Artem Smotrakov
|
34b6ed0a05
|
Removed commented code from JexlUberspect
|
2021-02-24 22:31:03 +01:00 |
|
Artem Smotrakov
|
43a07bb13a
|
Better sink in SandboxedJexlFlowConfig
|
2021-02-20 11:17:51 +01:00 |
|
Artem Smotrakov
|
042c0b005e
|
Covered sandboxes for JEXL 2
- Updated SandboxedJexlFlowConfig to cover JEXL 2
- Added SandboxedJexl2 test
|
2021-02-11 22:57:26 +01:00 |
|
Artem Smotrakov
|
7543df60da
|
Callable.call() should not be a sink in JexlInjection.ql
|
2021-02-11 20:37:23 +01:00 |
|
Artem Smotrakov
|
af0f361ac8
|
Updated JexlInjection.ql to check for sandboxes
- Added a dataflow config to track setting a sandbox
on JexlBuilder
- Added SandboxedJexl3.java test
|
2021-02-10 22:19:45 +01:00 |
|
Artem Smotrakov
|
7d2d27394b
|
Java: Added a source and a taint step for JexlInjectionConfig
- Added TaintedSpringRequestBody source
- Added returningTaintedDataFromBean() taint step
- Added tests
|
2021-01-17 22:28:42 +01:00 |
|
Artem Smotrakov
|
99401f6e84
|
Java: Query for detecting JEXL injections
|
2021-01-17 14:19:26 +01:00 |
|
Anders Schack-Mulligen
|
29935e1388
|
Merge pull request #4771 from intrigus-lgtm/split-cwe-295
Java: Add unsafe hostname verification query and remove existing overlapping query
|
2021-01-13 11:31:38 +01:00 |
|
intrigus
|
4fa8f5eab2
|
Java: Accept test changes
|
2021-01-12 15:29:03 +01:00 |
|
intrigus
|
e11304a1ca
|
Java: Autoformat
|
2021-01-11 13:42:08 +01:00 |
|
intrigus
|
c88f07dde4
|
Java: Accept test output
|
2021-01-11 13:42:07 +01:00 |
|
intrigus
|
33b0ff28d8
|
Java: Update test
|
2021-01-11 13:42:07 +01:00 |
|
intrigus
|
70b0703952
|
Java: Remove overlapping code
|
2021-01-11 13:42:07 +01:00 |
|
intrigus
|
3da1cb0879
|
Java: Add unsafe hostname verification query
|
2021-01-11 13:42:07 +01:00 |
|
Anders Schack-Mulligen
|
e5b4975450
|
Merge pull request #4675 from luchua-bc/cleartext-storage-shared-prefs
Java: Query to detect cleartext storage of sensitive information using Android SharedPreferences
|
2021-01-08 12:41:34 +01:00 |
|
Chris Smowton
|
e87fd86e63
|
Merge pull request #4814 from luchua-bc/java/password-in-configuration
Java: Password in Java EE configuration files
|
2021-01-05 11:42:27 +00:00 |
|
Jonathan Leitschuh
|
ba4a562c9a
|
Update PrintAst.actual with new test output
|
2021-01-04 23:37:58 -05:00 |
|
Jonathan Leitschuh
|
028e4756bb
|
Apply suggestions from code review
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
|
2021-01-04 10:13:52 -05:00 |
|
Jonathan Leitschuh
|
54950c2f42
|
Add MethodAccessSystemGetProperty predicate
|
2021-01-01 20:07:45 -05:00 |
|
luchua-bc
|
b44f01a87b
|
Enhance the check for embedded passwords
|
2020-12-17 03:47:38 +00:00 |
|
luchua-bc
|
bed8a68d28
|
Exclude broken algorithms from the list of secure algorithms
|
2020-12-17 00:41:23 +00:00 |
|
luchua-bc
|
d7facb42d6
|
Add missing broken crypto algorithms
|
2020-12-16 04:32:11 +00:00 |
|
luchua-bc
|
d469e9b24e
|
Format the code and minor text change
|
2020-12-13 21:15:18 +00:00 |
|
luchua-bc
|
