hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-14 19:29:28 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
9ff4ed286f7a060fa77475c6e846546336e0e279
codeql/java/ql/lib
History
MarkLee131 9ff4ed286f Java: recognize Path.toRealPath() as path normalization sanitizer 
PathNormalizeSanitizer recognized Path.normalize() and
File.getCanonicalPath()/getCanonicalFile(), but not Path.toRealPath().

toRealPath() is strictly stronger than normalize() (resolves symlinks
and verifies file existence in addition to normalizing ".." components),
and is functionally equivalent to File.getCanonicalPath() for the NIO.2
API. CERT FIO16-J and OWASP both recommend it for path traversal defense.

This adds toRealPath to PathNormalizeSanitizer alongside normalize,
reducing false positives for code using idiomatic NIO.2 path handling.
2026-04-04 20:59:45 +08:00
..
change-notes
Java: recognize Path.toRealPath() as path normalization sanitizer
2026-04-04 20:59:45 +08:00
config
Java: Update dbscheme to make @assignment a @binaryexpr.
2026-03-03 15:15:35 +01:00
experimental/quantum
Replace "javax" with javaxOrJakarta()
2026-02-16 11:02:12 +00:00
ext
Fix incorrect constructor summary models
2026-03-05 12:03:21 +00:00
external
Overlay: Add overlay annotations to Java & shared libraries
2025-06-24 10:25:06 +02:00
semmle
Java: recognize Path.toRealPath() as path normalization sanitizer
2026-04-04 20:59:45 +08:00
upgrades
Java: Update dbscheme to make @assignment a @binaryexpr.
2026-03-03 15:15:35 +01:00
utils/test
Java: Accept revised CFG.
2026-02-23 15:10:00 +01:00
CHANGELOG.md
Release preparation for version 2.25.1
2026-03-25 23:43:06 +00:00
codeql-pack.release.yml
Release preparation for version 2.25.1
2026-03-25 23:43:06 +00:00
Customizations.qll
Overlay: Add overlay annotations to Java & shared libraries
2025-06-24 10:25:06 +02:00
default.qll
Overlay: Add overlay annotations to Java & shared libraries
2025-06-24 10:25:06 +02:00
definitions.qll
Overlay: Add overlay annotations to Java & shared libraries
2025-06-24 10:25:06 +02:00
IDEContextual.qll
Overlay: Add overlay annotations to Java & shared libraries
2025-06-24 10:25:06 +02:00
java.qll
Add RegexExecution in Concepts.qll
2026-02-11 13:09:42 +00:00
localDefinitions.ql
Move contextual queries from src to lib
2022-06-29 07:51:26 -07:00
localReferences.ql
Move contextual queries from src to lib
2022-06-29 07:51:26 -07:00
printAst.ql
Java: Fix some Ql4Ql violations.
2025-09-01 15:04:08 +02:00
printCfg.ql
Java/Cfg: Introduce new shared CFG library and replace the Java CFG.
2026-02-23 15:09:50 +01:00
qlpack.lock.yml
Packaging: Java refactoring
2021-08-19 14:09:35 -07:00
qlpack.yml
Post-release preparation for codeql-cli-2.25.1
2026-03-30 08:43:48 +00:00