Asger Feldthaus
dc6a13242b
Shared: update comment in AccessPathSyntax.qll
2022-02-21 08:21:52 +01:00
Asger Feldthaus
be63cf7049
Shared: fix qldoc and move getRawToken to top-level
2022-02-21 08:21:52 +01:00
Asger Feldthaus
affdbe9955
Java: remove support for legacy syntax
2022-02-21 08:16:55 +01:00
Asger Feldthaus
a121b73181
Java: update CSV rows to dot-separated syntax
2022-02-21 08:16:55 +01:00
Asger Feldthaus
7f808710ec
Java: update model generator
2022-02-21 08:16:54 +01:00
Asger Feldthaus
753c557dbe
Java: use AccessPathSyntax.qll to parse input/output summary specs
2022-02-21 08:16:54 +01:00
luchua-bc
f136ea0f6f
Switch to the shared PathSanitizer library
2022-02-16 16:06:28 +00:00
Ian Lynagh
83bba47fdb
Java: Update stats
2022-02-16 12:06:18 +00:00
Tony Torralba
111aabb707
Merge pull request #7712 from luchua-bc/java/file-path-injection
...
Java: CWE-073 File path injection with the JFinal framework
2022-02-16 12:01:34 +01:00
Arthur Baars
ebb87c4b36
Merge pull request #7975 from github/post-release-prep/codeql-cli-2.8.1
...
Post-release preparation for codeql-cli-2.8.1
2022-02-15 20:17:35 +01:00
luchua-bc
40bf093d34
Move shared code to the lib folder and update qldoc
2022-02-15 17:28:13 +00:00
Tony Torralba
5f0ab522f3
Merge pull request #7988 from Marcono1234/marcono1234/sealed-types-predicates
...
Java: Add predicates for sealed classes
2022-02-15 15:11:56 +01:00
Chris Smowton
2f82a46528
Elaborate change note
2022-02-15 12:56:57 +00:00
luchua-bc
fd533f2ba8
Remove the same callable constraint
2022-02-15 12:44:23 +00:00
Tony Torralba
bfa14fa066
Merge pull request #7823 from JLLeitschuh/improve/JLL/combined_http_headers
...
Java: Add HTTP Request Splitting to Netty Query
2022-02-15 10:24:36 +01:00
Marcono1234
a496b1d1a1
Java: Add predicates for sealed classes
2022-02-14 21:04:38 +01:00
Chris Smowton
0bf6c83ef2
Merge pull request #4388 from JLLeitschuh/feat/JLL/java/CWE-200_temp_directory_local_information_disclosure
...
Java: CWE-200: Temp directory local information disclosure vulnerability
2022-02-14 18:58:44 +00:00
Chris Smowton
fd4dc95d84
Merge pull request #6443 from artem-smotrakov/ignored-hostname-verifier
...
Java: An experimental query for ignored hostname verification
2022-02-14 18:56:27 +00:00
Chris Smowton
f2bc5849ce
format
2022-02-14 17:00:14 +00:00
Jonathan Leitschuh
2048aed0a9
Review feedback and improve temp dir vulnerable/safe code sugestion
2022-02-14 11:29:16 -05:00
Chris Smowton
a62eae5a1e
Remove redundant conditions from HostnameVerificationCall.isIgnored
2022-02-14 16:26:41 +00:00
Jonathan Leitschuh
76964d58f2
Apply suggestions from code review
...
Co-authored-by: Felicity Chapman <felicitymay@github.com >
2022-02-14 11:04:31 -05:00
Jonathan Leitschuh
bb580ddbab
Apply suggestions from code review
...
