hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-23 18:33:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,409 Commits 1,693 Branches 161 Tags
69353bb014fcbb3587da3bf7c2273ffc7d033bc6
Commit Graph

13 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
69353bb014 patch upper-case acronyms to be PascalCase 2022-03-11 11:10:33 +01:00
Calum Grant
771e686946 Update security-severity scores 2021-06-15 13:25:17 +01:00
Calum Grant
a594afb828 Add security-severity metadata 2021-06-10 20:11:08 +01:00
lcartey@github.com
6f83c55ebd Java: Switch to low as a precision 
Code Scanning doesn't support "very-low"
 2020-08-12 13:48:59 +01:00
Luke Cartey
56ff8cf084 Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2020-08-12 13:12:06 +01:00
lcartey@github.com
6b6172fa5b Java: ExternalAPIs: Further review comments 
- Extra qldoc
 - Remove unnecessary module
 2020-08-12 09:21:14 +01:00
lcartey@github.com
e1d4b98923 Java: Add further missing </p> to qhelp 2020-08-11 15:28:55 +01:00
lcartey@github.com
8a65dd2cd6 Java: Address review comments 2020-08-11 15:28:06 +01:00
Luke Cartey
5a96ee1a7b Remove parameter names from signatures 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2020-08-04 09:41:40 +01:00
Luke Cartey
368572f1f0 Update java/ql/src/Security/CWE/CWE-020/UntrustedDataToExternalAPI.qhelp 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2020-08-04 09:40:59 +01:00
Luke Cartey
7928a02424 Add missing full stop. 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2020-08-04 09:40:51 +01:00
Luke Cartey
e0c081a2af Add missing </p> tag 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2020-08-04 09:40:28 +01:00
lcartey@github.com
b242a61701 Java: Untrusted data used in external APIs 
This commit adds two queries for identifying external APIs which are
used with untrusted data.

These queries are intended to facilitate a security review of the
application, and will report any external API which is called with
untrusted data. The purpose of this is to:
 - review how untrusted data flows through this application
 - identify opportunities to improve taint modeling of sinks and taint
   steps.
As a result this is not suitable for integration into a developer
workflow, as it will likely have high false positive rate, but it may
help identify false negatives for other queries.
 2020-07-03 17:32:08 +01:00