codeql

mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00

Author	SHA1	Message	Date
Anders Schack-Mulligen	a8eedce8ab	Java: Replace ad-hoc variable tracking with union type flow in dispatch.	2022-09-13 13:30:40 +02:00
Anders Schack-Mulligen	6f06267892	Java: Implement union type flow.	2022-09-13 13:30:40 +02:00
Anders Schack-Mulligen	7692a9e2e7	Java: Minor TypeFlow tweaks.	2022-09-13 13:30:40 +02:00
Tony Torralba	f412f433bf	Add thymeleaf steps	2022-09-12 17:52:38 +02:00
Edward Minnix III	eadb8a3988	Merge pull request #10106 from egregius313/egregius313/android-backup-allowed Java: Query to detect Android backup allowed	2022-09-12 11:14:03 -04:00
Erik Krogh Kristensen	818601b612	Merge pull request #10285 from erik-krogh/paramClass ReDoS: convert RelevantState to a class in the PrefixConstruction module	2022-09-12 15:23:19 +02:00
Tony Torralba	79a32f1a3e	Tainting the freemarker dataModel isn't exploitable	2022-09-12 14:22:06 +02:00
Tony Torralba	409a123490	Tainting the velocity context isn't exploitable	2022-09-12 11:38:29 +02:00
Tony Torralba	d748fb5648	Fix bad models, add tests for those	2022-09-09 10:08:52 +02:00
Tony Torralba	fb13e7f307	Docs changes	2022-09-08 17:38:25 +02:00
Tony Torralba	b68e6669b8	Refactor TemplateInjection libraries	2022-09-08 17:38:25 +02:00
Tony Torralba	7db1eb98f5	Sync files	2022-09-08 17:32:03 +02:00
Tony Torralba	1b87167d96	Add implicit reads for FlowState sinks and steps	2022-09-08 17:26:59 +02:00
Michael Nebel	e265b07a93	Merge pull request #10127 from michaelnebel/csharp/clearscontent C#: Replace clears content with CSV summaries.	2022-09-08 09:26:08 +02:00
Ed Minnix	c69a2be976	Moved allowBackup query logic to allowsBackup pred	2022-09-07 12:08:25 -04:00
Tony Torralba	cd61bd0606	Move files from experimental	2022-09-07 13:13:40 +02:00
Tamás Vajk	3410dd589d	Merge pull request #9783 from tamasvajk/feature/kotlin-stdlib-mad Kotlin: Add MaD for stdlib	2022-09-07 12:57:23 +02:00
Tony Torralba	8e0b4892ee	Add Implicit PendingIntents sinks for Compat classes	2022-09-07 11:04:22 +02:00
Ed Minnix	dca4cd221a	Documentation cleanup for allowBackup query	2022-09-06 14:35:11 -04:00
Tony Torralba	ff731f1d83	Merge pull request #10138 from atorralba/atorralba/contentresolver-summaries Java: Add summaries for ContentResolver and adjacent classes	2022-09-06 16:28:28 +02:00
Anders Schack-Mulligen	b84dca92cf	Merge pull request #10240 from aschackmull/java/scc-typeflow Java: Support SCCs in TypeFlow.	2022-09-06 15:43:20 +02:00
Tony Torralba	b745b5ab71	Add models for androidx.core.app.NotificationCompat	2022-09-06 14:43:13 +02:00
Anders Schack-Mulligen	bc57d87303	Java: Address comments.	2022-09-06 13:59:54 +02:00
Tony Torralba	b94e0d3e69	Merge pull request #10251 from atorralba/atorralba/implicit-pendingintent-sinks Java: Add new AlarmManager sinks to Use of implicit PendingIntents	2022-09-06 11:31:27 +02:00
erik-krogh	a86a940df7	add getRepr() and toString() on RelevantState	2022-09-05 13:27:34 +02:00
