hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-05 23:26:51 +01:00
Code Issues Packages Projects Releases Wiki Activity
24,657 Commits 1,703 Branches 162 Tags
d9285e78c0c8e309c7dc29ebd8dcb875bf9d8560
Commit Graph

570 Commits

Author SHA1 Message Date
Chris Smowton
fad1622730 Merge pull request #5435 from haby0/DynamicallyLoadedClasses 
Java: CWE-470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
 2021-08-02 16:04:30 +01:00
Chris Smowton
8a78075d3d Remove redundant method taint flow specifications 2021-08-02 14:30:31 +01:00
Anders Schack-Mulligen
53e6ddfeb6 Merge pull request #6001 from atorralba/atorralba/promote-mvel-injection 
Java: Promote MVEL injection query from experimental
 2021-08-02 14:40:26 +02:00
haby0
eda3d864f5 Model written using smowton 2021-07-28 15:55:47 +08:00
haby0
00f13e1e6e Modify isAdditionalTaintStep 2021-07-27 10:59:38 +08:00
intrigus-lgtm
434b36c648 Update broken link 2021-07-26 15:48:47 +02:00
haby0
291ca3830a Modify according to suggestions 2021-07-23 09:28:55 +08:00
intrigus-lgtm
a30005c42e Replace broken link with archive.org link. 2021-07-22 22:14:44 +02:00
haby0
2a50cf8244 Fix 2021-07-22 22:24:09 +08:00
haby0
e160352b38 Fix 2021-07-22 21:48:46 +08:00
haby0
735ab28040 Update java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.qhelp 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-07-22 21:45:30 +08:00
haby0
7cf2e9ed79 Update java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.qhelp 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-07-22 21:45:29 +08:00
haby0
46a212b712 Update java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-07-22 21:45:29 +08:00
haby0
676f0ad817 Update java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-07-22 21:45:29 +08:00
haby0
4ebf0ed7c5 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') 2021-07-22 21:45:29 +08:00
Chris Smowton
c568a9463a Remove <> qualifier from ResponseEntity name 
This was an extractor bug that was fixed recently
 2021-07-21 17:58:06 +01:00
p0wn4j
f0d5520976 Add Spring URL Redirect ResponseEntity sink 
Copyedit qhelp
 2021-07-21 03:16:16 +04:00
Tony Torralba
5ca8b380e9 Merge branch 'main' into atorralba/promote-mvel-injection 2021-07-19 13:45:10 +02:00
Anders Schack-Mulligen
9b2b593cb4 Java: More missing metadata. 2021-07-15 13:41:12 +02:00
Anders Schack-Mulligen
60b3dbd217 Java: Add metadata. 2021-07-15 09:16:56 +02:00
Anders Schack-Mulligen
9034b03c7b Java: Add missing metadata. 2021-07-14 14:40:50 +02:00
Chris Smowton
d5a9f3d87b Deduplicate shared body of regular and experimental versions of java/command-line-injection query. 2021-07-01 14:53:56 +01:00
Chris Smowton
3d69868297 Change ID and description of cloned query 
This should be cleaned up more effectively soon, but this suffices to fix the clashing-id problem.
 2021-06-28 12:18:59 +01:00
Chris Smowton
8aa9cd52b5 Merge pull request #5811 from mogwailabs/insecureJmxRmiServerEnvironment 
Java: Add query - insecure environment configuration during JMX/RMI server init
 2021-06-25 22:09:20 +01:00
Timo Mueller
e5fa5325b5 Auto formatting .ql file 2021-06-25 22:31:29 +02:00
intrigus
36575bb26f Move back to experimental......... 2021-06-25 16:47:25 +02:00
intrigus
1b96d0ac54 Java: Remove overlapping code 2021-06-25 16:47:22 +02:00
Timo Mueller
b969b9b5e7 Merge branch 'insecureJmxRmiServerEnvironment' of github.com:mogwailabs/codeql into insecureJmxRmiServerEnvironment 2021-06-25 16:11:47 +02:00
Timo Mueller
72ef4983db Fixed wrong match for symbolic constant 2021-06-25 16:11:37 +02:00
Timo Müller
328b69f46c Update java/ql/src/experimental/Security/CWE/CWE-665/InsecureRmiJmxEnvironmentConfiguration.ql 2021-06-25 16:10:20 +02:00
Timo Mueller
5aeeb3a801 Fixed and validated qhelp 2021-06-25 15:37:47 +02:00
Timo Müller
d0478eac95 XML validation and spelling/ordering changes 
* XML validation and summary changes in qhelp file
;

* Encode entities within <code> snippet

* Updated minor descriptions and examples

* Implemented spelling review
 2021-06-25 09:45:46 +02:00
Chris Smowton
2acb4de2cb Merge pull request #5955 from haby0/java/JShellCodeInjection 
Java: JShell Injection
 2021-06-24 17:03:30 +01:00
Artem Smotrakov
0dfb869c5b Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-06-23 13:23:54 +02:00
Artem Smotrakov
14e724bce6 Added sinks for RmiBasedExporter and HessianExporter 2021-06-23 09:53:47 +02:00
haby0
2b77f7d1bc Modify isAdditionalTaintStep 2021-06-18 21:36:44 +08:00
haby0
a71757f0f4 Update java/ql/src/experimental/Security/CWE/CWE-094/JShellInjection.qhelp 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-06-18 21:36:44 +08:00
haby0
bfe0d40987 using isAdditionalTaintStep 2021-06-18 21:36:44 +08:00
haby0
3a2a99e289 Fix 1 2021-06-18 21:36:44 +08:00
haby0
ed0aabef46 add isAdditionalTaintStep 2021-06-18 21:36:44 +08:00
haby0
921b8e80a2 Jshell Injection 2021-06-18 21:36:44 +08:00
haby0
a73cb3f04a Fix error 2021-06-18 17:22:26 +08:00
haby0
0d18e4ff9c BeanShell Injection 2021-06-18 15:54:13 +08:00
Chris Smowton
7509e36382 Remove no-longer-needed BasicRequestLine model from InsecureBasicAuth.ql; adjust test expectations accordingly 2021-06-17 11:43:33 +01:00
Chris Smowton
487c1db6ed Promote SSRF query to main query set 2021-06-17 11:41:01 +01:00
Anders Schack-Mulligen
8fe2f4a554 Merge pull request #6034 from owen-mc/java/jax-rs 
Improve JAX-WS and JAX-RS models
 2021-06-17 12:35:34 +02:00
Tony Torralba
dab33b21fb Merge branch 'main' into atorralba/promote-mvel-injection 2021-06-16 15:44:43 +02:00
Chris Smowton
76838809bb Merge pull request #5818 from artem-smotrakov/rmi-deserialization 
Java: Unsafe RMI deserialization
 2021-06-11 13:43:07 +01:00
Owen Mansel-Chan
e0130a932e Update experimental query using NewCookie 2021-06-10 13:33:20 +01:00
Owen Mansel-Chan
ee6019a2d8 Fix tests for experimental httponly query 2021-06-10 13:31:28 +01:00