hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity
65,831 Commits 1,740 Branches 165 Tags
78ddb998a2bee3bf4d059e81b47893c760c19494
Commit Graph

1049 Commits

Author SHA1 Message Date
Bt2018
632cb8b666 Simplify CredentialExpr as the AddExpr step is included by TaintTracking::localTaintStep(node1, node2) 2020-05-13 07:55:32 -04:00
Bt2018
d9cc3c6f8d Add a comment for reasoning in why debug and trace are included and other variations are excluded 2020-05-13 07:46:44 -04:00
Bt2018
ffd442a17a Fine tuning criteria 
1. Change the regex pattern from variable contains "url" to variable starts with "url"
2. Add the logging trace method to sink
 2020-05-12 23:24:55 -04:00
Bt2018
491b67e658 Change string concatenation in the source to TaintTracking::Configuration 2020-05-12 22:57:07 -04:00
Bt2018
106c181ab1 Formatting with auto-format 2020-05-12 15:53:29 -04:00
Bt2018
d75841d6a7 Add sample usage and remove unused imports 2020-05-12 13:42:17 -04:00
Artem Smotrakov
bab6f3788e Java: Added a query for unsafe TLS versions 
- Added experimental/Security/CWE/CWE-327/UnsafeTlsVersion.ql
- Added SslLib.qll
- Added a qhelp file with examples
- Added tests in java/ql/test/experimental/Security/CWE/CWE-327
 2020-05-10 19:14:52 +02:00
Grzegorz Golawski
a16295ebc0 Fix typos 2020-05-08 20:13:50 +02:00
Grzegorz Golawski
afea9330b7 Fix the case where user-controlled input is passed as URL to env Hashtable 2020-05-08 00:44:22 +02:00
Grzegorz Golawski
df9921f870 Update according to the review comments 2020-05-07 23:19:13 +02:00
Bt2018
3b1dad84b3 The query help builder will interpret and automatically add the reference so this isn't needed here. And one typo is corrected. 2020-05-04 07:39:45 -04:00
Bt2018
5c803b70c5 The query help builder will interpret and automatically add this reference so this isn't needed here. 2020-05-04 07:05:15 -04:00
Bt2018
a6c9c5117f Update java/ql/src/experimental/CWE-532/SensitiveInfoLog.ql 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2020-05-04 06:58:34 -04:00
Bt2018
a2560656d5 Update java/ql/src/experimental/CWE-532/SensitiveInfoLog.qhelp 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2020-05-04 06:57:42 -04:00
Mithrilwoodrat
a7960c3385 Update java/ql/src/experimental/Security/CWE/CWE-1004/InsecureTomcatConfig.qhelp 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2020-05-04 17:48:41 +08:00
mithrilwoodrat
1053aa4c44 add query to found Tomcat config disables 'HttpOnly' flag 2020-05-04 12:26:03 +08:00
Grzegorz Golawski
f893954ea3 Add Spring LDAP and JMXServiceURL related sinks 2020-05-03 20:51:50 +02:00
Grzegorz Golawski
31a2972eca Remove qlpack.yml as these are not needed 2020-04-27 23:32:48 +02:00
Grzegorz Golawski
0c75330e42 Remove qlpack.yml as these are not needed 2020-04-27 23:31:10 +02:00
Grzegorz Golawski
639aa826ea Remove qlpack.yml as these are not needed 2020-04-27 23:26:59 +02:00
Grzegorz Golawski
d590f3fba8 CodeQL query to detect XSLT injections 2020-04-27 22:35:35 +02:00
Grzegorz Golawski
40fcd4cbe5 Fix references 2020-04-19 20:49:07 +02:00
Grzegorz Golawski
457e2eaf59 CodeQL query to detect OGNL injections 2020-04-19 20:31:57 +02:00
Grzegorz Golawski
af48bc3e57 CodeQL query to detect JNDI injections 2020-04-17 21:45:42 +02:00
luchua-bc
b7f2d32fb0 Address improper URL authorization 2020-04-08 22:41:11 -04:00
luchua-bc
e1a680cd86 Address improper URL authorization 2020-04-08 22:41:11 -04:00
Grzegorz Golawski
1d8da905ac Make the test runnable via codeql test run 2020-04-03 21:44:13 +02:00
ggolawski
79d7ea36ff Update java/ql/src/experimental/Security/CWE/CWE-016/SpringBootActuators.qll 
Co-Authored-By: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2020-04-03 21:36:34 +02:00
Grzegorz Golawski
6ca963a8c8 Fix 2020-04-03 00:30:02 +02:00
Grzegorz Golawski
f05b2af69d Move to experimental 2020-04-03 00:27:51 +02:00
Peter Stöckli
ca80bfda4f Fix tags 2020-04-02 07:43:55 +02:00
Peter Stöckli
36c351dc68 Add input from documentation review 2020-04-01 17:59:45 +02:00
Peter Stöckli
60d5ed9c79 Input from Review 2020-03-31 18:30:00 +02:00
Peter Stöckli
40c3b5468f Fix QHelp/XML syntax 2020-03-30 18:55:14 +02:00
luchua-bc
000d894d99 Include Gradle Logging 2020-03-28 14:00:28 -04:00
luchua-bc
048a33e143 Remove user ids from the check since they get logged a lot and are less sensitive 2020-03-27 19:40:00 -04:00
Peter Stöckli
c6688eb349 Fix OpenStream documentation 2020-03-27 17:08:49 +01:00
Peter Stöckli
3de00443ff Review feeback for OpenStream 2020-03-27 17:06:58 +01:00
Peter Stöckli
5e62a6bebe Move CWE-036 directory to experimental 2020-03-27 15:10:15 +01:00
Anders Schack-Mulligen
75523e4eb8 Java: Fix directory structure in experimental. 2020-03-24 16:47:55 +01:00
luchua-bc
d9327705d2 Fix the issue of mixed tabs and spaces 2020-03-20 08:16:45 -04:00
luchua-bc
dfb42ecf42 Address sensitive info logging 2020-03-20 08:14:48 -04:00
Anders Schack-Mulligen
9fc75f1f92 Merge pull request #2850 from SpaceWhite/CWE-094 
ScriptEngine java code injection
 2020-03-13 13:43:09 +01:00
SpaceWhite
300aee39be nit: add dot to qhelp 2020-03-12 20:38:03 +09:00
SpaceWhite
bb1ea94c54 Nit: Fix qhelp and ql autoformat 2020-03-12 20:35:01 +09:00
SpaceWhite
822bfcd36c Nit: fix qhelp 2020-03-12 20:25:23 +09:00
SpaceWhite
5e912cbf8e Move directory to experimental 2020-03-07 11:55:32 +09:00
SpaceWhite
b7af1645aa Move directory to experimental 2020-03-07 11:49:33 +09:00
yo-h
43bcd5b26c Add guidelines for experimental CodeQL queries and libraries 2020-02-24 15:08:31 -05:00