hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,711 Commits 1,672 Branches 157 Tags
c945ece80ddcb1535e583c1ab039dbadd38b4d62
Commit Graph

443 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
35e620a19c Merge pull request #4854 from luchua-bc/java/insecure-ldap-auth 
Java: Insecure LDAP authentication
 2021-02-04 14:56:38 +01:00
Anders Schack-Mulligen
40d02e7e32 Merge pull request #4926 from luchua-bc/java/insufficient-key-size 
Java: Query to detect weak encryption: insufficient key size
 2021-02-03 15:16:10 +01:00
luchua-bc
2ace10fcdf Use PostUpdateNode for wrapper method calls 2021-02-03 12:21:31 +00:00
Anders Schack-Mulligen
bbdd7c9b57 Merge pull request #4963 from joefarebrother/guava-collections 
Java: Add flow steps for Guava collection utilities
 2021-01-28 11:01:03 +01:00
luchua-bc
ab7d257569 Add more cases and change EC to 256 bits 2021-01-28 04:06:27 +00:00
luchua-bc
058f3af4b2 Refactor the hasShortSymmetricKey method 2021-01-28 04:06:27 +00:00
luchua-bc
cbaee937d0 Optimize the query 2021-01-28 04:06:27 +00:00
luchua-bc
cfc950f803 Query for weak encryption: Insufficient key size 2021-01-28 03:25:15 +00:00
Henning Makholm
54f00de3e0 Add "tests" fields to test qlpacks 
This will allow `codeql resolve tests --ignore-dubious-cases`
(and thus the VSCode extension) to recognize all `.ql` files in those
packs as test cases, even if they don't have accompanying `.expected`
files.

CLI versions prior to 2.1.0 will choke on this, but it's almost 10
months since that came out.
 2021-01-26 18:15:22 +01:00
Joe Farebrother
d69ecde5c1 Java: Add additional flow steps for guava collection methods and more unit tests 2021-01-25 16:37:40 +00:00
luchua-bc
e5a703e49c Revamp the query 2021-01-15 04:05:11 +00:00
Anders Schack-Mulligen
29935e1388 Merge pull request #4771 from intrigus-lgtm/split-cwe-295 
Java: Add unsafe hostname verification query and remove existing overlapping query
 2021-01-13 11:31:38 +01:00
luchua-bc
babe744a30 Add SECURITY_PROTOCOL check 2021-01-13 03:49:08 +00:00
intrigus
4fa8f5eab2 Java: Accept test changes 2021-01-12 15:29:03 +01:00
intrigus
e11304a1ca Java: Autoformat 2021-01-11 13:42:08 +01:00
intrigus
c88f07dde4 Java: Accept test output 2021-01-11 13:42:07 +01:00
intrigus
33b0ff28d8 Java: Update test 2021-01-11 13:42:07 +01:00
intrigus
70b0703952 Java: Remove overlapping code 2021-01-11 13:42:07 +01:00
intrigus
3da1cb0879 Java: Add unsafe hostname verification query 2021-01-11 13:42:07 +01:00
Anders Schack-Mulligen
e5b4975450 Merge pull request #4675 from luchua-bc/cleartext-storage-shared-prefs 
Java: Query to detect cleartext storage of sensitive information using Android SharedPreferences
 2021-01-08 12:41:34 +01:00
Chris Smowton
e87fd86e63 Merge pull request #4814 from luchua-bc/java/password-in-configuration 
Java: Password in Java EE configuration files
 2021-01-05 11:42:27 +00:00
Jonathan Leitschuh
ba4a562c9a Update PrintAst.actual with new test output 2021-01-04 23:37:58 -05:00
Jonathan Leitschuh
028e4756bb Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-01-04 10:13:52 -05:00
luchua-bc
c069a5b4c6 Factor private host regex into the networking library and enhance the query 2021-01-04 14:51:32 +00:00
Jonathan Leitschuh
54950c2f42 Add MethodAccessSystemGetProperty predicate 2021-01-01 20:07:45 -05:00
luchua-bc
4ec78d04f8 Insecure LDAP authentication 2020-12-21 00:15:15 +00:00
luchua-bc
b44f01a87b Enhance the check for embedded passwords 2020-12-17 03:47:38 +00:00
luchua-bc
bed8a68d28 Exclude broken algorithms from the list of secure algorithms 2020-12-17 00:41:23 +00:00
luchua-bc
d7facb42d6 Add missing broken crypto algorithms 2020-12-16 04:32:11 +00:00
luchua-bc
d469e9b24e Format the code and minor text change 2020-12-13 21:15:18 +00:00
luchua-bc
e27ccd0a81 Format the code and update qldoc 2020-12-13 02:33:03 +00:00
luchua-bc
7ba237120b Password in Java EE configuration files 2020-12-12 05:15:04 +00:00
Joe Farebrother
24dc631a8f Java: Fix false positive in XXE query 2020-12-08 16:38:42 +00:00
Joe Farebrother
2fd5d26b1b Add FP as a test case 2020-12-08 16:37:53 +00:00
Anders Schack-Mulligen
0cc324b715 Merge pull request #3839 from luchua-bc/uncaught-servlet-exception 
Java: Uncaught servlet exception
 2020-12-02 15:12:59 +01:00
yo-h
cdeeefc235 Merge commit '8f2094f' into yo-h/java15-merge 2020-12-01 17:47:58 -05:00
yo-h
7e8bc4a61b Merge commit '2fa9037' into yo-h/java15-merge 2020-11-29 18:42:20 -05:00
luchua-bc
ad0ac5b874 Change kind to problem 2020-11-27 16:43:57 +00:00
Anders Schack-Mulligen
028a72bcdd Merge pull request #4610 from luchua-bc/java-nfe-local-android-dos 
Java: Query to detect Local Android DoS caused by NFE
 2020-11-27 14:20:23 +01:00
luchua-bc
7ad031ca70 Move to experimental and update qldoc 2020-11-26 17:09:53 +00:00
Anders Schack-Mulligen
f70072a2db Merge pull request #3454 from porcupineyhairs/javaSSRf 
Java : add request forgery query
 2020-11-26 08:52:15 +01:00
yo-h
eedc385b37 Java 15: adjust test options 2020-11-26 00:14:24 -05:00
luchua-bc
a49160423b Enhance the query and add more test cases 2020-11-25 04:33:26 +00:00
Anders Schack-Mulligen
0450489022 Java: Review fixes. 2020-11-24 11:31:44 +01:00
luchua-bc
a311462791 Move to query-test folder and update qldoc 2020-11-19 13:12:42 +00:00
luchua-bc
85434ca410 Format the source code and update qldoc 2020-11-17 21:20:53 +00:00
luchua-bc
0bd6255c41 Query for cleartext storage using Android SharedPreferences 2020-11-16 17:23:01 +00:00
Anders Schack-Mulligen
4be731d2ab Java: Adjust reference to static method and add test. 2020-11-16 11:47:58 +01:00
Porcupiney Hairs
402a320a55 include suggestions from review. 2020-11-13 18:07:42 +05:30
Porcupiney Hairs
4b25532b9f include suggestions from review. 2020-11-13 17:55:56 +05:30