hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-23 02:13:41 +01:00
Code Issues Packages Projects Releases Wiki Activity
20,497 Commits 1,693 Branches 161 Tags
d7c14775bf607f92ca473d34c79bbc540b8defbc
Commit Graph

68 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
3400c121d6 Merge pull request #5202 from joefarebrother/apache-http 
Java: Add modelling for Apache HTTP Components
 2021-03-03 13:41:41 +01:00
Tamás Vajk
505d04b13e Merge pull request #5102 from luchua-bc/java/main-method-in-servlet 
Java: CWE-489 Query to detect main() method in servlets
 2021-02-25 16:05:06 +01:00
Joe Farebrother
e13c779f0f Add additional unit tests 2021-02-23 16:17:13 +00:00
Joe Farebrother
7b5961769a Add unit tests for version 5.x 2021-02-23 14:26:12 +00:00
Joe Farebrother
cf58a90d74 Add unit tests for utility methods 2021-02-23 14:26:12 +00:00
Joe Farebrother
5bba7f6df7 Add unit tests 2021-02-23 14:26:11 +00:00
luchua-bc
3d9ac0d094 Add query for enterprise beans 2021-02-20 02:00:42 +00:00
Chris Smowton
10112c50ab Add support for StrBuilder and TextStringBuilder in commons-text 
These are identical to the current deprecated StrBuilder in commons-lang3.
 2021-02-17 09:36:28 +00:00
Chris Smowton
a63f18e49d Add models for Commons-Lang's StrBuilder class. These exclude its fluent methods for the time being, which will be added in a forthcoming PR. 2021-02-17 09:36:20 +00:00
Chris Smowton
a2eeffa9c0 Add support for Apache Commons Lang StringUtils 2021-02-16 14:48:39 +00:00
yo-h
e194411cfa Java: fix javac errors in test code 2021-02-09 09:16:57 -05:00
luchua-bc
a183b00166 Query to detect main method in servlets 2021-02-05 03:53:01 +00:00
Joe Farebrother
d69ecde5c1 Java: Add additional flow steps for guava collection methods and more unit tests 2021-01-25 16:37:40 +00:00
Anders Schack-Mulligen
e5b4975450 Merge pull request #4675 from luchua-bc/cleartext-storage-shared-prefs 
Java: Query to detect cleartext storage of sensitive information using Android SharedPreferences
 2021-01-08 12:41:34 +01:00
Anders Schack-Mulligen
0cc324b715 Merge pull request #3839 from luchua-bc/uncaught-servlet-exception 
Java: Uncaught servlet exception
 2020-12-02 15:12:59 +01:00
Anders Schack-Mulligen
f70072a2db Merge pull request #3454 from porcupineyhairs/javaSSRf 
Java : add request forgery query
 2020-11-26 08:52:15 +01:00
luchua-bc
0bd6255c41 Query for cleartext storage using Android SharedPreferences 2020-11-16 17:23:01 +00:00
Anders Schack-Mulligen
4be731d2ab Java: Adjust reference to static method and add test. 2020-11-16 11:47:58 +01:00
Porcupiney Hairs
38de9b6433 add request forgery query 2020-11-10 01:19:35 +05:30
Anders Schack-Mulligen
89361a3b75 Merge pull request #3812 from luchua-bc/java-android-remote-source 
Java: Add remote source of Android intent extra
 2020-11-03 09:35:40 +01:00
luchua-bc
864411b4b9 Updates to Android stub classes 2020-11-02 14:06:44 +00:00
luchua-bc
67af9b0f3e Add comments and update JavaDocs of GenericServlet using the source JAR 2020-10-30 17:05:53 +00:00
Anders Schack-Mulligen
