Tamas Vajk
|
9662b47464
|
Move likely test method logic to library
|
2025-03-14 11:36:15 +01:00 |
|
Jami Cogswell
|
5e5bc2afe9
|
Java: remove experimental files
|
2025-02-24 18:24:19 -05:00 |
|
Jami Cogswell
|
0071e1acc2
|
Java: resolve merge conflict
remove import no longer needed since contents of MyBatisMapperXML.qll have been moved to MyBatis.qll
|
2025-01-30 10:19:21 -05:00 |
|
Jami Cogswell
|
b88731df80
|
Java: move contents of MyBatisMapperXML.qll in src to MyBatis.qll in lib so importable, and fix experimental files broken by the move
|
2025-01-30 10:13:27 -05:00 |
|
Michael Nebel
|
c27b611c76
|
Java: Deprecate MyBatisMapperXML as it is only used by experimental queries.
|
2025-01-27 10:22:22 +01:00 |
|
Michael Nebel
|
cc48cec1c7
|
Java: Deprecate experimental model activation.
|
2025-01-27 10:22:17 +01:00 |
|
Michael Nebel
|
e3997f65ed
|
Java: Deprecate experimental queries.
|
2025-01-27 10:22:16 +01:00 |
|
Owen Mansel-Chan
|
0f3dd6d8f1
|
Java: IPA the CFG
|
2024-12-10 15:26:11 +00:00 |
|
Anders Schack-Mulligen
|
f38602e9fe
|
Java: Update references to deleted aliases.
|
2024-12-03 20:08:45 +01:00 |
|
Rasmus Wriedt Larsen
|
8c10155eb7
|
mass rename to ActiveThreatModelSource
|
2024-09-12 10:16:55 +02:00 |
|
Chris Smowton
|
15989ce213
|
Merge pull request #14089 from am0o0/amammad-java-JWT
Java: JWT decoding without verification
|
2024-08-21 14:14:08 +01:00 |
|
am0o0
|
f4764378c9
|
update tests to contain the new source, delete query with local sources
|
2024-08-16 16:15:46 +02:00 |
|
Anders Schack-Mulligen
|
3a9610795b
|
Merge pull request #16808 from JLLeitschuh/patch-8
Align Java CommandInjectionRuntimeExec.ql Severity
|
2024-08-16 15:14:48 +02:00 |
|
am0o0
|
d560c1ea0f
|
fix formatting
|
2024-07-31 11:08:06 +02:00 |
|
am0o0
|
9110df6e80
|
Merge branch 'amammad-java-JWT' of https://github.com/am0o0/codeql into amammad-java-JWT
|
2024-07-31 11:04:24 +02:00 |
|
am0o0
|
c6814fcf47
|
merge duplicate module into a module file
|
2024-07-31 11:04:03 +02:00 |
|
am0o0
|
701e3d7e53
|
add same query but with local source support to comply with the CVE-2021-37580
|
2024-07-31 10:58:22 +02:00 |
|
am0o0
|
40eef25133
|
use more specefic Classes instead of Call
|
2024-07-30 18:07:03 +02:00 |
|
Chris Smowton
|
8f52b2cd95
|
Fix link
|
2024-07-30 12:23:38 +01:00 |
|
Chris Smowton
|
a781522ca0
|
Copyedit documentation
|
2024-07-30 12:19:16 +01:00 |
|
am0o0
|
4dc1a10f71
|
update tests for zip4j, add aditional flow steps for zip4j, remove BombTypeInputStream class since we don't need it anymore, add a predicate which was for testing porpose and was junk
|
2024-07-29 18:10:04 +02:00 |
|
am0o0
|
c8749ff82e
|
Merge branch 'amammad-java-bombs' of https://github.com/am0o0/codeql into amammad-java-bombs
|
2024-07-28 12:15:23 +02:00 |
|
am0o0
|
0593eaad52
|
we don't need ConstructorCall for ZipFile anymore since we have a more accurate sink for this
|
2024-07-28 12:12:07 +02:00 |
|
am0o0
|
cc752113af
|
we don't need TypeInputStreamConstructorArgumentSink anymore
|
2024-07-28 12:09:52 +02:00 |
|
am0o0
|
7689db7d42
|
change apache commons sink
|
2024-07-28 12:09:33 +02:00 |
