codeql

mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00

Author	SHA1	Message	Date
Tony Torralba	ca2959cf37	Merge pull request #8537 from atorralba/atorralba/unsafe_android_access_improvs Java: Improvements to UnsafeAndroidAccess	2022-05-05 16:46:54 +02:00
Tony Torralba	49259a6575	Remove everything related to WebView CSV models This reverts commit c6c72eb.	2022-05-04 10:53:31 +02:00
Tony Torralba	7ba5a032ce	Add tests and stubs for the new sources and flow steps	2022-05-04 10:53:30 +02:00
Tony Torralba	b876431950	Merge pull request #8706 from luchua-bc/java/unsafe-get-resource Java: CWE-552 Add sources and sinks to to detect unsafe getResource calls in Java EE applications	2022-05-04 10:12:28 +02:00
Tony Torralba	9c92454fa7	Merge pull request #8872 from atorralba/atorralba/android-widget-flowstep Java: Add Editable.toString flow step	2022-05-03 15:27:52 +02:00
luchua-bc	0aa1251ffe	Add more test cases	2022-04-29 02:31:43 +00:00
Jorge	193ea1a86e	Merge branch 'main' into mybatis-new-sinks	2022-04-28 22:26:38 +02:00
Tony Torralba	604a5fc71f	Merge pull request #8639 from atorralba/atorralba/spring-beans-improvements Java: Improve Spring models	2022-04-28 11:59:51 +02:00
Artem Smotrakov	52b7fbf484	Removed non-ASCII characters	2022-04-26 13:34:24 +01:00
Artem Smotrakov	b6bd4f92d1	Added sources and steps for JMS API	2022-04-26 13:34:21 +01:00
Artem Smotrakov	269143a19f	Java: Added sources and flow steps for RabbitMQ	2022-04-26 13:34:04 +01:00
Tony Torralba	2ee83e2ba2	Add Editable.toString flow step	2022-04-26 13:34:16 +02:00
Tony Torralba	9833fa2451	Add tests for SpringController	2022-04-07 18:17:50 +02:00
Chris Smowton	9309a652df	Merge pull request #8493 from JLLeitschuh/feat/JLL/test_assertion_guard_preconditions [Java]: Add precondition support for testing library asserts	2022-03-31 22:30:09 +01:00
Chris Smowton	9675f34cf5	Merge pull request #8257 from luchua-bc/java/insecure-webview-resource-response Java: CWE-200 Query to detect insecure WebResourceResponse implementation	2022-03-30 15:56:27 +01:00
Jonathan Leitschuh	1d0275344d	[Java]: Add precondition support for testing library asserts	2022-03-18 20:39:24 -04:00
Chris Smowton	767453520e	Merge pull request #8032 from JLLeitschuh/feat/JLL/check_os Java: Add Guard Classes for checking OS & unify System Property Access	2022-03-18 11:20:36 +00:00
Jonathan Leitschuh	09cc8ee09e	Add tests for StandardSystemProperty	2022-03-15 12:37:42 -04:00
jorgectf	d47fcedd21	Add tests	2022-03-14 21:31:51 +01:00
p0wn4j	ee67d27b56	Java: Add JDBC connection SSRF sinks	2022-03-12 16:35:32 +04:00
Jonathan Leitschuh	9f5022ee95	Review fixup and add test for apache SystemUtils	2022-03-02 12:50:38 -05:00
luchua-bc	88d9694628	Query to detect insecure WebResourceResponse implementation	2022-02-26 02:03:35 +00:00
Tony Torralba	111aabb707	Merge pull request #7712 from luchua-bc/java/file-path-injection Java: CWE-073 File path injection with the JFinal framework	2022-02-16 12:01:34 +01:00
luchua-bc	ff4826d203	Correct the data model and update qldoc	2022-02-08 04:02:27 +00:00
