1611 Commits

Author	SHA1	Message	Date
haby0	ecdadd1826	move the query to experimental folder	2021-03-05 14:38:04 +08:00
haby0	2c96e6cf96	Merge remote-tracking branch 'upstream/main' into main	2021-02-16 17:54:01 +08:00
haby0	92c00cb741	Update java/ql/src/Security/CWE/CWE-652/XQueryInjection.ql ... Co-authored-by: Chris Smowton <smowton@github.com>	2021-02-16 00:09:21 +08:00
haby0	f1e44bce4a	Update java/ql/src/Security/CWE/CWE-652/XQueryInjection.ql ... Co-authored-by: Chris Smowton <smowton@github.com>	2021-02-16 00:07:44 +08:00
Anders Schack-Mulligen	b9a479dd31	Merge pull request #5134 from pwntester/ArrayUtils ... Add support for Apache Commons Lang ArrayUtils	2021-02-15 13:50:01 +01:00
Alvaro Muñoz	812884341b	Merge branch 'ArrayUtils' of github.com:pwntester/codeql-1 into ArrayUtils	2021-02-15 10:59:49 +01:00
Alvaro Muñoz	504d119749	adjust max parameter number	2021-02-15 10:58:17 +01:00
Anders Schack-Mulligen	7e83a608a2	Merge pull request #4954 from aschackmull/java/member-hasqualifiedname ... Java: Add Member.hasQualifiedName.	2021-02-15 10:02:13 +01:00
Anders Schack-Mulligen	161e756c4b	Merge pull request #5141 from github/yo-h/java-flow-check-fix ... Java: prepare to enforce additional compiler checks in test code	2021-02-15 09:41:03 +01:00
yo-h	1d007b6e72	Java: delete two test cases as per code review	2021-02-14 21:42:58 -05:00
Chris Smowton	402f20c5e2	Merge pull request #5154 from smowton/smowton/admin/deprecate-old-maven-predicate-names ... Java: Re-introduce deprecated versions of old Maven predicate names	2021-02-12 17:22:05 +00:00
Chris Smowton	80978c7c35	Merge pull request #5153 from smowton/smowton/admin/move-misplaced-experimental-query ... Move misplaced experimental query into the conventional directory	2021-02-12 17:21:57 +00:00
Alvaro Muñoz	7d294361dc	Update java/ql/src/semmle/code/java/frameworks/apache/Lang.qll ... Co-authored-by: Joe Farebrother <joefarebrother@github.com>	2021-02-12 15:40:44 +01:00
Alvaro Muñoz	8606386c2c	add bidirectional import	2021-02-12 14:59:28 +01:00
Alvaro Muñoz	49eda8ced6	apply LSP formatter	2021-02-12 14:56:10 +01:00
Anders Schack-Mulligen	085286ab58	Merge pull request #5135 from pwntester/guava_preconditions ... Add support for the Preconditions Class in the Guava framework	2021-02-12 14:15:17 +01:00
Chris Smowton	655cfb3a47	Re-introduce deprecated versions of old Maven predicate names	2021-02-12 12:24:19 +00:00
Chris Smowton	97df60f9d6	Move misplaced experimental query into the conventional directory	2021-02-12 12:12:16 +00:00
haby0	22e741c7a3	*)add XQExpression.executeCommand(0) sink	2021-02-12 11:17:42 +08:00
Marcono1234	e89891fa1f	Address review comments	2021-02-12 01:30:47 +01:00
haby0	a6a0fa28c4	*)add XQExpression.executeQuery(0) sink	2021-02-11 16:05:48 +08:00
Marcono1234	2a1c11b517	Improve MavenPom documentation, rename inconsistent predicates	2021-02-10 23:56:45 +01:00
Anders Schack-Mulligen	b74911204a	Merge pull request #4945 from intrigus-lgtm/java/insecure-jxbrowser ... Java: Insecure JXBrowser	2021-02-10 15:48:17 +01:00
