hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-19 22:14:01 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
b242a6170121096e8c06b008e35a32a4e417182c
codeql/java/ql/src
History
lcartey@github.com b242a61701 Java: Untrusted data used in external APIs 
This commit adds two queries for identifying external APIs which are
used with untrusted data.

These queries are intended to facilitate a security review of the
application, and will report any external API which is called with
untrusted data. The purpose of this is to:
 - review how untrusted data flows through this application
 - identify opportunities to improve taint modeling of sinks and taint
   steps.
As a result this is not suitable for integration into a developer
workflow, as it will likely have high false positive rate, but it may
help identify false negatives for other queries.
2020-07-03 17:32:08 +01:00
..
.settings
Normalize all text files to LF
2018-09-23 16:24:31 -07:00
.vs
Migrate Java code to separate QL repo.
2018-08-30 10:48:05 +01:00
Advisory
Java: add missing QLDoc for JavadocCommon.qll
2020-05-11 20:01:47 -04:00
Architecture
Java: add missing QLDoc for UnusedMavenDependencies.qll
2020-05-11 20:01:46 -04:00
codeql-suites
add more code-scanning suites
2020-06-01 11:45:46 +01:00
Compatibility/JDK9
Java: add missing QLDoc for JdkInternals*.qll
2020-05-11 20:01:46 -04:00
Complexity
Java: Add Expr.isParenthesized, adjust VarAccess.toString, and fix tests.
2020-01-28 10:15:48 +01:00
config
Java 14: add dbscheme stats for records
2020-04-07 22:22:08 -04:00
DeadCode
Java: Autoformat.
2018-10-11 11:31:38 +02:00
experimental
Fix typo, add Oxford comma
2020-07-01 14:49:09 +02:00
external
Java: add missing QLDoc for Clover.qll
2020-05-11 20:01:44 -04:00
filters
Java: remove obsolete VCS.qll and associated queries
2019-08-18 14:53:46 -04:00
Frameworks
Java: Normalize parentheses.
2018-11-28 15:01:25 +01:00
Language Abuse
Java: Autoformat.
2020-01-30 10:54:54 +01:00
Likely Bugs
Simplify NoAssignInBooleanExprs.ql
2020-06-18 15:16:09 +02:00
meta/ssa
Java: Rename sanity -> consistency
2020-05-11 13:37:01 -04:00
Metrics
Java: Autoformat.
2020-01-29 12:16:25 +01:00
Performance
Java: Autoformat.
2020-01-29 12:16:25 +01:00
Security/CWE
Java: Untrusted data used in external APIs
2020-07-03 17:32:08 +01:00
semmle
Java: Untrusted data used in external APIs
2020-07-03 17:32:08 +01:00
Violations of Best Practice
Fix Java code style of MagicConstants examples
2020-06-07 01:00:27 +02:00
.project
Migrate Java code to separate QL repo.
2018-08-30 10:48:05 +01:00
.qlpath
Migrate Java code to separate QL repo.
2018-08-30 10:48:05 +01:00
AlertSuppression.ql
Java: allow single-line /* ... */ comments for alert suppression
2020-01-08 09:19:25 -05:00
AlertSuppressionAnnotations.ql
Java: Autoformat.
2020-01-29 12:16:25 +01:00
Customizations.qll
Java: add Customizations.qll
2020-02-26 13:18:13 -05:00
default.qll
Java: add missing QLDoc for default.qll
2020-05-11 20:01:46 -04:00
definitions.ql
Java: Refactor definitions query, add queries for ide search
2020-05-07 12:44:36 -04:00
definitions.qll
Java, Javascript, Csharp: Restrict definitions predicates
2020-05-11 15:14:16 -04:00
java.qll
Java: add Customizations.qll
2020-02-26 13:18:13 -05:00
localDefinitions.ql
Java: Refactor definitions query, add queries for ide search
2020-05-07 12:44:36 -04:00
localReferences.ql
Java: Refactor definitions query, add queries for ide search
2020-05-07 12:44:36 -04:00
qlpack.yml
Add extractor field in base language QL packs
2020-04-06 18:48:01 +02:00
queries.xml
Migrate Java code to separate QL repo.
2018-08-30 10:48:05 +01:00