Tony Torralba	4f13bf8941	Merge pull request #6492 from atorralba/atorralba/android-cleartext-storage-database Java: Create new query Cleartext storage of sensitive information in Android databases	2022-02-02 16:23:05 +01:00
Tony Torralba	908b7c43f2	Fix stubs	2022-01-24 09:34:43 +01:00
luchua-bc	27043a09b3	File path injection with the JFinal framework	2022-01-23 18:07:48 +00:00
Tony Torralba	78d7e538a5	Remove some JNDI Injection sinks Add tests and stubs	2022-01-21 17:47:15 +01:00
Tony Torralba	c6dd7ddf7a	Fix stub	2022-01-21 16:55:43 +01:00
Tony Torralba	652a1d2dc2	Fix wrongly resolved rebase conflicts	2022-01-21 16:55:43 +01:00
Tony Torralba	ee84dae164	Fix predicate name	2022-01-21 16:55:42 +01:00
Tony Torralba	f0604e2e84	Added query for Cleartext Storage in Android Database	2022-01-21 16:55:42 +01:00
Tony Torralba	caab1c3332	Merge pull request #6963 from atorralba/atorralba/android-onactivityresult-source Android: Add the Intent parameter of the `onActivityResult` method as a source	2022-01-20 14:27:30 +01:00
Tony Torralba	1e2a956a30	Remove unused stub	2022-01-19 16:43:02 +01:00
Tony Torralba	d9e98ceacc	Consider setSslContextFactory and fix tests	2022-01-19 16:43:01 +01:00
Tony Torralba	4313baf622	Big refactor: - Move classes and predicates to appropriate libraries - Overhaul the endpoint identification algorithm logic to use taint tracking - Adapt tests	2022-01-19 16:42:00 +01:00
Tony Torralba	6096080156	Use all possible packages for Fragment classes Also fix stub	2022-01-19 16:23:11 +01:00
Tony Torralba	211cb9370f	Add the Intent parameter of onActivityResult as a source	2022-01-19 16:08:25 +01:00
Tony Torralba	520d8f5ec5	Add stubs	2022-01-19 16:06:23 +01:00
Chris Smowton	84097468cc	Merge pull request #7286 from luchua-bc/java/unsafe-url-forward-dispatch Java: CWE-552 Query to detect unsafe request dispatcher usage	2022-01-18 18:19:20 +00:00
Tony Torralba	f103d45340	Merge branch 'main' into atorralba/android-implicit-pending-intents	2022-01-18 10:50:49 +01:00
Tony Torralba	e967b8a9be	Merge pull request #6576 from atorralba/atorralba/android-cleartext-storage-filesystem Java: Create new query Cleartext storage of sensitive information in Android filesystem	2022-01-17 14:02:38 +01:00
Tony Torralba	227929508f	Merge pull request #6923 from atorralba/atorralba/android-fragment-injection Java: CWE-470 - Queries to detect Fragment Injection in Android applications	2022-01-17 14:02:15 +01:00
Tony Torralba	c1ac09a063	Added query for Cleartext Storage in Android Filesystem	2022-01-17 11:11:00 +01:00
Tony Torralba	a59a4024a5	Update stubs	2022-01-14 10:32:36 +01:00
Anders Schack-Mulligen	69973dadb3	Merge pull request #7548 from zbazztian/spring-taint-summaries Java: Add Spring and Apache Common Langs taint flow steps	2022-01-13 13:00:41 +01:00
Sebastian Bauersfeld	69f329ffec	Java: Add test cases for AbstractMessageSource.getMessage() methods	2022-01-13 14:13:27 +07:00
Sebastian Bauersfeld	39b6678b7d	Java: Add test case for StringEscapeUtils.escapeJson() taint step.	2022-01-13 11:18:37 +07:00
Tony Torralba	0e738622df	Merge branch 'main' into atorralba/promote-log-injection	2022-01-10 17:24:25 +01:00
Tony Torralba	6f2d91a8ad	Sinks for CloseableThreadContext	2021-12-17 09:17:04 +01:00

1 2 3 4 5 ...

396 Commits