hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 10:15:14 +02:00
Code Issues Packages Projects Releases Wiki Activity
43,391 Commits 1,741 Branches 165 Tags
ba3ebeec2ce482be928af517be46db1498b69b4d
Commit Graph

891 Commits

Author SHA1 Message Date
Ahmed Farid
f758ed0d85 Update ComparingValueOfSensetiveHeader.java 2022-02-25 17:33:07 +00:00
ahmed532009
4a9ee5826d Update TimingAttackAgainstHeader.qhelp 2022-02-25 17:33:07 +00:00
ahmed532009
6da9bc593f Rename csrfComparison.java to ComparingValueOfSensetiveHeader.java 2022-02-25 17:33:07 +00:00
ahmed532009
aa488e532f Update csrfComparison.java 2022-02-25 17:33:07 +00:00
Chris Smowton
333130b2a4 Abbreviate isSink 2022-02-25 17:33:07 +00:00
Chris Smowton
80a2b388bf Update TimingAttackAgainstHeader.qhelp 2022-02-25 17:33:07 +00:00
ahmed532009
fa81f43694 Update TimingAttackAgainstHeader.qhelp 2022-02-25 17:33:06 +00:00
ahmed532009
39e07cbc9c Update and rename UnsafecsrfComparison.java to csrfComparison.java 2022-02-25 17:33:06 +00:00
ahmed532009
c6c67b907b Update TimingAttackAgainstHeader.qhelp 2022-02-25 17:33:06 +00:00
ahmed532009
98b06d35af Update TimingAttackAgainstHeader.ql 2022-02-25 17:33:06 +00:00
ahmed532009
bf95e59b24 Update TimingAttackAgainstHeader.qhelp 2022-02-25 17:33:06 +00:00
ahmed532009
ab6a7bb3d8 Update TimingAttackAgainstHeader.ql 2022-02-25 17:33:06 +00:00
root
49feeb1c36 Timing attacks while comparing the headers value 2022-02-25 17:33:06 +00:00
Chris Smowton
01db73bfc7 Merge pull request #5935 from porcupineyhairs/javaSstiNew 
Java : Add SSTI query
 2022-02-23 17:30:02 +00:00
Chris Smowton
a8fe10f353 Java template injection query: import pathgraph 2022-02-23 13:47:24 +00:00
Chris Smowton
50d9945625 Autoformat 2022-02-23 11:41:23 +00:00
Tony Torralba
f011bbc92c Merge pull request #8055 from luchua-bc/java/unsafe-url-forward-with-shared-lib 
CWE-552: Switch to the shared PathSanitizer library
 2022-02-23 11:00:23 +01:00
Porcupiney Hairs
c81d85f321 Include suggestions from review 2022-02-22 23:07:34 +05:30
Porcuiney Hairs
e536628a66 Java : Add SSTI query 2022-02-22 15:57:53 +05:30
Ian Lynagh
7ce9b160d0 Java: Performance tweaks 2022-02-21 17:05:00 +00:00
Asger Feldthaus
a121b73181 Java: update CSV rows to dot-separated syntax 2022-02-21 08:16:55 +01:00
luchua-bc
f136ea0f6f Switch to the shared PathSanitizer library 2022-02-16 16:06:28 +00:00
Tony Torralba
111aabb707 Merge pull request #7712 from luchua-bc/java/file-path-injection 
Java: CWE-073 File path injection with the JFinal framework
 2022-02-16 12:01:34 +01:00
luchua-bc
40bf093d34 Move shared code to the lib folder and update qldoc 2022-02-15 17:28:13 +00:00
luchua-bc
fd533f2ba8 Remove the same callable constraint 2022-02-15 12:44:23 +00:00
Chris Smowton
fd4dc95d84 Merge pull request #6443 from artem-smotrakov/ignored-hostname-verifier 
Java: An experimental query for ignored hostname verification
 2022-02-14 18:56:27 +00:00
Chris Smowton
f2bc5849ce format 2022-02-14 17:00:14 +00:00
Chris Smowton
a62eae5a1e Remove redundant conditions from HostnameVerificationCall.isIgnored 2022-02-14 16:26:41 +00:00
luchua-bc
2b5982fd9d Remove specified value step from additional taint step 2022-02-14 15:42:54 +00:00
luchua-bc
35a924292b Model value passing between a setter and a getter call as a value step 2022-02-14 14:08:55 +00:00
Artem Smotrakov
48604cd7b3 Better HostnameVerificationCall.isIgnored() 2022-02-12 15:52:16 +00:00
Artem Smotrakov
36e565d673 Use classes from semmle.code.java.security.Encryption 2022-02-12 15:31:35 +00:00
Artem Smotrakov
651e43dee6 Clarify what verifier is 2022-02-12 12:24:48 +00:00
luchua-bc
78630f25dd Match attribute name to reduce FP 2022-02-11 23:53:31 +00:00
luchua-bc
e3d0e9f083 Update normalized path node 2022-02-11 12:38:05 +00:00
luchua-bc
12c53baba4 Simplify the query 2022-02-11 01:05:06 +00:00
Artem Smotrakov
0ba229a64b Apply suggestions from code review (typos/formatting) 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-02-10 18:37:12 +00:00
luchua-bc
ce03aeb4d9 Fixed an issue related to normalized path 2022-02-09 23:19:40 +00:00
luchua-bc
4609227e76 Use data model for request/session attribute operations 2022-02-09 03:24:46 +00:00
luchua-bc
ff4826d203 Correct the data model and update qldoc 2022-02-08 04:02:27 +00:00
Artem Smotrakov
f53b2fcc62 Updated IgnoredHostnameVerification.ql to cover more uses of HostnameVerifier.verify() 2022-02-06 11:23:20 +00:00
Tony Torralba
b59fd4070f Merge pull request #7136 from atorralba/atorralba/promote-insecure-trustmanager 
Java: Promote Insecure TrustManager from experimental
 2022-01-24 14:05:14 +01:00
luchua-bc
27043a09b3 File path injection with the JFinal framework 2022-01-23 18:07:48 +00:00
Erik Krogh Kristensen
a77b2b0209 Merge pull request #7668 from erik-krogh/simplify-casts 
simplify expressions that could be type-casts
 2022-01-20 15:20:18 +01:00
Erik Krogh Kristensen
4e8e3a7420 simplify expressions that could be type-casts 2022-01-20 10:41:35 +01:00
Tony Torralba
7cd05fb685 Move from experimental 2022-01-20 10:23:18 +01:00
Tony Torralba
68fe3dd9f4 Fix conflicts in experimental query 2022-01-19 16:42:58 +01:00
Tony Torralba
e0f4c73aed Move from experimental 2022-01-19 16:42:00 +01:00
Chris Smowton
84097468cc Merge pull request #7286 from luchua-bc/java/unsafe-url-forward-dispatch 
Java: CWE-552 Query to detect unsafe request dispatcher usage
 2022-01-18 18:19:20 +00:00
Chris Smowton
1e32514600 Avoid using this for a non-extending supertype, and remove needless casts 2022-01-18 17:20:40 +00:00