hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
75,258 Commits 1,672 Branches 157 Tags
codeql-cli-2.20.3
Commit Graph

1083 Commits

Author SHA1 Message Date
Ed Minnix
52d519765a Merge ContentProvider tests into one manifest 
Merge the read-only, write-only, read-write, and full test cases into
one AndroidManifest.xml file.

Also added the not-exported test case.
 2022-10-03 12:16:45 -04:00
Ed Minnix
28e7049722 Add exported requirement to ContentProvider permissions test 2022-10-03 10:52:42 -04:00
Tony Torralba
ba9eb8c73c Fix stub generator 
Add line break after all stubbed annotations to avoid malformed code

See https://github.com/github/codeql/pull/8695\#discussion_r985674245
 2022-10-03 14:43:58 +02:00
Tony Torralba
f860ae8c82 Apply review suggestions 2022-10-03 10:38:35 +02:00
Tony Torralba
2036453176 Add stub generation tests 2022-10-03 10:31:14 +02:00
erik-krogh
39ffa558f1 make a few more queries consistent with the other languages 2022-10-02 22:38:25 +02:00
erik-krogh
129cda00db get a few more queries in sync with other languages 2022-10-01 11:17:48 +02:00
erik-krogh
acfcc4bfe2 update two more queries to better follow the style-guide 2022-10-01 10:59:59 +02:00
erik-krogh
7d643e41f3 Merge branch 'main' into java-followMsg 2022-10-01 10:48:06 +02:00
Ed Minnix
29e34ac970 ContentProvider Incomplete Permissions Test Cases 2022-09-29 16:07:54 -04:00
Anders Schack-Mulligen
b48b5d45ef Merge pull request #10498 from Marcono1234/marcono1234/compilation-unit-simple-name-type 
Java: Add `CompilationUnit.getATypeInScope()`
 2022-09-28 13:18:29 +02:00
erik-krogh
46b5bf32f9 update alert-messsages of java queries 2022-09-26 12:15:25 +02:00
Marcono1234
c40b6285a2 Java: Adjust ImpossibleJavadocThrows.ql 2022-09-26 12:08:43 +02:00
Joe Farebrother
b3d9d08750 Add tests 2022-09-21 13:57:29 +01:00
Joe Farebrother
d32540469b Moved existing tests to subdirectory 2022-09-21 13:57:28 +01:00
Tony Torralba
cbb64cc8c1 Merge pull request #10352 from atorralba/atorralba/promote-template-injection 
Java: Promote Server-side template injection from experimental
 2022-09-20 16:11:58 +02:00
Tony Torralba
e140f04881 Merge pull request #10393 from zbazztian/uri-constructor-flow 
Java: Model taint flow for java.net.URI constructors in tainted path queries
 2022-09-16 15:10:40 +02:00
Anders Schack-Mulligen
726772220c Merge pull request #10191 from smowton/smowton/admin/java-implicit-this-type-tests 
Java: Add test regarding the type of an implicit `this` expression
 2022-09-16 10:58:48 +02:00
Tony Torralba
fdc8453a59 Introduce TaintedPathAdditionalTaintStep 
Use separate configurations for tainted path and tainted path local again.
 2022-09-16 10:42:15 +02:00
Tony Torralba
df5178d7ee Merge pull request #10330 from atorralba/atorralba/implicit-pendingintents-compat-sinks 
Java: Add Implicit PendingIntents sinks for Compat classes
 2022-09-15 14:39:19 +02:00
Sebastian Bauersfeld
20d78972f5 Address review comments. 2022-09-15 16:44:36 +07:00
Chris Smowton
b926bc9efa Fix and add test for java/subtle-inherited-call involving inheritence from generic types 2022-09-14 22:17:19 +01:00
Chris Smowton
da04673cb0 Fix query java/internal-representation-exposure regarding generic callees, and add a test 2022-09-14 22:17:19 +01:00
Chris Smowton
