codeql

mirror of https://github.com/github/codeql.git synced 2026-02-25 19:33:42 +01:00

Author	SHA1	Message	Date
Owen Mansel-Chan	31840902cd	Fix places which already dealt with both javax and jakarta	2026-02-16 11:02:16 +00:00
Owen Mansel-Chan	a5e6f6daf9	Replace "javax" with `javaxOrJakarta()` This is just a find-replace of `"javax` with `javaxOrJakarta() + "`.	2026-02-16 11:02:12 +00:00
Anders Schack-Mulligen	6f40ac15b4	Java: Rename ReturnStmt.getResult to getExpr.	2026-02-04 14:43:31 +01:00
Anders Schack-Mulligen	5e6e64b2b7	Java: Rename UnaryExpr.getExpr to getOperand.	2026-02-04 10:50:49 +01:00
Anders Schack-Mulligen	dc6d3fe7ba	Use flowFrom.	2025-12-03 14:04:18 +01:00
Owen Mansel-Chan	220fd08428	Improve formatting of tags #2	2025-11-28 03:34:30 +00:00
Napalys Klicius	91b0aaa631	Java: Lower security-severity for Insecure Cookie query to 4.0	2025-10-22 11:45:04 +00:00
Napalys Klicius	fa47174013	CWE-020: Lower security-severity for OverlyLargeRange queries to 4.0	2025-10-22 11:32:33 +00:00
Owen Mansel-Chan	66f95bcbcd	Merge pull request #20603 from owen-mc/update-broken-algo-qhelp Many languages: Update broken algo qhelp	2025-10-17 12:30:43 +01:00
Joe Farebrother	d8b37d0cde	Review suggestions - update comments and description	2025-10-14 16:03:40 +01:00
Joe Farebrother	093b04f79f	Update comments	2025-10-13 14:51:30 +01:00
Joe Farebrother	c799f93811	Update tests and add inline expectations	2025-10-13 14:51:04 +01:00
Joe Farebrother	e1cf3d30d2	Update documentation, rename things and add more comments to explain how the implementation works, remove filter for test code (prefer to filter in code scanning ui than in query logic)	2025-10-13 14:50:57 +01:00
Joe Farebrother	54aefe0dce	Copy experimental query to main	2025-10-13 14:50:51 +01:00
Owen Mansel-Chan	0bcdb91639	Improve qhelp for broken crypto algo queries Previously it focussed too much on the risk of data being decrypted, and didn't explain why using weak algorithms is a problem in other contexts.	2025-10-08 14:10:54 +01:00
Jami	3675e4bb4f	Merge branch 'main' into jcogs33/java/insecure-spring-actuator-config-promotion	2025-08-26 08:02:17 -04:00
Owen Mansel-Chan	472a6b5fe1	Merge pull request #20018 from owen-mc/java/snakeyaml-safe-unsafe-deserialization Java: Update qhelp: SnakeYaml is safe from version 2.0	2025-07-21 12:22:36 +01:00
Nora Dimitrijević	fbee6bbe21	Merge pull request #20077 from d10c/d10c/diff-informed-phase-3-java Java: Diff-informed queries: phase 3 (non-trivial locations)	2025-07-21 11:23:12 +02:00
Jami Cogswell	0dd33b2734	Java: remove version debugging from alert message	2025-07-19 13:01:00 -04:00
Jami Cogswell	70d51504a7	Java: rename to align with 'java/spring-boot-exposed-actuators' query	2025-07-18 17:50:12 -04:00
Jami Cogswell	ea529b047b	Java: adjust metadata and alert msg	2025-07-18 17:50:10 -04:00
Jami Cogswell	7d5e939a86	Java: minor refactoring	2025-07-18 17:50:09 -04:00
Jami Cogswell	afa6610cb9	Java: update qhelp	2025-07-18 17:49:54 -04:00
Jami Cogswell	0d2a4222fd	Java: add related location to alert message	2025-07-17 19:22:18 -04:00
