hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-25 12:22:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
49,027 Commits 1,686 Branches 158 Tags
834fc51a3a16356cfbed0b23e7d09f292fbd0dec
Commit Graph

886 Commits

Author SHA1 Message Date
Tony Torralba
834fc51a3a Update java/ql/src/Security/CWE/CWE-927/SensitiveResultReceiver.ql 2023-02-01 15:26:26 +01:00
Joe Farebrother
74dba953ca Apply suggestions from docs review 
Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com>
 2023-02-01 12:54:19 +00:00
Tony Torralba
cca6a13fbb Update java/ql/src/Security/CWE/CWE-927/SensitiveResultReceiver.qhelp 2023-01-16 14:21:03 +01:00
Joe Farebrother
b565f997a0 Improve qhelp 2023-01-12 11:44:39 +00:00
Joe Farebrother
639c42c9e9 Fix qhelp errors and ql-for-ql errors 2023-01-12 11:44:39 +00:00
Joe Farebrother
f52db7f9a3 Add qhelp 2023-01-12 11:44:39 +00:00
Joe Farebrother
b96edb9c64 Add Sensitive Result Receiver query 2023-01-12 11:44:39 +00:00
Chris Smowton
ef27f9fe96 Replace one more mention of escaping 2023-01-09 10:56:13 +00:00
Chris Smowton
45c732a6f9 Java: improve naming and description of SqlUnescaped.ql 
Since the main thing it's objecting to is concatenation not lack of escaping (in particular it doesn't look for escaping sanitizers), rename and re-describe it accordingly.
 2023-01-09 10:56:13 +00:00
Tony Torralba
345c383acc Fix new Android queries' IDs 2022-12-21 09:36:57 +01:00
Tony Torralba
149cae9603 Merge pull request #10971 from joefarebrother/android-certificate-pinning 
Java: Add Android missing certificate pinning query (CWE-295)
 2022-12-20 11:03:16 +01:00
Tony Torralba
a47ef17a0d Update java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning1.java 
Co-authored-by: Edward Minnix III <egregius313@github.com>
 2022-12-19 18:11:54 +01:00
Edward Minnix III
39a7c7bb12 Merge pull request #11282 from egregius313/egregiu313/webview-addjavascriptinterface 
Java: Query for detecting addJavascriptInterface method calls
 2022-12-19 11:28:45 -05:00
Tony Torralba
624c9ff834 Update java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning1.java 2022-12-19 17:26:41 +01:00
Tony Torralba
0c6ace350f Update java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-12-19 16:24:39 +01:00
Tony Torralba
484a16ce1b Update java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql 2022-12-19 12:10:32 +01:00
Tony Torralba
a880fecc8b Apply suggestions from code review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-12-19 11:56:36 +01:00
Ed Minnix
72484b9483 Change wording of addJavascriptInterface query description 2022-12-14 16:19:03 -05:00
Edward Minnix III
40c759e61a Add @name property 
Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com>
 2022-12-13 16:14:28 -05:00
Edward Minnix III
a2c886d367 Grammar and wording changes from docs review 
Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com>
 2022-12-13 11:57:46 -05:00
Erik Krogh Kristensen
636d5e341c Merge pull request #11652 from erik-krogh/static-useInstanceOf 
Java/C#/GO: Use instanceof in more places
 2022-12-12 17:52:04 +01:00
Edward Minnix III
0ebfee8b11 Merge pull request #11241 from egregius313/egregius313/webview-file-access 
Java: Query to detect Android Webview file access
 2022-12-12 11:12:26 -05:00
erik-krogh
8262fbbfb5 Java/C#/GO: Use instanceof in more places 2022-12-11 18:32:19 +01:00
Edward Minnix III
4278997a2c Reword WebView file access query description 
Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com>
 2022-12-09 11:36:09 -05:00
Edward Minnix III
8c8e71dd82 Grammar, concision, and style edits 
Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com>
 2022-12-09 11:35:02 -05:00
Joe Farebrother
a14ebb7c03 Fixes 2022-12-09 13:41:18 +00:00
Joe Farebrother
603c1c1693 Add the domain used to the alert message 2022-12-09 13:41:18 +00:00
Joe Farebrother
ceb253e6d1 Add qhelp 2022-12-09 13:41:18 +00:00
Joe Farebrother
749ecab6b1 Add security severity 2022-12-09 13:41:18 +00:00
Joe Farebrother
c8aca06190 Implement pinning through a TrustManager 
+ Fix that the query was accidentally placed in experimental
 2022-12-09 13:41:18 +00:00
Edward Minnix III
170c9af9e8 Merge pull request #11238 from egregius313/egregius313/webview-setjavascriptenabled 
Java: Query for detecting enabling Javascript in Android WebSettings
 2022-12-07 09:31:58 -05:00
Ed Minnix
1c81f8d8d5 Apply suggestion from docs review 2022-12-06 15:32:54 -05:00
Mauro Baluda
7c4b76b08b Update InsecureCookie.ql 2022-12-05 12:55:53 +01:00
Mauro Baluda
16d7dc0853 Restrict DF configuration 2022-12-05 11:02:19 +01:00
Ed Minnix
7c4bd509a7 Java: add AssetLoader example to WebView file access documentation 2022-12-02 14:43:52 -05:00
Mauro Baluda
f3f8f35069 Update InsecureCookie.ql 
Support interprocedural setting of cookie security
 2022-12-02 17:37:23 +01:00
Edward Minnix III
55090ecb65 Java: Typos and minor fixes 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2022-12-02 09:17:41 -05:00
Chris Smowton
6e98c67869 Java: fix syntax error in path-injection example fix 2022-12-02 10:04:53 +00:00
Ed Minnix
04829fc38e Java: SQLInjection example for addJavaScriptInterface query 2022-11-30 13:32:28 -05:00
Ed Minnix
d35321f40e Java: change WebView addJavascriptInterface query precision to medium 2022-11-30 11:35:14 -05:00
Ed Minnix
e31521bd14 Java: mention the default negative value for setJavaScriptEnabled 2022-11-30 10:56:17 -05:00
Edward Minnix III
b189e5b365 Java: fix precision in setJavascriptEnabled query 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2022-11-30 10:45:31 -05:00
Ed Minnix
5ac1e012ae Java: Mention AssetLoader in WebView file access query documentation 2022-11-30 10:43:53 -05:00
Ed Minnix
c836c4feb7 Java: Specify default value in WebView file access query 2022-11-30 10:43:05 -05:00
Edward Minnix III
710e012e09 Java: fix precision of Android WebView File access query 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2022-11-30 10:41:45 -05:00
Jami
8a73675483 Merge pull request #11070 from jcogs33/java-regex-injection 
Java: Promote regex injection query from experimental
 2022-11-21 15:04:26 -05:00
Jami Cogswell
9e2ec9d12f apply docs review suggestion 2022-11-21 13:39:46 -05:00
Tony Torralba
2809c3a77c Handle disabled Maven repositories 2022-11-21 10:11:57 +01:00
Joe Farebrother
d6c5132f39 Merge pull request #10684 from joefarebrother/android-keyboard-cache 
Java: Add query for Sensitive Keyboard Cache
 2022-11-16 15:27:44 +00:00
Joe Farebrother
cc960377ac Apply suggestion from docs review 
Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com>
 2022-11-16 10:54:14 +00:00