Grzegorz Golawski
ac329e81f8
Fixes FPs in SpringBootActuators query
...
No evidence that Spring Actuators are being used, e.g. `http.authorizeRequests().anyRequest().permitAll()`
Only safe Actuators are enabled, e.g. `EndpointRequest.to("health", "info")`
2020-05-18 22:55:33 +02:00
Grzegorz Golawski
14ce049fc6
Add support for Saxon
2020-05-15 00:12:08 +02:00
Artem Smotrakov
bab6f3788e
Java: Added a query for unsafe TLS versions
...
- Added experimental/Security/CWE/CWE-327/UnsafeTlsVersion.ql
- Added SslLib.qll
- Added a qhelp file with examples
- Added tests in java/ql/test/experimental/Security/CWE/CWE-327
2020-05-10 19:14:52 +02:00
Grzegorz Golawski
afea9330b7
Fix the case where user-controlled input is passed as URL to env Hashtable
2020-05-08 00:44:22 +02:00
Grzegorz Golawski
df9921f870
Update according to the review comments
2020-05-07 23:19:13 +02:00
Grzegorz Golawski
f893954ea3
Add Spring LDAP and JMXServiceURL related sinks
2020-05-03 20:51:50 +02:00
Grzegorz Golawski
31a2972eca
Remove qlpack.yml as these are not needed
2020-04-27 23:32:48 +02:00
Grzegorz Golawski
0c75330e42
Remove qlpack.yml as these are not needed
2020-04-27 23:31:10 +02:00
Grzegorz Golawski
639aa826ea
Remove qlpack.yml as these are not needed
2020-04-27 23:26:59 +02:00
Grzegorz Golawski
d590f3fba8
CodeQL query to detect XSLT injections
2020-04-27 22:35:35 +02:00
Grzegorz Golawski
457e2eaf59
CodeQL query to detect OGNL injections
2020-04-19 20:31:57 +02:00
Grzegorz Golawski
af48bc3e57
CodeQL query to detect JNDI injections
2020-04-17 21:45:42 +02:00
Grzegorz Golawski
1d8da905ac
Make the test runnable via codeql test run
2020-04-03 21:44:13 +02:00
Grzegorz Golawski
f05b2af69d
Move to experimental
2020-04-03 00:27:51 +02:00
yo-h
43bcd5b26c
Add guidelines for experimental CodeQL queries and libraries
2020-02-24 15:08:31 -05:00
