hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-01 21:34:50 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,921 Commits 1,697 Branches 161 Tags
9e87f4ec4e1e97baafa7b2677aeb87e8dd7d82e7
Commit Graph

1860 Commits

Author SHA1 Message Date
haby0
eeae91e620 Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-10 09:48:55 +08:00
haby0
046aeaa38c Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-10 09:37:29 +08:00
haby0
8b756d7f1b Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-10 09:27:03 +08:00
haby0
650446f761 Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-10 09:26:32 +08:00
haby0
a5ebe8c600 Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-10 09:26:08 +08:00
porcupineyhairs
8687c5c145 Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-10 04:18:35 +05:30
haby0
8a7d28a2ed Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-10 04:29:49 +08:00
haby0
4c21980d4f Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-10 04:29:30 +08:00
haby0
9635a36044 Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-10 04:29:06 +08:00
haby0
760231c004 Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-10 04:28:17 +08:00
haby0
c77c7b0a98 Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-10 04:27:16 +08:00
haby0
837f20108d Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-10 04:25:43 +08:00
haby0
157e4670fd Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.qhelp 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-10 04:25:11 +08:00
haby0
79c1374925 Update java/ql/src/semmle/code/java/frameworks/Servlets.qll 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-10 04:24:49 +08:00
haby0
1510048f7a Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.qhelp 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-10 04:23:13 +08:00
haby0
d8165145c7 Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.qhelp 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-10 04:22:44 +08:00
haby0
ebd38eaf3b Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.qhelp 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-10 04:22:08 +08:00
haby0
b8c11503f0 Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.qhelp 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-10 04:21:49 +08:00
luchua-bc
4e3791dc0d Remove LoadCredentialsConfiguration and update qldoc 2021-04-09 19:36:35 +00:00
luchua-bc
04b0682bbf Use isAdditionalTaintStep and make the query more readable 2021-04-09 16:14:51 +00:00
Tom Hvitved
fd8f745468 Java: Adopt shared flow summary library and refactor data-flow nodes. 2021-04-09 16:57:03 +02:00
Tom Hvitved
f130616369 Data flow: Make getLocalCc private again 2021-04-09 16:22:58 +02:00
Anders Schack-Mulligen
701e815368 Merge pull request #5628 from hvitved/java/remove-unique 
Java: Remove `unique` wrapper from `DataFlow::Node::getEnclosingCallable()`
 2021-04-09 15:21:26 +02:00
Tom Hvitved
6874b8d4b3 Data flow: Prevent bad join-order in pathStep 2021-04-09 14:24:47 +02:00
luchua-bc
11304b2ae1 Update qldoc and change the wrapper method implementation 2021-04-09 02:21:59 +00:00
Artem Smotrakov
b39a3ab12c Added setVariable() sink 2021-04-08 20:41:43 +03:00
Anders Schack-Mulligen
6109ef5e88 Merge pull request #5475 from Marcono1234/marcono1234/minus-literal 
Java: Improve documentation regarding minus in front of numeric literals
 2021-04-08 16:11:14 +02:00
Anders Schack-Mulligen
d42a01cb3a qldoc fixup 2021-04-08 15:45:21 +02:00
haby0
3f0a3266aa [Java] CWE-348: Use of less trusted source 2021-04-08 17:14:03 +08:00
Tom Hvitved
2faf52b6bd Java: Remove unique wrapper from DataFlow::Node::getEnclosingCallable()` 2021-04-08 10:07:19 +02:00
Artem Smotrakov
a764a79090 Always bind arguments in TaintPropagatingCall 2021-04-07 21:12:21 +03:00
Artem Smotrakov
c13ee0859a LambdaExpression should extend JakartaType 2021-04-07 21:02:21 +03:00
Artem Smotrakov
3d8e173c57 Removed a reference to Apache Commons EL 2021-04-07 20:59:07 +03:00
Artem Smotrakov
80ac2aff26 Fixed typos 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-04-07 20:55:03 +03:00
luchua-bc
1349bf7b0b Create a .qll file to reuse the code and add check of Spring properties 2021-03-30 11:25:29 +00:00
haby0
0775d35591 update VerificationMethodFlowConfig, add if test 2021-03-29 12:02:37 +08:00
luchua-bc
5ce3f9d6ff Update qldoc and enhance the query 2021-03-28 16:10:35 +00:00
luchua-bc
a53cbc1631 Update qldoc and make the query more readable 2021-03-27 00:11:01 +00:00
luchua-bc
a72b1340eb Add a comment on how to run the query 2021-03-26 16:51:43 +00:00
Anders Schack-Mulligen
506c95d098 Merge pull request #5372 from smowton/smowton/feature/commons-lang-models-to-csv 
Java: Convert existing Commons Lang models to CSV
 2021-03-26 10:18:23 +01:00
luchua-bc
d33b04cd96 Query to detect plaintext credentials in Java properties files 2021-03-26 02:33:40 +00:00
Porcuiney Hairs
2ca95166d9 Java : add query to detect insecure loading of Dex File 2021-03-26 01:59:11 +05:30
Chris Smowton
eaa2d4d831 Stop using wildcard Argument 
All instances are replaced with a specific Argument or range.
 2021-03-25 15:42:35 +00:00
Chris Smowton
2f34588770 Constructor models: use Argument[-1] for the result, not ReturnValue 2021-03-25 15:23:08 +00:00
Anders Schack-Mulligen
28fb0edfbe Merge pull request #4920 from luchua-bc/java/hash-without-salt 
Java: Query to detect hash without salt
 2021-03-25 16:13:26 +01:00
Chris Smowton
a5220bf616 Convert StrBuilder models to CSV 2021-03-25 15:11:52 +00:00
Chris Smowton
25a0e09130 Convert StringUtils models to CSV 2021-03-25 15:11:52 +00:00
Chris Smowton
1beac06236 Translate ArrayUtils models to CSV 2021-03-25 15:11:51 +00:00
Chris Smowton
7fb5bd0cab Add tests for and slightly expand models of Commons Lang's ArrayUtils class 2021-03-25 15:11:51 +00:00
Anders Schack-Mulligen
344c2d3c3d Update java/ql/src/experimental/Security/CWE/CWE-759/HashWithoutSalt.ql 2021-03-25 15:42:57 +01:00