codeql

mirror of https://github.com/github/codeql.git synced 2025-12-28 06:36:33 +01:00

Author	SHA1	Message	Date
p0wn4j	6841f5f7c4	Java: Add NashornScriptEngine detection in ScriptEngine query Java: Add NashornScriptEngine detection in ScriptEngine query Java: Add NashornScriptEngine detection in ScriptEngine query Java: Add NashornScriptEngine detection in ScriptEngine query	2021-03-06 16:19:07 +04:00
Anders Schack-Mulligen	00983c8967	Merge pull request #4965 from artem-smotrakov/jexl-injection Java: Query for detecting JEXL injections	2021-03-05 10:52:36 +01:00
Artem Smotrakov	0695b2a1fb	Removed TaintedSpringRequestBody	2021-03-04 20:27:39 +01:00
Tamás Vajk	505d04b13e	Merge pull request #5102 from luchua-bc/java/main-method-in-servlet Java: CWE-489 Query to detect main() method in servlets	2021-02-25 16:05:06 +01:00
Anders Schack-Mulligen	add960bc4d	Merge pull request #4880 from luchua-bc/java/sensitive-query-with-get Java: Sensitive GET Query	2021-02-24 11:08:47 +01:00
luchua-bc	40df01d2cd	Update qldoc and method name	2021-02-22 14:15:41 +00:00
Artem Smotrakov	43a07bb13a	Better sink in SandboxedJexlFlowConfig	2021-02-20 11:17:51 +01:00
luchua-bc	3d9ac0d094	Add query for enterprise beans	2021-02-20 02:00:42 +00:00
Anders Schack-Mulligen	954e0b9496	Java: Add empty file to test.	2021-02-18 13:10:29 +01:00
Anders Schack-Mulligen	862c41632e	Java: Add empty file to test.	2021-02-17 13:23:18 +01:00
luchua-bc	2f17943abc	Update qldoc	2021-02-15 16:58:09 +00:00
Anders Schack-Mulligen	161e756c4b	Merge pull request #5141 from github/yo-h/java-flow-check-fix Java: prepare to enforce additional compiler checks in test code	2021-02-15 09:41:03 +01:00
Chris Smowton	97df60f9d6	Move misplaced experimental query into the conventional directory	2021-02-12 12:12:16 +00:00
Artem Smotrakov	042c0b005e	Covered sandboxes for JEXL 2 - Updated SandboxedJexlFlowConfig to cover JEXL 2 - Added SandboxedJexl2 test	2021-02-11 22:57:26 +01:00
Artem Smotrakov	7543df60da	Callable.call() should not be a sink in JexlInjection.ql	2021-02-11 20:37:23 +01:00
Artem Smotrakov	af0f361ac8	Updated JexlInjection.ql to check for sandboxes - Added a dataflow config to track setting a sandbox on JexlBuilder - Added SandboxedJexl3.java test	2021-02-10 22:19:45 +01:00
Anders Schack-Mulligen	b74911204a	Merge pull request #4945 from intrigus-lgtm/java/insecure-jxbrowser Java: Insecure JXBrowser	2021-02-10 15:48:17 +01:00
yo-h	e194411cfa	Java: fix javac errors in test code	2021-02-09 09:16:57 -05:00
luchua-bc	cb01613aa6	Exclude FP token patterns	2021-02-09 13:53:23 +00:00
intrigus	2e30f2d9ce	Java: Fix QHelp & accept test output Accept test output for changed alert message.	2021-02-08 00:05:02 +01:00
luchua-bc	a183b00166	Query to detect main method in servlets	2021-02-05 03:53:01 +00:00
Anders Schack-Mulligen	35e620a19c	Merge pull request #4854 from luchua-bc/java/insecure-ldap-auth Java: Insecure LDAP authentication	2021-02-04 14:56:38 +01:00
luchua-bc	2ace10fcdf	Use PostUpdateNode for wrapper method calls	2021-02-03 12:21:31 +00:00
luchua-bc	ab7d257569	Add more cases and change EC to 256 bits	2021-01-28 04:06:27 +00:00
luchua-bc	058f3af4b2	Refactor the hasShortSymmetricKey method	2021-01-28 04:06:27 +00:00
luchua-bc	cbaee937d0	Optimize the query	2021-01-28 04:06:27 +00:00
luchua-bc	cfc950f803	Query for weak encryption: Insufficient key size	2021-01-28 03:25:15 +00:00
luchua-bc	fee0b94cd4	Use isRequestGetParamMethod as the source	2021-01-26 04:41:44 +00:00
Artem Smotrakov	7d2d27394b	Java: Added a source and a taint step for JexlInjectionConfig - Added TaintedSpringRequestBody source - Added returningTaintedDataFromBean() taint step - Added tests	2021-01-17 22:28:42 +01:00
Artem Smotrakov	99401f6e84	Java: Query for detecting JEXL injections	2021-01-17 14:19:26 +01:00
intrigus	a4cbd7037b	Java: Add tests for different versions. Adds a test for version 6.24, because that version is not vulnerable. The other test is for versions < 6.24, because these versions are vulnerable.	2021-01-15 17:20:57 +01:00
luchua-bc	e5a703e49c	Revamp the query	2021-01-15 04:05:11 +00:00
Anders Schack-Mulligen	29935e1388	Merge pull request #4771 from intrigus-lgtm/split-cwe-295 Java: Add unsafe hostname verification query and remove existing overlapping query	2021-01-13 11:31:38 +01:00
luchua-bc	babe744a30	Add SECURITY_PROTOCOL check	2021-01-13 03:49:08 +00:00
intrigus	5b3086a93a	Java: Fix capitalization of JxBrowser	2021-01-12 22:43:41 +01:00
intrigus	4fa8f5eab2	Java: Accept test changes	2021-01-12 15:29:03 +01:00
intrigus	b30872806d	Java: Add tests and test stubs.	2021-01-12 14:49:12 +01:00
intrigus	70b0703952	Java: Remove overlapping code	2021-01-11 13:42:07 +01:00
Anders Schack-Mulligen	e5b4975450	Merge pull request #4675 from luchua-bc/cleartext-storage-shared-prefs Java: Query to detect cleartext storage of sensitive information using Android SharedPreferences	2021-01-08 12:41:34 +01:00
luchua-bc	3d26e5b8a4	Update qldoc	2021-01-06 12:41:00 +00:00
luchua-bc	f1763ae354	Use the sensitive info sink	2021-01-06 01:48:19 +00:00
luchua-bc	367ff99909	Change the source to be the request variable	2021-01-05 17:30:19 +00:00
Chris Smowton	e87fd86e63	Merge pull request #4814 from luchua-bc/java/password-in-configuration Java: Password in Java EE configuration files	2021-01-05 11:42:27 +00:00
luchua-bc	195755d687	Revamp the query to be more selective	2021-01-05 00:04:08 +00:00
luchua-bc	c069a5b4c6	Factor private host regex into the networking library and enhance the query	2021-01-04 14:51:32 +00:00
luchua-bc	ffe9d4a310	Sensitive GET Query	2020-12-26 16:51:30 +00:00
luchua-bc	4ec78d04f8	Insecure LDAP authentication	2020-12-21 00:15:15 +00:00
luchua-bc	b44f01a87b	Enhance the check for embedded passwords	2020-12-17 03:47:38 +00:00
luchua-bc	d469e9b24e	Format the code and minor text change	2020-12-13 21:15:18 +00:00
luchua-bc	e27ccd0a81	Format the code and update qldoc	2020-12-13 02:33:03 +00:00

1 2 3

147 Commits