codeql

mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00

Author	SHA1	Message	Date
Tony Torralba	55dc783f28	Move from experimental and refactor	2022-01-10 17:09:37 +01:00
Tony Torralba	f0e9b768f2	Apply suggestions from code review Co-authored-by: Felicity Chapman <felicitymay@github.com>	2021-12-15 16:53:47 +01:00
Tony Torralba	85526d71da	Add Fragment injection in PreferenceActivity query	2021-12-15 16:53:46 +01:00
Tony Torralba	701d12fb5b	Add Fragment injection query	2021-12-15 16:53:45 +01:00
Anders Schack-Mulligen	6c739b67fa	Merge pull request #7318 from RasmusWL/java-cwe-328 Java: Tag queries with CWE-328	2021-12-07 11:39:48 +01:00
Rasmus Wriedt Larsen	ff9ed0d4fb	Java: Tag queries with CWE-328 CWE-328: Use of Weak Hash, see https://cwe.mitre.org/data/definitions/328.html Since weak hash functions (md5/sha1) are considered for the `java/weak-cryptographic-algorithm` query. See `caeeebf572/java/ql/lib/semmle/code/java/security/Encryption.qll (L148)` To keep things consistent between `java/weak-cryptographic-algorithm` and `java/potentially-weak-cryptographic-algorithm`, I also added the tag to the latter.	2021-12-06 13:59:00 +01:00
Erik Krogh Kristensen	6ff8d4de5c	add all remaining explicit this	2021-11-26 13:50:10 +01:00
Chris Smowton	120f2045cd	Document XXE sanitisation policy	2021-11-24 12:03:28 +00:00
Tony Torralba	f4704f1325	Merge pull request #6397 from atorralba/atorralba/android-intent-redirect-query Java: Create new Android Intent Redirection query	2021-11-04 10:42:59 +01:00
Tony Torralba	fd92c4e435	Apply suggestions from code review Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2021-11-04 10:08:53 +01:00
Tony Torralba	474bf576a7	Minor corrections in QLDoc, qhelp and example code	2021-11-04 08:46:23 +01:00
CodeQL CI	5d62aa5b29	Merge pull request #6994 from erik-krogh/redundant-cast Approved by RasmusWL, aschackmull, esbena, geoffw0, hvitved, nickrolfe	2021-11-02 03:45:48 -07:00
Tony Torralba	3ea1af3819	Refactor into separate libraries	2021-10-29 17:36:02 +02:00
Marcono1234	bfb9577d15	Java: Deprecate `StringLiteral.getRepresentedString()`	2021-10-29 14:50:15 +02:00
Erik Krogh Kristensen	d36c66cfca	remove redundant inline casts in arguments where the type is inferred by the call target	2021-10-29 14:37:56 +02:00
Tony Torralba	7f15177498	Move from experimental	2021-10-29 10:19:05 +02:00
Erik Krogh Kristensen	15c90adec5	remove redundant cast where the type is enforced by an equality comparison	2021-10-28 18:08:20 +02:00
Joe Farebrother	02b440b0ed	Merge pull request #6599 from joefarebrother/android-sensitive-communication Java: Promote android sensitive broadcast query	2021-10-26 13:48:58 +01:00
Anders Schack-Mulligen	ba95d46ec3	Apply suggestions from code review Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>	2021-10-26 14:04:13 +02:00
Erik Krogh Kristensen	a3c55c2aec	use set literal instead of big disjunction of literals	2021-10-26 12:55:25 +02:00
Joe Farebrother	6dac86b9be	Fix unneeded import and spelling mistake	2021-10-25 14:11:00 +01:00
Joe Farebrother	0c1af2411b	Write intent in lowercase consistently Co-authored-by: hubwriter <hubwriter@github.com>	2021-10-25 12:22:49 +01:00
Joe Farebrother	c89178c0e8	Apply suggestions from code review Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>	2021-10-22 10:54:57 +01:00
Joe Farebrother	a9dde419d2	Fix up test	2021-10-21 16:46:07 +01:00
Joe Farebrother	3e3503a763	Fix failing checks	2021-10-20 17:25:38 +01:00
Joe Farebrother	b6c584cb70	Update docs	2021-10-20 17:09:59 +01:00
Joe Farebrother	447e06d92a	Rename from SensitiveBroadcast to SensitiveCommmunication	2021-10-20 17:09:59 +01:00
Joe Farebrother	351e67c639	Fix qhelp	2021-10-20 17:09:58 +01:00
Joe Farebrother	b112189530	Update docs	2021-10-20 17:09:58 +01:00
Joe Farebrother	143920efca	Movee query logic to a qll file	2021-10-20 17:09:57 +01:00
Joe Farebrother	c68a7077d7	Move query and tests out of experimental	2021-10-20 17:09:56 +01:00
Tony Torralba	28ae4c211f	Update java/ql/src/Security/CWE/CWE-940/AndroidIntentRedirection.qhelp Co-authored-by: Ethan Palm <56270045+ethanpalm@users.noreply.github.com>	2021-10-18 11:10:23 +02:00
Tony Torralba	bc6c13be69	Refactor to actually build the full flows from src to sink Add more tests for edge cases	2021-10-18 11:10:22 +02:00
Tony Torralba	4dd9e7d6a0	Remove unnecessary import Add comment	2021-10-18 11:10:22 +02:00
Tony Torralba	14963103aa	Add full path reconstruction from RemoteFlowSource to sink	2021-10-18 11:10:21 +02:00
Tony Torralba	28369d1822	Apply suggestions from code review Co-authored-by: Steve Guntrip <12534592+stevecat@users.noreply.github.com>	2021-10-18 11:09:31 +02:00
Tony Torralba	5f0ce4d232	Add suggestions from code review	2021-10-18 11:07:01 +02:00
Tony Torralba	9eb4cda1af	Fix qhelp and formatting	2021-10-18 11:06:08 +02:00
Tony Torralba	fd8a128693	Renamed to AndroidIntentRedirection Added qhelp	2021-10-18 11:02:34 +02:00
Tony Torralba	09d96e65b8	Added QLDoc	2021-10-18 11:02:32 +02:00
Tony Torralba	d006db9d20	First version of the query	2021-10-18 10:58:09 +02:00
Chris Smowton	81c0e66b1d	Add change note and update qhelp	2021-10-12 12:35:05 +01:00
Tony Torralba	a86cbd884e	Apply suggestions from code review Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2021-10-05 09:40:22 +02:00
Tony Torralba	3323f7ab1a	Fix qhelp	2021-10-05 09:18:50 +02:00
Tony Torralba	9f54b1065a	Apply suggestions from code review Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>	2021-10-05 09:18:49 +02:00
Tony Torralba	9c1021134a	Add some links to qhelp	2021-10-05 09:18:49 +02:00
Tony Torralba	8c6d58e6d8	Refactored into libraries	2021-10-05 09:18:44 +02:00
Tony Torralba	0e149f0523	Move from experimental	2021-10-05 09:18:44 +02:00
Chris Smowton	cb4ce36d3c	Update change note; drop unnecessary import	2021-09-30 15:00:13 +01:00
Chris Smowton	b0983cb726	Specifically include Base64 encode/decode as a likely intermediate step for hardcoded credentials	2021-09-30 14:57:49 +01:00

... 15 16 17 18 19 ...

1238 Commits