Erik Krogh Kristensen
|
69353bb014
|
patch upper-case acronyms to be PascalCase
|
2022-03-11 11:10:33 +01:00 |
|
Ian Lynagh
|
1e62b485a5
|
Merge pull request #8241 from igfoo/igfoo/stats4
Java: Update stats and make some performance tweaks
|
2022-02-28 12:58:06 +00:00 |
|
Ian Lynagh
|
7ce9b160d0
|
Java: Performance tweaks
|
2022-02-21 17:05:00 +00:00 |
|
Tony Torralba
|
bfa14fa066
|
Merge pull request #7823 from JLLeitschuh/improve/JLL/combined_http_headers
Java: Add HTTP Request Splitting to Netty Query
|
2022-02-15 10:24:36 +01:00 |
|
Jonathan Leitschuh
|
2048aed0a9
|
Review feedback and improve temp dir vulnerable/safe code sugestion
|
2022-02-14 11:29:16 -05:00 |
|
Jonathan Leitschuh
|
76964d58f2
|
Apply suggestions from code review
Co-authored-by: Felicity Chapman <felicitymay@github.com>
|
2022-02-14 11:04:31 -05:00 |
|
Jonathan Leitschuh
|
bb580ddbab
|
Apply suggestions from code review
Co-authored-by: Felicity Chapman <felicitymay@github.com>
|
2022-02-14 11:02:05 -05:00 |
|
Jonathan Leitschuh
|
7dee22a130
|
Fix implicit 'this' usage
|
2022-02-14 11:00:41 -05:00 |
|
Jonathan Leitschuh
|
bafcce17d4
|
Apply suggestions from code review
Co-authored-by: Chris Smowton <smowton@github.com>
|
2022-02-09 22:14:17 -05:00 |
|
Jonathan Leitschuh
|
ded8d64301
|
Remove CAPC and add CWE-93
|
2022-02-09 12:31:53 -05:00 |
|
Jonathan Leitschuh
|
03fdee3767
|
Cleanup Netty Response Splitting Query
|
2022-02-09 12:28:11 -05:00 |
|
Jonathan Leitschuh
|
8ffe878722
|
Apply suggestions from code review
Co-authored-by: Matt Pollard <mattpollard@users.noreply.github.com>
|
2022-02-09 12:28:11 -05:00 |
|
Jonathan Leitschuh
|
c732cb7759
|
Add HTTP Request Splitting to Netty Query
|
2022-02-09 12:28:10 -05:00 |
|
Jonathan Leitschuh
|
49a73673b6
|
Fix FP from mkdirs call on exact temp directory
|
2022-02-09 11:04:23 -05:00 |
|
Jonathan Leitschuh
|
787e3dac31
|
Update java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql
Co-authored-by: Chris Smowton <smowton@github.com>
|
2022-02-09 10:07:56 -05:00 |
|
Jonathan Leitschuh
|
7f46640176
|
Consider calls to setReadable(false, false) then setReadable(true, true) to be safe
|
2022-02-08 17:57:10 -05:00 |
|
Chris Smowton
|
a6596ea7ce
|
Fix test requirements, formatting
|
2022-02-08 12:01:32 +00:00 |
|
Chris Smowton
|
79654592d9
|
Apply suggestions from code review
|
2022-02-08 10:23:46 +00:00 |
|
Jonathan Leitschuh
|
c4112e6d4c
|
Post refactor fixiup
|
2022-02-07 15:02:13 -05:00 |
|
Chris Smowton
|
de38638db6
|
Combine CWE-200 queries
|
2022-02-07 14:22:36 -05:00 |
|
Jonathan Leitschuh
|
0268dd9f0a
|
Add file creation sanitizer
|
2022-02-04 17:10:27 -05:00 |
|
Jonathan Leitschuh
|
0a621c2801
|
Fix the formatting in TempDirLocalInformationDisclosureFromMethodCall
|
2022-02-04 17:10:27 -05:00 |
|
Jonathan Leitschuh
|
d5c9af31b2
|
Fixup documentation/code from PR feedback
|
2022-02-04 17:10:26 -05:00 |
|
Jonathan Leitschuh
|
f7a4aac525
|
Apply suggestions from code review
Co-authored-by: Chris Smowton <smowton@github.com>
|
2022-02-04 17:10:26 -05:00 |
|
Jonathan Leitschuh
|
a4b5573f53
|
Apply suggestions from code review
Co-authored-by: Chris Smowton <smowton@github.com>
|
2022-02-04 17:10:26 -05:00 |
|
Jonathan Leitschuh
|
a8d25b63ac
|
Apply suggestions from code review
Co-authored-by: Chris Smowton <smowton@github.com>