Erik Krogh Kristensen	0162bc3c77	use `RelevantState` inside the `lastStartState` predicate Co-authored-by: Arthur Baars <aibaars@github.com>	2022-09-05 11:22:12 +02:00
erik-krogh	c38062ce93	convert RelevantState to a class in the PrefixConstruction module	2022-09-02 20:26:31 +02:00
Tamas Vajk	7daf53fd99	Add regenerated models after rebase	2022-09-02 16:32:42 +02:00
Tamas Vajk	8c5d220dc0	Add optional friendly name parameter to MaD generator	2022-09-02 16:12:22 +02:00
Tamas Vajk	09e62058ae	Generate negative summaries	2022-09-02 16:12:22 +02:00
Tamas Vajk	9fad42b25d	Kotlin: Add manual model for `Array.withIndex`	2022-09-02 16:12:21 +02:00
Tamas Vajk	bb82bcabbe	Kotlin: move and rename KotlinStdLib.qll to kotlin/StdLib.qll	2022-09-02 16:12:21 +02:00
Tamas Vajk	8c7fdb969d	Kotlin: Regenerating StdLib models with already existing models	2022-09-02 16:12:21 +02:00
Tamas Vajk	a144fa06dc	Kotlin: Add generated MaD for stdlib	2022-09-02 16:12:21 +02:00
Tamas Vajk	57d861337b	Kotlin: Add dataflow tests for stdlib calls	2022-09-02 16:12:21 +02:00
Michael Nebel	5511bc8e28	Java/Ruby/Swift: Sync files.	2022-09-02 15:17:24 +02:00
Ian Lynagh	07b3b15528	Merge pull request #10221 from tamasvajk/kotlin-internal Kotlin: Change `Modifiable::isPublic` to not cover Kotlin `internal` members	2022-09-02 11:51:56 +01:00
Tamas Vajk	bea0ce9ff9	Fix review findings	2022-09-02 09:20:20 +02:00
Tamas Vajk	e66d2dddb6	Fix review findings	2022-09-01 14:07:27 +02:00
Ian Lynagh	7ed18f1b32	Java: Correct hasModifier documentation	2022-09-01 11:52:07 +01:00
Tony Torralba	bee4e4b40a	Add new AlarmManager sinks	2022-09-01 09:47:58 +02:00
Anders Schack-Mulligen	784eef3f2c	Java: Support SCCs in TypeFlow.	2022-08-31 13:20:00 +02:00
Michael Nebel	1cb6d78d35	Merge pull request #10170 from michaelnebel/java/models-io Java: Update models for commons-io and add negative models.	2022-08-31 11:05:09 +02:00
Ed Minnix	6485e73cd3	Added documentation for `providesMainIntent` pred	2022-08-30 13:00:44 -04:00
Ed Minnix	500a6f3b86	Add check for files which provide the app launcher Adds support for filtering which applications include the `android.intent.action.MAIN` intent.	2022-08-30 12:54:26 -04:00
Ed Minnix	b5c54f5a3b	Add check for android:allowBackup explicitly set `android:allowBackup` has a default value of `true`. So we want to flag any file which explicitly sets it.	2022-08-30 12:53:12 -04:00
Erik Krogh Kristensen	72942afe3e	Merge pull request #10220 from erik-krogh/overlapsWithNothing print a correct range for ranges that doesn't contain any alpha-numeric chars	2022-08-30 15:38:34 +02:00
Anders Schack-Mulligen	4070860d2b	Merge pull request #10208 from aschackmull/java/dispatch-fixes Java: A couple of small virtual dispatch fixes	2022-08-30 15:03:48 +02:00
Tamas Vajk	3513bb8eed	Kotlin: Change `Modifiable::isPublic` to not cover Kotlin `internal` members	2022-08-30 14:37:27 +02:00
erik-krogh	7fd426e748	print a correct range for ranges that doesn't contain any alpha-numeric chars	2022-08-30 13:57:11 +02:00

... 36 37 38 39 40 ...

3173 Commits