hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 01:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity
77,791 Commits 1,741 Branches 165 Tags
5d37ccfa9046e1d26659209bc99ee367994bd3d0
Commit Graph

1118 Commits

Author SHA1 Message Date
Paul Hodgkinson
bfbb77a796 Merge branch 'main' into java/experimental/command-injection 2023-06-29 09:51:14 +01:00
aegilops
01798f63f8 Switched to new dataflow and added a test (but it doesn't produce results yet) 2023-06-28 17:14:39 +01:00
amammad
45499b03d2 change qury file name same as qhelp name 2023-06-26 21:23:22 +10:00
amammad
21b5571bff V1.1 add additional steps for read methods which I can summarize every single declared sanitizer on the sink whitin isSink predicate 2023-06-25 00:35:37 +10:00
amammad
7354db873a V1 Bombs 2023-06-24 08:57:57 +10:00
aegilops
23bf8470ce Removed .md and made class change 2023-06-19 17:29:17 +01:00
aegilops
8c9ccab9c9 Autoformat 2023-06-19 11:53:53 +01:00
aegilops
2112d73a6a Autoformat 2023-06-19 11:50:54 +01:00
aegilops
1a108fb1c9 Changed to for constant string 2023-06-19 11:46:08 +01:00
aegilops
7c235e3786 Fixed linting issues. Will not fix instanceof, that is necessary 2023-06-19 11:41:23 +01:00
aegilops
8c73fbeabe Formatted 2023-06-16 17:33:21 +01:00
aegilops
55eeb00309 Added experimental tag 2023-06-16 17:27:01 +01:00
aegilops
b6c35dd88c Added experimental version of Java Command Injection query, to be more sensitive to unusual code constructs 2023-06-16 17:12:53 +01:00
Tony Torralba
ffe67689ec Merge branch 'main' into atorralba/java/command-injection-mad-sinks 2023-06-13 09:27:33 +02:00
Anders Schack-Mulligen
a0a9d30286 Java: Fix qltests. 2023-06-09 08:37:35 +02:00
Tony Torralba
6d7234f8ed Merge pull request #13225 from atorralba/atorralba/java/path-injection-mad-sinks-2 
Java: Migrate path injection sinks to models-as-data (simplified)
 2023-06-07 14:27:36 +02:00
erik-krogh
44b6366586 delete old deprecations 2023-06-02 11:58:08 +02:00
Tony Torralba
527fe523a8 Add PathCreation.qll sinks to models-as-data 
The old PathCreation sinks can't be removed because doing so would cause alert wobble in the path injection queries. See their getReportingNode predicates.
 2023-06-02 09:14:35 +02:00
Tony Torralba
c3b1ef2cdf Merge branch 'main' into atorralba/java/command-injection-mad-sinks 2023-06-02 08:57:24 +02:00
Jami Cogswell
5dbb698481 Java: update open/jdbc-url sink kinds to request-forgery 2023-05-31 15:50:31 -04:00
Jami Cogswell
cb10f4976b Java: update create/read-file sink kinds to path-injection 2023-05-31 15:49:07 -04:00
Tony Torralba
a276cc3094 Convert all command injection sinks to MaD format 2023-05-25 11:41:32 +02:00
Tony Torralba
770099f210 Merge branch 'main' into atorralba/java/promote-xxe-experimental-sinks 2023-05-16 09:49:34 +02:00
Jami
3c74c8bbe0 Merge pull request #13019 from jcogs33/jcogs33/url-open-stream-updates 
Java: switch `url-open-stream` sink models to `experimentalSinkModel`
 2023-05-04 15:07:44 -04:00
Jami Cogswell
917268e7e6 Java: activate the models in openstream query 2023-05-03 09:57:45 -04:00
Kasper Svendsen
081085e128 Java: Make implicit this receivers explicit 2023-05-03 13:37:35 +02:00
Tony Torralba
fba61d51ed Remove experimental files 2023-04-26 12:24:30 +02:00
Edward Minnix III
aeff6d3b85 Merge pull request #12808 from egregius313/egregius313/java/dataflow/refactor-experimental 
Java: Refactor experimental queries to new DataFlow API
 2023-04-13 10:58:34 -04:00
Tony Torralba
d7feaf4098 Merge pull request #12685 from atorralba/atorralba/java/command-injection-mad 
Java: Add command-injection sink kind and refactor command injection queries
 2023-04-13 11:38:14 +02:00
Ed Minnix
2edad6ec71 Remove unused import 2023-04-12 20:42:26 -04:00
Ed Minnix
c756bdbc30 Fix naming in SensitiveCookieNotHttpOnly 2023-04-12 20:39:18 -04:00
Ed Minnix
c49bf01dc8 Refactor PermissiveDotRegex.ql 2023-04-12 20:37:36 -04:00
Ed Minnix
5164c2480f Refactor SensitiveCookieNotHttpOnly 2023-04-12 20:37:36 -04:00
Ed Minnix
8f7d8cbcea Refactor timing attack queries 2023-04-12 20:37:36 -04:00
Ed Minnix
597949dbfe Refactor PermissiveDotRegexQuery 2023-04-12 20:37:36 -04:00
Ed Minnix
157b7ceaff Refactor TimingAttackAgainstHeader 2023-04-12 20:37:36 -04:00
Ed Minnix
a186b771ba Refactor JxBrowserWithoutCertValidation 2023-04-12 20:37:35 -04:00
Ed Minnix
ccdd9bce33 Refactor Revocation checking 2023-04-12 20:37:35 -04:00
Ed Minnix
380888e446 Refactor ClientSuppliedIpUsedInSecurityCheck 2023-04-12 20:37:35 -04:00
Ed Minnix
3c85ca9740 Refactor ThreadResourceAbuse 2023-04-12 20:37:35 -04:00
Ed Minnix
da5a719ffc Refactor UnsafeUsageOfClientSideEncryptionVersion 2023-04-12 20:37:35 -04:00
Ed Minnix
e880a5f187 Refactor UnsafeTlsVersion 2023-04-12 20:37:35 -04:00
Ed Minnix
e3f6bc043d Refactor InsecureWebResourceResponse 2023-04-12 20:37:35 -04:00
Ed Minnix
074745315c Refactor SensitiveAndroidFileLeak 2023-04-12 20:37:35 -04:00
Ed Minnix
685a2043a8 Refactor UnsafeReflection 2023-04-12 20:37:35 -04:00
Ed Minnix
13e1cc50c8 Add SpringUrlRedirect 2023-04-12 20:37:35 -04:00
Ed Minnix
30cfbb83b3 Add UncaughtServletException 2023-04-12 20:37:35 -04:00
Ed Minnix
5594e7f6d2 Add SensitiveGetQuery 2023-04-12 20:37:35 -04:00
Ed Minnix
478309c90b Add UnsafeDeserializationRmi 2023-04-12 20:37:35 -04:00
Ed Minnix
e2cfea19b5 Add UnsafeUrlForward 2023-04-12 20:37:35 -04:00