hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,643 Commits 1,671 Branches 157 Tags
alexet/avoid-path-node-java
Commit Graph

1270 Commits

Author SHA1 Message Date
Tony Torralba
ee84dae164 Fix predicate name 2022-01-21 16:55:42 +01:00
Tony Torralba
f0604e2e84 Added query for Cleartext Storage in Android Database 2022-01-21 16:55:42 +01:00
Anders Schack-Mulligen
41d294229d Java: Add support for bitwise compound assignments in Guards. 2022-01-21 13:56:07 +01:00
Tony Torralba
ec8ffeed07 Add Intent URI Permission Manipulation query 2022-01-20 13:23:14 +01:00
Tony Torralba
967308fbfd Change InsecureTrustManagerConfiguration to DataFlow 2022-01-20 10:24:47 +01:00
Tony Torralba
d58bb4753e Refactor tests 2022-01-20 10:23:19 +01:00
Tony Torralba
ab4dc30f54 Refactor into libraries 2022-01-20 10:23:18 +01:00
Tony Torralba
7cd05fb685 Move from experimental 2022-01-20 10:23:18 +01:00
Tony Torralba
000a544729 Decouple UnsafeCertTrust.qll to reuse the taint tracking configuration 2022-01-19 16:43:43 +01:00
Tony Torralba
d9e98ceacc Consider setSslContextFactory and fix tests 2022-01-19 16:43:01 +01:00
Tony Torralba
698fd64f7f Adjust test after rebase 2022-01-19 16:42:59 +01:00
Tony Torralba
9e93aecf75 Add spurious test case 2022-01-19 16:42:06 +01:00
Tony Torralba
19d1a780ca Generalize sanitizer using local flow 2022-01-19 16:42:05 +01:00
Tony Torralba
64518bf91a Handle a specific pass-by-reference flow issue 2022-01-19 16:42:04 +01:00
Tony Torralba
4508945f85 Fix assumption regarding when an SSLSocket does the TLS handhsake 2022-01-19 16:42:03 +01:00
Tony Torralba
5d4cd70f8c Adjusted sources and sanitizer of UnsafeCertTrust taint tracking config 2022-01-19 16:42:02 +01:00
Tony Torralba
e43fff2d30 Use InlineExpectationsTest 2022-01-19 16:42:02 +01:00
Tony Torralba
4313baf622 Big refactor: 
- Move classes and predicates to appropriate libraries
- Overhaul the endpoint identification algorithm logic to use taint tracking
- Adapt tests
 2022-01-19 16:42:00 +01:00
Tony Torralba
e0f4c73aed Move from experimental 2022-01-19 16:42:00 +01:00
Tony Torralba
f103d45340 Merge branch 'main' into atorralba/android-implicit-pending-intents 2022-01-18 10:50:49 +01:00
Tony Torralba
e967b8a9be Merge pull request #6576 from atorralba/atorralba/android-cleartext-storage-filesystem 
Java: Create new query Cleartext storage of sensitive information in Android filesystem
 2022-01-17 14:02:38 +01:00
Tony Torralba
227929508f Merge pull request #6923 from atorralba/atorralba/android-fragment-injection 
Java: CWE-470  - Queries to detect Fragment Injection in Android applications
 2022-01-17 14:02:15 +01:00
Tony Torralba
7beab7cb59 Apply code review suggestions 2022-01-17 12:02:27 +01:00
Tony Torralba
9bbba3c96f Adjust UnsupportedExternalAPIs test 2022-01-17 11:11:04 +01:00
Tony Torralba
1e4840e071 Fix predicate name 2022-01-17 11:11:03 +01:00
Tony Torralba
c1ac09a063 Added query for Cleartext Storage in Android Filesystem 2022-01-17 11:11:00 +01:00
Tony Torralba
9f616e7cbe Refactor to use FlowState 
Remove the auxiliary DataFlow configuration
 2022-01-14 12:24:35 +01:00
Tony Torralba
a9757fbc83 Setting null Components is not a sanitizer 2022-01-14 10:32:37 +01:00
Tony Torralba
f963887c58 Change test to avoid collision with SensitiveCommunication.ql 2022-01-14 10:32:01 +01:00
Tony Torralba
9e3594fcf1 Added more sinks 2022-01-14 10:32:00 +01:00
Tony Torralba
d49e52fb73 Add support for PendingIntents in Notifications 2022-01-14 10:31:58 +01:00
Tony Torralba
7f85dae63b Add support for implicit field read flows 2022-01-14 10:31:57 +01:00
Tony Torralba
e58a8587db Add support for Slices 2022-01-14 10:31:56 +01:00
Tony Torralba
d43242d09e Added tests 2022-01-14 10:31:56 +01:00
Tony Torralba
7b0d9ea525 Merge pull request #7054 from atorralba/atorralba/promote-log-injection 
Java: Promote Log Injection from experimental
 2022-01-11 17:26:18 +01:00
Tony Torralba
0e738622df Merge branch 'main' into atorralba/promote-log-injection 2022-01-10 17:24:25 +01:00
Tony Torralba
ec8c234872 Fix predicate name 2022-01-10 17:09:41 +01:00
Tony Torralba
55dc783f28 Move from experimental and refactor 2022-01-10 17:09:37 +01:00
Tony Torralba
65b6c16254 Fix stub after merge 2021-12-15 16:53:47 +01:00
Tony Torralba
85526d71da Add Fragment injection in PreferenceActivity query 2021-12-15 16:53:46 +01:00
Tony Torralba
701d12fb5b Add Fragment injection query 2021-12-15 16:53:45 +01:00
Anders Schack-Mulligen
57fd397cb3 Merge pull request #7239 from smowton/smowton/fix/useless-comparison-surrogates 
Range analysis and useless-comparison query: don't treat all unicode surrogates as if they are U+FFFD
 2021-11-26 09:00:36 +01:00
Chris Smowton
db39c0b8be CharacterLiteral.getCodePointValue: fix handling of surrogates 2021-11-25 14:07:21 +00:00
Chris Smowton
9540beeda9 Update java/ql/test/query-tests/security/CWE-611/DocumentBuilderTests.java 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2021-11-25 12:52:08 +00:00
Chris Smowton
9eb9eb606e Note that FEATURE_SECURE_PROCESSING isn't a sufficient defence against XXE 2021-11-25 12:22:48 +00:00
Benjamin Muskalla
3dbaa087d4 Remove class file 2021-11-16 16:36:27 +01:00
Anders Schack-Mulligen
85fdbda16f Merge pull request #7002 from aschackmull/java/field-node 
Java: Add FieldValueNode to break up cartesian step relation.
 2021-11-08 09:31:42 +01:00
Tony Torralba
f4704f1325 Merge pull request #6397 from atorralba/atorralba/android-intent-redirect-query 
Java: Create new Android Intent Redirection query
 2021-11-04 10:42:59 +01:00
Tony Torralba
f1df542345 Add stubs & tests 
Fix mistakes detected by the tests
 2021-11-03 17:26:13 +01:00
Tony Torralba
ebd6529469 WIP: add tests 2021-11-02 10:37:41 +01:00