codeql

mirror of https://github.com/github/codeql.git synced 2026-02-08 11:11:06 +01:00

Author	SHA1	Message	Date
Pierre	c3116b3f0f	Merge branch 'main' into turbo/experimental/combined	2023-01-11 18:02:55 +01:00
Tony Torralba	32471d326e	Java: Remove omittable exists variables	2023-01-10 13:37:19 +01:00
turbo	4ec401a3f6	Tag all security queries in supported languages' experimental directories with an experimental tag	2022-12-14 17:15:50 +01:00
erik-krogh	8262fbbfb5	Java/C#/GO: Use instanceof in more places	2022-12-11 18:32:19 +01:00
Henry Mercer	d196704a2d	Merge pull request #11574 from github/henrymercer/check-query-ids Add a PR check to ensure query IDs are unique	2022-12-08 15:31:26 +00:00
Henry Mercer	3036b15af2	Merge branch 'main' into henrymercer/check-query-ids	2022-12-08 13:05:46 +00:00
Chris Smowton	0d2474bd55	Autoformat	2022-12-08 11:30:53 +00:00
retanoj	0edfc6e01e	greedy matching	2022-12-08 09:23:24 +08:00
retanoj	9cfeaeb18e	Merge branch 'main' into MybatisSqli	2022-12-07 21:19:08 +08:00
retanoj	8ee418405b	consider blankspace / comma /dot field	2022-12-07 10:06:39 +08:00
retanoj	b0c86d8e51	change string match to regex match	2022-12-06 21:50:09 +08:00
retanoj	2bbd37f9ab	change code snippet to `or` condition	2022-12-06 19:27:29 +08:00
retanoj	d2140eb4b1	MyBatisAnnotationSqlInjection no @Param case	2022-12-06 17:07:49 +08:00
Henry Mercer	2627632a41	Java: Fix duplicate IDs	2022-12-05 19:06:03 +00:00
Michael Nebel	4c7cdc6245	Java: Remove unneeded imports of ExternalFlow.qll.	2022-12-05 09:49:38 +01:00
Michael Nebel	b96540c937	Java: Convert permissve-dot-regex-query to data extensions.	2022-11-28 12:30:35 +01:00
Michael Nebel	91840c613e	Java: Convert unsafe-url-forward to data extensions.	2022-11-28 12:30:35 +01:00
Michael Nebel	aed5ee4edc	Java: Convert thread-resource-abuse to data extensions.	2022-11-28 12:30:35 +01:00
Michael Nebel	07578f11d4	Java: Convert hardcoded-jwt-key models to data extensions.	2022-11-28 12:30:35 +01:00
Michael Nebel	ab12b6cc2b	Java: Convert android-web-resource-response to data extensions.	2022-11-28 12:30:35 +01:00
Michael Nebel	5c15ad412c	Java: Convert log4j-injection to data extensions.	2022-11-28 12:30:35 +01:00
Michael Nebel	665d40dc4b	Java: Convert file-path-injection to data extensions.	2022-11-28 12:30:35 +01:00
Tony Torralba	adf905d838	Merge pull request #11368 from ka1n4t/main Java: Add binding between annotation and sink-param in MyBatis SQL Injection query	2022-11-24 14:34:57 +01:00
Tony Torralba	17218fa663	Formatting	2022-11-24 11:14:16 +01:00
Tony Torralba	443d0f50c1	Apply suggestions from code review	2022-11-24 11:10:07 +01:00
Ian Lynagh	d401be1845	Java: Fix typo: ceritificate	2022-11-23 12:12:32 +00:00
ka1n4t	ce2ba21240	Add binding between annotation and sink-param	2022-11-22 18:32:14 +08:00
Jami	8a73675483	Merge pull request #11070 from jcogs33/java-regex-injection Java: Promote regex injection query from experimental	2022-11-21 15:04:26 -05:00
Jami	cfbaf5e53b	Merge pull request #10785 from jcogs33/insuff-key-size-globalflow-keysize Java: Promote insufficient key size query from experimental	2022-11-08 18:05:01 -05:00
Jami Cogswell	32b140045e	move files out of experimental	2022-11-08 15:29:32 -05:00
Josh Soref	9eac158d7c	spelling: revocation Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>	2022-10-12 04:40:26 -04:00
Josh Soref	08a79531cf	spelling: response Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>	2022-10-12 04:40:26 -04:00
Jami Cogswell	9b7df354e6	move files	2022-10-11 16:56:10 -04:00
Josh Soref	8f7e76f0cb	spelling: initialization Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>	2022-10-11 03:59:08 -04:00
Josh Soref	3b9546f02e	spelling: deserialization Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>	2022-10-11 00:23:36 -04:00
Josh Soref	3e6477f878	spelling: currently Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>	2022-10-11 00:23:36 -04:00
Josh Soref	5755159f08	spelling: authentication Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>	2022-10-11 00:23:36 -04:00
Josh Soref	6db36616cd	spelling: arbitrary Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>	2022-10-11 00:23:35 -04:00
Josh Soref	c2a0dbe715	spelling: application Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>	2022-10-11 00:23:35 -04:00
Anders Schack-Mulligen	5b67ba2939	Merge pull request #10177 from atorralba/atorralba/path-sanitizer Java: Promote `PathSanitizer.qll` from experimental	2022-10-06 10:29:33 +02:00
Tony Torralba	9db65eae7f	Address review comments	2022-10-04 12:27:01 +02:00
Tony Torralba	5706e8b377	Improve PathSanitizer Rename PathTraversalSanitizer to PathInjectionSanitizer	2022-10-04 12:26:17 +02:00
Tony Torralba	50ad234694	Move PathSanitizer to the main library	2022-10-04 12:26:17 +02:00
Dilan Bhalla	bff2633f8d	java guidance: experimental version of exectainted	2022-10-03 11:18:17 -07:00
erik-krogh	129cda00db	get a few more queries in sync with other languages	2022-10-01 11:17:48 +02:00
erik-krogh	7d643e41f3	Merge branch 'main' into java-followMsg	2022-10-01 10:48:06 +02:00
Tony Torralba	7ff82bbed3	Update java/ql/src/experimental/Security/CWE/CWE-552/UnsafeUrlForward.qll	2022-09-27 13:26:21 +02:00
erik-krogh	46b5bf32f9	update alert-messsages of java queries	2022-09-26 12:15:25 +02:00
luchua-bc	8effbff817	Remove unused code and update qldoc	2022-09-23 12:43:39 +00:00
luchua-bc	e33d786745	Add test cases and reduce FPs	2022-09-23 12:31:16 +00:00

1 2 3 4 5 ...

949 Commits