hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-12 02:26:52 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
857b51be5895bf437ea25b5ce2581527d5af69fb
codeql/java/ql/src/Security/CWE
History
Ana Scolari 857b51be58 Update ExecUnescaped.ql - causing FPs with hard coded strings 
This query is generating False positives with hard coded strings declared within the function - issue reported by customer. We had a discussion on code_scanning channel on 6/5/25 and the team agreed upon reducing its precision to Medium.
2025-06-10 16:06:22 -07:00
..
CWE-020
Fix cwe tags to include leading zero
2025-04-30 16:43:03 +01:00
CWE-022
delete imports to a deleted file
2024-09-03 20:31:00 +02:00
CWE-023
Moved comment to previous line if resulting in long line
2025-02-04 09:48:34 +00:00
CWE-074
Java: fix typo in JndiInjection.qhelp
2024-02-06 15:17:30 +01:00
CWE-078
Update ExecUnescaped.ql - causing FPs with hard coded strings
2025-06-10 16:06:22 -07:00
CWE-079
Moved comment to previous line if resulting in long line
2025-02-04 09:48:34 +00:00
CWE-089
Java: Deprecate the content of SqlTaintedLocalQuery and remove the local query variant.
2024-05-01 13:07:21 +02:00
CWE-090
Move LdapInjectionLib to LdapInjectionQuery.qll
2023-03-29 17:59:33 -04:00
CWE-094
Moved comment to previous line if resulting in long line
2025-02-04 09:48:34 +00:00
CWE-113
Fix cwe tags to include leading zero
2025-04-30 16:43:03 +01:00
CWE-117
Java: Rename references.
2023-03-23 13:06:19 +01:00
CWE-129
Java: Deprecate the content of ImproperValidationOrArray and remove local query variants.
2024-05-01 13:07:21 +02:00
CWE-134
Java: Deprecate the content of ExternallyControlledFormatStringLocalQuery and remove the externally controlled format string local query variant.
2024-05-01 13:07:21 +02:00
CWE-190
Merge pull request #16362 from michaelnebel/java/removelocalqueries
2024-05-16 14:34:04 +02:00
CWE-200
Apply suggestions from docs review
2025-03-10 09:01:04 -04:00
CWE-209
Minor changes to formulations for java/error-message-exposure
2024-07-29 16:48:15 +02:00
CWE-266
Java: Rename references.
2023-03-23 13:06:19 +01:00
CWE-273
Refactor UnsafeCertTrustQuery
2023-03-29 22:33:08 -04:00
CWE-287
Apply suggestions from documentation review
2024-02-22 10:11:49 +00:00
CWE-295
Java: Deprecate RefType.nestedName(), and add RefType.getNestedName()
2024-09-16 17:16:25 +01:00
CWE-297
Mass-rename MethodAccess -> MethodCall
2023-10-24 10:30:26 +01:00
CWE-312
Mass-rename MethodAccess -> MethodCall
2023-10-24 10:30:26 +01:00
CWE-319
Java: Tag java/non-https-url with CWE-345
2024-07-11 13:37:09 +01:00
CWE-326
Refactor InsufficientKeySize
2023-03-29 22:33:09 -04:00
CWE-327
Java: fix comma splice in alert message
2025-03-21 14:23:32 +00:00
CWE-330
Added missing "GOOD" and "BAD" to some examples
2025-01-31 15:47:25 +00:00
CWE-335
Mass rename L/RValue -> VarWrite/Read
2023-10-24 10:58:29 +01:00
CWE-338
Mass-rename MethodAccess -> MethodCall
2023-10-24 10:30:26 +01:00
CWE-347
Java: Further alert message improvement
2023-09-18 12:25:31 +02:00
CWE-352
Merge pull request #18692 from jcogs33/jcogs33/spring-csrf-qhelp-update
2025-02-19 11:39:11 -05:00
CWE-367
Address review comments
2025-03-14 11:44:01 +00:00
CWE-421
Mass-rename MethodAccess -> MethodCall
2023-10-24 10:30:26 +01:00
CWE-441
Java: Rename references.
2023-03-23 13:06:19 +01:00
CWE-470
Java: Rename references.
2023-03-23 13:06:19 +01:00
CWE-489
Update to DataFlow::Global
2023-03-24 09:54:53 -04:00
CWE-501
Switch source and sink in TrustBoundaryViolation.ql
2024-05-23 15:53:12 +02:00
CWE-502
Added missing "GOOD" and "BAD" to some examples
2025-01-31 15:47:25 +00:00
CWE-522
Added missing "GOOD" and "BAD" to some examples
2025-01-31 15:47:25 +00:00
CWE-524
Apply suggestion from docs review
2022-11-16 10:54:14 +00:00
CWE-532
Java: Rename references.
2023-03-23 13:06:19 +01:00
CWE-552
docs wording updates
2024-03-28 16:15:05 -04:00
CWE-601
Java: Deprecate the local content of UrlRedirectLocalQuery and remove the local query variant.
2024-05-01 13:07:21 +02:00
CWE-611
Added missing "GOOD" and "BAD" to some examples
2025-01-31 15:47:25 +00:00
CWE-614
Mass-rename MethodAccess -> MethodCall
2023-10-24 10:30:26 +01:00
CWE-643
Add XPathInjectionQuery
2023-05-04 10:14:59 -04:00
CWE-676
Java: Clean up some instances of getQualifiedName.
2024-05-13 13:06:44 +02:00
CWE-681
Java: Deprecate the content of NumericCastTaintedLocalQuery, remove the local query variant and update the non-local query variant.
2024-05-01 13:07:21 +02:00
CWE-730
Update dead link.
2023-11-07 09:26:07 +00:00
CWE-732
update alert-messsages of java queries
2022-09-26 12:15:25 +02:00
CWE-749
Update to DataFlow::Global
2023-03-24 09:54:53 -04:00
CWE-780
Java: Rename references.
2023-03-23 13:06:19 +01:00
CWE-798
Lower the precision of a range of harcoded password queries to remove them from query suites.
2025-05-19 09:26:45 +02:00
CWE-807
Autoformat
2023-10-24 11:06:19 +01:00
CWE-829
Handle disabled Maven repositories
2022-11-21 10:11:57 +01:00
CWE-833
Java: IPA the CFG
2024-12-10 15:26:11 +00:00
CWE-835
Added missing "GOOD" and "BAD" to some examples
2025-01-31 15:47:25 +00:00
CWE-917
Refactor to DataFlow::Global
2023-03-24 10:04:46 -04:00
CWE-918
Java: Rename references.
2023-03-23 13:06:19 +01:00
CWE-925
Added missing "GOOD" and "BAD" to some examples
2025-01-31 15:47:25 +00:00
CWE-926
Reword first sentence of documentation
2022-10-11 11:02:37 -04:00
CWE-927
Deprecate sensitiveResultReceiver
2023-04-13 23:06:16 -04:00
CWE-940
Update to DataFlow::Global
2023-03-24 09:54:53 -04:00
CWE-1104
rename existing getUrl predicate to getRepositoryUrl
2022-04-06 15:32:33 +02:00
CWE-1204
Added missing "GOOD" and "BAD" to some examples
2025-01-31 15:47:25 +00:00