hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-12 08:21:09 +02:00
Code Issues Packages Projects Releases Wiki Activity
62,646 Commits 1,785 Branches 169 Tags
c9cf2a899cdbd4d12abba1eb8d282e46bb4c69dc
Commit Graph

1149 Commits

Author SHA1 Message Date
Ed Minnix
55da62e9cf Remove stray comma 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2024-01-08 11:09:11 -05:00
Edward Minnix III
2440075402 Remove off-topic reference 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2024-01-08 09:39:10 -05:00
Edward Minnix III
3816271b3e Remove redundant CWE link 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2024-01-08 09:39:10 -05:00
Ed Minnix
2eff6b351c Add comment 2024-01-08 09:39:09 -05:00
Ed Minnix
16bb19e176 Add OWASP and CERT references 2024-01-08 09:39:08 -05:00
Ed Minnix
9f974415c0 Add references to CWE-454 (External Initialization of Trusted Variables) 2024-01-08 09:39:07 -05:00
Ed Minnix
97b29bb965 Add Java Tutorial reference 2024-01-08 09:39:06 -05:00
Edward Minnix III
938d52b86f Docs review suggestions 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2024-01-08 09:39:05 -05:00
Ed Minnix
e14be0e971 Add BAD markers to samples 2024-01-08 09:39:04 -05:00
Edward Minnix III
18e8a27fca Reworded name and description 2024-01-08 09:38:51 -05:00
Edward Minnix III
1f37e70d83 Fix typos 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2024-01-08 09:38:51 -05:00
Ed Minnix
51006aa088 Formatting fix 2024-01-08 09:38:50 -05:00
Ed Minnix
4fc6f710a4 Fix alert message 2024-01-08 09:38:48 -05:00
Ed Minnix
1550f5df2a Environment variable injection query documentation 2024-01-08 09:38:47 -05:00
Ed Minnix
818c5de8d5 security-severity metadata 2024-01-08 09:38:46 -05:00
Ed Minnix
8ed3f3c865 Move to library 2024-01-08 09:38:44 -05:00
Ed Minnix
b482b36b5f Initial ProcessBuilder support 2024-01-08 09:38:41 -05:00
Ed Minnix
93025cc8cf Argument injection initial commit 2024-01-08 09:38:40 -05:00
Tony Torralba
8ad787f3b8 Java: Generelize MaybeBrokenCryptoAlgorithmQuery.qll 2023-12-22 10:15:40 +01:00
Ed Minnix
8051cfcef5 Fix tests and fix getStringValue method 2023-12-21 22:48:08 -05:00
Tony Torralba
0524289a73 Update java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql 2023-12-18 08:50:10 +01:00
Ed Minnix
02581a3850 Move class for getProperty method call to Properties.qll 2023-12-15 11:09:08 -05:00
Ed Minnix
83c6ece405 Move weak hashing into MaybeBrokenCryptoAlgorithm 2023-12-15 11:09:07 -05:00
Ed Minnix
cb0ea350b5 Improve docs 2023-12-15 11:09:07 -05:00
Ed Minnix
0efca8200d Weak Hashing query wording 2023-12-15 11:09:07 -05:00
Ed Minnix
93cf5b8eb9 Weak Hashing Property initial query 2023-12-15 11:09:07 -05:00
Edward Minnix III
06eef93f89 Docs review suggestions 2023-12-11 11:18:40 -05:00
Edward Minnix III
ce20c4ae03 Docs review suggestions 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2023-12-11 11:18:40 -05:00
Ed Minnix
3ca039bc8f Rename to InsecureRandomness 2023-12-11 11:18:40 -05:00
Edward Minnix III
4678302edb Update query metadata 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2023-12-11 11:18:39 -05:00
Ed Minnix
e69ff7b601 Move to library and add docs 2023-12-11 11:18:38 -05:00
Ed Minnix
9f986ca527 Add Weak Randomness Query 2023-12-11 11:18:38 -05:00
Max Schaefer
ca334021ad Merge pull request #14793 from github/max-schaefer/tainted-path-qhelp 
Java: Improve QHelp for `java/path-injection` to mention less disruptive fixes.
 2023-11-16 14:09:55 +00:00
Max Schaefer
a5e7ef424e Revert "Add additional example." 
This reverts commit 947b094387.
 2023-11-16 11:54:16 +00:00
Max Schaefer
143e1680bd Apply suggestions from code review 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2023-11-16 11:42:35 +00:00
Max Schaefer
947b094387 Add additional example. 2023-11-16 10:06:19 +00:00
Max Schaefer
009d58034f Address suggestions from review. 2023-11-16 10:05:54 +00:00
Max Schaefer
a46a7fadb2 Java: Improve QHelp for java/path-injection to mention less disruptive fixes. 2023-11-15 11:25:13 +00:00
Tony Torralba
5442cdb49c Merge pull request #14610 from atorralba/atorralba/java/jms-deserialization 
Java: Add JMS sink to java/unsafe-deserialization
 2023-11-08 09:10:20 +01:00
Geoffrey White
e8a466a02c Update dead link. 2023-11-07 09:26:07 +00:00
Tony Torralba
7af3d239ab Java: Add JMS sink to java/unsafe-deserialization 2023-10-26 16:46:19 +02:00
Chris Smowton
e8c9708282 Autoformat 2023-10-24 11:06:19 +01:00
Chris Smowton
ac38d4c9c6 Mass rename L/RValue -> VarWrite/Read 2023-10-24 10:58:29 +01:00
Chris Smowton
59a49eef0b Add aliases for public, importable renamed classes and predicates. 
Also rename and aliases a couple of uses of Access noted along the way.
 2023-10-24 10:54:35 +01:00
Chris Smowton
f552a15aae Mass-rename MethodAccess -> MethodCall 2023-10-24 10:30:26 +01:00
Tony Torralba
d08ee76b16 Java: Improve java/spring-disabled-csrf-protection 2023-10-16 16:01:14 +02:00
intrigus-lgtm
874f91c7ae Java: Further alert message improvement 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2023-09-18 12:25:31 +02:00
intrigus-lgtm
b6417ca212 Java: Fix alert message 
The signing key that is being set, is _not_ what is being parsed.
A _JWT_ is being parsed, that will then be verified using the set key.
(Or in our case not, because we're looking for security problems :P)
 2023-09-12 02:23:37 +02:00
Edward Minnix III
8d88af1af0 Apply docs review suggestions 
Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com>
 2023-08-17 13:05:38 -04:00
Ed Minnix
b305962c9a Use more appropriate description 2023-08-17 13:05:37 -04:00