hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,643 Commits 1,671 Branches 157 Tags
alexet/avoid-path-node-java
Commit Graph

1270 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
e51a10a816 Java: Fix tests. 2021-10-29 14:25:43 +02:00
Joe Farebrother
a9dde419d2 Fix up test 2021-10-21 16:46:07 +01:00
Joe Farebrother
447e06d92a Rename from SensitiveBroadcast to SensitiveCommmunication 2021-10-20 17:09:59 +01:00
Joe Farebrother
daf6ac2584 Update tests to InlineFlowTest 2021-10-20 17:09:58 +01:00
Joe Farebrother
d7c7776495 Add additional models; fix up tests 2021-10-20 17:09:57 +01:00
Joe Farebrother
ae461bcfe4 Switch to inline expectations tests 2021-10-20 17:09:57 +01:00
Joe Farebrother
c68a7077d7 Move query and tests out of experimental 2021-10-20 17:09:56 +01:00
Tony Torralba
392e2eebeb Add intent creation from a URI as a taint step 2021-10-18 12:18:07 +02:00
Tony Torralba
d1d2d61d7e Add more sinks 
Also, fix things after rebase
 2021-10-18 12:00:07 +02:00
Tony Torralba
e7983fb269 Add test and check for another edge case 2021-10-18 11:10:23 +02:00
Tony Torralba
bc6c13be69 Refactor to actually build the full flows from src to sink 
Add more tests for edge cases
 2021-10-18 11:10:22 +02:00
Tony Torralba
14963103aa Add full path reconstruction from RemoteFlowSource to sink 2021-10-18 11:10:21 +02:00
Tony Torralba
2ab7a55545 Improve intermediate flow to add more potential sources 2021-10-18 11:09:52 +02:00
Tony Torralba
aa2cdb7a53 Add intermediate dataflow 
Make sure that source intents are obtained from another intent's extras
 2021-10-18 11:09:30 +02:00
Tony Torralba
9a537f9c23 Add guard sanitizer for component name checks 2021-10-18 11:08:14 +02:00
Tony Torralba
21b70a009e Use CSV models 2021-10-18 11:07:58 +02:00
Tony Torralba
9eb4cda1af Fix qhelp and formatting 2021-10-18 11:06:08 +02:00
Tony Torralba
031fa2199c Fix stubs and tests 2021-10-18 11:06:06 +02:00
Tony Torralba
ef30ca211a Fix stubs 2021-10-18 11:03:13 +02:00
Tony Torralba
fd8a128693 Renamed to AndroidIntentRedirection 
Added qhelp
 2021-10-18 11:02:34 +02:00
Tony Torralba
8c400d9b1b Added tests and stubs 2021-10-18 11:02:10 +02:00
Anders Schack-Mulligen
57cb300759 C++/C#/Java/JavaScript/Python: Remove singleton set literals. 2021-10-14 11:34:22 +02:00
Chris Smowton
1dffbcd0bd Fix tests disrupted by re-modelling and stubbing Android 9: 
* Account for changed dataflow graph shape using external flow
* Account for BaseBundle only existing as of Android 5
* Properly implement Parcelable, which we previously got away with due to a partial stub
* Restore an Android 11 function that had been added to the Android 9 Context class (I won't get into enforcing the difference in this PR)
 2021-10-12 12:35:05 +01:00
Chris Smowton
cd2c9e9ca3 Add Gson support to unsafe deserialization query 2021-10-12 12:35:04 +01:00
Tony Torralba
a86cbd884e Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-10-05 09:40:22 +02:00
Tony Torralba
2d1278ece5 Consider setStartTLSRequired for Apache SimpleEmail 2021-10-05 09:18:48 +02:00
Tony Torralba
baffb0ed89 Consider Jakarta Mail 2021-10-05 09:18:47 +02:00
Tony Torralba
73653f77aa Use InlineExpectationsTest 2021-10-05 09:18:45 +02:00
Tony Torralba
0e149f0523 Move from experimental 2021-10-05 09:18:44 +02:00
f1v3
168fc4170d Apply suggestions from code review 2021-09-30 14:26:14 +01:00
f1v3
f3bde56de9 detects a hard-coded cipher key for shiro 2021-09-30 14:22:48 +01:00
Chris Smowton
60a023d064 Merge pull request #5852 from luchua-bc/java/hardcoded-azure-credential 
Java: CWE-798 Query to detect hard-coded Azure credentials
 2021-09-30 14:11:29 +01:00
Anders Schack-Mulligen
cfa0d46b73 Merge pull request #6097 from atorralba/atorralba/promote-xslt-injection 
Java: Promote XSLT Injection from experimental
 2021-09-27 13:14:57 +02:00
Tony Torralba
6967b06dee Decouple XsltInjection.qll to reuse the taint tracking configuration 2021-09-27 11:59:51 +02:00
Tony Torralba
108118afa3 Use InlineExpectationsTest 2021-09-27 11:58:18 +02:00
Tony Torralba
c792567904 Move from experimental 2021-09-27 11:57:53 +02:00
Tony Torralba
6d9a88d1c8 Move to lib 2021-09-27 11:43:46 +02:00
Tony Torralba
94f32d2985 Decouple SpelInjection.qll to reuse the taint tracking configuration 2021-09-27 11:39:30 +02:00
Tony Torralba
569426b04e Consider subtypes of Expression and ExpressionParser 
Add parseRaw as additional taint step
 2021-09-27 11:38:12 +02:00
Tony Torralba
b985ddb868 Use InlineExpectationsTest 2021-09-27 11:37:41 +02:00
Tony Torralba
fc6af0476f Moved from experimental 2021-09-27 11:36:48 +02:00
Anders Schack-Mulligen
2cbad4aed6 Merge pull request #6600 from atorralba/atorralba/fix-conditionalbypass 
Java: Fix performance of the query User-controlled bypass of sensitive method
 2021-09-17 16:07:39 +02:00
Marcono1234
020aa4d94c Java: Address feedback and fix test failures 2021-09-16 14:10:48 +01:00
Tony Torralba
f18c163408 Improve handling of the 'author' word as an exception 2021-09-16 11:57:28 +02:00
Tony Torralba
21079a1315 Fix conditionControlsMethod predicate 
Exceptions for throw and return statements were missing the appropriate condition
 2021-09-15 17:51:51 +02:00
Tony Torralba
5ed9949498 Adapt InsecureBasicAuth to the previous commit 2021-09-15 17:20:28 +02:00
Tony Torralba
30178d4f23 Decouple InsecureBasicAuth.qll to reuse the taint tracking configuration 2021-09-15 17:20:27 +02:00
Tony Torralba
148443fae1 Use InlineExpectationsTest 2021-09-15 17:20:27 +02:00
Tony Torralba
2cada386b4 Refactored into InsecureBasicAuth.qll 2021-09-15 17:20:27 +02:00
Tony Torralba
905be67aae Moved from experimental 2021-09-15 17:20:27 +02:00