hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 11:46:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
52,937 Commits 1,672 Branches 157 Tags
b9d409279bf38b8e3200c07d453ea1581a78b0fe
Commit Graph

9242 Commits

Author SHA1 Message Date
Jonathan Leitschuh
b9d409279b Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversalRemainder.inc.qhelp 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2023-03-31 23:36:07 -04:00
Jonathan Leitschuh
e641505361 Fix partial path traversal Java example Again 
The original wouldn't compile, and the fix made by #11899 is sub-optimal.
This keeps the entire comparision using the Java `Path` object, which is optimal.

Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
 2023-03-31 23:36:07 -04:00
Edward Minnix III
2b9daed26a Merge pull request #12563 from egregius313/egregius313/refactor-java-libs-to-dataflow-modules 
Java: Refactor Java query libraries to use dataflow modules
 2023-03-31 12:38:14 -04:00
Ed Minnix
800411cd81 More replacing of single-predicate classes to predicate 2023-03-31 10:55:17 -04:00
Ian Lynagh
c1a7d7f825 Merge pull request #12646 from igfoo/igfoo/expanded_args 
Java: Store expanded args in the database
 2023-03-31 15:27:02 +01:00
Ian Lynagh
3d85c4f19c Java: Add another change note 2023-03-31 12:46:10 +01:00
Ian Lynagh
04c09a73a9 Java: Add .md extension to changenote file 2023-03-31 12:40:19 +01:00
Ed Minnix
ac218ba08b Replace private classes with one method to predicates 2023-03-30 22:03:05 -04:00
Edward Minnix III
8e54328315 Merge pull request #12681 from egregius313/egregius313/java/move-configurations-to-libraries 
Java: Move dataflow configurations in queries to `*Query.qll` libraries (part 1)
 2023-03-30 14:33:21 -04:00
Ed Minnix
03078603bf Reinstate private markers on additional predicates 2023-03-30 11:24:33 -04:00
Ed Minnix
684408a493 Fix StringFormat import 2023-03-30 11:20:35 -04:00
Ed Minnix
ecbd3be5e9 Remove private marker 
This class is used in the actual query, so it needs to be exposed.
 2023-03-30 11:08:41 -04:00
Ed Minnix
dba5e9e9e2 Updates to imports 
Make some imports private
Remove unnecessary imports
 2023-03-30 11:03:48 -04:00
Edward Minnix III
c7a049a867 Mark things which can be private as private 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2023-03-30 11:00:00 -04:00
Edward Minnix III
8250e4393c Typos and rewording 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2023-03-30 10:59:12 -04:00
Ian Lynagh
5c50ddce3d Java: Add up/downgrade scripts 2023-03-30 15:53:34 +01:00
Ian Lynagh
69567449de Java: Update stats 2023-03-30 15:53:34 +01:00
Ian Lynagh
b381f00a73 Java: Add changenote for expanded arguments 2023-03-30 15:53:34 +01:00
Ian Lynagh
81a26f0396 Java: Add expanded arguments 2023-03-30 15:53:34 +01:00
Ian Lynagh
f5a2853ab9 Merge pull request #12705 from igfoo/igfoo/integ-extractor-info 
Java: Allow keys to be omitted from ExtractorInformation.ql
 2023-03-30 14:06:41 +01:00
Ed Minnix
58ad8e4292 ExternallyControlledFormatString change note 2023-03-29 22:43:26 -04:00
Ed Minnix
312508e279 Documentation for IntentUriPermissionManipulationQuery 2023-03-29 22:33:10 -04:00
Ed Minnix
cf7aa2e420 Documentation UnsafeDeserializationQuery 2023-03-29 22:33:10 -04:00
Ed Minnix
1a89c3fa7c Documentation for AndroidSensitiveCommunicationQuery 2023-03-29 22:33:10 -04:00
Ed Minnix
1016b7323f Documentation for ConditionalBypassQuery 2023-03-29 22:33:10 -04:00
Ed Minnix
96cf4f16fa Documentation for ExternalAPIs 2023-03-29 22:33:10 -04:00
Ed Minnix
c7fd216c3c Documentation for RsaWithoutOaepQuery 2023-03-29 22:33:10 -04:00
Ed Minnix
11d72ffc1f Documentation for UnsafeContentUriResolutionQuery 2023-03-29 22:33:10 -04:00
Ed Minnix
59b1460c49 Documentation for UnsafeCertTrustQuery 2023-03-29 22:33:09 -04:00
Ed Minnix
a798b1959f Replace flow(_, sink) with flowTo(sink) 2023-03-29 22:33:09 -04:00
Ed Minnix
d24c5071d8 Move private helper method out of module 2023-03-29 22:33:09 -04:00
Ed Minnix
a119b99f92 Documentation additions 2023-03-29 22:33:09 -04:00
Ed Minnix
6a3eadf6cb Refactor ImplicitPendingIntents 2023-03-29 22:33:09 -04:00
Ed Minnix
8621a49645 Remove unnecessary private markers 2023-03-29 22:33:09 -04:00
Ed Minnix
42b582da2f Refactor StaticInitializationVector 2023-03-29 22:33:09 -04:00
Ed Minnix
469ac80d40 Refactor PartialPathTraversal 2023-03-29 22:33:09 -04:00
Ed Minnix
f8e26f1571 Refactor MissingJWTSignatureCheck 2023-03-29 22:33:09 -04:00
Ed Minnix
cae5637d8d Refactor InsufficientKeySize 2023-03-29 22:33:09 -04:00
Ed Minnix
fa2f0dbc3b Refactor InsecureBasicAuth 2023-03-29 22:33:09 -04:00
Ed Minnix
dcd46c2236 Refactor InsecureTrustManager 2023-03-29 22:33:09 -04:00
Ed Minnix
3b2eea2d44 Refactor XxeQuery 2023-03-29 22:33:09 -04:00
Ed Minnix
7262c6a097 Refactor XmlParsers.qll 2023-03-29 22:33:09 -04:00
Ed Minnix
da718610e8 Refactor HttpsUrlsQuery.qll 2023-03-29 22:33:09 -04:00
Ed Minnix
c67b984fff Refactor RandomQuery.qll 2023-03-29 22:33:09 -04:00
Ed Minnix
2698b61514 Refactor HardcodedCredentialsApiCall.qll 2023-03-29 22:33:08 -04:00
Ed Minnix
e8f7e3fcf1 Refactor ExternalAPIs.qll 2023-03-29 22:33:08 -04:00
Ed Minnix
ac8dec740a Refactor UnsafeCertTrustQuery 2023-03-29 22:33:08 -04:00
Ed Minnix
a040ff6997 Refactor ConditionalBypass 2023-03-29 22:33:08 -04:00
Ed Minnix
aa7934161a Refactor CleartextStorage libraries 2023-03-29 22:33:08 -04:00
Ed Minnix
b4130e650d Refactor RegexFlowConfigs.qll 2023-03-29 22:33:08 -04:00