Co-authored-by: Felicity Chapman <felicitymay@github.com >
2022-02-14 11:02:05 -05:00
Jonathan Leitschuh
7dee22a130
Fix implicit 'this' usage
2022-02-14 11:00:41 -05:00
luchua-bc
2b5982fd9d
Remove specified value step from additional taint step
2022-02-14 15:42:54 +00:00
luchua-bc
35a924292b
Model value passing between a setter and a getter call as a value step
2022-02-14 14:08:55 +00:00
Artem Smotrakov
48604cd7b3
Better HostnameVerificationCall.isIgnored()
2022-02-12 15:52:16 +00:00
Artem Smotrakov
36e565d673
Use classes from semmle.code.java.security.Encryption
2022-02-12 15:31:35 +00:00
Artem Smotrakov
651e43dee6
Clarify what verifier is
2022-02-12 12:24:48 +00:00
luchua-bc
78630f25dd
Match attribute name to reduce FP
2022-02-11 23:53:31 +00:00
Chuan-kai Lin
9b4dbb9dd8
Merge pull request #7895 from github/cklin/upgrades-initial-dbscheme
...
Upgrade scripts testing: set initial dbschemes
2022-02-11 11:06:12 -08:00
luchua-bc
e3d0e9f083
Update normalized path node
2022-02-11 12:38:05 +00:00
github-actions[bot]
21bf29353f
Post-release preparation for codeql-cli-2.8.1
2022-02-11 11:07:31 +00:00
luchua-bc
12c53baba4
Simplify the query
2022-02-11 01:05:06 +00:00
github-actions[bot]
f25fc70b7c
Release preparation for version 2.8.1
2022-02-10 22:08:24 +00:00
Artem Smotrakov
0ba229a64b
Apply suggestions from code review (typos/formatting)
...
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com >
Co-authored-by: Chris Smowton <smowton@github.com >
2022-02-10 18:37:12 +00:00
Jonathan Leitschuh
eee521e6ce
Fix test failure for TempDirLocalInformationDisclosure
2022-02-10 10:40:40 -05:00
Jonathan Leitschuh
bafcce17d4
Apply suggestions from code review
...
Co-authored-by: Chris Smowton <smowton@github.com >
2022-02-09 22:14:17 -05:00
luchua-bc
ce03aeb4d9
Fixed an issue related to normalized path
2022-02-09 23:19:40 +00:00
Jonathan Leitschuh
ded8d64301
Remove CAPC and add CWE-93
2022-02-09 12:31:53 -05:00
Jonathan Leitschuh
03fdee3767
Cleanup Netty Response Splitting Query
2022-02-09 12:28:11 -05:00
Jonathan Leitschuh
8ffe878722
Apply suggestions from code review
...
Co-authored-by: Matt Pollard <mattpollard@users.noreply.github.com >
2022-02-09 12:28:11 -05:00
Jonathan Leitschuh
c732cb7759
Add HTTP Request Splitting to Netty Query
2022-02-09 12:28:10 -05:00
Jonathan Leitschuh
49a73673b6
Fix FP from mkdirs call on exact temp directory
2022-02-09 11:04:23 -05:00
Jonathan Leitschuh
787e3dac31
Update java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql
...
Co-authored-by: Chris Smowton <smowton@github.com >
2022-02-09 10:07:56 -05:00
Tom Hvitved
9440a45015
Merge branch 'main' into post-release-prep/codeql-cli-2.8.0
2022-02-09 09:40:33 +01:00
luchua-bc
4609227e76
Use data model for request/session attribute operations
2022-02-09 03:24:46 +00:00
Jonathan Leitschuh
7f46640176
Consider calls to setReadable(false, false) then setReadable(true, true) to be safe
2022-02-08 17:57:10 -05:00
Chuan-kai Lin
a7f1ee574c
Upgrade scripts testing: set initial dbschemes
...
This commit sets initial dbschemes for cpp, csharp, java, javascript, and
python so that automated testing for upgrade scripts would also cover legacy
upgrades.
2022-02-08 11:11:41 -08:00
Chris Smowton
a6596ea7ce
Fix test requirements, formatting
2022-02-08 12:01:32 +00:00
