hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
77,098 Commits 1,671 Branches 157 Tags
66737402c20fc83b3d3a654dcccf4b26c901b100
Commit Graph

4207 Commits

Author SHA1 Message Date
Tony Torralba
7e6f2d1fc5 Merge pull request #14681 from atorralba/atorralba/java/weak-randomness-cve-coverage 
Java: Add more sinks to the Insecure Randomness query
 2024-01-08 15:33:03 +01:00
github-actions[bot]
a6c8cc9551 Release preparation for version 2.16.0 2024-01-08 13:11:26 +00:00
Marcono1234
3edfdc5ceb Java: Improve Regex flag parsing 
Fixes:
- Flag `d` not being recognized
- Syntax for disabling flags (`-`) not being recognized
- Non-capturing group with flags erroneously containing `:` as literal
 2024-01-06 04:15:09 +01:00
Owen Mansel-Chan
ce3097e9ce Fix manual models for String.valueOf(Object) 
Add a neutral model for it, but also a summary model for `String.valueOf(CharSequence)`
 2024-01-04 11:31:20 +00:00
Owen Mansel-Chan
0076f06ce7 Improve manual models of java.lang.Exception 2024-01-04 11:31:18 +00:00
Owen Mansel-Chan
e415c54c5e Reorder manual models of java.lang.Throwable 2024-01-04 11:31:16 +00:00
Owen Mansel-Chan
f52ea5c2fd Improve manual models of java.lang.Throwable 2024-01-04 11:31:14 +00:00
Eric Bickle
4fa5b2ae41 Add change nodes for GSON coverage 2024-01-02 14:17:23 -08:00
Eric Bickle
0cd89bf815 Merge branch 'main' into fix/update-gson-model 2024-01-02 14:05:33 -08:00
Aditya Sharad
bbe3269b8c Merge pull request #15189 from github/adityasharad/merge/3.12-main 
Merge `rc/3.12` into `main`
 2023-12-22 11:26:37 -08:00
Tony Torralba
8ad787f3b8 Java: Generelize MaybeBrokenCryptoAlgorithmQuery.qll 2023-12-22 10:15:40 +01:00
Ed Minnix
7f9dff2dc7 Fix minor error in Weak Hashing 2023-12-21 22:48:07 -05:00
Aditya Sharad
b1803d0ac2 Merge rc/3.12 into main 2023-12-21 16:40:51 -08:00
Stephan Brandauer
a9d21cef01 Update MaD Declarations after Triage 2023-12-21 15:39:03 +01:00
Tony Torralba
1b9f59efa7 Merge pull request #14646 from github/java/update-mad-decls-after-triage-2023-10-31T15-52-01 
Java: Update MaD Declarations after Triage
 2023-12-20 15:37:19 +01:00
Tony Torralba
e744d974e8 Merge pull request #14580 from github/java/update-mad-decls-after-triage-2023-10-24T15-42-01 
Java: Update MaD Declarations after Triage
 2023-12-20 15:01:24 +01:00
Tony Torralba
2df8bcb9dc Update java/ql/lib/change-notes/2023-10-31-new-models.md 
Co-authored-by: Jami <57204504+jcogs33@users.noreply.github.com>
 2023-12-20 14:59:07 +01:00
Ed Minnix
a93d6dd956 Change note 2023-12-19 10:28:23 -05:00
Ed Minnix
ce130c6ed5 Add replace to MapMutator 2023-12-19 10:23:06 -05:00
Tony Torralba
c8a369d9ef Update java/ql/lib/ext/jakarta.persistence.model.yml 2023-12-19 14:58:07 +01:00
github-actions[bot]
8f72b0e4f7 Post-release preparation for codeql-cli-2.15.5 2023-12-19 10:32:57 +00:00
github-actions[bot]
19af35b29a Release preparation for version 2.15.5 2023-12-18 21:22:44 +00:00
Edward Minnix III
56921a6e21 Merge pull request #14040 from egregius313/egregius313/weak-hashing-properties 