Jami Cogswell	2bfc4b4ee2	Java: fix test case for version 1.4 Need the existence of an ApplicationProperties File, not an ApplicationProperties ConfigPair	2025-07-17 19:22:15 -04:00
Jami Cogswell	1b90a30d45	Java: move code to .qll file	2025-07-17 19:22:11 -04:00
Jami Cogswell	38260e76bf	Java: remove deprecation	2025-07-17 19:22:05 -04:00
Jami Cogswell	a39cb40177	Java: copy out of experimental	2025-07-17 19:22:01 -04:00
Nora Dimitrijević	05df1d3cb9	[DIFF-INFORMED] Java: AndroidWebViewSettingsAllowsContentAccess	2025-07-17 19:02:15 +02:00
Anders Schack-Mulligen	996de78a66	Java: Prune PathGraph for CsrfUnprotectedRequestType.ql	2025-07-17 15:06:38 +02:00
Owen Mansel-Chan	9ef22fff8e	Update SnakeYaml reference to note that it is outdated	2025-07-15 15:27:01 +01:00
Owen Mansel-Chan	c39e5a7d97	Update qhelp: SnakeYaml is safe from version 2.0	2025-07-10 16:54:00 +01:00
Kasper Svendsen	425448a10a	Fix java/netty-http-request-or-response-splitting overlay compilation regression	2025-07-03 10:47:33 +02:00
Owen Mansel-Chan	538a5af1d1	Merge pull request #19738 from owen-mc/pr/felickz/19530 Set CWE-134 from 9.3 to 7.3 CVSS score for memory safe languages (#2)	2025-06-12 10:27:28 +01:00
Ana Scolari	857b51be58	Update ExecUnescaped.ql - causing FPs with hard coded strings This query is generating False positives with hard coded strings declared within the function - issue reported by customer. We had a discussion on code_scanning channel on 6/5/25 and the team agreed upon reducing its precision to Medium.	2025-06-10 16:06:22 -07:00
Chad Bentz	77e49f1f90	Merge branch 'main' into cwe-134	2025-06-06 11:16:10 -04:00
Chad Bentz	8a81aa1762	Set CWE-134 from 9.3 to 7.3 CVSS score for memory safe languages - Sync up to score given to javascript/ruby	2025-05-19 14:43:08 -04:00
Michael Nebel	03ecd24469	Lower the precision of a range of harcoded password queries to remove them from query suites.	2025-05-19 09:26:45 +02:00
Owen Mansel-Chan	cf614a596d	Fix cwe tags to include leading zero	2025-04-30 16:43:03 +01:00
Nick Rolfe	361fbba39b	Java: fix comma splice in alert message	2025-03-21 14:23:32 +00:00
Owen Mansel-Chan	7702e9da7d	Address review comments	2025-03-14 11:44:01 +00:00
Owen Mansel-Chan	a8e993c942	Fix FP for always-locked fields	2025-03-13 15:03:32 +00:00
Jami	ad63dd946c	Apply suggestions from docs review Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>	2025-03-10 09:01:04 -04:00
Jami Cogswell	746f022cfa	Java: add 'Spring' prefix to public class names	2025-03-04 10:34:16 -05:00
Jami Cogswell	26e396732a	Java: edit qhelp	2025-02-24 18:33:43 -05:00
Jami Cogswell	53cb30dcd0	Java: update metadata, move from CWE-016 to CWE-200	2025-02-24 18:33:41 -05:00
Jami Cogswell	8dfb920e05	Java: refactor QL, move code to libraries	2025-02-24 18:24:48 -05:00
Jami Cogswell	8064e8f1f9	Java: convert tests to inline expectations	2025-02-24 18:24:26 -05:00
Jami Cogswell	978834bd9c	Java: remove deprecations	2025-02-24 18:24:14 -05:00
Jami Cogswell	2ce5920c5e	Java: copy out of experimental	2025-02-24 18:24:12 -05:00

1 2 3 4 5 ...

1290 Commits