hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-25 19:33:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
81,256 Commits 1,692 Branches 161 Tags
afa6610cb9978b6a283e5c8dc9700781bf062d6f
Commit Graph

1264 Commits

Author SHA1 Message Date
Jami Cogswell
afa6610cb9 Java: update qhelp 2025-07-18 17:49:54 -04:00
Jami Cogswell
0d2a4222fd Java: add related location to alert message 2025-07-17 19:22:18 -04:00
Jami Cogswell
2bfc4b4ee2 Java: fix test case for version 1.4 
Need the existence of an ApplicationProperties File, not an ApplicationProperties ConfigPair
 2025-07-17 19:22:15 -04:00
Jami Cogswell
1b90a30d45 Java: move code to .qll file 2025-07-17 19:22:11 -04:00
Jami Cogswell
38260e76bf Java: remove deprecation 2025-07-17 19:22:05 -04:00
Jami Cogswell
a39cb40177 Java: copy out of experimental 2025-07-17 19:22:01 -04:00
Kasper Svendsen
425448a10a Fix java/netty-http-request-or-response-splitting overlay compilation regression 2025-07-03 10:47:33 +02:00
Owen Mansel-Chan
538a5af1d1 Merge pull request #19738 from owen-mc/pr/felickz/19530 
Set CWE-134 from 9.3 to 7.3 CVSS score for memory safe languages (#2)
 2025-06-12 10:27:28 +01:00
Ana Scolari
857b51be58 Update ExecUnescaped.ql - causing FPs with hard coded strings 
This query is generating False positives with hard coded strings declared within the function - issue reported by customer. We had a discussion on code_scanning channel on 6/5/25 and the team agreed upon reducing its precision to Medium.
 2025-06-10 16:06:22 -07:00
Chad Bentz
77e49f1f90 Merge branch 'main' into cwe-134 2025-06-06 11:16:10 -04:00
Chad Bentz
8a81aa1762 Set CWE-134 from 9.3 to 7.3 CVSS score for memory safe languages 
- Sync up to score given to javascript/ruby
 2025-05-19 14:43:08 -04:00
Michael Nebel
03ecd24469 Lower the precision of a range of harcoded password queries to remove them from query suites. 2025-05-19 09:26:45 +02:00
Owen Mansel-Chan
cf614a596d Fix cwe tags to include leading zero 2025-04-30 16:43:03 +01:00
Nick Rolfe
361fbba39b Java: fix comma splice in alert message 2025-03-21 14:23:32 +00:00
Owen Mansel-Chan
7702e9da7d Address review comments 2025-03-14 11:44:01 +00:00
Owen Mansel-Chan
a8e993c942 Fix FP for always-locked fields 2025-03-13 15:03:32 +00:00
Jami
ad63dd946c Apply suggestions from docs review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2025-03-10 09:01:04 -04:00
Jami Cogswell
746f022cfa Java: add 'Spring' prefix to public class names 2025-03-04 10:34:16 -05:00
Jami Cogswell
26e396732a Java: edit qhelp 2025-02-24 18:33:43 -05:00
Jami Cogswell
53cb30dcd0 Java: update metadata, move from CWE-016 to CWE-200 2025-02-24 18:33:41 -05:00
Jami Cogswell
8dfb920e05 Java: refactor QL, move code to libraries 2025-02-24 18:24:48 -05:00
Jami Cogswell
8064e8f1f9 Java: convert tests to inline expectations 2025-02-24 18:24:26 -05:00
Jami Cogswell
978834bd9c Java: remove deprecations 2025-02-24 18:24:14 -05:00
Jami Cogswell
2ce5920c5e Java: copy out of experimental 2025-02-24 18:24:12 -05:00
Jami
485ee5c5ed Merge pull request #18692 from jcogs33/jcogs33/spring-csrf-qhelp-update 
Java: update `java/spring-disabled-csrf-protection` QHelp
 2025-02-19 11:39:11 -05:00
Owen Mansel-Chan
dd102c4cea Merge pull request #18645 from fabienpe/main 
Added missing "GOOD" and "BAD" to some examples
 2025-02-13 10:37:39 +00:00
Jami Cogswell
dce89c5419 Java: update qhelp to align with other csrf queries 2025-02-05 10:57:47 -05:00
Jami Cogswell
c6a71cd3fd Java: minor qhelp updates 2025-02-05 10:20:57 -05:00
Jami Cogswell
0367846333 Java: remove token section from qhelp overview 
discussing tokens is not directly relevant to this query's recommendation and examples
 2025-02-04 13:36:15 -05:00
Jami Cogswell
f438282674 Java: rewrite qhelp overview section; aligns with overview section used by Python and Ruby 2025-02-04 13:21:43 -05:00
Jami Cogswell
283c3b1e44 Java: minor qhelp updates 2025-02-04 12:47:19 -05:00
fabienpe
9a37682851 Moved comment to previous line if resulting in long line 2025-02-04 09:48:34 +00:00
Jami Cogswell
516df3b4be Java: qhelp wording updates 2025-02-03 14:52:57 -05:00
fabienpe
a9f107ce06 Added missing "GOOD" and "BAD" to some examples 2025-01-31 15:47:25 +00:00
Jami Cogswell
577152e20f Java: minor qhelp update 2025-01-30 10:14:33 -05:00
Jami Cogswell
ead224c7b2 Java: expand qhelp, include Stapler examples 2025-01-30 10:14:29 -05:00
Jami Cogswell
096f6f88b2 Java: precision to medium 2025-01-30 10:14:27 -05:00
Jami Cogswell
39ccde0c9d Java: add name-based heuristic 2025-01-30 10:13:54 -05:00
Jami Cogswell
0f39011122 Java: add taint-tracking config for execute to exclude FPs from non-update queries like select 2025-01-30 10:13:50 -05:00
Jami Cogswell
df77d4914f Java: initial tests 2025-01-30 10:13:45 -05:00
Jami Cogswell
178b032453 Java: add query 2025-01-30 10:13:43 -05:00
Jami Cogswell
0c6925399d Java: add qhelp 2025-01-30 10:01:39 -05:00
Owen Mansel-Chan
883301938b Merge pull request #18161 from owen-mc/java/weak-crypto-algo-more-informative 
Java: Make `java/weak-cryptographic-algorithm` give  a reason why the algo is insecure
 2025-01-13 23:43:04 +00:00
Owen Mansel-Chan
0f3dd6d8f1 Java: IPA the CFG 2024-12-10 15:26:11 +00:00
Owen Mansel-Chan
e6409e159f Give reason why crypto algorithm is insecure 2024-11-29 11:54:27 +00:00
Jami Cogswell
335c59792c Java: remove unnecessary anchor and update page name 2024-10-18 09:26:56 -04:00
Jami Cogswell
88b7a9fcb5 Java: update qhelp link 2024-10-17 16:38:53 -04:00
Ian Lynagh
41ed6e6695 Java: Deprecate RefType.nestedName(), and add RefType.getNestedName() 2024-09-16 17:16:25 +01:00
erik-krogh
846882d22c delete imports to a deleted file 2024-09-03 20:31:00 +02:00
RobbingDaHood
1cb58922a2 Minor changes to formulations for java/error-message-exposure 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2024-07-29 16:48:15 +02:00