hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-13 14:34:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
62533501febcdbd00dfca5340661de24ca96ff2e
codeql/java/ql/src
History
Antoine Taillefer 660e6d7085 Fix partial path traversal Java example 
The Java recommendation example for the "Partial path traversal vulnerability from remote" query doesn't seem right to me. Indeed, the following statement doesn't compile, since `dir.getCanonicalPath()` returns a String:
```
dir.getCanonicalPath().toPath()
```
Maybe the author wanted to state `dir.getCanonicalFile().toPath()`, which would compile, but is useless compared to `dir.getCanonicalPath()`.

Moreover, `parent.getCanonicalFile().toPath()` or `parent.getCanonicalPath()` will **not** be slash-terminated, contrary to what the description says.
From what I can see (and test), the correct fix is to concatenate `File.separator` to the parent canonical path.
2023-01-16 21:14:29 +01:00
..
.settings
.vs
Advisory
Java: Remove omittable exists variables
2023-01-10 13:37:19 +01:00
Architecture
Exclude .kt files from mutual dependency query
2022-11-16 15:16:51 +01:00
change-notes
Note that alerts should not be re-raised
2023-01-09 10:56:13 +00:00
codeql-suites
Create security-experimental suite helper and all language suite implementations
2022-12-18 15:44:08 +01:00
Compatibility/JDK9
Kotlin: exclude Kotlin files from java/underscore-identifier
2022-10-24 09:05:28 +02:00
Complexity
Java: Rename Block -> BlockStmt
2020-09-08 08:40:20 +02:00
DeadCode
Kotlin: Add FP test case for dead code queries
2022-11-16 16:18:37 +01:00
Diagnostics
Tag successfully extracted files queries
2022-10-05 19:19:43 +01:00
experimental
Merge branch 'main' into turbo/experimental/combined
2023-01-11 18:02:55 +01:00
external
rename all occurrences of XML to Xml
2022-08-22 14:08:31 +02:00
filters
Java: Delete filter queries.
2021-03-25 09:47:31 +01:00
Frameworks
spelling: explicitly
2022-10-11 00:23:36 -04:00
Language Abuse
update alert-messsages of java queries
2022-09-26 12:15:25 +02:00
Likely Bugs
Java: Sync files and update other relavant files related to the new naming of shift.
2023-01-12 19:06:29 +01:00
meta
patch upper-case acronyms to be PascalCase
2022-03-11 11:10:33 +01:00
Metrics
Java: Re-factor provenance related predicates for summarized callable.
2023-01-11 16:20:55 +01:00
Performance
Java: Remove omittable exists variables
2023-01-10 13:37:19 +01:00
Security/CWE
Fix partial path traversal Java example
2023-01-16 21:14:29 +01:00
semmle/code/xml
rename all occurrences of XML to Xml
2022-08-22 14:08:31 +02:00
Telemetry
Java/C#: remove isTestLibrary
2022-12-13 10:34:04 -05:00
utils
C#/Java: Adjust imports after moving files.
2023-01-11 13:13:33 +01:00
Violations of Best Practice
Java: Remove omittable exists variables
2023-01-10 13:37:19 +01:00
.project
.qlpath
AlertSuppression.ql
AlertSuppression: move library into util folder
2022-12-21 10:39:57 +01:00
AlertSuppressionAnnotations.ql
AlertSuppression: add support for //codeql comments
2022-12-19 16:10:28 +01:00
CHANGELOG.md
tweak wording in 2.12 release notes
2023-01-05 16:46:44 +00:00
codeql-pack.release.yml
Release preparation for version 2.12.0
2023-01-05 16:32:14 +00:00
definitions.ql
Java: Refactor definitions query, add queries for ide search
2020-05-07 12:44:36 -04:00
qlpack.lock.yml
Packaging: Java refactoring
2021-08-19 14:09:35 -07:00
qlpack.yml
Post-release preparation for codeql-cli-2.12.0
2023-01-06 10:36:34 +00:00
queries.xml