Java: Add support for algorithm names specified in `.properties` files to `java/potentially-weak-cryptographic-algorithm`
 2023-12-18 09:38:58 -05:00
Tony Torralba
9446249e94 Merge pull request #15012 from atorralba/atorralba/java/fix-missing-pinning-fp 
Java: Fix FPs in Missing certificate pinning
 2023-12-18 09:37:18 +01:00
Eric Bickle
95ce7c9ba4 Merge branch 'main' into fix/update-gson-model 2023-12-15 10:15:53 -08:00
Ed Minnix
09a0730491 QLdoc fix 2023-12-15 11:13:09 -05:00
Ed Minnix
02581a3850 Move class for getProperty method call to Properties.qll 2023-12-15 11:09:08 -05:00
Ed Minnix
1c3993e632 QLDocs 2023-12-15 11:09:07 -05:00
Ed Minnix
83c6ece405 Move weak hashing into MaybeBrokenCryptoAlgorithm 2023-12-15 11:09:07 -05:00
Ed Minnix
fbc2a33597 Replace MethodAccess with MethodCall 2023-12-15 11:09:07 -05:00
Ed Minnix
25fa8d5ae7 Move some logic to class 2023-12-15 11:09:07 -05:00
Ed Minnix
93cf5b8eb9 Weak Hashing Property initial query 2023-12-15 11:09:07 -05:00
Anders Schack-Mulligen
337e5e458c Update java/ql/lib/semmle/code/java/security/InsufficientKeySize.qll 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2023-12-15 08:48:50 +01:00
Anders Schack-Mulligen
7623432c76 Java: Remove/deprecate FlowStateString-based extension points. 2023-12-14 15:15:58 +01:00
Anders Schack-Mulligen
a1068ce2f9 Dataflow: deprecate references 2023-12-14 15:05:33 +01:00
Tom Hvitved
c8b4a215bc Merge pull request #14573 from hvitved/flow-summary-impl-param 
Move `FlowSummaryImpl.qll` to `dataflow` pack
 2023-12-14 12:24:15 +01:00
Tom Hvitved
098afb935b Address more review comments 2023-12-14 09:48:45 +01:00
Jeroen Ketema
99e65df6ce Merge remote-tracking branch 'upstream/rc/3.12' into mb12 2023-12-13 15:43:39 +01:00
Tony Torralba
d955dce72a Improve source of randomness detection 
Also sanitize flow out of sinks to avoid overlapping paths
 2023-12-13 11:15:27 +01:00
Tony Torralba
fc45621ab1 Add pac4j JWT cryptographic key sinks 2023-12-13 11:15:27 +01:00
Tony Torralba
3a5d711711 Add cookie sinks 2023-12-13 11:15:27 +01:00
Tony Torralba
435d1f97a3 Add sink for OpenSAML's RequestType.setID 2023-12-13 11:15:27 +01:00
Tony Torralba
bd8f35bef7 Java: Fix FPs in Missing certificate pinning 
Local URIs should never require pinning
 2023-12-12 18:02:12 +01:00
Tony Torralba
27be5ba14b Merge pull request #15073 from atorralba/atorralba/java/remove-invalid-ognl-sinks 
Java: Remove invalid OGNL sinks
 2023-12-12 16:52:31 +01:00
Tony Torralba
fad53a25c0 Update java/ql/lib/ext/struts2.model.yml 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2023-12-12 14:58:47 +01:00
Tony Torralba
103110f9c2 Java: Remove invalid OGNL sinks 
Fixes #15053
 2023-12-12 13:39:51 +01:00
Ed Minnix
1271cd3348 Remove unnecessary crypto sinks 2023-12-11 11:18:40 -05:00
Ed Minnix
3ca039bc8f Rename to InsecureRandomness 2023-12-11 11:18:40 -05:00
Ed Minnix
6e70e6c85a Use pre-exisiting type for SecureRandom 2023-12-11 11:18:39 -05:00
Ed Minnix
bbf99375c7 Alter cookie sinks to instead focus on creation of a cookie 2023-12-11 11:18:39 -05:00