c149754c6b Fix java/iterator-remove-failure to handle calls to specialised generic functions 2022-09-14 22:17:19 +01:00
Sebastian Bauersfeld
0468b3a361 Java: Track taint through constructor arguments of java.net.URI. 2022-09-13 11:35:04 +07:00
Tony Torralba
f412f433bf Add thymeleaf steps 2022-09-12 17:52:38 +02:00
Edward Minnix III
eadb8a3988 Merge pull request #10106 from egregius313/egregius313/android-backup-allowed 
Java: Query to detect Android backup allowed
 2022-09-12 11:14:03 -04:00
Tony Torralba
79a32f1a3e Tainting the freemarker dataModel isn't exploitable 2022-09-12 14:22:06 +02:00
Tony Torralba
409a123490 Tainting the velocity context isn't exploitable 2022-09-12 11:38:29 +02:00
Ed Minnix
817f12cae6 Updated expectations file with new message 
The warning message for the `android:allowBackup` query was updated.
This updates the message in the expectations file.
 2022-09-09 11:35:48 -04:00
Tony Torralba
d748fb5648 Fix bad models, add tests for those 2022-09-09 10:08:52 +02:00
Tony Torralba
e311155acd Use InlineExpectationsTest 2022-09-08 17:38:25 +02:00
Tony Torralba
c9728098ef Generate stubs, adapt tests 2022-09-08 17:38:21 +02:00
Ed Minnix
59909751ae Change allowBackup tests to use qlref test format 
Due to some limitations of comments in XML, it is simpler to implement
the `android:allowBackup` tests using the qlref/expectations test format.
 2022-09-08 10:34:17 -04:00
Ed Minnix
e69a8269ad Move CleartextStorage test files into separate dir 
Move the files for the CleartextStorage tests into their own directory
to avoid issues with extraction
 2022-09-08 10:33:05 -04:00
Ed Minnix
09b723fc6d Formatting fixes for allowBackup tests 2022-09-07 13:30:19 -04:00
Ed Minnix
5206c792b0 Additional Unit tests for the allowBackup query 2022-09-07 12:07:48 -04:00
Tony Torralba
cd61bd0606 Move files from experimental 2022-09-07 13:13:40 +02:00
Tony Torralba
8e0b4892ee Add Implicit PendingIntents sinks for Compat classes 2022-09-07 11:04:22 +02:00
Ed Minnix
0a83cedeb7 Unit tests for android:allowBackup query 2022-09-06 13:52:43 -04:00
Tony Torralba
bee4e4b40a Add new AlarmManager sinks 2022-09-01 09:47:58 +02:00
Tony Torralba
1f83c5833b Merge pull request #10092 from zbazztian/zbazztian/string.replace-taint 
Java: Add additional taint steps for java.lang.String methods
 2022-08-30 12:24:37 +02:00
Erik Krogh Kristensen
06afe9c0f4 Merge pull request #9816 from erik-krogh/msgConsis 
Make alert messages consistent across languages
 2022-08-25 15:20:01 +02:00
erik-krogh
c7aa58252a change "does not seem to check" to "does not check" in unchecked-cast-in-equals queries 2022-08-25 12:31:58 +02:00
Ian Lynagh
bf6d9f8c23 Merge pull request #10161 from igfoo/igfoo/exec 
Make a load of files non-executable
 2022-08-25 10:05:39 +01:00
Ian Lynagh
237b3670b4 Make *.xml non-executable 2022-08-24 16:53:48 +01:00
Jami
b3e88f8234 Merge pull request #9983 from jcogs33/android-implicit-export 
Java: query to detect implicitly exported Android components
 2022-08-24 10:52:50 -04:00
erik-krogh
27fcc90a97 Merge branch 'main' into msgConsis 2022-08-24 09:21:43 +02:00
erik-krogh
1a7d3ee831 update expected output after changing queries 2022-08-23 12:35:32 +02:00
Chris Smowton
0a7350f3bf Merge pull request #10041 from smowton/AddSensitiveApiCalls 
Java: support more libraries in hardcoded-credentials queries
 2022-08-23 10:51:04 +01:00