hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
76,207 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.5
Commit Graph

4170 Commits

Author SHA1 Message Date
Owen Mansel-Chan
939d6f973f Add summary models for javax.crypto.Cipher 2024-02-29 12:20:47 +00:00
Owen Mansel-Chan
65bc62c10a Add summary model for Map$Entry#copyOf 2024-02-29 12:20:43 +00:00
Chris Smowton
aedd3badf7 Add change note for https://github.com/github/codeql/pull/15646 2024-02-27 15:41:43 +00:00
Anders Schack-Mulligen
df5e753ee0 Merge pull request #15570 from aschackmull/java/cache-interpretelement 
Java: Cache interpretElement.
 2024-02-27 13:39:56 +01:00
erik-krogh
b4b5ae2a2c add some request-forgery sanitizers, inspired from C# 2024-02-27 10:05:26 +01:00
Mathias Vorreiter Pedersen
1d4c889ab8 Java: Use the shared type-flow library. 2024-02-26 17:13:32 +00:00
Tony Torralba
759b74791c Java: Re-enable Widget.qll flow steps 
The library Widget.qll was accidentally removed from the global context when its sources were migrated to models-as-data in #13136. This re-adds it so that its flow steps are enabled again.
 2024-02-23 13:07:35 +01:00
Tom Hvitved
62b16c0fa3 Share getFileBySourceArchiveName implementation 2024-02-23 11:25:49 +01:00
Joe Farebrother
2ebb80b632 Merge pull request #15548 from joefarebrother/android-local-auth-keys 
Java: Add query for insecurely generated keys for local authentication.
 2024-02-22 14:04:17 +00:00
Anders Schack-Mulligen
71f8ccf45f Merge pull request #15654 from aschackmull/java/static-init-vec-query-perf 
Java: Switch helper flow from Global to SimpleGlobal in StaticInitializationVectorQuery.
 2024-02-21 10:51:16 +01:00
github-actions[bot]
37f8fa3413 Post-release preparation for codeql-cli-2.16.3 2024-02-20 16:50:47 +00:00
github-actions[bot]
6d061fbc35 Release preparation for version 2.16.3 2024-02-20 14:26:23 +00:00
Anders Schack-Mulligen
66010b5c96 Java: Switch helper flow from Global to SimpleGlobal in StaticInitializationVectorQuery. 2024-02-19 14:04:43 +01:00
Owen Mansel-Chan
22692b9d55 Simplify definition of source and improve QLDoc 
This is also slightly faster to evaluate (217s instead of 228s on apache/geode on my machine).
 2024-02-16 16:47:41 +00:00
Tony Torralba
90a9d82b9d Java: Expand ExactPathSanitizer to work on the argument of 'equals' too 2024-02-15 10:00:24 +01:00
Anders Schack-Mulligen
fb2d36ddac Merge pull request #15451 from Marcono1234/marcono1234/java-assignment-doc 
Java: Document which assignment type is covered by which class
 2024-02-14 08:59:50 +01:00
Joe Farebrother
2eb93b7a3b Add unit tests 2024-02-12 13:49:45 +00:00
Joe Farebrother
d8985f9f5b Move tests for local auth to a folder 2024-02-12 13:49:45 +00:00
Joe Farebrother
c79a3eb6ae Add query for insecure key generation 2024-02-12 13:49:44 +00:00
Joe Farebrother
75a2b9415c Merge pull request #15481 from joefarebrother/android-local-auth 
Java: Add query for insecure local authentication
 2024-02-12 13:48:53 +00:00
Tony Torralba
cf7091ae5f Merge branch 'main' into atorralba/java/open-redirect-sanitizer 2024-02-12 10:31:52 +01:00
Joe Farebrother
16aed18821 Address reviews - Elaborate on docs and update severity 2024-02-09 13:53:36 +00:00
Tom Hvitved
1ea7717714 Capture flow: Take overwrites in nested scopes into account 2024-02-09 14:49:23 +01:00