intrigus	5c82ff83de	Java: Fix qhelp, fix CWE reference	2021-02-10 13:57:51 +01:00
Alvaro Muñoz	645b021845	Add support for the Preconditions Class in the Guava framework	2021-02-10 13:20:29 +01:00
Alvaro Muñoz	0cf3a29429	Add support for Apache Commons Lang ArrayUtils	2021-02-10 13:09:57 +01:00
Tom Hvitved	1f9b42f9ab	Data flow: Sync files	2021-02-09 20:10:23 +01:00
yo-h	e5331a4735	Java: accept changes in expected output	2021-02-09 09:17:35 -05:00
yo-h	e194411cfa	Java: fix javac errors in test code	2021-02-09 09:16:57 -05:00
haby0	97690b4eb7	Update java/ql/src/Security/CWE/CWE-652/XQueryInjection.qhelp ... Co-authored-by: Felicity Chapman <felicitymay@github.com>	2021-02-08 19:15:28 +08:00
intrigus	2e30f2d9ce	Java: Fix QHelp & accept test output ... Accept test output for changed alert message.	2021-02-08 00:05:02 +01:00
Anders Schack-Mulligen	35e620a19c	Merge pull request #4854 from luchua-bc/java/insecure-ldap-auth ... Java: Insecure LDAP authentication	2021-02-04 14:56:38 +01:00
luchua-bc	724c3e00e0	Update help file	2021-02-03 16:45:15 +00:00
Anders Schack-Mulligen	40d02e7e32	Merge pull request #4926 from luchua-bc/java/insufficient-key-size ... Java: Query to detect weak encryption: insufficient key size	2021-02-03 15:16:10 +01:00
Anders Schack-Mulligen	0df7e9fa4e	Merge pull request #4989 from lcartey/lcartey/spring-inheritence-improvements ... Java: Track taint through Spring Java bean getters on super types	2021-02-03 15:06:03 +01:00
luchua-bc	2ace10fcdf	Use PostUpdateNode for wrapper method calls	2021-02-03 12:21:31 +00:00
luchua-bc	3151aeff48	Enhance the query	2021-02-02 18:26:29 +00:00
luchua-bc	5e3b6fa341	Update qldoc	2021-02-02 16:20:39 +00:00
luchua-bc	50be54385a	Update qldoc	2021-02-02 14:49:50 +00:00
Luke Cartey	76c9b6466e	Reformat TaintTrackingUtil.qll with more recent CodeQL CLI	2021-01-29 11:27:30 +00:00
Anders Schack-Mulligen	bbdd7c9b57	Merge pull request #4963 from joefarebrother/guava-collections ... Java: Add flow steps for Guava collection utilities	2021-01-28 11:01:03 +01:00
luchua-bc	ab7d257569	Add more cases and change EC to 256 bits	2021-01-28 04:06:27 +00:00
luchua-bc	2ac7b4bab4	Update qldoc	2021-01-28 04:06:27 +00:00
luchua-bc	058f3af4b2	Refactor the hasShortSymmetricKey method	2021-01-28 04:06:27 +00:00
luchua-bc	cbaee937d0	Optimize the query	2021-01-28 04:06:27 +00:00
luchua-bc	cfc950f803	Query for weak encryption: Insufficient key size	2021-01-28 03:25:15 +00:00
luchua-bc	6a93099b64	Simplify the query and update qldoc	2021-01-28 03:02:53 +00:00
haby0	81c56b9bed	Update java/ql/src/Security/CWE/CWE-652/XQueryInjection.ql ... Co-authored-by: Chris Smowton <smowton@github.com>	2021-01-27 19:47:12 +08:00
haby0	31deca016f	Update java/ql/src/Security/CWE/CWE-652/XQueryInjection.ql ... Co-authored-by: Chris Smowton <smowton@github.com>	2021-01-27 19:46:45 +08:00
haby0	ca2e6587fe	Update java/ql/src/Security/CWE/CWE-652/XQueryInjection.qhelp ... Co-authored-by: Chris Smowton <smowton@github.com>	2021-01-27 19:46:15 +08:00