hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 01:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity
77,791 Commits 1,741 Branches 165 Tags
5d37ccfa9046e1d26659209bc99ee367994bd3d0
Commit Graph

1118 Commits

Author SHA1 Message Date
Ed Minnix
d48adbd175 Refactor JsonpInjection 2023-04-12 20:37:35 -04:00
Ed Minnix
8cb5e78832 Refactor XXE files 2023-04-12 20:37:35 -04:00
Ed Minnix
4c80ff03de Refactor UnvalidatedCors 2023-04-12 20:37:35 -04:00
Ed Minnix
d254d91f57 Refactor Injection queries 2023-04-12 20:37:35 -04:00
Ed Minnix
7002ed5303 Refactor InsecureRmiJmxEnvironmentConfiguration 2023-04-12 20:37:35 -04:00
Ed Minnix
6e4e1e52c0 Refactor NFEAndroidDoS 2023-04-12 20:37:35 -04:00
Ed Minnix
94768f425f Refactor HashWithoutSalt 2023-04-12 20:37:35 -04:00
Ed Minnix
cb7391177d Refactor MyBatis queries 2023-04-12 20:37:35 -04:00
Ed Minnix
d528c8461f Refactor XQueryInjection.ql 2023-04-12 20:37:35 -04:00
Ed Minnix
e7cbd493d7 Refactor FilePathInjection 2023-04-12 20:37:35 -04:00
Ed Minnix
47c5db03ab Refactor OpenStream.ql 2023-04-12 20:37:34 -04:00
Ed Minnix
5bd9aae072 Refactor Log4jJndiInjection.ql 2023-04-12 20:37:34 -04:00
Tony Torralba
534725f9eb Add command injection sink kind 2023-03-30 10:17:35 +02:00
Ed Minnix
7262c6a097 Refactor XmlParsers.qll 2023-03-29 22:33:09 -04:00
Ed Minnix
25359d2218 Deprecate execTainted 2023-03-29 11:45:09 -04:00
Ed Minnix
0249890747 Refactor CommandLineQuery.qll 2023-03-29 11:45:09 -04:00
Ed Minnix
57886e1713 Moved files from experimental to src/ 2023-03-27 12:16:43 -04:00
Anders Schack-Mulligen
730eae9521 Java: Autoformat 2023-03-10 09:39:41 +01:00
Ed Minnix
6de946ef00 Remove experimental files 2023-02-27 12:16:14 +01:00
Pierre
c3116b3f0f Merge branch 'main' into turbo/experimental/combined 2023-01-11 18:02:55 +01:00
Tony Torralba
32471d326e Java: Remove omittable exists variables 2023-01-10 13:37:19 +01:00
turbo
4ec401a3f6 Tag all security queries in supported languages' experimental directories with an experimental tag 2022-12-14 17:15:50 +01:00
erik-krogh
8262fbbfb5 Java/C#/GO: Use instanceof in more places 2022-12-11 18:32:19 +01:00
Henry Mercer
d196704a2d Merge pull request #11574 from github/henrymercer/check-query-ids 
Add a PR check to ensure query IDs are unique
 2022-12-08 15:31:26 +00:00
Henry Mercer
3036b15af2 Merge branch 'main' into henrymercer/check-query-ids 2022-12-08 13:05:46 +00:00
Chris Smowton
0d2474bd55 Autoformat 2022-12-08 11:30:53 +00:00
retanoj
0edfc6e01e greedy matching 2022-12-08 09:23:24 +08:00
retanoj
9cfeaeb18e Merge branch 'main' into MybatisSqli 2022-12-07 21:19:08 +08:00
retanoj
8ee418405b consider blankspace / comma /dot field 2022-12-07 10:06:39 +08:00
retanoj
b0c86d8e51 change string match to regex match 2022-12-06 21:50:09 +08:00
retanoj
2bbd37f9ab change code snippet to or condition 2022-12-06 19:27:29 +08:00
retanoj
d2140eb4b1 MyBatisAnnotationSqlInjection no @Param case 2022-12-06 17:07:49 +08:00
Henry Mercer
2627632a41 Java: Fix duplicate IDs 2022-12-05 19:06:03 +00:00
Michael Nebel
4c7cdc6245 Java: Remove unneeded imports of ExternalFlow.qll. 2022-12-05 09:49:38 +01:00
Michael Nebel
b96540c937 Java: Convert permissve-dot-regex-query to data extensions. 2022-11-28 12:30:35 +01:00
Michael Nebel
91840c613e Java: Convert unsafe-url-forward to data extensions. 2022-11-28 12:30:35 +01:00
Michael Nebel
aed5ee4edc Java: Convert thread-resource-abuse to data extensions. 2022-11-28 12:30:35 +01:00
Michael Nebel
07578f11d4 Java: Convert hardcoded-jwt-key models to data extensions. 2022-11-28 12:30:35 +01:00
Michael Nebel
ab12b6cc2b Java: Convert android-web-resource-response to data extensions. 2022-11-28 12:30:35 +01:00
Michael Nebel
5c15ad412c Java: Convert log4j-injection to data extensions. 2022-11-28 12:30:35 +01:00
Michael Nebel
665d40dc4b Java: Convert file-path-injection to data extensions. 2022-11-28 12:30:35 +01:00
Tony Torralba
adf905d838 Merge pull request #11368 from ka1n4t/main 
Java: Add binding between annotation and sink-param in MyBatis SQL Injection query
 2022-11-24 14:34:57 +01:00
Tony Torralba
17218fa663 Formatting 2022-11-24 11:14:16 +01:00
Tony Torralba
443d0f50c1 Apply suggestions from code review 2022-11-24 11:10:07 +01:00
Ian Lynagh
d401be1845 Java: Fix typo: ceritificate 2022-11-23 12:12:32 +00:00
ka1n4t
ce2ba21240 Add binding between annotation and sink-param 2022-11-22 18:32:14 +08:00
Jami
8a73675483 Merge pull request #11070 from jcogs33/java-regex-injection 
Java: Promote regex injection query from experimental
 2022-11-21 15:04:26 -05:00
Jami
cfbaf5e53b Merge pull request #10785 from jcogs33/insuff-key-size-globalflow-keysize 
Java: Promote insufficient key size query from experimental
 2022-11-08 18:05:01 -05:00
Jami Cogswell
32b140045e move files out of experimental 2022-11-08 15:29:32 -05:00
Josh Soref
9eac158d7c spelling: revocation 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 04:40:26 -04:00