codeql

mirror of https://github.com/github/codeql.git synced 2026-06-18 19:31:11 +02:00

Author	SHA1	Message	Date
Jami Cogswell	6720dba8e7	draft android debug query	2022-08-15 15:49:59 -04:00
Chris Smowton	774e379eb1	Merge pull request #9742 from smehta23/feat/SM/java_partial_path_traversal_vulnerability [JAVA] Partial Path Traversal Vuln Query	2022-08-15 12:56:16 +01:00
Erik Krogh Kristensen	0adb588fe8	Merge pull request #9712 from erik-krogh/badRange JS/RB/PY/Java: add suspicious range query	2022-08-15 13:55:44 +02:00
Chris Smowton	1a3dc1d6eb	Remove extra closing tag	2022-08-15 11:31:53 +01:00
Chris Smowton	5677e38994	Style edit	2022-08-15 10:37:55 +01:00
Chris Smowton	3cf871e9e5	Apply docs suggestions Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>	2022-08-15 10:34:55 +01:00
Chris Smowton	09e4c6b66b	Add dataflow path-graph	2022-08-10 10:37:55 +01:00
Chris Smowton	2ca0b0c6b5	Inline qhelp overview A <p> at the top isn't allowed, and for some reason the inclusion is required to be a valid qhelp file.	2022-08-10 10:37:48 +01:00
smehta23	cf68a11267	Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.qhelp Co-authored-by: Chris Smowton <smowton@github.com>	2022-08-09 11:59:28 -07:00
smehta23	4d80fd0b00	Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.qhelp Co-authored-by: Chris Smowton <smowton@github.com>	2022-08-09 11:59:14 -07:00
smehta23	7da07400ea	Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversalFromRemote.qhelp Co-authored-by: Chris Smowton <smowton@github.com>	2022-08-09 11:59:03 -07:00
smehta23	c2b670eff8	Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversalFromRemote.qhelp Co-authored-by: Chris Smowton <smowton@github.com>	2022-08-09 11:58:55 -07:00
Erik Krogh Kristensen	0abbd50ca1	apply changes based on docs review	2022-08-09 13:51:40 +02:00
Shyam Mehta	af92fc389b	Update PartialPathTraversalFromRemote.qhelp	2022-08-08 17:37:57 -04:00
Shyam Mehta	50b4df52f0	Fixed precision labels	2022-08-08 17:36:04 -04:00
Shyam Mehta	9d3e8ec475	Update PartialPathTraversalFromRemote.qhelp	2022-08-08 17:35:36 -04:00
smehta23	4f1bc3022c	Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversalFromRemote.ql Co-authored-by: Chris Smowton <smowton@github.com>	2022-08-08 17:09:43 -04:00
Joe Farebrother	e9f9e681ef	Change man-in-the-middle back to machine-in-the-middle (gender-neutral language) This reverts commit d5ab330450d3f5c1d36d0d9b6a8f1dc32bc908e3.	2022-08-05 12:56:21 +01:00
Joe Farebrother	79b1f24133	Change machine-in-the-middle to man-in-the-middle	2022-08-05 12:56:20 +01:00
Joe Farebrother	04df556861	Add suggested reference	2022-08-05 12:56:20 +01:00
Joe Farebrother	abf894a64c	Fix typos	2022-08-05 12:56:20 +01:00
Joe Farebrother	f8ccbcba70	Add qhelp	2022-08-05 12:56:19 +01:00
Joe Farebrother	16e16f08dc	Add webview cert validation query	2022-08-05 12:56:18 +01:00
Shyam Mehta	76cecc170e	Fix documentation	2022-08-03 14:30:17 -04:00
Chris Smowton	84a4b6a866	Make reporting locations consistent with PathCreation; add test	2022-08-03 10:42:09 +01:00
Chris Smowton	83498f58db	Add missing import	2022-08-03 08:53:43 +01:00
Chris Smowton	81f3bcd802	Don't require a PathCreation for every tainted-path sink	2022-08-02 21:30:06 +01:00
Chris Smowton	c95f17fdf2	Make java/path-injection recognise create-file MaD sinks	2022-08-02 21:28:00 +01:00
Shyam Mehta	09ec37943c	Partial Path Traversal split into 2 queries	2022-07-20 17:53:26 -04:00
smehta23	b7e522749f	Apply suggestions from code review Co-authored-by: Chris Smowton <smowton@github.com> Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2022-07-20 15:32:59 -04:00
Chris Smowton	a6970638cb	Improve description	2022-07-13 20:27:10 +01:00
Chris Smowton	01cec0490b	Abbreviate qhelp	2022-07-13 20:24:44 +01:00
Erik Krogh Kristensen	a4262f8d91	add some more references to the overly-large-range qhelp	2022-07-13 11:20:24 +02:00
Erik Krogh Kristensen	220ff3cb2e	convert tabs to spaces in qhelp	2022-07-12 16:02:50 +02:00
Erik Krogh Kristensen	ff25451699	rename query to overly-large-range, and rewrite the @description	2022-07-12 16:02:46 +02:00
Shyam Mehta	65b9947428	Incorporate jksco's feedback	2022-07-12 02:02:31 -04:00
smehta23	781a2a73d3	Merge branch 'main' into feat/SM/java_partial_path_traversal_vulnerability	2022-07-12 01:48:12 -04:00
smehta23	391dd5b38d	Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversalGood.java Co-authored-by: Jonathan Leitschuh <jonathan.leitschuh@gmail.com>	2022-07-01 10:55:58 -04:00
smehta23	ebe48ec30a	Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.qhelp Co-authored-by: Jonathan Leitschuh <jonathan.leitschuh@gmail.com>	2022-07-01 10:53:43 -04:00
smehta23	48e16e52b5	Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.qhelp Co-authored-by: Jonathan Leitschuh <jonathan.leitschuh@gmail.com>	2022-07-01 10:52:41 -04:00
Shyam Mehta	1a41d4c379	Add CVE number	2022-07-01 10:51:33 -04:00
Shyam Mehta	300a14c35c	Add ESAPI reference	2022-07-01 10:43:59 -04:00
smehta23	209a21655a	Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversalGood.java Co-authored-by: Jonathan Leitschuh <jonathan.leitschuh@gmail.com>	2022-07-01 10:40:38 -04:00
smehta23	c6f2f61bfb	Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversalBad.java Co-authored-by: Jonathan Leitschuh <jonathan.leitschuh@gmail.com>	2022-07-01 10:39:46 -04:00
Shyam Mehta	16814071df	Fix typo in .qhelp	2022-06-29 18:03:57 -04:00
Shyam Mehta	7ab8f0262c	Fix duplicate class header and better fix using toPath()	2022-06-29 18:01:12 -04:00
Shyam Mehta	955e614563	Add documentation of the Partial Path Traversal vuln	2022-06-29 17:31:04 -04:00
Erik Krogh Kristensen	9ecc3a2671	filter out potential misparses from java/suspicious-regexp-range	2022-06-29 13:16:40 +02:00
Tony Torralba	12fa6967dc	Merge pull request #8669 from joefarebrother/intent-verification Java: Add query for Improper Verification of Intent by Broadcast Receiver (CWE-925)	2022-06-29 09:43:07 +02:00
Shyam Mehta	b5ca2c3d9d	Add additional tests from real world query run	2022-06-28 17:32:20 -04:00

1 2 3 4 5 ...

637 Commits