|
am0o0
|
b5e7716579
|
remove flow states, remove string as sources
|
2024-07-28 11:26:18 +02:00 |
|
am0o0
|
85b02b1399
|
use MethodCall instead of MethodAccess, change query id
|
2024-07-28 10:42:44 +02:00 |
|
am0o0
|
494f0b709e
|
Merge branch 'main' into amammad-java-JWT
|
2024-07-28 10:37:26 +02:00 |
|
am0o0
|
14cf47b906
|
comply with PascalCase/camelCase, remove redundant import
|
2024-07-28 10:28:28 +02:00 |
|
Owen Mansel-Chan
|
9a66e66d66
|
Merge branch 'main' into amammad-java-bombs
|
2024-07-18 21:28:23 +01:00 |
|
am0o0
|
7bb7d83b26
|
remove duplicate sinks
replace some RefType with DecompressionBomb::BombTypeInputStream
|
2024-07-18 20:55:59 +02:00 |
|
am0o0
|
025aa77e79
|
add the snappy missed sink
|
2024-07-13 11:15:45 +02:00 |
|
am0o0
|
8c106964ec
|
remove duplicate parts thanks to @owen-mc
|
2024-07-13 11:11:07 +02:00 |
|
am0o0
|
8ba48e801a
|
fix examples
|
2024-07-13 10:28:19 +02:00 |
|
am0o0
|
dd3cc33298
|
move DecompressionBombsFlow::PathGraph to DecompressionBomb.ql
|
2024-07-13 10:24:07 +02:00 |
|
Am
|
a3b5d2a28d
|
Update java/ql/src/experimental/Security/CWE/CWE-522-DecompressionBombs/DecompressionBomb.qhelp
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
|
2024-07-13 10:20:43 +02:00 |
|
Am
|
4fbf76008e
|
Update java/ql/src/experimental/Security/CWE/CWE-522-DecompressionBombs/DecompressionBomb.qhelp
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
|
2024-07-13 10:20:25 +02:00 |
|
am0o0
|
7a5838f1a2
|
MethodAccess => MethodCall
|
2024-07-09 19:43:22 +02:00 |
|
am0o0
|
e87d2fe922
|
remove redundent imports
|
2024-07-09 19:41:06 +02:00 |
|
am0o0
|
fe1103d997
|
add stubs, upgrade test to inline test, update test files
|
2024-07-04 15:25:36 +02:00 |
|
am0o0
|
a6833945c1
|
remove additional taint steps and flow states
|
2024-07-01 16:07:44 +02:00 |
|
am0o0
|
d31711bd89
|
merge all ne flow sources into one by extending current abstract class
|
2024-07-01 15:16:44 +02:00 |
|
am0o0
|
f1324a413a
|
update qlhelp
|
2024-07-01 15:09:56 +02:00 |
|
Jonathan Leitschuh
|
472cca9221
|
Align Java CommandInjectionRuntimeExec.ql Severity
Align severity with other command injection vulnerabilities:
- 4a448f445e/cpp/ql/src/Security/CWE/CWE-078/ExecTainted.ql (L8)
- 4a448f445e/go/ql/src/Security/CWE-078/CommandInjection.ql (L7)
- 4a448f445e/swift/ql/src/queries/Security/CWE-078/CommandInjection.ql (L7)
- 4a448f445e/javascript/ql/src/Security/CWE-078/CommandInjection.ql (L7)
|
2024-06-21 10:29:27 -04:00 |
|
Michael Nebel
|
b1329fd806
|
Merge pull request #16362 from michaelnebel/java/removelocalqueries
Java: Remove local query variants.
|
2024-05-16 14:34:04 +02:00 |
|
Anders Schack-Mulligen
|
76e740bc1d
|
Java: Clean up some instances of getQualifiedName.
|
2024-05-13 13:06:44 +02:00 |
|
am0o0
|
02b0b402d6
|
remove useless predicate
add missed FlowState
|
2024-05-12 19:29:37 +02:00 |
|
am0o0
|
be03e582c6
|
remove isBarrier
|
2024-05-12 18:17:47 +02:00 |
|
am0o0
|
9fffd7846a
|
remove empty predicates, fix FP for zipFile
|
2024-05-12 18:16:57 +02:00 |
|
am0o0
|
c9daf914cb
|
remove unused predicate
|
2024-05-12 14:09:55 +02:00 |
|