hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-21 06:57:09 +01:00
Code Issues Packages Projects Releases Wiki Activity
22,399 Commits 1,712 Branches 163 Tags
8553ca1019e0ca29ec8a6c5feea61876e9890d89
Commit Graph

2260 Commits

Author SHA1 Message Date
Tony Torralba
8553ca1019 Autoformatting 2021-05-10 15:42:20 +02:00
Tony Torralba
d99b5bfc66 Reuse previous tests from experimental 2021-05-10 11:17:20 +02:00
Tony Torralba
c70503142f Require JS enabled even when cross-origin access is enabled in the webviews 2021-05-10 09:45:59 +02:00
Tony Torralba
6884edf52a Merge branch 'main' into atorralba/promote-unsafe-android-webview-fetch 2021-05-07 16:31:55 +02:00
Tony Torralba
1f1a1bdb41 Remove unnecessary CWE reference 2021-05-07 16:29:00 +02:00
Tony Torralba
dcee1daa31 Mark spurious test results 2021-05-07 13:17:04 +02:00
Tony Torralba
e6b7da1926 Add import for Android sinks in ExternalFlow 2021-05-07 12:41:39 +02:00
Tony Torralba
e2e65aca3c Add new sink for Android XSS 2021-05-07 12:25:19 +02:00
Tony Torralba
2a501956b3 Mark a MISSING test result as suggested in code review 2021-05-07 11:17:51 +02:00
Tony Torralba
b69be30b88 Fix imports as suggested in code review 2021-05-07 11:07:06 +02:00
Tony Torralba
f16605b3c1 Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2021-05-06 15:17:55 +02:00
Tony Torralba
b69261727d Add a new test for 2021-05-06 13:26:25 +02:00
Tony Torralba
1f1f85aeb5 Add change note and fix some QLDocs 2021-05-06 13:13:23 +02:00
Tony Torralba
f1fab854c4 Fix tests for XXE, introduced a dependency with jaxen 2021-05-06 12:11:55 +02:00
Tony Torralba
e14294a2f7 Remove XSS sink since it's better handled in this query 2021-05-06 11:20:37 +02:00
Tony Torralba
84504a88e4 Fix tests by adding AndroidManifest.xml 2021-05-06 10:55:56 +02:00
Tony Torralba
76468559ba Add safe example for dom4j 2021-05-06 10:17:25 +02:00
Tony Torralba
926fedb7fb Update java/ql/test/query-tests/security/CWE-643/XPathInjectionTest.java 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-05-06 09:18:50 +02:00
Tony Torralba
00a7576679 Rename XPath Injection test file 2021-05-06 09:18:50 +02:00
Tony Torralba
8af7f4a484 New sinks and test cases 2021-05-06 09:18:49 +02:00
Tony Torralba
ccb3ea4453 Fix XPath Injection tests classpath 2021-05-06 09:18:49 +02:00
Tony Torralba
509fc8a640 Add missing docs to stubs 2021-05-06 09:18:49 +02:00
Tony Torralba
26c3ff2cee Move from experimental to standard 2021-05-06 09:18:49 +02:00
Tony Torralba
215118c7ea Fixes in QLDocs and imports 2021-05-06 09:18:49 +02:00
Tony Torralba
720b5d6da3 Refactored sto use CSV sink model. Also, added more sinks 2021-05-06 09:18:49 +02:00
Tony Torralba
ab62bb66f4 Consider second parameter of Node.selectNodes 2021-05-06 09:18:49 +02:00
Tony Torralba
d72dd9b861 javax.xml.xpath.XPath is an interface 2021-05-06 09:18:49 +02:00
Tony Torralba
2bb2baf6f7 Support more methods that evaluate XPath expressions 2021-05-06 09:18:49 +02:00
Tony Torralba
3705970bfd Refactored XPath.qll to remove redundant classes and restrict visibility 2021-05-06 09:18:49 +02:00
Tony Torralba
d739a8cac2 Moved configuration from XPath.qll back to XPath Injection query 2021-05-06 09:18:48 +02:00
Tony Torralba
ee269fbc69 Added missing doc comments 2021-05-06 09:18:48 +02:00
Tony Torralba
fb3e56eac8 Fix imports and stubs so that tests pass 2021-05-06 09:18:48 +02:00
Tony Torralba
a62997463f Remove unused imports; use set literals in hasName 2021-05-06 09:18:48 +02:00
Tony Torralba
ed5619498c WIP: XPath Injection promotion 2021-05-06 09:18:48 +02:00
Tony Torralba
a706046a19 Reestructured test 2021-05-06 09:17:53 +02:00
Tony Torralba
c138ed3e4d QLDocs 2021-05-05 16:51:15 +02:00
Tony Torralba
03ce8d689f Refactored to use CSV sink model 2021-05-05 16:34:30 +02:00
Felicity Chapman
8b2009cfb1 Minor updates to qhelp file 2021-05-05 12:36:29 +01:00
Tony Torralba
9b78cee37a Add tests 2021-05-05 11:59:57 +02:00
Tony Torralba
be50e8f30c Moved from experimental to standard 2021-05-05 11:59:49 +02:00
Tony Torralba
458b89bf5f Added Android stubs 2021-05-05 11:57:01 +02:00
Anders Schack-Mulligen
5bcf810a7c Merge pull request #5821 from JarLob/patch-1 
Update UncaughtServletException.qhelp
 2021-05-04 10:39:02 +02:00
Anders Schack-Mulligen
9ee9186a1a Merge pull request #5825 from github/yo-h/java-diagnostic-queries 
Java: split extractor diagnostics query into two
 2021-05-04 10:12:32 +02:00
yo-h
edf1a90161 Java: split extractor diagnostics query into two 2021-05-03 20:27:07 -04:00
Jaroslav Lobačevski
38bce39baa Update UncaughtServletException.qhelp 
There is no single word in https://cwe.mitre.org/data/definitions/600.html about possible DoS or unexpected state.
 2021-05-03 15:06:57 +03:00
Chris Smowton
b2c0259197 Merge pull request #5631 from haby0/UseOfLessTrustedSource 
[Java] CWE-348: Using a client-supplied IP address in a security check
 2021-04-30 15:20:53 +01:00
haby0
fdcc517b9f UseOfLessTrustedSource -> ClientSuppliedIpUsedInSecurityCheck" 2021-04-30 17:43:34 +08:00
haby0
f41301f8f5 Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.java 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-30 16:55:17 +08:00
haby0
0691cac5ab Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSourceLib.qll 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-30 16:54:41 +08:00
haby0
8142810455 Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.qhelp 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-30 16:54:28 +08:00