codeql

mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00

Author	SHA1	Message	Date
luchua-bc	877c52981f	Remove the deprecated library keyword	2022-01-14 12:13:41 +00:00
Tony Torralba	cde7a35c1f	QLDoc	2022-01-14 13:12:30 +01:00
Tony Torralba	6aac848015	Fix imports	2022-01-14 12:43:08 +01:00
Tony Torralba	9f616e7cbe	Refactor to use FlowState Remove the auxiliary DataFlow configuration	2022-01-14 12:24:35 +01:00
Benjamin Muskalla	a4429d01a3	Add tests for writer models	2022-01-14 11:12:35 +01:00
Benjamin Muskalla	37ca6a5e41	Model Appenable and Writer This allows us to track taint carried through all kind of writers.	2022-01-14 11:12:35 +01:00
Tony Torralba	bd4abf4fd0	Additional Notification models	2022-01-14 10:32:38 +01:00
Tony Torralba	a9757fbc83	Setting null Components is not a sanitizer	2022-01-14 10:32:37 +01:00
Tony Torralba	a59a4024a5	Update stubs	2022-01-14 10:32:36 +01:00
Tony Torralba	66794665f3	Remove unneeded implicit read step	2022-01-14 10:32:36 +01:00
Tony Torralba	9c12c5f8b8	Remove duplicated models	2022-01-14 10:32:01 +01:00
Tony Torralba	f963887c58	Change test to avoid collision with SensitiveCommunication.ql	2022-01-14 10:32:01 +01:00
Tony Torralba	48acff9262	Remove unneeded code	2022-01-14 10:32:00 +01:00
Tony Torralba	9e3594fcf1	Added more sinks	2022-01-14 10:32:00 +01:00
Tony Torralba	47c851efaf	Consider more startService methods	2022-01-14 10:31:59 +01:00
Tony Torralba	12059a8a50	Update models to use synthetic fields	2022-01-14 10:31:58 +01:00
Tony Torralba	d49e52fb73	Add support for PendingIntents in Notifications	2022-01-14 10:31:58 +01:00
Tony Torralba	c73e4ebc48	Remove models after rebase	2022-01-14 10:31:58 +01:00
Tony Torralba	7f85dae63b	Add support for implicit field read flows	2022-01-14 10:31:57 +01:00
Tony Torralba	e58a8587db	Add support for Slices	2022-01-14 10:31:56 +01:00
Tony Torralba	d0077b8c12	Added query ImplicitPendingIntents	2022-01-14 10:31:53 +01:00
Anders Schack-Mulligen	0b24af901d	Merge pull request #7349 from aschackmull/dataflow/state Dataflow: Add support for flow state	2022-01-14 09:12:38 +01:00
Andrew Eisenberg	4ffd8c62ac	Merge pull request #7579 from github/aeisenberg/changenote-upgrades-removal Changenotes: Add changenotes for upgrades refactoring	2022-01-13 09:09:06 -08:00
Owen Mansel-Chan	83a25698bb	Allow adding inputs and outputs needing reference	2022-01-13 15:09:17 +00:00
Anders Schack-Mulligen	c44cf29992	Merge pull request #7587 from owen-mc/add-default-taint-sanitizer-guard Dataflow: Add default taint sanitizer guard	2022-01-13 14:44:55 +01:00
Anders Schack-Mulligen	61490e74d8	Merge pull request #7561 from aschackmull/java/misc-perf Java: A few perf fixes for getASupertype*().	2022-01-13 14:43:28 +01:00
Anders Schack-Mulligen	f7cf327e71	Dataflow: Sync	2022-01-13 13:28:43 +01:00
Anders Schack-Mulligen	a34c981209	Dataflow: Address comments.	2022-01-13 13:28:24 +01:00
Anders Schack-Mulligen	69973dadb3	Merge pull request #7548 from zbazztian/spring-taint-summaries Java: Add Spring and Apache Common Langs taint flow steps	2022-01-13 13:00:41 +01:00
Owen Mansel-Chan	7e42ccfbf1	Don't cache defaultTaintSanitizerGuard for java	2022-01-13 11:36:20 +00:00
Sebastian Bauersfeld	a6e4f29560	Java: Use the interface instead of the abstract class	2022-01-13 14:13:36 +07:00
Andrew Eisenberg	e435a3e9c3	Changenotes: Add changenotes for upgrades refactoring	2022-01-12 11:36:31 -08:00
Owen Mansel-Chan	c112980b81	Sync TaintTrackingImpl.qll Done automatically using sync-files.py	2022-01-12 14:44:55 +00:00
Owen Mansel-Chan	9ec3d7787c	Add option for default taint sanitizer guard This allows languages to specify A sanitizer guard in all global taint flow configurations but not in local taint.	2022-01-12 14:44:55 +00:00
github-actions[bot]	8a2d92badc	Post-release preparation for codeql-cli-2.7.5	2022-01-12 13:28:43 +00:00
Tamás Vajk	9065a7f320	Merge pull request #7573 from tamasvajk/fix/java-field-decl-tostr Java: Fix toString on field declarations with single field	2022-01-12 13:03:16 +01:00
Alvaro Muñoz Sanchez	715d372572	Add models for AbstractStringBuilder.substring,subsequence,getChars	2022-01-12 10:54:27 +01:00
Tamas Vajk	b9e0310aa2	Java: Fix toString on field declarations with single field	2022-01-12 09:22:16 +01:00
Andrew Eisenberg	07228672df	Merge branch 'main' into aeisenberg/remove-upgrades	2022-01-11 11:25:27 -08:00
Tony Torralba	7b0d9ea525	Merge pull request #7054 from atorralba/atorralba/promote-log-injection Java: Promote Log Injection from experimental	2022-01-11 17:26:18 +01:00
Tony Torralba	4aacba8594	Merge pull request #6468 from atorralba/atorralba/promote-cleartext-sharedprefs Java: Promote Cleartext storage of sensitive information using SharedPreferences from experimental	2022-01-11 16:23:53 +01:00
Tony Torralba	394c4a9ee0	Remove unused code	2022-01-11 14:50:48 +01:00
Anders Schack-Mulligen	fdb4851521	Java: A few perf fixes for getASupertype*().	2022-01-11 13:33:54 +01:00
Tony Torralba	50caf7d8dc	Move change note to new location and remove import Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2022-01-11 12:24:44 +01:00
Tony Torralba	b9e32208ee	Move change note to new location	2022-01-11 12:23:16 +01:00
Sebastian Bauersfeld	e2a9ced691	Java: Pass taint through Apache's StringEscapeUtils.escapeJson() method.	2022-01-11 15:49:44 +07:00
Sebastian Bauersfeld	f36ee95128	Java: Pass taint through Spring's AbstractMessageSource.getMessage() methods.	2022-01-11 15:48:29 +07:00
Chris Smowton	e352a4b994	Note that parameterizations of local classes are themselves local Previously `LocalClass` itself would match `.isLocal()` whereas `LocalClass<Param>` would not. Rather than require each individual user to check for `.getSourceDeclaration().isLocal()`, let's note that the specializations themselves are local.	2022-01-10 18:19:31 +00:00
Tony Torralba	fbebf5e953	Move change note to new location	2022-01-10 17:27:02 +01:00
Tony Torralba	0e738622df	Merge branch 'main' into atorralba/promote-log-injection	2022-01-10 17:24:25 +01:00

... 80 81 82 83 84 ...

4531 Commits