hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-23 18:33:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,409 Commits 1,693 Branches 161 Tags
69353bb014fcbb3587da3bf7c2273ffc7d033bc6
Commit Graph

527 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
69353bb014 patch upper-case acronyms to be PascalCase 2022-03-11 11:10:33 +01:00
Ian Lynagh
1e62b485a5 Merge pull request #8241 from igfoo/igfoo/stats4 
Java: Update stats and make some performance tweaks
 2022-02-28 12:58:06 +00:00
Ian Lynagh
7ce9b160d0 Java: Performance tweaks 2022-02-21 17:05:00 +00:00
Tony Torralba
bfa14fa066 Merge pull request #7823 from JLLeitschuh/improve/JLL/combined_http_headers 
Java: Add HTTP Request Splitting to Netty Query
 2022-02-15 10:24:36 +01:00
Jonathan Leitschuh
2048aed0a9 Review feedback and improve temp dir vulnerable/safe code sugestion 2022-02-14 11:29:16 -05:00
Jonathan Leitschuh
76964d58f2 Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2022-02-14 11:04:31 -05:00
Jonathan Leitschuh
bb580ddbab Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2022-02-14 11:02:05 -05:00
Jonathan Leitschuh
7dee22a130 Fix implicit 'this' usage 2022-02-14 11:00:41 -05:00
Jonathan Leitschuh
bafcce17d4 Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-02-09 22:14:17 -05:00
Jonathan Leitschuh
ded8d64301 Remove CAPC and add CWE-93 2022-02-09 12:31:53 -05:00
Jonathan Leitschuh
03fdee3767 Cleanup Netty Response Splitting Query 2022-02-09 12:28:11 -05:00
Jonathan Leitschuh
8ffe878722 Apply suggestions from code review 
Co-authored-by: Matt Pollard <mattpollard@users.noreply.github.com>
 2022-02-09 12:28:11 -05:00
Jonathan Leitschuh
c732cb7759 Add HTTP Request Splitting to Netty Query 2022-02-09 12:28:10 -05:00
Jonathan Leitschuh
49a73673b6 Fix FP from mkdirs call on exact temp directory 2022-02-09 11:04:23 -05:00
Jonathan Leitschuh
787e3dac31 Update java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-02-09 10:07:56 -05:00
Jonathan Leitschuh
7f46640176 Consider calls to setReadable(false, false) then setReadable(true, true) to be safe 2022-02-08 17:57:10 -05:00
Chris Smowton
a6596ea7ce Fix test requirements, formatting 2022-02-08 12:01:32 +00:00
Chris Smowton
79654592d9 Apply suggestions from code review 2022-02-08 10:23:46 +00:00
Jonathan Leitschuh
c4112e6d4c Post refactor fixiup 2022-02-07 15:02:13 -05:00
Chris Smowton
de38638db6 Combine CWE-200 queries 2022-02-07 14:22:36 -05:00
Jonathan Leitschuh
0268dd9f0a Add file creation sanitizer 2022-02-04 17:10:27 -05:00
Jonathan Leitschuh
0a621c2801 Fix the formatting in TempDirLocalInformationDisclosureFromMethodCall 2022-02-04 17:10:27 -05:00
Jonathan Leitschuh
d5c9af31b2 Fixup documentation/code from PR feedback 2022-02-04 17:10:26 -05:00
Jonathan Leitschuh
f7a4aac525 Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-02-04 17:10:26 -05:00
Jonathan Leitschuh
a4b5573f53 Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-02-04 17:10:26 -05:00
Jonathan Leitschuh
a8d25b63ac Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-02-04 17:10:26 -05:00
Chris Smowton
e795823d97 Autoformat TempDirUtils.qll 2022-02-04 17:10:26 -05:00
Jonathan Leitschuh
7e514e9ef9 Add QLdoc and fix Compiler Errors in Tests 2022-02-04 17:10:26 -05:00
Jonathan Leitschuh
cb30385684 Update java/ql/src/Security/CWE/CWE-200/TempDirUtils.qll 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2022-02-04 17:10:26 -05:00
Jonathan Leitschuh
66831989b7 Add QLdoc to TempDirUtils 2022-02-04 17:10:25 -05:00
Jonathan Leitschuh
7e55c92eb4 Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2022-02-04 17:10:25 -05:00
Jonathan Leitschuh
f6067d28f9 Fix file names and formatting from PR feedback 2022-02-04 17:10:25 -05:00
Jonathan Leitschuh
41b5011b81 Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2022-02-04 17:10:25 -05:00
Jonathan Leitschuh
7929faedc0 Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2022-02-04 17:10:25 -05:00
Jonathan Leitschuh
f910fd4719 Remove path flow tracking in 'TempDirLocalInformationDisclosureFromMethodCall' 2022-02-04 17:10:25 -05:00
Jonathan Leitschuh
e4c017e888 Apply suggestions from code review 
Co-authored-by: Arthur Baars <aibaars@github.com>
 2022-02-04 17:10:24 -05:00
Jonathan Leitschuh
13fed0e9b6 Temp Dir Info Disclosure: Final pass and add documentation 2022-02-04 17:10:24 -05:00
Jonathan Leitschuh
bc12e994b0 Add java.nio.file.Files API checks 2022-02-04 17:10:24 -05:00
Jonathan Leitschuh
ecad7534ae Add mkdirs check 2022-02-04 17:10:24 -05:00
Jonathan Leitschuh
cf0ed81575 Add TempDir taint tracking for Files.write 2022-02-04 17:10:24 -05:00
Jonathan Leitschuh
3a15678b1e Java: CWE-200: Temp directory local information disclosure vulnerability 2022-02-04 17:10:23 -05:00
Tony Torralba
4f13bf8941 Merge pull request #6492 from atorralba/atorralba/android-cleartext-storage-database 
Java: Create new query Cleartext storage of sensitive information in Android databases
 2022-02-02 16:23:05 +01:00
Tony Torralba
b59fd4070f Merge pull request #7136 from atorralba/atorralba/promote-insecure-trustmanager 
Java: Promote Insecure TrustManager from experimental
 2022-01-24 14:05:14 +01:00
Tony Torralba
c5ed5fcaac Apply suggestions from code review 
Co-authored-by: Ethan Palm <56270045+ethanpalm@users.noreply.github.com>
 2022-01-21 16:55:42 +01:00
Tony Torralba
ee84dae164 Fix predicate name 2022-01-21 16:55:42 +01:00
Tony Torralba
16b61f78e6 Fix QLDocs and the qhelp example 2022-01-21 16:55:42 +01:00
Tony Torralba
f0604e2e84 Added query for Cleartext Storage in Android Database 2022-01-21 16:55:42 +01:00
Tony Torralba
c7e1df5689 Update java/ql/src/Security/CWE/CWE-927/ImplicitPendingIntents.qhelp 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2022-01-21 11:57:11 +01:00
Tony Torralba
3f6e035016 Docs improvements 2022-01-21 11:37:02 +01:00
Tony Torralba
8767d2db23 Don't capitalize the term content provider 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-01-20 13:23:52 +01:00