hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-30 12:18:18 +02:00
Code Issues Packages Projects Releases Wiki Activity
55,910 Commits 1,723 Branches 164 Tags
9053ceb3b7e970abaf92389e762c67d853c581df
Commit Graph

1002 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
a0a9d30286 Java: Fix qltests. 2023-06-09 08:37:35 +02:00
Tony Torralba
6d7234f8ed Merge pull request #13225 from atorralba/atorralba/java/path-injection-mad-sinks-2 
Java: Migrate path injection sinks to models-as-data (simplified)
 2023-06-07 14:27:36 +02:00
erik-krogh
44b6366586 delete old deprecations 2023-06-02 11:58:08 +02:00
Tony Torralba
527fe523a8 Add PathCreation.qll sinks to models-as-data 
The old PathCreation sinks can't be removed because doing so would cause alert wobble in the path injection queries. See their getReportingNode predicates.
 2023-06-02 09:14:35 +02:00
Jami Cogswell
5dbb698481 Java: update open/jdbc-url sink kinds to request-forgery 2023-05-31 15:50:31 -04:00
Jami Cogswell
cb10f4976b Java: update create/read-file sink kinds to path-injection 2023-05-31 15:49:07 -04:00
Tony Torralba
770099f210 Merge branch 'main' into atorralba/java/promote-xxe-experimental-sinks 2023-05-16 09:49:34 +02:00
Jami
3c74c8bbe0 Merge pull request #13019 from jcogs33/jcogs33/url-open-stream-updates 
Java: switch `url-open-stream` sink models to `experimentalSinkModel`
 2023-05-04 15:07:44 -04:00
Jami Cogswell
917268e7e6 Java: activate the models in openstream query 2023-05-03 09:57:45 -04:00
Kasper Svendsen
081085e128 Java: Make implicit this receivers explicit 2023-05-03 13:37:35 +02:00
Tony Torralba
fba61d51ed Remove experimental files 2023-04-26 12:24:30 +02:00
Edward Minnix III
aeff6d3b85 Merge pull request #12808 from egregius313/egregius313/java/dataflow/refactor-experimental 
Java: Refactor experimental queries to new DataFlow API
 2023-04-13 10:58:34 -04:00
Tony Torralba
d7feaf4098 Merge pull request #12685 from atorralba/atorralba/java/command-injection-mad 
Java: Add command-injection sink kind and refactor command injection queries
 2023-04-13 11:38:14 +02:00
Ed Minnix
2edad6ec71 Remove unused import 2023-04-12 20:42:26 -04:00
Ed Minnix
c756bdbc30 Fix naming in SensitiveCookieNotHttpOnly 2023-04-12 20:39:18 -04:00
Ed Minnix
c49bf01dc8 Refactor PermissiveDotRegex.ql 2023-04-12 20:37:36 -04:00
Ed Minnix
5164c2480f Refactor SensitiveCookieNotHttpOnly 2023-04-12 20:37:36 -04:00
Ed Minnix
8f7d8cbcea Refactor timing attack queries 2023-04-12 20:37:36 -04:00
Ed Minnix
597949dbfe Refactor PermissiveDotRegexQuery 2023-04-12 20:37:36 -04:00
Ed Minnix
157b7ceaff Refactor TimingAttackAgainstHeader 2023-04-12 20:37:36 -04:00
Ed Minnix
a186b771ba Refactor JxBrowserWithoutCertValidation 2023-04-12 20:37:35 -04:00
Ed Minnix
ccdd9bce33 Refactor Revocation checking 2023-04-12 20:37:35 -04:00
Ed Minnix
380888e446 Refactor ClientSuppliedIpUsedInSecurityCheck 2023-04-12 20:37:35 -04:00
Ed Minnix
3c85ca9740 Refactor ThreadResourceAbuse 2023-04-12 20:37:35 -04:00
Ed Minnix
da5a719ffc Refactor UnsafeUsageOfClientSideEncryptionVersion 2023-04-12 20:37:35 -04:00
Ed Minnix
e880a5f187 Refactor UnsafeTlsVersion 2023-04-12 20:37:35 -04:00
Ed Minnix
e3f6bc043d Refactor InsecureWebResourceResponse 2023-04-12 20:37:35 -04:00
Ed Minnix
074745315c Refactor SensitiveAndroidFileLeak 2023-04-12 20:37:35 -04:00
Ed Minnix
685a2043a8 Refactor UnsafeReflection 2023-04-12 20:37:35 -04:00
Ed Minnix
13e1cc50c8 Add SpringUrlRedirect 2023-04-12 20:37:35 -04:00
Ed Minnix
30cfbb83b3 Add UncaughtServletException 2023-04-12 20:37:35 -04:00
Ed Minnix
5594e7f6d2 Add SensitiveGetQuery 2023-04-12 20:37:35 -04:00
Ed Minnix
478309c90b Add UnsafeDeserializationRmi 2023-04-12 20:37:35 -04:00
Ed Minnix
e2cfea19b5 Add UnsafeUrlForward 2023-04-12 20:37:35 -04:00
Ed Minnix
d48adbd175 Refactor JsonpInjection 2023-04-12 20:37:35 -04:00
Ed Minnix
8cb5e78832 Refactor XXE files 2023-04-12 20:37:35 -04:00
Ed Minnix
4c80ff03de Refactor UnvalidatedCors 2023-04-12 20:37:35 -04:00
Ed Minnix
d254d91f57 Refactor Injection queries 2023-04-12 20:37:35 -04:00
Ed Minnix
7002ed5303 Refactor InsecureRmiJmxEnvironmentConfiguration 2023-04-12 20:37:35 -04:00
Ed Minnix
6e4e1e52c0 Refactor NFEAndroidDoS 2023-04-12 20:37:35 -04:00
Ed Minnix
94768f425f Refactor HashWithoutSalt 2023-04-12 20:37:35 -04:00
Ed Minnix
cb7391177d Refactor MyBatis queries 2023-04-12 20:37:35 -04:00
Ed Minnix
d528c8461f Refactor XQueryInjection.ql 2023-04-12 20:37:35 -04:00
Ed Minnix
e7cbd493d7 Refactor FilePathInjection 2023-04-12 20:37:35 -04:00
Ed Minnix
47c5db03ab Refactor OpenStream.ql 2023-04-12 20:37:34 -04:00
Ed Minnix
5bd9aae072 Refactor Log4jJndiInjection.ql 2023-04-12 20:37:34 -04:00
Tony Torralba
534725f9eb Add command injection sink kind 2023-03-30 10:17:35 +02:00
Ed Minnix
7262c6a097 Refactor XmlParsers.qll 2023-03-29 22:33:09 -04:00
Ed Minnix
25359d2218 Deprecate execTainted 2023-03-29 11:45:09 -04:00
Ed Minnix
0249890747 Refactor CommandLineQuery.qll 2023-03-29 11:45:09 -04:00