hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-14 19:46:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,721 Commits 1,708 Branches 162 Tags
bbe2bf2b7fa0a1a7133f6b2174a530a00a487b20
Commit Graph

3210 Commits

Author SHA1 Message Date
Nora Dimitrijević
f24a6f64ab Java/WebviewDebugEnabledQuery 
java/ql/src/Security/CWE/CWE-489/WebviewDebuggingEnabled.ql
 2025-10-28 09:40:06 +01:00
Nora Dimitrijević
518c0818a4 Java/UnsafeDeserializationQuery 
java/ql/src/Security/CWE/CWE-502/UnsafeDeserialization.ql
 2025-10-28 09:40:03 +01:00
Nora Dimitrijević
4439322e88 Java/TempDirLocalInformationDisclosureQuery 
java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql
 2025-10-28 09:40:01 +01:00
Nora Dimitrijević
2a889f4f98 Java/TaintedPermissionsCheckQuery 
java/ql/src/Security/CWE/CWE-807/TaintedPermissionsCheck.ql
 2025-10-28 09:39:58 +01:00
Nora Dimitrijević
697f428eae Java/TaintedEnvironmentVariableQuery 
java/ql/src/Security/CWE/CWE-078/ExecTaintedEnvironment.ql
 2025-10-28 09:39:55 +01:00
Nora Dimitrijević
72a97773b1 Java/NumericCastTaintedQuery 
java/ql/src/Security/CWE/CWE-681/NumericCastTainted.ql
 2025-10-28 09:39:52 +01:00
Nora Dimitrijević
247ae1d23c Java/MaybeBrokenCryptoAlgorithmQuery 
java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql
 2025-10-28 09:39:50 +01:00
Nora Dimitrijević
eebff9c282 Java/ImproperValidationOfArrayConstructionFlow 
java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstruction.ql
 2025-10-28 09:39:47 +01:00
Nora Dimitrijević
9eeeec336e Java/ImproperValidationOfArrayConstructionCodeSpecifiedQuery 
java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstructionCodeSpecified.ql
 2025-10-28 09:39:45 +01:00
Nora Dimitrijević
dc1dff98b0 Java/ConditionalBypass 
java/ql/src/Security/CWE/CWE-807/ConditionalBypass.ql
 2025-10-28 09:39:42 +01:00
Nora Dimitrijević
4482e831d7 Java/CommandLineQuery 
85a4dd0325/java/ql/src/Security/CWE/CWE-078/ExecTainted.ql

