hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-18 19:31:11 +02:00
Code Issues Packages Projects Releases Wiki Activity
23,343 Commits 1,780 Branches 169 Tags
dab33b21fbac2a98bc1bcff1a422b101693148d1
Commit Graph

240 Commits

Author SHA1 Message Date
Tony Torralba
dab33b21fb Merge branch 'main' into atorralba/promote-mvel-injection 2021-06-16 15:44:43 +02:00
Calum Grant
a594afb828 Add security-severity metadata 2021-06-10 20:11:08 +01:00
Tony Torralba
56a429a5f9 Merge branch 'main' into promote-jexl-injection 2021-06-03 11:10:56 +02:00
Tony Torralba
b30c92e69e Refactored into MvelInjection.qll using CSV models 2021-06-02 11:33:01 +02:00
Alvaro Muñoz
a3a215afea HTTP -> Http 2021-06-02 11:12:39 +02:00
Tony Torralba
59e6e1ffac Moved from experimental 2021-06-02 09:58:30 +02:00
Alvaro Muñoz
9aba92397d lift XssSink check to InformationLeakSink 2021-06-01 17:16:41 +02:00
Alvaro Muñoz
0fb692400c fix failing test 2021-06-01 13:57:13 +02:00
Alvaro Muñoz
41d034d5a0 Attempt to use information-leak sink category 2021-05-30 00:22:40 +02:00
Tony Torralba
e78e5b9ee4 Merge branch 'main' into promote-jexl-injection 2021-05-07 12:36:49 +02:00
Tony Torralba
b37b15cea4 Re-structure imports, add some new comments to tests 2021-05-07 12:33:51 +02:00
Tony Torralba
b69be30b88 Fix imports as suggested in code review 2021-05-07 11:07:06 +02:00
Tony Torralba
f16605b3c1 Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2021-05-06 15:17:55 +02:00
Tony Torralba
76468559ba Add safe example for dom4j 2021-05-06 10:17:25 +02:00
Tony Torralba
26c3ff2cee Move from experimental to standard 2021-05-06 09:18:49 +02:00
Tony Torralba
f79d2e06f9 Fix failing checks 2021-05-04 11:29:09 +02:00
Tony Torralba
745a6f6fb4 Getters called on parameters propagate taint 2021-05-03 17:43:33 +02:00
Tony Torralba
4d5ec87de9 Use InlineTest 2021-05-03 13:27:24 +02:00
Tony Torralba
4bfd34b1fe Moved from experimental 2021-05-03 13:15:24 +02:00
Tamás Vajk
4cc88662e2 Merge pull request #5557 from tamasvajk/feature/java-sinks-csv 
Java: convert sinks to CSV
 2021-04-27 15:58:09 +02:00
Tamas Vajk
5b79094f34 Fix naming in HTTPS URL check 2021-04-27 14:59:52 +02:00
Tamas Vajk
e08b629cb5 Add documentation for URL opening sinks 2021-04-27 10:32:41 +02:00
Chris Smowton
455b840712 Fix all dead qhelp links 
For those documents with no obvious new home I've pointed the links to the Internet Archive.
 2021-04-23 15:20:21 +01:00
Tamás Vajk
cb28bc80b7 Merge branch 'main' into feature/java-sinks-csv 2021-04-22 11:41:18 +02:00
Tamas Vajk
7134eb9079 Improve documentation of csv sink models 2021-04-22 11:37:41 +02:00
Tamas Vajk
1caa5c4780 Adjust hostname verifier sink identifier name 2021-04-22 11:22:18 +02:00
Marcono1234
9349e6922d Java: Add ToStringMethod 2021-04-10 04:00:44 +02:00
Tamas Vajk
351f35d9bc Revert "Java: Convert other sinks" 
This reverts commit 87d42b02c0.
 2021-04-09 13:13:49 +02:00
Tamas Vajk
87d42b02c0 Java: Convert other sinks 2021-04-09 13:13:39 +02:00
Tamas Vajk
e544faed6d Java: Convert unsafe hostname verification sinks to CSV format 2021-04-09 13:10:44 +02:00
Tamas Vajk
f329c3fdab Java: Convert insecure bean validation sink to CSV format 2021-04-09 13:06:04 +02:00
Tamas Vajk
9e2832a82d Java: Convert zipslip sinks to CSV format 2021-04-09 11:43:29 +02:00
Tamas Vajk
b9ce1aefc0 Java: Convert unsafe URL opening sinks to CSV format 2021-04-09 11:43:29 +02:00
Marcono1234
cd059eb965 Java: Add StringBuildingType 2021-03-22 00:19:23 +01:00
Chris Smowton
e3cf5c235e Add support for Commons-Lang's RandomUtils 
This is realised by somewhat generalising our interfaces for modelling RNGs. We also add tests for randomness-related queries that didn't have any, and addtest cases checking the Apache random-number generators are interchangeable with the stdlib ones.
 2021-03-05 12:09:33 +00:00
Marcono1234
53dc2ce9b6 Java: Use .inc.qhelp extension for included help files 2021-02-26 00:43:51 +01:00
Marcono1234
e21cbe82a9 Update Java documentation links to Java 11 
Where possible update Java documentation links to Java 11.
Additionally update some other links to use HTTPS.
 2021-02-26 00:43:51 +01:00
Anders Schack-Mulligen
f0d3841369 Merge pull request #5105 from JLLeitschuh/feat/JLL/depricated_bintray_usage 
CWE-1104: Maven POM dependence upon Bintray/JCenter
 2021-02-25 09:08:31 +01:00
Jonathan Leitschuh
73fba3a3c0 Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2021-02-15 10:01:03 -05:00
Marcono1234
7a6db061b5 Address review feedback 2021-02-12 20:15:10 +01:00
Marcono1234
905648e452 Add ConditionalExpr.getBranchExpr(boolean) 2021-02-12 04:50:41 +01:00
Jonathan Leitschuh
3b92f97967 Refactor DeclaredRepository to library 2021-02-10 11:41:50 -05:00
Jonathan Leitschuh
21b6f35ddc Update java/ql/src/Security/CWE/CWE-1104/MavenPomDependsOnBintray.qhelp 2021-02-10 10:52:27 -05:00
Jonathan Leitschuh
49985a77e3 Apply suggestions from code review 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2021-02-10 10:51:37 -05:00
Jonathan Leitschuh
f00b0baaea Update java/ql/src/Security/CWE/CWE-1104/MavenPomDependsOnBintray.qhelp 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2021-02-05 16:31:37 -05:00
Jonathan Leitschuh
bfa9324266 CWE-1104: Maven POM dependence upon Bintray/JCenter 2021-02-05 13:05:51 -05:00
Anders Schack-Mulligen
29935e1388 Merge pull request #4771 from intrigus-lgtm/split-cwe-295 
Java: Add unsafe hostname verification query and remove existing overlapping query
 2021-01-13 11:31:38 +01:00
intrigus
1901f6bf55 Java: Make @id @name of query more similar. 2021-01-12 15:36:55 +01:00
intrigus
85286f362c Java: Replace global flow by local flow 2021-01-11 19:02:07 +01:00
intrigus-lgtm
722bd4dafa Java: Revise qhelp 2021-01-11 18:57:24 +01:00