hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-04 10:10:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
18,065 Commits 1,673 Branches 157 Tags
ac6d4aac9d5377f382c7b4e438aa72115e487dcc
Commit Graph

141 Commits

Author SHA1 Message Date
Porcupiney Hairs
0a028dcb47 Java : Refactor all instances of java.net.URI into TypeUri 2020-11-04 18:23:26 +05:30
Anders Schack-Mulligen
22b4df0f3c Merge pull request #4512 from luchua-bc/sensitive-broadcast 
Java: Sensitive broadcast
 2020-11-04 10:47:48 +01:00
Anders Schack-Mulligen
26495225e0 Update java/ql/src/experimental/Security/CWE/CWE-927/SensitiveBroadcast.qhelp 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2020-11-04 10:05:55 +01:00
luchua-bc
f8fd2ea821 Add qldoc and autoformat query 2020-11-03 12:23:40 +00:00
luchua-bc
5a6339c1af Remove userid from the regex 2020-10-29 15:46:05 +00:00
luchua-bc
90d11812be Update the regex to be the original one 2020-10-29 13:04:15 +00:00
luchua-bc
908d659906 Minor updates 2020-10-28 20:23:22 +00:00
luchua-bc
99c79f4aa3 Enhance the dataflow sink and update test cases 2020-10-28 03:07:01 +00:00
luchua-bc
3cc3fe9d37 Switch to TaintPreservingCallable and add test cases 2020-10-28 00:33:07 +00:00
luchua-bc
07830aae05 Fix typo 2020-10-25 22:34:15 +00:00
luchua-bc
d9c140dc6c Enhance the query to use sanitizer and null/empty array flow 2020-10-25 15:33:09 +00:00
luchua-bc
478771ccc5 Fix issues with method signature check 2020-10-21 02:49:53 +00:00
luchua-bc
2c2aab6ffc Sensitive broadcast 2020-10-19 16:16:13 +00:00
Chris Smowton
5a480bfb13 Give query an id and PathGraph query predicates 2020-10-16 16:19:58 +01:00
luchua-bc
6f6ec9d51a Change the source class type and simplify the data-flow step 2020-10-15 14:53:32 +01:00
luchua-bc
f5e9690594 Update the doc comments 2020-10-15 14:53:32 +01:00
luchua-bc
c7750fd8c2 Fine tune the query 2020-10-15 14:53:32 +01:00
luchua-bc
5338332648 Enhance the query and add more test cases 2020-10-15 14:53:31 +01:00
luchua-bc
55af37312b Text changes to the help file 2020-10-15 14:53:31 +01:00
luchua-bc
ebc2bd9a58 Text changes to the help file 2020-10-15 14:53:31 +01:00
luchua-bc
bd0c577ffd Unsafe resource loading in Android webview 2020-10-15 14:53:30 +01:00
Chris Smowton
578ea1ae43 Fix OWASP broken links 2020-10-01 13:09:52 +01:00
Rasmus Wriedt Larsen
7a54d0b493 Java: Move files in experiemntal dirs to be consistent 2020-09-02 13:19:21 +02:00
Grzegorz Golawski
5e462a897d Merge branch 'main' into xslt-injection 2020-08-30 22:45:31 +02:00
Anders Schack-Mulligen
3469ad7ca6 Merge pull request #3600 from luchua-bc/java-sensitive-log4j2-logging 
Add Log4J 2 and a new search string secret
 2020-08-13 13:35:52 +02:00
Arthur Baars
5874ecc28b Merge pull request #3976 from luchua-bc/java-unsecure-basic-auth 
Java: Insecure basic authentication
 2020-08-07 21:39:23 +02:00
luchua-bc
b821f918e5 Address issues with matching empty host and host in a concatenated string 2020-08-06 01:53:29 +00:00
luchua-bc
9a8eed8440 Enhance address match 2020-08-05 19:57:31 +00:00
luchua-bc
ff0dacf1d7 Optimize the TaintTracking 2020-08-03 00:52:47 +00:00
luchua-bc
b65a033302 Shorten the regex private domain match 2020-08-01 03:42:13 +00:00
luchua-bc
ff58abb7d3 Revamp the sink code 2020-08-01 03:25:02 +00:00
luchua-bc
81de1b14d9 Revamp the source of path query 2020-07-30 19:16:48 +00:00
Marcono1234
5942bc6a43 Improve InsecureJavaMail.qhelp references 2020-07-29 01:45:27 +02:00
luchua-bc
a91cc9b7ec Convert the query to path-problem 2020-07-28 15:36:12 +00:00
luchua-bc
7f911f00ee Rename to insecure basic auth 2020-07-28 11:40:21 +00:00
luchua-bc
248628b11e Enhance basic auth string search with a recursive method 2020-07-27 20:31:07 +00:00
luchua-bc
3a23451395 Enhance the query 2020-07-27 18:50:47 +00:00
luchua-bc
01fb51829c Unsecure basic authentication 2020-07-24 20:35:09 +00:00
luchua-bc
d6e9b07a9e Add JBoss BasicLogger and SciJava Logger 2020-07-03 22:34:48 +00:00
luchua-bc
6d329bce6e Add Apache Commons Logging and debugv method 2020-07-03 01:13:11 +00:00
intrigus-lgtm
cabd275baa Fix typo, add Oxford comma 2020-07-01 14:49:09 +02:00
Anders Schack-Mulligen
13cb853af5 Merge pull request #3294 from ggolawski/ognl-injection 
CodeQL query to detect OGNL injections
 2020-06-30 09:46:02 +02:00
Anders Schack-Mulligen
d297ce2279 Merge pull request #3436 from artem-smotrakov/revocation-checking 
Java: Added a query for disabled certificate revocation checking
 2020-06-29 16:42:36 +02:00
Anders Schack-Mulligen
b53b90501b Merge pull request #3550 from luchua-bc/java-unsafe-cert-trust 
Java: CWE-273 Unsafe certificate trust
 2020-06-29 16:39:39 +02:00
Grzegorz Golawski
aff0e0eb25 Cleanup according to review comments. 2020-06-27 18:30:36 +02:00
Artem Smotrakov
f5f30ce25e Java: Simplified the query for disabled certificate revocation checking 
Removed a dataflow cofiguration for setting a revocation checker.
Instead, the query just checks if addCertPathChecker() or setCertPathCheckers()
methods are called.
 2020-06-27 11:37:20 +03:00
Artem Smotrakov
a2fa03e4f5 Java: Improved the query for disabled certificate revocation checking 
- Added a taint propagation step for List.of() methods
- Added a testcase with one of the List.of() method
- Simplified conditions
- Fixed typos
 2020-06-27 11:37:20 +03:00
Artem Smotrakov
06e3f101ce Java: Added a query for disabled certificate revocation checking 
- Added experimental/Security/CWE/CWE-299/DisabledRevocationChecking.ql
  The query looks for PKIXParameters.setRevocationEnabled(false) calls.
- Added RevocationCheckingLib.qll
- Added a qhelp file with examples
- Added tests in java/ql/test/experimental/Security/CWE/CWE-299
 2020-06-27 11:37:20 +03:00
luchua-bc
0779aab28f Clean up the QL code 2020-06-24 15:02:16 +00:00
Anders Schack-Mulligen
791f31fa65 Merge pull request #3595 from luchua-bc/j2ee-server-directory-listing 
Java: Add check for J2EE server directory listing
 2020-06-24 16:45:34 +02:00