857b51be58/java/ql/src/Security/CWE/CWE-078/ExecUnescaped.ql

b6e56f26c7/java/ql/src/experimental/Security/CWE/CWE-078/ExecTainted.ql
 2025-10-28 09:39:39 +01:00
Nora Dimitrijević
b023880a0a Java/BrokenCryptoAlgorithmQuery 
java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql
 2025-10-28 09:39:37 +01:00
Nora Dimitrijević
1129230e10 Java/ArithmeticUncontrolledQuery 
java/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql
 2025-10-28 09:39:34 +01:00
Nora Dimitrijević
a228936c63 Java/ArithmeticTainted 
java/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql
 2025-10-28 09:39:31 +01:00
Nora Dimitrijević
913550f408 Java/ArbitraryApkInstallationQuery 
java/ql/src/Security/CWE/CWE-094/ArbitraryApkInstallation.ql
 2025-10-28 09:39:29 +01:00
Alexander Eyers-Taylor
227e1fcbde Merge pull request #20598 from github/alexet/overlay-query-libraries 
Java: Make some query libraries local.
 2025-10-27 17:52:27 +00:00
Tom Hvitved
32f21d6d49 Merge pull request #20688 from hvitved/java/request-forgery-matches-sanitizer 
Java: Treat `x.matches(regexp)` as a sanitizer for request forgery
 2025-10-24 14:34:32 +02:00
Tom Hvitved
7a9cb64e2e Java: Treat x.matches(regexp) as a sanitizer for request forgery 2025-10-24 09:06:57 +02:00
Anders Schack-Mulligen
72d83cc966 ControlFlowReachability: Align the SSA signature with the one from shared SSA. 2025-10-23 10:57:21 +02:00
Anders Schack-Mulligen
f257c7a570 Guards: Align the SSA signature with the one from shared SSA. 2025-10-23 10:23:22 +02:00
Anders Schack-Mulligen
20147cdd2b Shared/Java: Rename ControlFlowReachability library. 2025-10-23 09:07:34 +02:00
Anders Schack-Mulligen
8a3f62b9b6 Merge pull request #20558 from aschackmull/csharp/guards3 
C#: Instantiate shared Guards and shared ControlFlowReachability and replace nullness
 2025-10-23 08:43:14 +02:00
Alex Eyers-Taylor
77d4af153d Java: Make some query libraries local. 2025-10-07 18:24:37 +01:00
Alex Eyers-Taylor
542bdf0792 Java: Use Overlay dataflow in java. 2025-10-07 17:52:12 +01:00
Alex Eyers-Taylor
c49e2ab2da DataFlow: Add code to do overlay informed dataflow. 2025-10-07 17:52:12 +01:00
Anders Schack-Mulligen
11665bea0a Java: Allow taint-read-steps for array sources. 2025-10-07 10:10:02 +02:00
Anders Schack-Mulligen
ca7d56023a ControlFlow: Rename getAPhiInput to getAnInput. 2025-10-03 15:29:31 +02:00
Kasper Svendsen
b52fff2f81 Merge pull request #20505 from kaspersv/kaspersv/future-proof-java-discarding2 
Overlay: Discard Java config and XML base entities in overlay extracted files
 2025-09-29 13:01:08 +02:00
Kasper Svendsen
f02da68c55 Overlay: Discard base XML entities in overlay extracted files 2025-09-23 12:27:51 +02:00
Kasper Svendsen
718c0abdb6 Overlay: Discard base config entities in overlay extracted files 2025-09-23 12:27:51 +02:00
Simon Friis Vindum
7d6e2060e5 Adapt all languages to changes in shared library 2025-09-22 14:18:58 +02:00
Kasper Svendsen
97d62950a8 Merge pull request #20484 from kaspersv/kaspersv/future-proof-java-discarding 
Overlay: Future-proof Java config & XML discard predicates
 2025-09-22 08:16:44 +02:00
Alexander Eyers-Taylor
c1c0828082 Merge pull request #20378 from github/alexet/java-regex-local 
Jave: Use force local to make parsing local after global regex finding.
 2025-09-19 13:48:43 +01:00
Kasper Svendsen
dbb9a26f78 Overlay: Future-proof Java XML discarding 2025-09-18 11:37:38 +02:00
Kasper Svendsen
3cd737e40d Overlay: Future-proof Java config discarding 2025-09-18 10:57:22 +02:00
Alex Eyers-Taylor
34b40a14e8 Java: Make a TC overlay caller. 2025-09-17 16:22:22 +01:00
Alex Eyers-Taylor
2201974844 Jave: Use force local to make parsing local after global regex finding. 2025-09-16 15:55:04 +01:00
Anders Schack-Mulligen
f9ffee010f Java: Minor nullness cleanup. 2025-09-12 15:41:17 +02:00
Anders Schack-Mulligen
60d07cf30d Java: Clean up IntegerGuards.qll 2025-09-12 15:41:16 +02:00
Anders Schack-Mulligen
03321ff910 Java: Replace nullness implementation. 2025-09-12 15:41:16 +02:00
Anders Schack-Mulligen
4a8ffea0f6 Shared: Add control flow reachability lib. 2025-09-12 15:41:15 +02:00
Anders Schack-Mulligen
924a8eac5c Java: Improve precision of SuccessorType labels in CFG. 2025-09-12 13:38:21 +02:00
Anders Schack-Mulligen
db1f399067 Java: Preparatory Nullness refactor. 2025-09-12 13:38:20 +02:00
Anders Schack-Mulligen
e8ddac08b7 Merge pull request #20377 from aschackmull/java/preconditions 
Java: Consolidate Assertions.qll and Preconditions.qll.
 2025-09-12 13:37:41 +02:00
Alex Eyers-Taylor
d5ee91b1e8 Java: Adress comments form code review. 2025-09-11 17:14:08 +01:00
Alex Eyers-Taylor
dcc5572767 Java: Hnalde global files as exceptions rather than annotating them 
This allows us to merge them without redundent annoations for now.
 2025-09-10 17:26:54 +01:00
Alex Eyers-Taylor
5c19aad012 Java: Make Virtual Dispatch Global, but keep SSA local. 
Use forceLocal to achive this.
 2025-09-10 17:26:54 +01:00
Anders Schack-Mulligen
3815503314 Java: Consolidate Assertions.qll and Preconditions.qll. 2025-09-10 15:42:18 +02:00
Anders Schack-Mulligen
4c1fa58367 Java: Fix more broken performance. 2025-09-08 14:12:00 +02:00
idrissrio
ed9ed43923 Java: Address review comment. Improve getAnImportedType definition 2025-09-06 12:38:44 +02:00