hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-20 22:46:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
66,567 Commits 1,712 Branches 163 Tags
ead247469d7d6d90a2afcd04ccb18409b8a55e18
Commit Graph

63 Commits

Author SHA1 Message Date
Chris Smowton
f552a15aae Mass-rename MethodAccess -> MethodCall 2023-10-24 10:30:26 +01:00
erik-krogh
44b6366586 delete old deprecations 2023-06-02 11:58:08 +02:00
Michael Nebel
4c7cdc6245 Java: Remove unneeded imports of ExternalFlow.qll. 2022-12-05 09:49:38 +01:00
Tony Torralba
50ad234694 Move PathSanitizer to the main library 2022-10-04 12:26:17 +02:00
luchua-bc
8effbff817 Remove unused code and update qldoc 2022-09-23 12:43:39 +00:00
luchua-bc
e33d786745 Add test cases and reduce FPs 2022-09-23 12:31:16 +00:00
luchua-bc
311c9e4719 Query to detect unsafe resource loading in Java Spring applications 2022-09-23 12:31:15 +00:00
Tony Torralba
cd61bd0606 Move files from experimental 2022-09-07 13:13:40 +02:00
Tony Torralba
2ec53bf78c Merge pull request #9873 from luchua-bc/java/permissive-dot-regex 
Java: CWE-625 Query to detect regex dot bypass
 2022-08-31 10:24:18 +02:00
erik-krogh
ce9f69a639 rename all occurrences of XML to Xml 2022-08-22 14:08:31 +02:00
Joe Farebrother
f8f21c7ee6 Move static init vector query and tests from experimental to main 2022-08-17 10:35:13 +01:00
Tony Torralba
1d12bd1521 Share SpringUrlRedirect library 2022-08-17 10:43:43 +02:00
Anders Schack-Mulligen
df6d68b215 Merge pull request #9618 from aschackmull/dataflow/deprecate-barrierguard-class 
Dataflow: Deprecate BarrierGuard class
 2022-06-22 10:44:08 +02:00
Michael Nebel
2e46e93f36 Java: Update java models with provenance column information. 2022-06-20 16:20:02 +02:00
Anders Schack-Mulligen
33deff9bae Java: Deprecate BarrierGuard class. 2022-06-16 11:25:28 +02:00
Erik Krogh Kristensen
7245591468 Merge pull request #7763 from erik-krogh/unused-field 
QL: add unused-field query
 2022-05-18 09:15:16 +02:00
luchua-bc
0aa1251ffe Add more test cases 2022-04-29 02:31:43 +00:00
luchua-bc
590b9d8519 Standardize the query and update qldoc 2022-04-27 22:17:17 +00:00
Tony Torralba
e99cee4913 Merge branch 'main' into java/unsafe-get-resource 2022-04-27 16:45:42 +02:00
Tony Torralba
b69d81ce24 Make all imports of ExternalFlow private 2022-04-26 13:48:44 +02:00
luchua-bc
f0c4b1955b Change getResource() to be a taint step 2022-04-19 15:55:09 +00:00
luchua-bc
eccd97c7b7 Query to detect unsafe getResource calls in Java EE applications 2022-04-09 01:14:15 +00:00
Chris Smowton
9675f34cf5 Merge pull request #8257 from luchua-bc/java/insecure-webview-resource-response 
Java: CWE-200 Query to detect insecure WebResourceResponse implementation
 2022-03-30 15:56:27 +01:00
luchua-bc
fa2a6a7da3 Remove unnecessary taint step and update qldoc 2022-03-29 17:52:49 +00:00
luchua-bc
833d842113 Drop the getPath check from the library 2022-03-28 20:14:40 +00:00
Erik Krogh Kristensen
879680057e fix all ql/unused-field warnings 2022-03-17 09:41:42 +01:00
Erik Krogh Kristensen
69353bb014 patch upper-case acronyms to be PascalCase 2022-03-11 11:10:33 +01:00
luchua-bc
88d9694628 Query to detect insecure WebResourceResponse implementation 2022-02-26 02:03:35 +00:00
Chris Smowton
50d9945625 Autoformat 2022-02-23 11:41:23 +00:00
Porcuiney Hairs
e536628a66 Java : Add SSTI query 2022-02-22 15:57:53 +05:30
luchua-bc
40bf093d34 Move shared code to the lib folder and update qldoc 2022-02-15 17:28:13 +00:00
Tony Torralba
0e738622df Merge branch 'main' into atorralba/promote-log-injection 2022-01-10 17:24:25 +01:00
Erik Krogh Kristensen
6ff8d4de5c add all remaining explicit this 2021-11-26 13:50:10 +01:00
Tony Torralba
3ea1af3819 Refactor into separate libraries 2021-10-29 17:36:02 +02:00
Chris Smowton
24e3ad4e18 Remove unnecessary type constraint 2021-09-22 10:54:24 +01:00
Daniel Santos
9e41f43ee2 Fix: android.util.Log is final. No inheritance handling is needed. 2021-09-17 10:15:48 -05:00
Daniel Santos
032a7e71fe Update Logging.qll 
Simplified using a set-literal as suggested by @intrigus-lgtm
 2021-09-16 13:03:26 -05:00
Daniel Santos
af8b2b6d9c Fix Android logging signature in java/ql/src/experimental/semmle/code/java/Logging.qll 2021-09-16 11:24:06 -05:00
Chris Smowton
7a0555ecb3 Merge pull request #6357 from artem-smotrakov/static-iv 
Java: Static initialization vector
 2021-08-26 13:45:43 +01:00
Fosstars
1dd4bf00ac Simplify StaticInitializationVectorSource 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-08-26 09:42:23 +02:00
Artem Smotrakov
23e2322635 Simplify ArrayUpdate 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-08-25 19:43:43 +02:00
Artem Smotrakov
f41828e5db Better qldoc in StaticInitializationVectorQuery.qll 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-08-25 19:38:33 +02:00
Fosstars
f97c8bb049 Removed sanitizer in StaticInitializationVectorConfig 2021-08-25 12:40:48 +02:00
Fosstars
86b7b2b86d Updated qldoc for ArrayUpdate 2021-08-25 12:14:36 +02:00
Fosstars
c80a1da483 Don't consider copyOf() and clone() in ArrayUpdate 2021-08-25 12:11:34 +02:00
Fosstars
fbac5891b8 Fixed a typo in qldoc 2021-08-14 21:28:30 +02:00
Fosstars
e2dc9753ac Covered copyOfRange() and clone() in ArrayUpdate 2021-08-14 13:25:46 +02:00
Fosstars
d218813320 Updated qldoc for ArrayUpdate 2021-08-14 13:09:14 +02:00
Fosstars
11992404ec Be precise when checking for Cipher.ENCRYPT_MODE 2021-08-14 12:18:02 +02:00
Fosstars
4e69081c22 Support multi-dimensional arrays 2021-08-13 20:52:27 +02:00