hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-22 19:02:59 +01:00
Code Issues Packages Projects Releases Wiki Activity
54,128 Commits 1,685 Branches 158 Tags
aff299eafdc98fa0f3960b5301c60fbcb8879f05
Commit Graph

1064 Commits

Author SHA1 Message Date
Ed Minnix
aff299eafd Add ExecTaintedLocal 2023-05-04 10:14:59 -04:00
Ed Minnix
b39d5088de Add InsecureCookieQuery 2023-05-04 10:14:59 -04:00
Ed Minnix
be24b29e7a Add UrlRedirectLocalQuery.qll 2023-05-04 10:14:59 -04:00
Ed Minnix
0249187282 Add ExternallyControlledFormatStringLocalQuery.qll 2023-05-04 10:14:59 -04:00
Ed Minnix
5834e4ac52 Add UrlRedirectQuery.qll 2023-05-04 10:14:59 -04:00
Ed Minnix
cc22a7d4b4 Add XssLocalQuery 2023-05-04 10:14:59 -04:00
Ed Minnix
c2b6a3f4e0 Add XPathInjectionQuery 2023-05-04 10:14:59 -04:00
Ed Minnix
c15ce27957 Add SqlConcatenatedQuery 2023-05-04 10:14:59 -04:00
Ed Minnix
1af6d5f7b3 Add TaintedPermissionsCheckQuery 2023-05-04 10:14:59 -04:00
Kasper Svendsen
081085e128 Java: Make implicit this receivers explicit 2023-05-03 13:37:35 +02:00
Ed Minnix
ea54ea47b1 Deprecate sensitiveResultReceiver 2023-04-13 23:06:16 -04:00
Ed Minnix
cd661f1d9f Refactor SensitiveResultReceiver 2023-04-13 23:06:16 -04:00
Ed Minnix
735a7383c6 Refactor HardcodedCredentialsSourceCall 2023-04-13 23:06:16 -04:00
Tony Torralba
d7feaf4098 Merge pull request #12685 from atorralba/atorralba/java/command-injection-mad 
Java: Add command-injection sink kind and refactor command injection queries
 2023-04-13 11:38:14 +02:00
Jonathan Leitschuh
b9d409279b Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversalRemainder.inc.qhelp 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2023-03-31 23:36:07 -04:00
Jonathan Leitschuh
e641505361 Fix partial path traversal Java example Again 
The original wouldn't compile, and the fix made by #11899 is sub-optimal.
This keeps the entire comparision using the Java `Path` object, which is optimal.

Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
 2023-03-31 23:36:07 -04:00
Edward Minnix III
2b9daed26a Merge pull request #12563 from egregius313/egregius313/refactor-java-libs-to-dataflow-modules 
Java: Refactor Java query libraries to use dataflow modules
 2023-03-31 12:38:14 -04:00
Ed Minnix
684408a493 Fix StringFormat import 2023-03-30 11:20:35 -04:00
Tony Torralba
3102199a69 Make LocalUserInputToArgumentToExecFlowConfig and LocalUserInputToArgumentToExecFlow importable 2023-03-30 10:24:23 +02:00
Tony Torralba
534725f9eb Add command injection sink kind 2023-03-30 10:17:35 +02:00
Ed Minnix
6a3eadf6cb Refactor ImplicitPendingIntents 2023-03-29 22:33:09 -04:00
Ed Minnix
42b582da2f Refactor StaticInitializationVector 2023-03-29 22:33:09 -04:00
Ed Minnix
469ac80d40 Refactor PartialPathTraversal 2023-03-29 22:33:09 -04:00
Ed Minnix
f8e26f1571 Refactor MissingJWTSignatureCheck 2023-03-29 22:33:09 -04:00
Ed Minnix
cae5637d8d Refactor InsufficientKeySize 2023-03-29 22:33:09 -04:00
Ed Minnix
fa2f0dbc3b Refactor InsecureBasicAuth 2023-03-29 22:33:09 -04:00
Ed Minnix
dcd46c2236 Refactor InsecureTrustManager 2023-03-29 22:33:09 -04:00
Ed Minnix
da718610e8 Refactor HttpsUrlsQuery.qll 2023-03-29 22:33:09 -04:00
Ed Minnix
2698b61514 Refactor HardcodedCredentialsApiCall.qll 2023-03-29 22:33:08 -04:00
Ed Minnix
e8f7e3fcf1 Refactor ExternalAPIs.qll 2023-03-29 22:33:08 -04:00
Ed Minnix
ac8dec740a Refactor UnsafeCertTrustQuery 2023-03-29 22:33:08 -04:00
Ed Minnix
a040ff6997 Refactor ConditionalBypass 2023-03-29 22:33:08 -04:00
Ed Minnix
e5f11d00a7 Refactor CWE-502/UnsafeDeserialization 2023-03-29 22:33:08 -04:00
Ed Minnix
9afa051621 Move ExternallyControlledFormatStringFlow to Query.qll 2023-03-29 17:59:34 -04:00
Ed Minnix
3eaa94a5d2 Move ResponseSplitting configuration to ResponseSplittingQuery.qll 2023-03-29 17:59:33 -04:00
Ed Minnix
e3af8b2c7f Move LdapInjectionLib to LdapInjectionQuery.qll 2023-03-29 17:59:33 -04:00
Ed Minnix
1add692643 Move XssConfig to XssQuery.qll 2023-03-29 17:59:33 -04:00
Ed Minnix
19a94a5c13 Move InsecureBeanValidation configuration to Query.qll 2023-03-29 17:59:33 -04:00
Ed Minnix
367042bcff Move ZipSlip configurations to Query.qll library 2023-03-29 17:59:33 -04:00
Ed Minnix
ce2cab0d2e Move TaintedPath configurations to Query.qll 2023-03-29 17:59:33 -04:00
Ed Minnix
a3c1d08a59 Fix ExecUnescaped 2023-03-29 11:45:09 -04:00
Ed Minnix
25359d2218 Deprecate execTainted 2023-03-29 11:45:09 -04:00
Ed Minnix
0249890747 Refactor CommandLineQuery.qll 2023-03-29 11:45:09 -04:00
Edward Minnix III
117a983423 Merge pull request #12639 from egregius313/egregius313/java/refactor-injection-queries 
Java: Refactor injection queries to new dataflow API
 2023-03-29 11:02:18 -04:00
Tony Torralba
ce191e1f9f Fix InsecureLdapAuth tags 2023-03-28 17:10:33 +02:00
Ed Minnix
3d033fd727 Fix SqlConcatenated 2023-03-27 13:06:31 -04:00
Ed Minnix
9bfb13b942 Update to the Global/flow* api 2023-03-27 12:26:18 -04:00
Edward Minnix III
106e5e7145 Docs review suggestion 
Co-authored-by: Sarita Iyer <66540150+saritai@users.noreply.github.com>
 2023-03-27 12:16:44 -04:00
Edward Minnix III
43d79dc5b8 Apply docs review suggestions 
Co-authored-by: Sarita Iyer <66540150+saritai@users.noreply.github.com>
 2023-03-27 12:16:44 -04:00
Ed Minnix
658c54a18f Change names of configuration to fit new naming convention 2023-03-27 12:16:44 -04:00