hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,267 Commits 1,672 Branches 157 Tags
codeql-cli-2.21.1
Commit Graph

1144 Commits

Author SHA1 Message Date
Tony Torralba
2809c3a77c Handle disabled Maven repositories 2022-11-21 10:11:57 +01:00
Joe Farebrother
d6c5132f39 Merge pull request #10684 from joefarebrother/android-keyboard-cache 
Java: Add query for Sensitive Keyboard Cache
 2022-11-16 15:27:44 +00:00
Joe Farebrother
dd4e1d0ac3 Add tests and fix issues 2022-11-16 10:54:14 +00:00
Joe Farebrother
359d703ded More precise layout xml handling 2022-11-16 10:54:13 +00:00
Joe Farebrother
706858e211 Add test cases; fix the regex used 2022-11-16 10:54:13 +00:00
Ed Minnix
eb8ef72e47 Java: addJavascriptInterface query test case 2022-11-15 23:28:18 -05:00
Ed Minnix
3b96fefc71 Java: Add Android stubs to options file for CWE-079 test cases 2022-11-15 23:26:49 -05:00
Ed Minnix
10875568ec Java: add negative test cases for WebView file access query 2022-11-15 13:50:31 -05:00
erik-krogh
c029048306 port the Java regex/redos queries to use the shared pack 2022-11-14 21:29:41 +01:00
Ed Minnix
7a0544d80e Java: test files for WebView file access query 2022-11-14 15:11:15 -05:00
Ed Minnix
1132572620 Java: add test cases for setJavaScriptEnabled query 2022-11-14 14:33:12 -05:00
Jami
cfbaf5e53b Merge pull request #10785 from jcogs33/insuff-key-size-globalflow-keysize 
Java: Promote insufficient key size query from experimental
 2022-11-08 18:05:01 -05:00
Jami Cogswell
bada986433 apply review comments 2022-11-08 15:29:33 -05:00
Jami Cogswell
b99a1d2cd9 update sink and tests 2022-11-08 15:29:33 -05:00
Jami Cogswell
0e93e71127 update tests 2022-11-08 15:29:33 -05:00
Jami Cogswell
5402001362 remove original sanitizer 2022-11-08 15:29:33 -05:00
Jami Cogswell
5dcd3b2c0f clean up files 2022-11-08 15:29:33 -05:00
Jami Cogswell
5b089bbb9c split sanitizer into three 2022-11-08 15:29:33 -05:00
Jami Cogswell
91491d9a7b refactor into more classes; add more test cases; add LITERAL sanitizer 2022-11-08 15:29:33 -05:00
Jami Cogswell
6545cff0ef add Pattern.quote sanitizer 2022-11-08 15:29:33 -05:00
Jami Cogswell
833c5edf06 move to .qll file and switch to InlineExpectations tests 2022-11-08 15:29:32 -05:00
Jami Cogswell
25436fe555 update options and qlref files 2022-11-08 15:29:32 -05:00
Jami Cogswell
32b140045e move files out of experimental 2022-11-08 15:29:32 -05:00
Jami Cogswell
f40eefce57 use CompileTimeConstantExpr instead of StringLiteral 2022-10-27 17:11:07 -04:00
Ian Lynagh
63b64e4daa Kotlin: Test tweaks for the diags consistency query 2022-10-25 16:26:11 +01:00
Jami Cogswell
e5982f19fa minor updates 2022-10-19 11:05:40 -04:00
Jami Cogswell
961e5c72a3 minor updates 2022-10-19 08:44:35 -04:00
Tony Torralba
fd8f8cb930 Merge pull request #10223 from atorralba/atorralba/unsafe-content-resolver 
Java: New Android query to detect unsafe content URI resolution
 2022-10-19 11:22:04 +02:00
Jami Cogswell
4df0fbcce1 update tests 2022-10-19 01:17:57 -04:00
Jami Cogswell
2714c7fdcf update tests 2022-10-14 16:45:13 -04:00
Jami Cogswell
2daa3457d7 combine three configs into one 2022-10-13 17:57:56 -04:00
Jami Cogswell
bfbb6db436 clean up code 2022-10-12 16:58:34 -04:00
Jami Cogswell
37d85587e0 refactor code into InsufficientKeySize.qll 2022-10-12 15:39:57 -04:00
Edward Minnix III
ce740b47ae Merge pull request #10637 from egregius313/egregius313/android-misconfigured-contentprovider 
Android ContentProvider Incomplete Permissions
 2022-10-12 09:41:03 -04:00
Jami Cogswell
01c2a8cbba add symm to the single config; still seems to work 2022-10-12 08:51:22 -04:00
Jami Cogswell
29de0c6748 make one config for asymm with flow states; seems to work... 2022-10-11 22:29:48 -04:00
Jami Cogswell
26f4abf12b remove globalflow for key(pair)gen 2022-10-11 16:56:11 -04:00
Jami Cogswell
e64825ff7a fix code-scanning bot problems 2022-10-11 16:56:11 -04:00
Jami Cogswell
bd76b1fcc0 clean-up and update configurations to have specs as sink 2022-10-11 16:56:10 -04:00
Jami Cogswell
3cc7f143b2 clean up code somewhat 2022-10-11 16:56:10 -04:00
Jami Cogswell
f5a2fef7a3 update tests for non-path version 2022-10-11 16:56:10 -04:00
Jami Cogswell
b7123c17f8 draft of adding kpg tracking into dataflow config 2022-10-11 16:56:10 -04:00
Jami Cogswell
cdac0e2b52 add local algo name tracking, still need to add ability to track algo name when KeyGen obj is param to other method 2022-10-11 16:56:10 -04:00
Jami Cogswell
c414ee0e25 add ECC dataflow config; passes all test cases; still don't have algo name tracking 2022-10-11 16:56:10 -04:00
Jami Cogswell
5e2ef66014 refactoring to use both dataflow configs; commit before deleting unused code 2022-10-11 16:56:10 -04:00
Jami Cogswell
ac707198d5 commit before adding taint flow back (since no taint flow doesn't capture all cases) 2022-10-11 16:56:10 -04:00
Jami Cogswell
8ffd2522e7 add draft code to find algo type to replace tainttracking configs 2022-10-11 16:56:10 -04:00
Jami Cogswell
d3b1a04c13 handle FN case with simple VarAccess; add draft of dataflow config to handle complex VarAccess 2022-10-11 16:56:10 -04:00
Jami Cogswell
7de9c05c9d use CompileTimeConstantExpr for FN with VarAccess, and remove KeyGeneratorInitConfiguration 2022-10-11 16:56:10 -04:00
Jami Cogswell
75794ec7a7 false negative testing - before rewrite for variable dataflow 2022-10-11 16:56:10 -04:00