e27ccd0a81
|
Format the code and update qldoc
|
2020-12-13 02:33:03 +00:00 |
|
luchua-bc
|
7ba237120b
|
Password in Java EE configuration files
|
2020-12-12 05:15:04 +00:00 |
|
Joe Farebrother
|
24dc631a8f
|
Java: Fix false positive in XXE query
|
2020-12-08 16:38:42 +00:00 |
|
Joe Farebrother
|
2fd5d26b1b
|
Add FP as a test case
|
2020-12-08 16:37:53 +00:00 |
|
Anders Schack-Mulligen
|
0cc324b715
|
Merge pull request #3839 from luchua-bc/uncaught-servlet-exception
Java: Uncaught servlet exception
|
2020-12-02 15:12:59 +01:00 |
|
yo-h
|
cdeeefc235
|
Merge commit '8f2094f' into yo-h/java15-merge
|
2020-12-01 17:47:58 -05:00 |
|
yo-h
|
7e8bc4a61b
|
Merge commit '2fa9037' into yo-h/java15-merge
|
2020-11-29 18:42:20 -05:00 |
|
luchua-bc
|
ad0ac5b874
|
Change kind to problem
|
2020-11-27 16:43:57 +00:00 |
|
Anders Schack-Mulligen
|
028a72bcdd
|
Merge pull request #4610 from luchua-bc/java-nfe-local-android-dos
Java: Query to detect Local Android DoS caused by NFE
|
2020-11-27 14:20:23 +01:00 |
|
luchua-bc
|
7ad031ca70
|
Move to experimental and update qldoc
|
2020-11-26 17:09:53 +00:00 |
|
Anders Schack-Mulligen
|
f70072a2db
|
Merge pull request #3454 from porcupineyhairs/javaSSRf
Java : add request forgery query
|
2020-11-26 08:52:15 +01:00 |
|
yo-h
|
eedc385b37
|
Java 15: adjust test options
|
2020-11-26 00:14:24 -05:00 |
|
luchua-bc
|
a49160423b
|
Enhance the query and add more test cases
|
2020-11-25 04:33:26 +00:00 |
|
Anders Schack-Mulligen
|
0450489022
|
Java: Review fixes.
|
2020-11-24 11:31:44 +01:00 |
|
luchua-bc
|
a311462791
|
Move to query-test folder and update qldoc
|
2020-11-19 13:12:42 +00:00 |
|
luchua-bc
|
85434ca410
|
Format the source code and update qldoc
|
2020-11-17 21:20:53 +00:00 |
|
luchua-bc
|
0bd6255c41
|
Query for cleartext storage using Android SharedPreferences
|
2020-11-16 17:23:01 +00:00 |
|
Anders Schack-Mulligen
|
4be731d2ab
|
Java: Adjust reference to static method and add test.
|
2020-11-16 11:47:58 +01:00 |
|
Porcupiney Hairs
|
402a320a55
|
include suggestions from review.
|
2020-11-13 18:07:42 +05:30 |
|
Porcupiney Hairs
|
4b25532b9f
|
include suggestions from review.
|
2020-11-13 17:55:56 +05:30 |
|
Porcupiney Hairs
|
2525cfd786
|
include suggestions from review.
|
2020-11-13 00:28:06 +05:30 |
|
Porcupiney Hairs
|
38de9b6433
|
add request forgery query
|
2020-11-10 01:19:35 +05:30 |
|
luchua-bc
|
bc899b6337
|
Move common code to a library and add more test cases
|
2020-11-09 14:14:54 +00:00 |
|
luchua-bc
|
76a0db84ee
|
Query for detecting Local Android DoS caused by NFE
|
2020-11-09 14:10:00 +00:00 |
|
luchua-bc
|
a83f9ced96
|
Change the query to only catch the common exception rethrown case
|
2020-11-09 12:07:43 +00:00 |
|
Anders Schack-Mulligen
|
22b4df0f3c
|
Merge pull request #4512 from luchua-bc/sensitive-broadcast
Java: Sensitive broadcast
|
2020-11-04 10:47:48 +01:00 |
|
luchua-bc
|
fa54c23a83
|
Handle the edge case that an exception is rethrown in a catch clause
|
2020-11-03 16:31:12 +00:00 |
|