hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-11 04:31:05 +01:00
Code Issues Packages Projects Releases Wiki Activity
22,265 Commits 1,690 Branches 160 Tags
f7437422c190ccf2bcd4d960aa3ffc2cc73838bc
Commit Graph

428 Commits

Author SHA1 Message Date
Timo Mueller
f7437422c1 InstanceOf check instead of comparing classnames 2021-05-04 15:51:40 +02:00
Timo Mueller
fd52135f29 Removed unnecessary check for type 2021-05-04 15:45:30 +02:00
Timo Müller
c476b6c088 Fix accordance to style guide 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-05-04 14:00:01 +02:00
Timo Müller
030e2bdd9b Fix accordance to style guide 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-05-04 13:59:52 +02:00
Timo Müller
ab308b5e9e Fix accordance to style guide 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-05-04 13:59:43 +02:00
Timo Müller
485a3a139a Fixed content to confirm with the style guide 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-05-04 13:58:38 +02:00
Timo Müller
45443baf84 Fixed Typo 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-05-04 13:58:00 +02:00
Timo Müller
1fd2be3879 Added more clear reference 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-05-04 13:57:19 +02:00
Timo Müller
7026d82a72 Fixed typo 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-05-04 13:53:14 +02:00
Timo Müller
f28e994121 Update java/ql/src/experimental/Security/CWE/CWE-665/InsecureRmiJmxEnvironmentConfiguration.qhelp 
More descriptive (and PC) description.

Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-05-04 13:52:47 +02:00
Timo Mueller
c22eeacbfc Fixed accidential double init of variable 2021-04-30 16:28:56 +02:00
Timo Mueller
61d053f6b3 Fixed missing metadata description 2021-04-30 16:28:17 +02:00
Timo Mueller
15a3068f8a Added query for insecure environment configuration RMI JMX (CVE-2016-8735) 2021-04-30 16:23:17 +02:00
Chris Smowton
ad9ea40954 Merge pull request #5597 from intrigus-lgtm/java/jwt-insecure-parse 
[Java] JWT without signature check.
 2021-04-29 14:41:11 +01:00
intrigus
b1a3633495 Java: Remove redundant condition + docs. 2021-04-23 22:06:04 +02:00
intrigus
98dcd4e52b Java: Tighten definition of sink. 2021-04-23 00:14:48 +02:00
intrigus
a385b30c29 Java: Factor common expr into class. 2021-04-22 23:51:27 +02:00
intrigus-lgtm
958e2fab05 Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-22 23:36:17 +02:00
intrigus
231b07795c Java: Ignore results in test directories. 2021-04-20 23:25:13 +02:00
intrigus
fcaf5e7657 Java: Plural type name -> singular type name. 2021-04-20 23:09:44 +02:00
intrigus
3acec94773 Java: Fix typos. 2021-04-20 23:04:06 +02:00
intrigus
149c4491ce Java: Simplify qldoc. 2021-04-20 23:03:10 +02:00
intrigus
9e4fa90f6e Java: Refer to Java types in qldoc instead of ql types. 2021-04-20 23:02:18 +02:00
intrigus
26502881d7 Java: Consistently use this in charpred. 2021-04-20 22:56:58 +02:00
Chris Smowton
9bfb0d93ca Autoformat QL 2021-04-20 13:59:09 +01:00
Chris Smowton
0ec3ee29e4 Style last use of SecureASTCustomizer 2021-04-20 12:44:49 +01:00
Hayk Andriasyan
bb58a50503 Update GroovyInjection.qhelp 2021-04-20 15:41:58 +04:00
p0wn4j
f2de440886 [Java] CWE-094: Query to detect Groovy Code Injections 2021-04-20 19:18:24 +04:00
Mathias Vorreiter Pedersen
e36b42a03f Java: Fix invalid id in experimental query 
The invalid id broke CI here: https://github.com/github/codeql/pull/5703 (see https://github.slack.com/archives/CPSEA0G22/p1618602834224600)
 2021-04-17 09:47:15 +02:00
Anders Schack-Mulligen
605f28f741 Merge pull request #5686 from smowton/haby0/JsonHijacking 
Java: JSONP Injection w/cleanups
 2021-04-16 11:09:17 +02:00
Chris Smowton
c37994089c Revert changes to unrelated query 2021-04-15 16:24:29 +01:00
haby0
dedf765542 Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-15 22:59:22 +08:00
haby0
0e183ab4a4 Finish comment 2021-04-15 19:49:06 +08:00
Chris Smowton
fa36ba901a Merge pull request #5471 from artem-smotrakov/el-injection 
Java: Query for detecting Jakarta Expression Language injections
 2021-04-15 12:39:34 +01:00
haby0
d269a7e717 CWE-598 reduction 2021-04-15 19:33:15 +08:00
haby0
583d0889e2 delete tomcat-embed-core stub, update the ServletGetMethod class 2021-04-15 17:40:51 +08:00
haby0
5d05e4d224 Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-15 17:28:53 +08:00
haby0
b3bdf89fc2 rm VerificationMethodFlowConfig, use springframework-5.2.3 stub 2021-04-15 10:25:40 +08:00
haby0
77208bcc91 Fix the error that there is no VerificationMethodToIfFlowConfig 2021-04-14 13:14:43 +08:00
haby0
e2ed0d02b0 Delete existsFilterVerificationMethod and existsServletVerificationMethod, add from get handler to filter 2021-04-14 12:34:52 +08:00
haby0
37dae67a0d Fix RequestResponseFlowConfig.isSink error 2021-04-14 09:55:24 +08:00
haby0
25b012db48 Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-13 23:58:28 +08:00
haby0
7be45e7c5e Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-13 23:56:17 +08:00
Chris Smowton
58d198261e Merge pull request #5663 from smowton/luchua/java/sensitive-cookie-not-httponly 
Java: CWE-1004 Query to check sensitive cookies without the HttpOnly flag set w/minor corrections
 2021-04-13 12:08:53 +01:00
haby0
be39883166 Change the class name and comment,Use .(CompileTimeConstantExpr).getStringValue() 2021-04-13 14:10:10 +08:00
Artem Smotrakov
b96b665262 Renaming in java/ql/src/experimental/Security/CWE/CWE-094 2021-04-12 21:40:49 +03:00
luchua-bc
d7f26dfc18 Update stub classes and qldoc 2021-04-12 16:19:23 +00:00
Chris Smowton
423ff32d04 Merge pull request #5384 from luchua-bc/java/insecure-spring-actuator-config 
Java: CWE-016 Query to detect insecure configuration of Spring Boot Actuator
 2021-04-12 17:04:47 +01:00
Chris Smowton
bb23866cec Add missing doc comments 2021-04-12 16:33:01 +01:00
Chris Smowton
2656a52880 Merge pull request #5538 from luchua-bc/java/credentials-in-properties 
Java: CWE-555 Query to detect plaintext credentials in Java properties files
 2021-04-12 15:22:21 +01:00