Anders Schack-Mulligen
8fc4fae7d2 Java: Cache interpretElement. 2024-02-09 14:43:36 +01:00
Max Schaefer
93990ec9df Merge pull request #15486 from github/java/update-mad-decls-after-triage-2024-01-31T11-16-45 
Java: Update MaD Declarations after Triage
 2024-02-09 11:18:17 +00:00
Tony Torralba
4c0d535cc2 Merge pull request #12886 from atorralba/atorralba/java/path-injection-mad-sinks 
Java: Refactor path injection sinks
 2024-02-09 10:48:49 +01:00
Max Schaefer
fb109672b3 Address more review feedback. 2024-02-09 09:21:30 +00:00
Tony Torralba
34f74869c8 Java: Add extension point and default sanitizer to Open Redirect query 2024-02-09 09:11:07 +01:00
Max Schaefer
082754a3d8 Remove problematic Kotlin model. 2024-02-07 13:21:59 +00:00
github-actions[bot]
b5139078d0 Post-release preparation for codeql-cli-2.16.2 2024-02-06 19:22:35 +00:00
Max Schaefer
705a377060 Address review comments. 2024-02-06 12:54:29 +00:00
github-actions[bot]
c1b35fbf47 Release preparation for version 2.16.2 2024-02-05 17:58:57 +00:00
Joe Farebrother
525f27173d Merge pull request #15396 from joefarebrother/android-sensitive-ui-text 
Java: Add query for sensitive data exposed in text fields
 2024-02-05 15:47:03 +00:00
Joe Farebrother
71852868ac Add case for androidx.biometric api 2024-02-02 17:19:20 +00:00
Anders Schack-Mulligen
49b00f3842 Java: Remove two redundant models implied by CharSequence models. 2024-02-02 13:17:26 +01:00
Max Schaefer
ab6cea14c8 Fix missing quotes. 2024-01-31 11:49:25 +00:00
Joe Farebrother
9130603334 Address reviews - use SimpleTypeSanitizer and alter qldoc style 2024-01-31 11:31:25 +00:00
Max Schaefer
6c6f402fa5 Merge branch 'main' into java/update-mad-decls-after-triage-2024-01-31T11-16-45 2024-01-31 11:29:33 +00:00
Max Schaefer
ad8038bade Update MaD Declarations after Triage 2024-01-31 11:28:10 +00:00
Joe Farebrother
8bd79908a6 Implement local auth query 2024-01-30 16:49:55 +00:00
Tony Torralba
e2bf9ea2eb Consider File.exists() et al a path-injection sink 2024-01-30 14:51:36 +01:00
Joe Farebrother
94075ef148 Fix FPs - consider flow through fields when determining whether a view is masked, and find more instances of findViewById. 2024-01-29 16:25:38 +00:00
Joe Farebrother
aa78050933 Implement checks for elements hidden by their xml attributes 2024-01-29 16:25:38 +00:00
Joe Farebrother
6081f18089 Add unit tests + make some fixes 2024-01-29 16:25:37 +00:00
Joe Farebrother
8582093e65 Implement checks for parent views being hidden 2024-01-29 16:25:37 +00:00
Joe Farebrother
1b13597d72 Implement checks for calls that may safely mask information 2024-01-29 16:25:37 +00:00
Joe Farebrother
5dd0addfc2 Add sensitive text flow query 2024-01-29 16:25:36 +00:00
Marcono1234
d8fe0f5bb8 Java: Document which assignment type is covered by which class 2024-01-28 19:03:36 +01:00
Edward Minnix III
4602f8933d Merge pull request #15292 from egregius313/egregius313/java/dataflow/common-sanitizers/uuid-and-date 
Java: Add `java.util.UUID` and `java.util.Date` to the `SimpleTypeSanitizer` class
 2024-01-26 13:16:18 -05:00
Joe Farebrother
031bd8bd0c Merge pull request #15281 from joefarebrother/android-sensitive-ui-notif 
Java: Add query for exposure of sensitive information to android notifiactions
 2024-01-26 16:42:55 +00:00