hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
74,247 Commits 1,672 Branches 157 Tags
codeql-cli-2.20.1
Commit Graph

2895 Commits

Author SHA1 Message Date
Tamas Vajk
8c5d220dc0 Add optional friendly name parameter to MaD generator 2022-09-02 16:12:22 +02:00
Tamas Vajk
09e62058ae Generate negative summaries 2022-09-02 16:12:22 +02:00
Tamas Vajk
9fad42b25d Kotlin: Add manual model for Array.withIndex 2022-09-02 16:12:21 +02:00
Tamas Vajk
bb82bcabbe Kotlin: move and rename KotlinStdLib.qll to kotlin/StdLib.qll 2022-09-02 16:12:21 +02:00
Tamas Vajk
8c7fdb969d Kotlin: Regenerating StdLib models with already existing models 2022-09-02 16:12:21 +02:00
Tamas Vajk
a144fa06dc Kotlin: Add generated MaD for stdlib 2022-09-02 16:12:21 +02:00
Tamas Vajk
57d861337b Kotlin: Add dataflow tests for stdlib calls 2022-09-02 16:12:21 +02:00
Michael Nebel
5511bc8e28 Java/Ruby/Swift: Sync files. 2022-09-02 15:17:24 +02:00
Ian Lynagh
07b3b15528 Merge pull request #10221 from tamasvajk/kotlin-internal 
Kotlin: Change `Modifiable::isPublic` to not cover Kotlin `internal` members
 2022-09-02 11:51:56 +01:00
Tamas Vajk
bea0ce9ff9 Fix review findings 2022-09-02 09:20:20 +02:00
Tamas Vajk
e66d2dddb6 Fix review findings 2022-09-01 14:07:27 +02:00
Ian Lynagh
7ed18f1b32 Java: Correct hasModifier documentation 2022-09-01 11:52:07 +01:00
Tony Torralba
bee4e4b40a Add new AlarmManager sinks 2022-09-01 09:47:58 +02:00
Anders Schack-Mulligen
784eef3f2c Java: Support SCCs in TypeFlow. 2022-08-31 13:20:00 +02:00
Michael Nebel
1cb6d78d35 Merge pull request #10170 from michaelnebel/java/models-io 
Java: Update models for commons-io and add negative models.
 2022-08-31 11:05:09 +02:00
Ed Minnix
6485e73cd3 Added documentation for providesMainIntent pred 2022-08-30 13:00:44 -04:00
Ed Minnix
500a6f3b86 Add check for files which provide the app launcher 
Adds support for filtering which applications include the
`android.intent.action.MAIN` intent.
 2022-08-30 12:54:26 -04:00
Ed Minnix
b5c54f5a3b Add check for android:allowBackup explicitly set 
`android:allowBackup` has a default value of `true`. So we want to flag
any file which explicitly sets it.
 2022-08-30 12:53:12 -04:00
Erik Krogh Kristensen
72942afe3e Merge pull request #10220 from erik-krogh/overlapsWithNothing 
print a correct range for ranges that doesn't contain any alpha-numeric chars
 2022-08-30 15:38:34 +02:00
Anders Schack-Mulligen
4070860d2b Merge pull request #10208 from aschackmull/java/dispatch-fixes 
Java: A couple of small virtual dispatch fixes
 2022-08-30 15:03:48 +02:00
Tamas Vajk
3513bb8eed Kotlin: Change Modifiable::isPublic to not cover Kotlin internal members 2022-08-30 14:37:27 +02:00
erik-krogh
7fd426e748 print a correct range for ranges that doesn't contain any alpha-numeric chars 2022-08-30 13:57:11 +02:00
Tony Torralba
1f83c5833b Merge pull request #10092 from zbazztian/zbazztian/string.replace-taint 
Java: Add additional taint steps for java.lang.String methods
 2022-08-30 12:24:37 +02:00
Erik Krogh Kristensen
8f0b999c31 Merge pull request #10207 from erik-krogh/fixRank 
fix performance issue in the ReDoS query
 2022-08-30 10:17:11 +02:00
erik-krogh
f47b097d7c put a limit on the length of the equivalent range 2022-08-29 21:03:52 +02:00
Anders Schack-Mulligen
