hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-24 08:07:07 +02:00
Code Issues Packages Projects Releases Wiki Activity
31,403 Commits 1,758 Branches 168 Tags
afeb7d1a4aecd0bd43e930d57da3756508ae3dde
Commit Graph

721 Commits

Author SHA1 Message Date
Tony Torralba
7b0d9ea525 Merge pull request #7054 from atorralba/atorralba/promote-log-injection 
Java: Promote Log Injection from experimental
 2022-01-11 17:26:18 +01:00
Tony Torralba
0e738622df Merge branch 'main' into atorralba/promote-log-injection 2022-01-10 17:24:25 +01:00
Tony Torralba
55dc783f28 Move from experimental and refactor 2022-01-10 17:09:37 +01:00
Tony Torralba
6f2d91a8ad Sinks for CloseableThreadContext 2021-12-17 09:17:04 +01:00
Tony Torralba
7d70b77141 Add new sinks and taint steps 2021-12-16 13:43:58 +01:00
Tony Torralba
68a0efaf0c Formatting 2021-12-14 14:53:38 +01:00
Bas van Schaik
d85ed9ea7a Clarify Log4jJndiInjection.ql query help 2021-12-14 12:32:36 +00:00
Tony Torralba
aee617f911 Autoformat 2021-12-14 08:40:30 +01:00
Tony Torralba
1b761b3d12 Apply suggestions from code review 2021-12-13 20:38:06 +01:00
Tony Torralba
ff2f5a5f91 Apply suggestions from code review 
Co-authored-by: Bas van Schaik <5082246+sj@users.noreply.github.com>
 2021-12-13 19:44:38 +01:00
Tony Torralba
d2dc19900f Apply suggestions from code review 
Co-authored-by: Bas van Schaik <5082246+sj@users.noreply.github.com>
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-12-13 19:39:52 +01:00
Tony Torralba
43a10457dd [Java] Query for Log4j JNDI Injection 2021-12-10 17:37:43 +01:00
Chris Smowton
753d886b0d Merge pull request #6319 from haby0/java/MyBatisSqlInjection 
[Java] CWE-089 MyBatis Mapper Sql Injection
 2021-12-09 19:57:18 +00:00
Chris Smowton
75f3ebf051 Fix OTHER XML tag 2021-12-09 17:55:03 +00:00
Chris Smowton
9f69c75c50 Fix XML tag 2021-12-09 17:44:49 +00:00
Chris Smowton
2cd70b96cd Fix doctype 2021-12-09 17:44:08 +00:00
Chris Smowton
470256da85 Copyedit 2021-12-09 15:10:07 +00:00
haby0
8bcbf8e30f rename isMybatisCollectionTypeSqlInjection 2021-12-09 09:16:33 +08:00
haby0
a18aad8536 Fix one 2021-12-08 21:03:17 +08:00
haby0
1d321c692b Refactor isMybatisXmlOrAnnotationSqlInjection 2021-12-08 18:59:55 +08:00
haby0
daf6a4ce07 Partial modification 2 2021-12-04 17:45:02 +08:00
haby0
6c6113b85b Partial modification 2021-12-03 18:59:24 +08:00
haby0
6742beae1b use <code> tags 2021-12-01 16:24:46 +08:00
haby0
08be8edbce Modify according to suggestions 2021-12-01 11:57:57 +08:00
haby0
db04a0dadf New model: SQL injection in MyBatis annotations 2021-11-28 14:43:57 +08:00
Erik Krogh Kristensen
6ff8d4de5c add all remaining explicit this 2021-11-26 13:50:10 +01:00
haby0
04a3f76a8b Eliminate false positives of Mybatis Configuration Variable 2021-11-25 15:47:37 +08:00
haby0
d36a7ed10e add test case 2021-11-25 15:47:32 +08:00
haby0
99c8b291b2 add sink 2021-11-25 15:47:32 +08:00
haby0
b8732859de Add isSanitizerGuard, verify file path 2021-11-25 15:47:31 +08:00
haby0
31400df0d4 Modify sink and improve SQL injection detection 2021-11-25 15:47:30 +08:00
haby0
69690a2509 Modify sinks 2021-11-25 15:47:30 +08:00
haby0
4438f8c58c Add MyBatis Mapper Sql Injection 2021-11-25 15:47:29 +08:00
Chris Smowton
3c8f6e3c07 Merge pull request #6717 from luchua-bc/java/thread-resource-abuse 
Java: CWE-400 - Query to detect uncontrolled thread resource consumption
 2021-11-24 18:59:41 +00:00
Chris Smowton
c74eac4930 Remove needless casts 2021-11-24 12:18:05 +00:00
Chris Smowton
cec91c4831 Update ThreadResourceAbuse.qhelp 2021-11-24 12:15:48 +00:00
Chris Smowton
5101a8e9f3 Fix qhelp test 2021-11-24 12:12:56 +00:00
Chris Smowton
136ecaf49a Abbreviate qhelp example 2021-11-24 12:12:22 +00:00
luchua-bc
e56737e007 Use value step to optimize the taint step and add a test case for Apache file upload listener 2021-11-23 17:15:28 +00:00
luchua-bc
ed78d39d61 Move duplicate code to the shared library and update qldoc 2021-11-23 03:06:26 +00:00
luchua-bc
b6a6ed5ba3 Add a recommendation category query for local user input and check Apache file upload 2021-11-19 04:23:19 +00:00
Erik Krogh Kristensen
011fc20963 use matches instead of regexpMatch 2021-11-18 15:41:25 +01:00
Tony Torralba
6613a98e02 Fix references to logging library 2021-11-04 09:15:57 +01:00
Anders Schack-Mulligen
e6145f04d2 Merge pull request #6966 from atorralba/atorralba/android-explicit-intent-sanitizer 
Android: Add ExplicitIntentSanitizer and allowIntentExtrasImplicitRead
 2021-11-03 10:20:09 +01:00
Tony Torralba
3ea1af3819 Refactor into separate libraries 2021-10-29 17:36:02 +02:00
Marcono1234
bfb9577d15 Java: Deprecate StringLiteral.getRepresentedString() 2021-10-29 14:50:15 +02:00
Tony Torralba
7f15177498 Move from experimental 2021-10-29 10:19:05 +02:00
Tony Torralba
6f7d0b62d7 Add ExplicitIntentSanitizer and allowIntentExtrasImplicitRead 2021-10-26 17:11:27 +02:00
Joe Farebrother
c68a7077d7 Move query and tests out of experimental 2021-10-20 17:09:56 +01:00
Chris Smowton
057d0fb7e0 Rewrite query to use shared StringPrefixes library 2021-10-19 14:45:38 +01:00