hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 03:36:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
53,343 Commits 1,672 Branches 157 Tags
88eb0231c1569042acc3c51a3a69f7bf8606a0bf
Commit Graph

9342 Commits

Author SHA1 Message Date
Ed Minnix
88eb0231c1 Refactor taintedString.ql test 2023-04-13 23:06:16 -04:00
Ed Minnix
cd661f1d9f Refactor SensitiveResultReceiver 2023-04-13 23:06:16 -04:00
Ed Minnix
735a7383c6 Refactor HardcodedCredentialsSourceCall 2023-04-13 23:06:16 -04:00
Jami
0442072a59 Merge pull request #12820 from jcogs33/jcogs33/update-hq-manual-provenance 
Java: update provenance of `Connection#nativeSQL` sink to "hq-manual"
 2023-04-13 11:59:39 -04:00
Edward Minnix III
aeff6d3b85 Merge pull request #12808 from egregius313/egregius313/java/dataflow/refactor-experimental 
Java: Refactor experimental queries to new DataFlow API
 2023-04-13 10:58:34 -04:00
Jami Cogswell
108b7a38aa Java: update provenance to hq-manual 2023-04-13 10:24:24 -04:00
Michael Nebel
52bc43b22b Merge pull request #12595 from michaelnebel/enhanceprovenance 
Java/C# : Enhance provenance.
 2023-04-13 14:27:53 +02:00
Alex Ford
8c46bfd051 Merge pull request #12816 from github/rc/3.9 
Merge `rc/3.9` into `main`
 2023-04-13 12:35:41 +01:00
Tony Torralba
4c6df3fdb9 Merge pull request #12813 from atorralba/atorralba/java/sensitive-expr-fix-and-tests 
Java: Add tests for SensitiveActions and fix getCommonSensitiveInfoRegex
 2023-04-13 13:13:37 +02:00
Tony Torralba
7d0680a280 Update JsonpInjection test expectations 2023-04-13 12:06:54 +02:00
Tony Torralba
d7feaf4098 Merge pull request #12685 from atorralba/atorralba/java/command-injection-mad 
Java: Add command-injection sink kind and refactor command injection queries
 2023-04-13 11:38:14 +02:00
Tony Torralba
4f2ffccc20 Improve change note 2023-04-13 11:14:57 +02:00
Tony Torralba
99b0624e8b Add change note 2023-04-13 10:35:59 +02:00
Tony Torralba
485709a133 Fix getCommonSensitiveInfoRegex 2023-04-13 10:33:03 +02:00
Tony Torralba
84971c8687 Add SensitiveActions tests 2023-04-13 10:32:23 +02:00
Michael Nebel
169d8d5cf9 Java: All ai-generated models have been manually verified. 2023-04-13 09:21:06 +02:00
Michael Nebel
dc8a31f2c5 C#/Java: Update dataflow model generator related comments to include provenance. 2023-04-13 09:21:06 +02:00
Michael Nebel
de7f486cb1 C#/Java: Update model converter queries. 2023-04-13 09:21:06 +02:00
Michael Nebel
574f568c26 Java: Update model generator expected output. 2023-04-13 09:21:06 +02:00
Michael Nebel
df7d58d101 Java: Adjust model generator printing to the new provenance. 2023-04-13 09:21:06 +02:00
Michael Nebel
6593991c13 Java/C#: Update generated models to have provenance df-generated. 2023-04-13 09:21:05 +02:00
Michael Nebel
03482e5e59 Java/C#: Update the internal documentation. 2023-04-13 09:21:05 +02:00
Michael Nebel
54e55e2262 Java: Introduce more provenance values. 2023-04-13 09:21:04 +02:00
Michael Nebel
efc0650b86 Java: Set the provenance default to manual. 2023-04-13 09:21:04 +02:00
Ed Minnix
2edad6ec71 Remove unused import 2023-04-12 20:42:26 -04:00
Ed Minnix
c756bdbc30 Fix naming in SensitiveCookieNotHttpOnly 2023-04-12 20:39:18 -04:00
Ed Minnix
c49bf01dc8 Refactor PermissiveDotRegex.ql 2023-04-12 20:37:36 -04:00
Ed Minnix
5164c2480f Refactor SensitiveCookieNotHttpOnly 2023-04-12 20:37:36 -04:00
Ed Minnix
8f7d8cbcea Refactor timing attack queries 2023-04-12 20:37:36 -04:00
Ed Minnix
597949dbfe Refactor PermissiveDotRegexQuery 2023-04-12 20:37:36 -04:00
Ed Minnix
157b7ceaff Refactor TimingAttackAgainstHeader 2023-04-12 20:37:36 -04:00
Ed Minnix
a186b771ba Refactor JxBrowserWithoutCertValidation 2023-04-12 20:37:35 -04:00
Ed Minnix
ccdd9bce33 Refactor Revocation checking 2023-04-12 20:37:35 -04:00
Ed Minnix
380888e446 Refactor ClientSuppliedIpUsedInSecurityCheck 2023-04-12 20:37:35 -04:00
Ed Minnix
3c85ca9740 Refactor ThreadResourceAbuse 2023-04-12 20:37:35 -04:00
Ed Minnix
da5a719ffc Refactor UnsafeUsageOfClientSideEncryptionVersion 2023-04-12 20:37:35 -04:00
Ed Minnix
e880a5f187 Refactor UnsafeTlsVersion 2023-04-12 20:37:35 -04:00
Ed Minnix
e3f6bc043d Refactor InsecureWebResourceResponse 2023-04-12 20:37:35 -04:00
Ed Minnix
074745315c Refactor SensitiveAndroidFileLeak 2023-04-12 20:37:35 -04:00
Ed Minnix
685a2043a8 Refactor UnsafeReflection 2023-04-12 20:37:35 -04:00
Ed Minnix
13e1cc50c8 Add SpringUrlRedirect 2023-04-12 20:37:35 -04:00
Ed Minnix
30cfbb83b3 Add UncaughtServletException 2023-04-12 20:37:35 -04:00
Ed Minnix
5594e7f6d2 Add SensitiveGetQuery 2023-04-12 20:37:35 -04:00
Ed Minnix
478309c90b Add UnsafeDeserializationRmi 2023-04-12 20:37:35 -04:00
Ed Minnix
e2cfea19b5 Add UnsafeUrlForward 2023-04-12 20:37:35 -04:00
Ed Minnix
d48adbd175 Refactor JsonpInjection 2023-04-12 20:37:35 -04:00
Ed Minnix
8cb5e78832 Refactor XXE files 2023-04-12 20:37:35 -04:00
Ed Minnix
4c80ff03de Refactor UnvalidatedCors 2023-04-12 20:37:35 -04:00
Ed Minnix
d254d91f57 Refactor Injection queries 2023-04-12 20:37:35 -04:00
Ed Minnix
7002ed5303 Refactor InsecureRmiJmxEnvironmentConfiguration 2023-04-12 20:37:35 -04:00