e26a7fc4f3 Merge pull request #10173 from zbazztian/spring-crudrepository 
Java: Add data flow model for Spring's CrudRepository.save() method
 2022-08-29 15:00:07 +02:00
Michael Nebel
e8d726606b C#/Java: Add descriptive comment on negative summaries in ExternalFlow. 2022-08-29 14:29:32 +02:00
Michael Nebel
91abf79404 Java: Update negative summaries where static initializers has been excluded. 2022-08-29 14:29:32 +02:00
Michael Nebel
37aa6b2c5f C#: Add file level QL Doc. 2022-08-29 14:29:32 +02:00
Michael Nebel
290c35e7c6 Java: Use negative summary models in unsupported external api telemetry query. 2022-08-29 14:28:55 +02:00
Michael Nebel
23e0ee66e0 Java: Add negative models for commons-io. 2022-08-29 14:28:55 +02:00
Michael Nebel
beb85c20f2 Java: Update commons-io generated positive models based on main. 2022-08-29 14:28:55 +02:00
Anders Schack-Mulligen
bd6acc0d75 Java: Refactor upcastCand, and track type flow for upcasts to unbound generics. 2022-08-29 13:57:39 +02:00
Anders Schack-Mulligen
fc415b32c2 Java: Bugfix in TypeFlow. 2022-08-29 13:50:13 +02:00
Anders Schack-Mulligen
e89b42fc11 Java: Allow dispatch to methods on abstract classes without subtypes. 2022-08-29 13:48:55 +02:00
erik-krogh
77949cbeb3 add context to the rankState predicate in ExponentialBackTracking.qll 2022-08-29 13:42:05 +02:00
Anders Schack-Mulligen
6e7dcfcc6e Merge pull request #10097 from aschackmull/java/unification 
Java: Improve virtual dispatch via better unification check and deduplicate code with parameterised module
 2022-08-29 13:28:04 +02:00
Anders Schack-Mulligen
adfd474fee Java: Move file. 2022-08-29 11:50:54 +02:00
Anders Schack-Mulligen
3e5155d1a1 Java: Address review comments. 2022-08-26 11:45:01 +02:00
erik-krogh
ebb1106d9d add missing qldoc 2022-08-25 20:52:30 +02:00
erik-krogh
cc7a9ef97a rename more acronyms 2022-08-25 20:52:27 +02:00
Sebastian Bauersfeld
130e1892f4 Address review comments. 2022-08-25 18:49:38 +07:00
Sebastian Bauersfeld
a486a89cee Java: Taint flow through org.springframework.data.repository.CrudRepository.save(). 2022-08-25 17:58:24 +07:00
Erik Krogh Kristensen
ba1ad00d2a Merge pull request #10062 from erik-krogh/redosPrefix 
JS: use the shared regular expression libraries in `js/case-sensitive-middleware-path`
 2022-08-25 12:57:16 +02:00
Ian Lynagh
bf6d9f8c23 Merge pull request #10161 from igfoo/igfoo/exec 
Make a load of files non-executable
 2022-08-25 10:05:39 +01:00
Ed Minnix
de36372d1c Refactor android:backupAllowed query 
Refactor the query to check for the nonexistence of the
`android:allowBackup` attribute being set to false.

The default value is true, so we need to check for it being explicitly
marked false.
 2022-08-24 15:54:13 -04:00
Ed Minnix
dad4a403db Add support for android:allowBackup default value 
The default value of `android:allowBackup` is `true`. Added support for
detecting if the default value is used.
 2022-08-24 15:54:13 -04:00
Ed Minnix
7d15af6caa Add allowBackup check to AndroidManifest 2022-08-24 15:54:13 -04:00
Ian Lynagh
501a9b3c6b Make *.qll non-executable 2022-08-24 16:36:15 +01:00
Jami
b3e88f8234 Merge pull request #9983 from jcogs33/android-implicit-export 
Java: query to detect implicitly exported Android components
 2022-08-24 10:52:50 -04:00