 2025-02-13 10:37:39 +00:00
Jami Cogswell
dce89c5419 Java: update qhelp to align with other csrf queries 2025-02-05 10:57:47 -05:00
Jami Cogswell
c6a71cd3fd Java: minor qhelp updates 2025-02-05 10:20:57 -05:00
Jami Cogswell
0367846333 Java: remove token section from qhelp overview 
discussing tokens is not directly relevant to this query's recommendation and examples
 2025-02-04 13:36:15 -05:00
Jami Cogswell
f438282674 Java: rewrite qhelp overview section; aligns with overview section used by Python and Ruby 2025-02-04 13:21:43 -05:00
Jami Cogswell
283c3b1e44 Java: minor qhelp updates 2025-02-04 12:47:19 -05:00
fabienpe
9a37682851 Moved comment to previous line if resulting in long line 2025-02-04 09:48:34 +00:00
Jami Cogswell
516df3b4be Java: qhelp wording updates 2025-02-03 14:52:57 -05:00
fabienpe
a9f107ce06 Added missing "GOOD" and "BAD" to some examples 2025-01-31 15:47:25 +00:00
Jami Cogswell
577152e20f Java: minor qhelp update 2025-01-30 10:14:33 -05:00
Jami Cogswell
ead224c7b2 Java: expand qhelp, include Stapler examples 2025-01-30 10:14:29 -05:00
Jami Cogswell
096f6f88b2 Java: precision to medium 2025-01-30 10:14:27 -05:00
Jami Cogswell
39ccde0c9d Java: add name-based heuristic 2025-01-30 10:13:54 -05:00