|
2022-02-04 17:10:26 -05:00 |
|
Chris Smowton
|
e795823d97
|
Autoformat TempDirUtils.qll
|
2022-02-04 17:10:26 -05:00 |
|
Jonathan Leitschuh
|
7e514e9ef9
|
Add QLdoc and fix Compiler Errors in Tests
|
2022-02-04 17:10:26 -05:00 |
|
Jonathan Leitschuh
|
cb30385684
|
Update java/ql/src/Security/CWE/CWE-200/TempDirUtils.qll
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
|
2022-02-04 17:10:26 -05:00 |
|
Jonathan Leitschuh
|
66831989b7
|
Add QLdoc to TempDirUtils
|
2022-02-04 17:10:25 -05:00 |
|
Jonathan Leitschuh
|
7e55c92eb4
|
Apply suggestions from code review
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
|
2022-02-04 17:10:25 -05:00 |
|
Jonathan Leitschuh
|
f6067d28f9
|
Fix file names and formatting from PR feedback
|
2022-02-04 17:10:25 -05:00 |
|
Jonathan Leitschuh
|
41b5011b81
|
Apply suggestions from code review
Co-authored-by: Felicity Chapman <felicitymay@github.com>
|
2022-02-04 17:10:25 -05:00 |
|
Jonathan Leitschuh
|
7929faedc0
|
Apply suggestions from code review
Co-authored-by: Felicity Chapman <felicitymay@github.com>
|
2022-02-04 17:10:25 -05:00 |
|
Jonathan Leitschuh
|
f910fd4719
|
Remove path flow tracking in 'TempDirLocalInformationDisclosureFromMethodCall'
|
2022-02-04 17:10:25 -05:00 |
|
Jonathan Leitschuh
|
e4c017e888
|
Apply suggestions from code review
Co-authored-by: Arthur Baars <aibaars@github.com>
|
2022-02-04 17:10:24 -05:00 |
|
Jonathan Leitschuh
|
13fed0e9b6
|
Temp Dir Info Disclosure: Final pass and add documentation
|
2022-02-04 17:10:24 -05:00 |
|
Jonathan Leitschuh
|
bc12e994b0
|
Add java.nio.file.Files API checks
|
2022-02-04 17:10:24 -05:00 |
|
Jonathan Leitschuh
|
ecad7534ae
|
Add mkdirs check
|
2022-02-04 17:10:24 -05:00 |
|
Jonathan Leitschuh
|
cf0ed81575
|
Add TempDir taint tracking for Files.write
|
2022-02-04 17:10:24 -05:00 |
|
Jonathan Leitschuh
|
3a15678b1e
|
Java: CWE-200: Temp directory local information disclosure vulnerability
|
2022-02-04 17:10:23 -05:00 |
|
Tony Torralba
|
4f13bf8941
|
Merge pull request #6492 from atorralba/atorralba/android-cleartext-storage-database
Java: Create new query Cleartext storage of sensitive information in Android databases
|
2022-02-02 16:23:05 +01:00 |
|
Tony Torralba
|
b59fd4070f
|
Merge pull request #7136 from atorralba/atorralba/promote-insecure-trustmanager
Java: Promote Insecure TrustManager from experimental
|
2022-01-24 14:05:14 +01:00 |
|
Tony Torralba
|
c5ed5fcaac
|
Apply suggestions from code review
Co-authored-by: Ethan Palm <56270045+ethanpalm@users.noreply.github.com>
|
2022-01-21 16:55:42 +01:00 |
|
Tony Torralba
|
ee84dae164
|
Fix predicate name
|
2022-01-21 16:55:42 +01:00 |
|
Tony Torralba
|
16b61f78e6
|
Fix QLDocs and the qhelp example
|
2022-01-21 16:55:42 +01:00 |
|
Tony Torralba
|
f0604e2e84
|
Added query for Cleartext Storage in Android Database
|
2022-01-21 16:55:42 +01:00 |
|
Tony Torralba
|
c7e1df5689
|
Update java/ql/src/Security/CWE/CWE-927/ImplicitPendingIntents.qhelp
Co-authored-by: Felicity Chapman <felicitymay@github.com>
|
2022-01-21 11:57:11 +01:00 |
|
Tony Torralba
|
3f6e035016
|
Docs improvements
|
2022-01-21 11:37:02 +01:00 |
|
Tony Torralba
|
8767d2db23
|
Don't capitalize the term content provider
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
|
2022-01-20 13:23:52 +01:00 |
|