hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-28 22:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,928 Commits 1,673 Branches 157 Tags
dec026a820c8efa0813bf64145d01e60c8f9db13
Commit Graph

108 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
161e756c4b Merge pull request #5141 from github/yo-h/java-flow-check-fix 
Java: prepare to enforce additional compiler checks in test code
 2021-02-15 09:41:03 +01:00
Chris Smowton
97df60f9d6 Move misplaced experimental query into the conventional directory 2021-02-12 12:12:16 +00:00
Anders Schack-Mulligen
b74911204a Merge pull request #4945 from intrigus-lgtm/java/insecure-jxbrowser 
Java: Insecure JXBrowser
 2021-02-10 15:48:17 +01:00
yo-h
e194411cfa Java: fix javac errors in test code 2021-02-09 09:16:57 -05:00
intrigus
2e30f2d9ce Java: Fix QHelp & accept test output 
Accept test output for changed alert message.
 2021-02-08 00:05:02 +01:00
Anders Schack-Mulligen
35e620a19c Merge pull request #4854 from luchua-bc/java/insecure-ldap-auth 
Java: Insecure LDAP authentication
 2021-02-04 14:56:38 +01:00
luchua-bc
2ace10fcdf Use PostUpdateNode for wrapper method calls 2021-02-03 12:21:31 +00:00
luchua-bc
ab7d257569 Add more cases and change EC to 256 bits 2021-01-28 04:06:27 +00:00
luchua-bc
058f3af4b2 Refactor the hasShortSymmetricKey method 2021-01-28 04:06:27 +00:00
luchua-bc
cbaee937d0 Optimize the query 2021-01-28 04:06:27 +00:00
luchua-bc
cfc950f803 Query for weak encryption: Insufficient key size 2021-01-28 03:25:15 +00:00
intrigus
a4cbd7037b Java: Add tests for different versions. 
Adds a test for version 6.24, because that version is not vulnerable.
The other test is for versions < 6.24, because these versions are
vulnerable.
 2021-01-15 17:20:57 +01:00
luchua-bc
e5a703e49c Revamp the query 2021-01-15 04:05:11 +00:00
Anders Schack-Mulligen
29935e1388 Merge pull request #4771 from intrigus-lgtm/split-cwe-295 
Java: Add unsafe hostname verification query and remove existing overlapping query
 2021-01-13 11:31:38 +01:00
luchua-bc
babe744a30 Add SECURITY_PROTOCOL check 2021-01-13 03:49:08 +00:00
intrigus
5b3086a93a Java: Fix capitalization of JxBrowser 2021-01-12 22:43:41 +01:00
intrigus
4fa8f5eab2 Java: Accept test changes 2021-01-12 15:29:03 +01:00
intrigus
b30872806d Java: Add tests and test stubs. 2021-01-12 14:49:12 +01:00
intrigus
70b0703952 Java: Remove overlapping code 2021-01-11 13:42:07 +01:00
Anders Schack-Mulligen
e5b4975450 Merge pull request #4675 from luchua-bc/cleartext-storage-shared-prefs 
Java: Query to detect cleartext storage of sensitive information using Android SharedPreferences
 2021-01-08 12:41:34 +01:00
Chris Smowton
e87fd86e63 Merge pull request #4814 from luchua-bc/java/password-in-configuration 
Java: Password in Java EE configuration files
 2021-01-05 11:42:27 +00:00
luchua-bc
c069a5b4c6 Factor private host regex into the networking library and enhance the query 2021-01-04 14:51:32 +00:00
luchua-bc
4ec78d04f8 Insecure LDAP authentication 2020-12-21 00:15:15 +00:00
luchua-bc
b44f01a87b Enhance the check for embedded passwords 2020-12-17 03:47:38 +00:00
luchua-bc
d469e9b24e Format the code and minor text change 2020-12-13 21:15:18 +00:00
luchua-bc
e27ccd0a81 Format the code and update qldoc 2020-12-13 02:33:03 +00:00
luchua-bc
7ba237120b Password in Java EE configuration files 2020-12-12 05:15:04 +00:00
Anders Schack-Mulligen
0cc324b715 Merge pull request #3839 from luchua-bc/uncaught-servlet-exception 
Java: Uncaught servlet exception
 2020-12-02 15:12:59 +01:00
luchua-bc
ad0ac5b874 Change kind to problem 2020-11-27 16:43:57 +00:00
Anders Schack-Mulligen
028a72bcdd Merge pull request #4610 from luchua-bc/java-nfe-local-android-dos 
Java: Query to detect Local Android DoS caused by NFE
 2020-11-27 14:20:23 +01:00
luchua-bc
7ad031ca70 Move to experimental and update qldoc 2020-11-26 17:09:53 +00:00
Anders Schack-Mulligen
0450489022 Java: Review fixes. 2020-11-24 11:31:44 +01:00
luchua-bc
a311462791 Move to query-test folder and update qldoc 2020-11-19 13:12:42 +00:00
luchua-bc
85434ca410 Format the source code and update qldoc 2020-11-17 21:20:53 +00:00
luchua-bc
0bd6255c41 Query for cleartext storage using Android SharedPreferences 2020-11-16 17:23:01 +00:00
Porcupiney Hairs
2525cfd786 include suggestions from review. 2020-11-13 00:28:06 +05:30
Porcupiney Hairs
38de9b6433 add request forgery query 2020-11-10 01:19:35 +05:30
luchua-bc
bc899b6337 Move common code to a library and add more test cases 2020-11-09 14:14:54 +00:00
luchua-bc
76a0db84ee Query for detecting Local Android DoS caused by NFE 2020-11-09 14:10:00 +00:00
luchua-bc
a83f9ced96 Change the query to only catch the common exception rethrown case 2020-11-09 12:07:43 +00:00
Anders Schack-Mulligen
22b4df0f3c Merge pull request #4512 from luchua-bc/sensitive-broadcast 
Java: Sensitive broadcast
 2020-11-04 10:47:48 +01:00
luchua-bc
fa54c23a83 Handle the edge case that an exception is rethrown in a catch clause 2020-11-03 16:31:12 +00:00
luchua-bc
6a8ce37428 Add query for initCause and addSuppressed 2020-11-02 11:59:14 +00:00
luchua-bc
78d7fe2fbb Detect rethrowing unprocessed exceptions in catch clause 2020-11-01 02:13:50 +00:00
luchua-bc
c89ebeeb5e Text changes 2020-11-01 00:39:00 +00:00
luchua-bc
7ac3fb41d5 Clean up query and test files 2020-10-31 13:37:36 +00:00
luchua-bc
756db4c03a Simplify the query and add more test cases 2020-10-31 01:33:24 +00:00
luchua-bc
67af9b0f3e Add comments and update JavaDocs of GenericServlet using the source JAR 2020-10-30 17:05:53 +00:00
luchua-bc
93d1393ded Add error-page check 2020-10-30 16:45:56 +00:00
luchua-bc
5a6339c1af Remove userid from the regex 2020-10-29 15:46:05 +00:00