hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 09:15:12 +02:00
Code Issues Packages Projects Releases Wiki Activity
52,245 Commits 1,741 Branches 165 Tags
f0ca76102cc6ea8ba10715caafe37f89eab93cc3
Commit Graph

951 Commits

Author SHA1 Message Date
Artem Smotrakov
f53b2fcc62 Updated IgnoredHostnameVerification.ql to cover more uses of HostnameVerifier.verify() 2022-02-06 11:23:20 +00:00
Tony Torralba
b59fd4070f Merge pull request #7136 from atorralba/atorralba/promote-insecure-trustmanager 
Java: Promote Insecure TrustManager from experimental
 2022-01-24 14:05:14 +01:00
luchua-bc
27043a09b3 File path injection with the JFinal framework 2022-01-23 18:07:48 +00:00
Erik Krogh Kristensen
a77b2b0209 Merge pull request #7668 from erik-krogh/simplify-casts 
simplify expressions that could be type-casts
 2022-01-20 15:20:18 +01:00
Erik Krogh Kristensen
4e8e3a7420 simplify expressions that could be type-casts 2022-01-20 10:41:35 +01:00
Tony Torralba
7cd05fb685 Move from experimental 2022-01-20 10:23:18 +01:00
Tony Torralba
68fe3dd9f4 Fix conflicts in experimental query 2022-01-19 16:42:58 +01:00
Tony Torralba
e0f4c73aed Move from experimental 2022-01-19 16:42:00 +01:00
Chris Smowton
84097468cc Merge pull request #7286 from luchua-bc/java/unsafe-url-forward-dispatch 
Java: CWE-552 Query to detect unsafe request dispatcher usage
 2022-01-18 18:19:20 +00:00
Chris Smowton
1e32514600 Avoid using this for a non-extending supertype, and remove needless casts 2022-01-18 17:20:40 +00:00
Chris Smowton
d744cf9053 Clean up guard logic: 
* Always sanitize after the second guard, not the first
* Only check basic-block dominance in one place
* One BarrierGuard extension per final guard
 2022-01-18 17:10:06 +00:00
Chris Smowton
748008ad51 Remove dangling reference to UnsafeRequestPath.java 2022-01-18 17:08:38 +00:00
luchua-bc
a3d65a8ed0 Update recommendation in qldoc and make examples more comprehendible 2022-01-18 17:01:26 +00:00
Artem Smotrakov
825fe1797a Fixed another false-positive in CWE-297/IgnoredHostnameVerification.ql 2022-01-16 18:55:49 +00:00
Artem Smotrakov
dcf251bb93 Fixed typos in IgnoredHostnameVerification.qhelp 2022-01-16 18:27:49 +00:00
Fosstars
2b33265d0f Added a query for ignored hostname verification 
- Added IgnoredHostnameVerification.ql
- Added a qhelp file with examples
- Added tests
 2022-01-16 18:27:49 +00:00
Artem Smotrakov
f78002bc02 Fixed a false-positive in CWE-297/IgnoredHostnameVerification.ql 2022-01-16 18:25:18 +00:00
Fosstars
e11cb943a6 Added a query for ignored hostname verification 
- Added IgnoredHostnameVerification.ql
- Added a qhelp file with examples
- Added tests
 2022-01-16 18:25:18 +00:00
luchua-bc
4797fce48a Update use cases and qldoc 2022-01-16 01:15:29 +00:00
luchua-bc
978ef1570a Update method names 2022-01-16 01:11:25 +00:00
Tony Torralba
a2c98baf29 Reordering 2022-01-14 17:17:57 +01:00
Tony Torralba
eb1806c0a9 Split PathMatchGuard into three guards 2022-01-14 17:14:18 +01:00
Tony Torralba
fb1287d577 Use dominance instead of getParent 
Add clarification comments to PathMatchGuard
 2022-01-14 15:28:02 +01:00
Tony Torralba
136fefbab5 Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-01-14 13:38:17 +01:00
Tony Torralba
b6886b8e43 Move code to qll file 2022-01-13 15:28:57 +01:00
Tony Torralba
81feaaec02 Refactor PathMatchGuard 2022-01-13 15:24:41 +01:00
Tony Torralba
cd9a485c47 Refactor NullOrEmptyCheckGuard 2022-01-13 14:44:08 +01:00
luchua-bc
263dbd33f6 Optimize the query 2022-01-12 02:33:17 +00:00
Tony Torralba
7b0d9ea525 Merge pull request #7054 from atorralba/atorralba/promote-log-injection 
Java: Promote Log Injection from experimental
 2022-01-11 17:26:18 +01:00
Tony Torralba
0e738622df Merge branch 'main' into atorralba/promote-log-injection 2022-01-10 17:24:25 +01:00
Tony Torralba
55dc783f28 Move from experimental and refactor 2022-01-10 17:09:37 +01:00
Tony Torralba
6f2d91a8ad Sinks for CloseableThreadContext 2021-12-17 09:17:04 +01:00
Tony Torralba
7d70b77141 Add new sinks and taint steps 2021-12-16 13:43:58 +01:00
luchua-bc
29ce0e9ef1 Add sanitizer for virtual method calls 2021-12-15 16:19:50 +00:00
Tony Torralba
68a0efaf0c Formatting 2021-12-14 14:53:38 +01:00
Bas van Schaik
d85ed9ea7a Clarify Log4jJndiInjection.ql query help 2021-12-14 12:32:36 +00:00
Tony Torralba
aee617f911 Autoformat 2021-12-14 08:40:30 +01:00
Tony Torralba
1b761b3d12 Apply suggestions from code review 2021-12-13 20:38:06 +01:00
Tony Torralba
ff2f5a5f91 Apply suggestions from code review 
Co-authored-by: Bas van Schaik <5082246+sj@users.noreply.github.com>
 2021-12-13 19:44:38 +01:00
Tony Torralba
d2dc19900f Apply suggestions from code review 
Co-authored-by: Bas van Schaik <5082246+sj@users.noreply.github.com>
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-12-13 19:39:52 +01:00
Tony Torralba
43a10457dd [Java] Query for Log4j JNDI Injection 2021-12-10 17:37:43 +01:00
Chris Smowton
753d886b0d Merge pull request #6319 from haby0/java/MyBatisSqlInjection 
[Java] CWE-089 MyBatis Mapper Sql Injection
 2021-12-09 19:57:18 +00:00
Chris Smowton
75f3ebf051 Fix OTHER XML tag 2021-12-09 17:55:03 +00:00
Chris Smowton
9f69c75c50 Fix XML tag 2021-12-09 17:44:49 +00:00
Chris Smowton
2cd70b96cd Fix doctype 2021-12-09 17:44:08 +00:00
Chris Smowton
470256da85 Copyedit 2021-12-09 15:10:07 +00:00
haby0
8bcbf8e30f rename isMybatisCollectionTypeSqlInjection 2021-12-09 09:16:33 +08:00
haby0
a18aad8536 Fix one 2021-12-08 21:03:17 +08:00
haby0
1d321c692b Refactor isMybatisXmlOrAnnotationSqlInjection 2021-12-08 18:59:55 +08:00
haby0
daf6a4ce07 Partial modification 2 2021-12-04 17:45:02 +08:00