codeql

mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00

Author	SHA1	Message	Date
Chad Bentz	cfe169a4f9	Adding MSSQL to SensitiveAPI	2023-02-13 19:42:28 -05:00
Anders Schack-Mulligen	2d6d8aaa74	Java: Account for additional constants in ArrayIndexOutOfBounds query.	2023-02-03 16:16:39 +01:00
Joe Farebrother	97b2e852c9	Merge pull request #11713 from joefarebrother/sensitive-result-receiver Java: Add query for leaking sensitive data through a ResultReceiver	2023-02-01 16:34:17 +00:00
Edward Minnix III	4c018759c8	Merge pull request #11283 from egregius313/egregius313/webview-setAllowContentAccess Java: Android WebView Content Access Query	2023-01-17 11:02:47 -05:00
Jami	babdee36aa	Merge pull request #11779 from jcogs33/jcogs33/model-more-top-jdk-apis Java: model top JDK APIs	2023-01-17 10:20:32 -05:00
Joe Farebrother	639c42c9e9	Fix qhelp errors and ql-for-ql errors	2023-01-12 11:44:39 +00:00
Joe Farebrother	7e7b5b4488	Improve test case	2023-01-12 11:44:39 +00:00
Joe Farebrother	de565f9ccc	Add test and fix a bug	2023-01-12 11:44:39 +00:00
Jami Cogswell	fd593fd4f0	Java: undo changes to tests that were affected by numeric-flow summary models	2023-01-11 22:34:19 -05:00
Tony Torralba	32471d326e	Java: Remove omittable exists variables	2023-01-10 13:37:19 +01:00
Ed Minnix	909b1d70d9	Rename files to say "Allow" instead of "Permit"	2023-01-09 10:11:03 -05:00
Ed Minnix	c723df3ca7	Fix alert message in expected file	2023-01-09 10:08:19 -05:00
Chris Smowton	45c732a6f9	Java: improve naming and description of SqlUnescaped.ql Since the main thing it's objecting to is concatenation not lack of escaping (in particular it doesn't look for escaping sanitizers), rename and re-describe it accordingly.	2023-01-09 10:56:13 +00:00
Ed Minnix	28ad9d00fb	Merge both setAllowContentAccess queries into one query Previously, the query to detect whether or not access to `content://` links was done using two queries. Now they can be merged into one query	2023-01-03 15:17:07 -05:00
Ed Minnix	68392aa8d8	Fix test expectations	2022-12-31 15:25:25 -05:00
Ed Minnix	9ef319f659	Java: setAllowContentAccess query tests	2022-12-31 15:00:28 -05:00
Ed Minnix	7cc53126f3	Java: WebView setAllowContentAccess query test cases	2022-12-31 15:00:28 -05:00
Ed Minnix	a023726c03	Java: add Android stubs to options file for CWE-200 tests	2022-12-31 15:00:28 -05:00
Jami Cogswell	e6331dc2e6	Java: update test case affected by Long.parseLong summary model	2022-12-22 12:57:37 -05:00
Jami Cogswell	997219a280	Java: update test case affected by Class.isAssignableFrom neutral model	2022-12-22 12:54:02 -05:00
Edward Minnix III	b77923f6e6	Merge pull request #11767 from atorralba/atorralba/java/fix-pinning-tests Java: Small simplification in Missing Certificate Pinning tests	2022-12-21 11:21:47 -05:00
Arthur Baars	98c5b81456	Merge pull request #11723 from aibaars/alert-suppression CodeQL alert suppression	2022-12-21 10:59:57 +01:00
Tony Torralba	ab73d13d8b	Small simplification	2022-12-21 09:58:13 +01:00
Jami	c9258effb6	Merge pull request #11572 from jcogs33/jcogs33/model-top-jdk-apis Java: model top 100 JDK APIs	2022-12-20 09:13:53 -05:00
Tony Torralba	149cae9603	Merge pull request #10971 from joefarebrother/android-certificate-pinning Java: Add Android missing certificate pinning query (CWE-295)	2022-12-20 11:03:16 +01:00
Tony Torralba	3e7a819fe7	Simplification	2022-12-20 09:42:25 +01:00
Edward Minnix III	39a7c7bb12	Merge pull request #11282 from egregius313/egregiu313/webview-addjavascriptinterface Java: Query for detecting addJavascriptInterface method calls	2022-12-19 11:28:45 -05:00
Arthur Baars	0f313231bc	AlertSuppression: add more tests	2022-12-19 16:43:11 +01:00
Arthur Baars	c176606be5	AlertSuppression: allow //lgtm comments to scope over the next line	2022-12-19 16:10:26 +01:00
Jami Cogswell	f933fc75cd	Java: update another test affected by Integer.parseInt, and one affected by String.length	2022-12-18 21:46:43 -05:00
Jami Cogswell	f3fc68352e	Java: update tests affected by Integer.parseInt model	2022-12-18 19:43:32 -05:00
Jami Cogswell	96a0950048	Java: update test case	2022-12-15 15:49:53 -05:00
Jami Cogswell	028fc29639	Java: group test methods	2022-12-13 11:02:21 -05:00
Jami	93d8a03e73	Merge branch 'main' into jcogs33/mad-metrics-query	2022-12-12 20:31:53 -05:00
Jami Cogswell	3526406db0	Java: add tests	2022-12-12 15:10:55 -05:00
Edward Minnix III	0ebfee8b11	Merge pull request #11241 from egregius313/egregius313/webview-file-access Java: Query to detect Android Webview file access	2022-12-12 11:12:26 -05:00
Joe Farebrother	a14ebb7c03	Fixes	2022-12-09 13:41:18 +00:00
Joe Farebrother	0d6a376a36	Add test cases for TrustManager case	2022-12-09 13:41:18 +00:00
Joe Farebrother	4afecf575e	Generate more stubs for okhttp and fix tests. Some generated stubs needed to be manually corrected.	2022-12-09 13:41:17 +00:00
Joe Farebrother	bb402c497b	Fix typo in dir name	2022-12-09 13:41:17 +00:00
Joe Farebrother	53c4ada883	Add okhttp tests	2022-12-09 13:41:17 +00:00
Joe Farebrother	ea3db5d429	Add test cases	2022-12-09 13:41:17 +00:00
Edward Minnix III	170c9af9e8	Merge pull request #11238 from egregius313/egregius313/webview-setjavascriptenabled Java: Query for detecting enabling Javascript in Android WebSettings	2022-12-07 09:31:58 -05:00
Tony Torralba	cabce5fb36	Merge pull request #11549 from mbaluda/mbaluda/insecure-cookie Java: Support interprocedural setting of cookie security	2022-12-07 12:14:46 +01:00
Mauro Baluda	04f1fe523a	Update Test.java	2022-12-02 18:01:10 +01:00
Jami Cogswell	0e3e849ead	add negative summary test for java	2022-12-01 15:49:12 -05:00
Jami Cogswell	94c5d53192	add a couple more tests	2022-11-30 18:51:05 -05:00
Jami Cogswell	7f45e320d8	add tests	2022-11-30 18:07:45 -05:00
Tony Torralba	43f4dd8bc4	Consider taint through bitwise operations on PendingIntent flags	2022-11-22 11:39:30 +01:00
Jami	8a73675483	Merge pull request #11070 from jcogs33/java-regex-injection Java: Promote regex injection query from experimental	2022-11-21 15:04:26 -05:00

... 8 9 10 11 12 ...

1144 Commits