f3e2bd0fd9 Merge pull request #3141 from pwntester/InsecureBeanValidation 
Insecure Bean Validation query
 2020-10-28 12:04:12 +01:00
Alvaro Muñoz
3378dd526e remove compiled classes from stubs 2020-10-27 15:56:26 +01:00
Alvaro Muñoz
671ea2f6c6 add test and stubs 2020-10-27 15:47:54 +01:00
Joe Farebrother
2050f82553 Merge pull request #4383 from joefarebrother/guava-strings 
Java: Add modelling for Guava
 2020-10-26 10:16:55 +00:00
Joe Farebrother
980fdd8dea Java: Update Guava version in test stubs and change note 2020-10-19 11:56:28 +01:00
Chris Smowton
3e03db178f Merge pull request #4483 from smowton/smowton/admin/droid-webview-pr-rebase 
Rebase of #3706
 2020-10-19 09:29:04 +01:00
Anders Schack-Mulligen
a806a4f086 Merge pull request #4312 from JLLeitschuh/feat/JLL/java/jhipster_CVE-2019-16303 
Java: QL Query Detector for JHipster Generated CVE-2019-16303
 2020-10-16 15:47:09 +02:00
Joe
28647b20e2 Java: Add tests 2020-10-16 10:22:41 +01:00
luchua-bc
b359802dd4 Replace non-ASCII apostrophe in Java stub classes 2020-10-15 14:53:32 +01:00
luchua-bc
bd0c577ffd Unsafe resource loading in Android webview 2020-10-15 14:53:30 +01:00
Arthur Baars
39f5284dcc Java: add stubs for some android database classes 2020-09-30 12:33:33 +02:00
Jonathan Leitschuh
ab618dcf2f Java: QL Query Detector for JHipster Generated CVE-2019-16303 2020-09-21 18:46:13 -04:00
Porcupiney Hairs
441825919c Java : add MongoDB injection sinks 2020-08-31 02:24:23 +05:30
luchua-bc
3a23451395 Enhance the query 2020-07-27 18:50:47 +00:00
luchua-bc
01fb51829c Unsecure basic authentication 2020-07-24 20:35:09 +00:00
Arthur Baars
67b6018079 Merge pull request #3729 from luchua-bc/java-hardcoded-aws-credentials 
Java: Hardcoded AWS credentials
 2020-07-13 18:04:42 +02:00
Anders Schack-Mulligen
581d496167 Java: Fix LdapInjection qltest 2020-07-08 14:04:01 +02:00
Anders Schack-Mulligen
6eac8e82a3 Java: Consolidate spring-ldap-2.3.2 stubs. 2020-07-08 10:08:44 +02:00
Anders Schack-Mulligen
40b9d34ab9 Java: Consolidate springframework-5.2.3 stubs 2020-07-08 09:57:48 +02:00
luchua-bc
ede9cec4a9 Uncaught Servlet Exception 2020-06-29 20:07:53 +00:00
luchua-bc
f40e27a3c5 Hardcoded AWS credentials 2020-06-17 02:46:02 +00:00
Anders Schack-Mulligen
4b3ca13f25 Merge pull request #3491 from luchua-bc/java-insecure-smtp-ssl 
Java: CWE-297 insecure JavaMail SSL configuration
 2020-06-10 11:02:50 +02:00
luchua-bc
1fd9c7fdec Add all dependent class stubs 2020-06-09 20:12:05 +00:00
luchua-bc
1e4addb20d Add dependent stub classes for the test case 2020-06-08 16:17:01 +00:00
Artem Smotrakov
df9d10f2ac Java: Added MVELRuntime.execute() sink for MVEL injections 2020-06-05 17:17:43 +03:00
Artem Smotrakov
fa717b2d86 Java: Added template sinks for MVEL injections 2020-06-05 17:17:43 +03:00
Artem Smotrakov
8fd72659ec Java: Added JSR 223 sinks for MVEL injections 
- Updated MvelInjectionLib.qll
- Added tests and stubs for JSR 223 API
 2020-06-05 17:17:43 +03:00
Artem Smotrakov
6a6c805048 Java: Added Accessor sink for MVEL injections 2020-06-05 17:13:24 +03:00