hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
32,965 Commits 1,671 Branches 157 Tags
f96e47db0993ecef12cbbda75ecda67b7cfc7ac7
Commit Graph

4569 Commits

Author SHA1 Message Date
Ahmed Farid
f96e47db09 Update ComparingValueOfSensetiveHeader.java 2022-02-25 17:33:07 +00:00
Ahmed Farid
09e054ace6 Update ComparingValueOfSensetiveHeader.java 2022-02-25 17:33:07 +00:00
Ahmed Farid
f758ed0d85 Update ComparingValueOfSensetiveHeader.java 2022-02-25 17:33:07 +00:00
ahmed532009
4a9ee5826d Update TimingAttackAgainstHeader.qhelp 2022-02-25 17:33:07 +00:00
ahmed532009
6da9bc593f Rename csrfComparison.java to ComparingValueOfSensetiveHeader.java 2022-02-25 17:33:07 +00:00
ahmed532009
a0a1c587e5 Create ComparingValueOfSensetiveHeader.java 2022-02-25 17:33:07 +00:00
ahmed532009
aa488e532f Update csrfComparison.java 2022-02-25 17:33:07 +00:00
Chris Smowton
333130b2a4 Abbreviate isSink 2022-02-25 17:33:07 +00:00
Chris Smowton
80a2b388bf Update TimingAttackAgainstHeader.qhelp 2022-02-25 17:33:07 +00:00
ahmed532009
fa81f43694 Update TimingAttackAgainstHeader.qhelp 2022-02-25 17:33:06 +00:00
ahmed532009
39e07cbc9c Update and rename UnsafecsrfComparison.java to csrfComparison.java 2022-02-25 17:33:06 +00:00
ahmed532009
c6c67b907b Update TimingAttackAgainstHeader.qhelp 2022-02-25 17:33:06 +00:00
ahmed532009
98b06d35af Update TimingAttackAgainstHeader.ql 2022-02-25 17:33:06 +00:00
ahmed532009
bf95e59b24 Update TimingAttackAgainstHeader.qhelp 2022-02-25 17:33:06 +00:00
ahmed532009
ab6a7bb3d8 Update TimingAttackAgainstHeader.ql 2022-02-25 17:33:06 +00:00
root
49feeb1c36 Timing attacks while comparing the headers value 2022-02-25 17:33:06 +00:00
Asger F
a8bfebaeb6 Merge pull request #8149 from asgerf/shared/use-shared-access-path-syntax 
Shared: use shared access path syntax to parse arguments in CSV rows
 2022-02-25 14:04:18 +01:00
Chris Smowton
b1c98ae3c2 Add further test directly examining signature of method with problematic parameter types 2022-02-24 17:39:11 +00:00
Chris Smowton
379f2438a6 Add test checking that inheritence is noticed even with annotations present 2022-02-24 17:39:11 +00:00
Chris Smowton
01db73bfc7 Merge pull request #5935 from porcupineyhairs/javaSstiNew 
Java : Add SSTI query
 2022-02-23 17:30:02 +00:00
Chris Smowton
7b425a80bc Note path query expectations 2022-02-23 16:02:54 +00:00
Chris Smowton
a8fe10f353 Java template injection query: import pathgraph 2022-02-23 13:47:24 +00:00
Asger Feldthaus
f1bfb31403 Shared: fix typo in a comment 2022-02-23 14:13:41 +01:00
Asger Feldthaus
efec348eb3 Java: use AccessPathSyntax library 2022-02-23 14:13:40 +01:00
Asger Feldthaus
5cab737ef1 Shared: sync AccessPathSyntax.qll 2022-02-23 14:13:40 +01:00
Chris Smowton
50d9945625 Autoformat 2022-02-23 11:41:23 +00:00
Chris Smowton
476997a599 Replace more non-breaking spaces 2022-02-23 11:02:17 +00:00
Tony Torralba
f011bbc92c Merge pull request #8055 from luchua-bc/java/unsafe-url-forward-with-shared-lib 
CWE-552: Switch to the shared PathSanitizer library
 2022-02-23 11:00:23 +01:00
Porcupiney Hairs
c81d85f321 Include suggestions from review 2022-02-22 23:07:34 +05:30
Porcuiney Hairs
e536628a66 Java : Add SSTI query 2022-02-22 15:57:53 +05:30
Asger Feldthaus
7848fcec80 Shared: sync AccessPathSyntax.qll 2022-02-21 08:21:53 +01:00
Asger Feldthaus
55ac5cb012 Shared: auto format 2022-02-21 08:21:53 +01:00
Asger Feldthaus
4985fbb526 Shared: update getSummaryCsv and related test output 2022-02-21 08:21:53 +01:00
Asger Feldthaus
dcc523a2b7 Shared: auto format 2022-02-21 08:21:53 +01:00
Asger Feldthaus
d911e0abf8 Shared: use getToken instead of getLastToken 2022-02-21 08:21:52 +01:00
Asger Feldthaus
c4304a980d Shared: add explicit this 2022-02-21 08:21:52 +01:00
Asger Feldthaus
dc6a13242b Shared: update comment in AccessPathSyntax.qll 2022-02-21 08:21:52 +01:00
Asger Feldthaus
be63cf7049 Shared: fix qldoc and move getRawToken to top-level 2022-02-21 08:21:52 +01:00
Asger Feldthaus
affdbe9955 Java: remove support for legacy syntax 2022-02-21 08:16:55 +01:00
Asger Feldthaus
a121b73181 Java: update CSV rows to dot-separated syntax 2022-02-21 08:16:55 +01:00
Asger Feldthaus
7f808710ec Java: update model generator 2022-02-21 08:16:54 +01:00
Asger Feldthaus
753c557dbe Java: use AccessPathSyntax.qll to parse input/output summary specs 2022-02-21 08:16:54 +01:00
luchua-bc
f136ea0f6f Switch to the shared PathSanitizer library 2022-02-16 16:06:28 +00:00
Tony Torralba
111aabb707 Merge pull request #7712 from luchua-bc/java/file-path-injection 
Java: CWE-073 File path injection with the JFinal framework
 2022-02-16 12:01:34 +01:00
Arthur Baars
ebb87c4b36 Merge pull request #7975 from github/post-release-prep/codeql-cli-2.8.1 
Post-release preparation for codeql-cli-2.8.1
 2022-02-15 20:17:35 +01:00
luchua-bc
40bf093d34 Move shared code to the lib folder and update qldoc 2022-02-15 17:28:13 +00:00
Tony Torralba
5f0ab522f3 Merge pull request #7988 from Marcono1234/marcono1234/sealed-types-predicates 
Java: Add predicates for sealed classes
 2022-02-15 15:11:56 +01:00
Chris Smowton
2f82a46528 Elaborate change note 2022-02-15 12:56:57 +00:00
luchua-bc
fd533f2ba8 Remove the same callable constraint 2022-02-15 12:44:23 +00:00
Tony Torralba
bfa14fa066 Merge pull request #7823 from JLLeitschuh/improve/JLL/combined_http_headers 
Java: Add HTTP Request Splitting to Netty Query
 2022-02-15 10:24:36 +01:00