hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-28 22:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,796 Commits 1,673 Branches 157 Tags
73f7cd149f149d635384e419f186f7c6d49234c8
Commit Graph

1406 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
35e620a19c Merge pull request #4854 from luchua-bc/java/insecure-ldap-auth 
Java: Insecure LDAP authentication
 2021-02-04 14:56:38 +01:00
luchua-bc
724c3e00e0 Update help file 2021-02-03 16:45:15 +00:00
Anders Schack-Mulligen
40d02e7e32 Merge pull request #4926 from luchua-bc/java/insufficient-key-size 
Java: Query to detect weak encryption: insufficient key size
 2021-02-03 15:16:10 +01:00
Anders Schack-Mulligen
0df7e9fa4e Merge pull request #4989 from lcartey/lcartey/spring-inheritence-improvements 
Java: Track taint through Spring Java bean getters on super types
 2021-02-03 15:06:03 +01:00
luchua-bc
2ace10fcdf Use PostUpdateNode for wrapper method calls 2021-02-03 12:21:31 +00:00
luchua-bc
3151aeff48 Enhance the query 2021-02-02 18:26:29 +00:00
luchua-bc
5e3b6fa341 Update qldoc 2021-02-02 16:20:39 +00:00
luchua-bc
50be54385a Update qldoc 2021-02-02 14:49:50 +00:00
Luke Cartey
76c9b6466e Reformat TaintTrackingUtil.qll with more recent CodeQL CLI 2021-01-29 11:27:30 +00:00
luchua-bc
ab7d257569 Add more cases and change EC to 256 bits 2021-01-28 04:06:27 +00:00
luchua-bc
2ac7b4bab4 Update qldoc 2021-01-28 04:06:27 +00:00
luchua-bc
058f3af4b2 Refactor the hasShortSymmetricKey method 2021-01-28 04:06:27 +00:00
luchua-bc
cbaee937d0 Optimize the query 2021-01-28 04:06:27 +00:00
luchua-bc
cfc950f803 Query for weak encryption: Insufficient key size 2021-01-28 03:25:15 +00:00
luchua-bc
6a93099b64 Simplify the query and update qldoc 2021-01-28 03:02:53 +00:00
Joe Farebrother
d69ecde5c1 Java: Add additional flow steps for guava collection methods and more unit tests 2021-01-25 16:37:40 +00:00
Joe Farebrother
7e11d8ed07 Java: Add modelling for guava Sets 2021-01-25 16:37:40 +00:00
Joe Farebrother
d1427fcd93 Java: Add modelling for Guava's collection classes 2021-01-25 16:37:40 +00:00
Luke Cartey
5c6f5b7b33 Java: Track taint through Spring Java bean getters on super types 2021-01-20 16:53:03 +00:00
Anders Schack-Mulligen
dde8d320f3 Apply suggestions from code review 
Minor qldoc fixes.
 2021-01-19 08:24:24 +01:00
Marcono1234
703336a77f Add ArrayInit.getSize(), improve documentation 2021-01-18 16:44:53 +01:00
luchua-bc
32c54628f8 Drop fieldName from the function for runtime evaluation 2021-01-15 12:33:00 +00:00
luchua-bc
e5a703e49c Revamp the query 2021-01-15 04:05:11 +00:00
Anders Schack-Mulligen
29935e1388 Merge pull request #4771 from intrigus-lgtm/split-cwe-295 
Java: Add unsafe hostname verification query and remove existing overlapping query
 2021-01-13 11:31:38 +01:00
luchua-bc
babe744a30 Add SECURITY_PROTOCOL check 2021-01-13 03:49:08 +00:00
intrigus
1901f6bf55 Java: Make @id @name of query more similar. 2021-01-12 15:36:55 +01:00
intrigus
85286f362c Java: Replace global flow by local flow 2021-01-11 19:02:07 +01:00
intrigus-lgtm
722bd4dafa Java: Revise qhelp 2021-01-11 18:57:24 +01:00
intrigus-lgtm
4cfdb10ddc Java: Improve QLDoc & simplify code 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-01-11 18:50:43 +01:00
intrigus
5c1e746c96 Java: Rename to EnvReadMethod 2021-01-11 13:42:08 +01:00
intrigus
1eb2b75389 Java: Further reduce FPs, simply Flag2Guard flow 2021-01-11 13:42:08 +01:00
intrigus
b4692734b2 Java: Add QLDoc improve query message 2021-01-11 13:42:08 +01:00
intrigus-lgtm
f4b912cd8a Apply suggestions from doc review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2021-01-11 13:42:08 +01:00
intrigus
e11304a1ca Java: Autoformat 2021-01-11 13:42:08 +01:00
intrigus-lgtm
b8f3e64a0f Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2021-01-11 13:42:08 +01:00
intrigus
502e4c39f5 Java: Fix Qhelp 2021-01-11 13:42:08 +01:00
intrigus-lgtm
355cb6eeec Fix Qhelp format 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2021-01-11 13:42:07 +01:00
intrigus-lgtm
10fc2cf9f8 Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-01-11 13:42:07 +01:00
intrigus
9e2ef9bd74 Java: Filter results by feature flags. 
This ignores results that are guarded by a feature flag
that suggests an intentionally insecure feature.
Inspired by Go's `InsecureFeatureFlag.qll` and
`DisabledCertificateCheck.ql`.
 2021-01-11 13:42:07 +01:00
intrigus
a62a2e58dd Java: Improve QL-Doc 2021-01-11 13:42:07 +01:00
intrigus
d98b171998 Java: Make EnvTaintedMethod public + QL-Doc 2021-01-11 13:42:07 +01:00
intrigus
e021158b5f Java: Tighter model of HostnameVerifier#verify 
This more tightly models `HostnameVerifier#verify` previously it
was possible to accidentally match other methods called `verify`.
 2021-01-11 13:42:07 +01:00
intrigus
0a9df07df7 Apply suggestions from review. 2021-01-11 13:42:07 +01:00
intrigus
70b0703952 Java: Remove overlapping code 2021-01-11 13:42:07 +01:00
intrigus
3da1cb0879 Java: Add unsafe hostname verification query 2021-01-11 13:42:07 +01:00
intrigus
8df5d77398 Java: Model HostnameVerifier method 
Model `HostnameVerifier#setDefaultHostnameVerifier`
 2021-01-11 13:42:06 +01:00
Anders Schack-Mulligen
3a2dd8f1ed Merge pull request #4867 from RasmusWL/java-externalapis-taint-step 
Java: Fix taint-step handling for untrusted-data-external-api
 2021-01-11 13:36:59 +01:00
Rasmus Wriedt Larsen
00c253a710 Java: Don't ignore local taint steps (fixup) 2021-01-08 15:29:01 +01:00
Anders Schack-Mulligen
e5b4975450 Merge pull request #4675 from luchua-bc/cleartext-storage-shared-prefs 
Java: Query to detect cleartext storage of sensitive information using Android SharedPreferences
 2021-01-08 12:41:34 +01:00
luchua-bc
606d0946fc Update qldoc 2021-01-07 14:05:12 +00:00