codeql

mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00

Author	SHA1	Message	Date
Tony Torralba	e43fff2d30	Use InlineExpectationsTest	2022-01-19 16:42:02 +01:00
Tony Torralba	4313baf622	Big refactor: - Move classes and predicates to appropriate libraries - Overhaul the endpoint identification algorithm logic to use taint tracking - Adapt tests	2022-01-19 16:42:00 +01:00
Tony Torralba	e0f4c73aed	Move from experimental	2022-01-19 16:42:00 +01:00
Tony Torralba	6096080156	Use all possible packages for Fragment classes Also fix stub	2022-01-19 16:23:11 +01:00
Benjamin Muskalla	52406dc8df	Exclude logging sinks Those sinks are too coarse grained to be exposed as sinks on any model.	2022-01-19 16:11:59 +01:00
Benjamin Muskalla	25d251c24f	Exclude `main` methods from models	2022-01-19 16:11:59 +01:00
Tony Torralba	c675028537	Add Fragment and Activity edge case	2022-01-19 16:08:28 +01:00
Tony Torralba	211cb9370f	Add the Intent parameter of onActivityResult as a source	2022-01-19 16:08:25 +01:00
Tony Torralba	520d8f5ec5	Add stubs	2022-01-19 16:06:23 +01:00
Chris Smowton	84097468cc	Merge pull request #7286 from luchua-bc/java/unsafe-url-forward-dispatch Java: CWE-552 Query to detect unsafe request dispatcher usage	2022-01-18 18:19:20 +00:00
Tony Torralba	b16b0270d2	Merge pull request #6779 from atorralba/atorralba/android-implicit-pending-intents Java: CWE-927 - Query to detect the use of implicit PendingIntents	2022-01-18 12:14:47 +01:00
Chris Smowton	9819752bdd	Merge pull request #7526 from smowton/smowton/fix/restore-nodes-edges-consistency Don't include arg -> param edges in PathGraph::edges where arg is not reachable	2022-01-18 11:05:47 +00:00
Benjamin Muskalla	7e215a5193	Merge pull request #7599 from bmuskalla/modelWriter Java: Model Appenable and Writer	2022-01-18 11:55:27 +01:00
Tony Torralba	f103d45340	Merge branch 'main' into atorralba/android-implicit-pending-intents	2022-01-18 10:50:49 +01:00
Benjamin Muskalla	8e6a15640f	Model basic channel APIs	2022-01-18 10:40:39 +01:00
Anders Schack-Mulligen	aa9912a699	Java: Fix expected output	2022-01-18 10:36:52 +01:00
Tony Torralba	e967b8a9be	Merge pull request #6576 from atorralba/atorralba/android-cleartext-storage-filesystem Java: Create new query Cleartext storage of sensitive information in Android filesystem	2022-01-17 14:02:38 +01:00
Tony Torralba	227929508f	Merge pull request #6923 from atorralba/atorralba/android-fragment-injection Java: CWE-470 - Queries to detect Fragment Injection in Android applications	2022-01-17 14:02:15 +01:00
Tony Torralba	7beab7cb59	Apply code review suggestions	2022-01-17 12:02:27 +01:00
Tony Torralba	9bbba3c96f	Adjust UnsupportedExternalAPIs test	2022-01-17 11:11:04 +01:00
Tony Torralba	1e4840e071	Fix predicate name	2022-01-17 11:11:03 +01:00
Tony Torralba	c1ac09a063	Added query for Cleartext Storage in Android Filesystem	2022-01-17 11:11:00 +01:00
Artem Smotrakov	825fe1797a	Fixed another false-positive in CWE-297/IgnoredHostnameVerification.ql	2022-01-16 18:55:49 +00:00
Artem Smotrakov	6dad0e21d9	Ignore wrapped HostnameVerifier.vefify() calls	2022-01-16 18:29:30 +00:00
Fosstars	2b33265d0f	Added a query for ignored hostname verification - Added IgnoredHostnameVerification.ql - Added a qhelp file with examples - Added tests	2022-01-16 18:27:49 +00:00
Artem Smotrakov	f78002bc02	Fixed a false-positive in CWE-297/IgnoredHostnameVerification.ql	2022-01-16 18:25:18 +00:00
Fosstars	e11cb943a6	Added a query for ignored hostname verification - Added IgnoredHostnameVerification.ql - Added a qhelp file with examples - Added tests	2022-01-16 18:25:18 +00:00
Tony Torralba	9f616e7cbe	Refactor to use FlowState Remove the auxiliary DataFlow configuration	2022-01-14 12:24:35 +01:00
Benjamin Muskalla	a4429d01a3	Add tests for writer models	2022-01-14 11:12:35 +01:00
Tony Torralba	df95317a58	Fix tests after stub change	2022-01-14 10:33:21 +01:00
Tony Torralba	bd4abf4fd0	Additional Notification models	2022-01-14 10:32:38 +01:00
Tony Torralba	a9757fbc83	Setting null Components is not a sanitizer	2022-01-14 10:32:37 +01:00
Tony Torralba	a59a4024a5	Update stubs	2022-01-14 10:32:36 +01:00
Tony Torralba	a0a914466c	Rewording	2022-01-14 10:32:33 +01:00
Tony Torralba	f963887c58	Change test to avoid collision with SensitiveCommunication.ql	2022-01-14 10:32:01 +01:00
Tony Torralba	9e3594fcf1	Added more sinks	2022-01-14 10:32:00 +01:00
Tony Torralba	d49e52fb73	Add support for PendingIntents in Notifications	2022-01-14 10:31:58 +01:00
Tony Torralba	7f85dae63b	Add support for implicit field read flows	2022-01-14 10:31:57 +01:00
Tony Torralba	e58a8587db	Add support for Slices	2022-01-14 10:31:56 +01:00
Tony Torralba	d43242d09e	Added tests	2022-01-14 10:31:56 +01:00
Anders Schack-Mulligen	0b24af901d	Merge pull request #7349 from aschackmull/dataflow/state Dataflow: Add support for flow state	2022-01-14 09:12:38 +01:00
Tony Torralba	81feaaec02	Refactor PathMatchGuard	2022-01-13 15:24:41 +01:00
Anders Schack-Mulligen	a34c981209	Dataflow: Address comments.	2022-01-13 13:28:24 +01:00
Anders Schack-Mulligen	69973dadb3	Merge pull request #7548 from zbazztian/spring-taint-summaries Java: Add Spring and Apache Common Langs taint flow steps	2022-01-13 13:00:41 +01:00
Sebastian Bauersfeld	69f329ffec	Java: Add test cases for AbstractMessageSource.getMessage() methods	2022-01-13 14:13:27 +07:00
Sebastian Bauersfeld	39b6678b7d	Java: Add test case for StringEscapeUtils.escapeJson() taint step.	2022-01-13 11:18:37 +07:00
Tamás Vajk	9065a7f320	Merge pull request #7573 from tamasvajk/fix/java-field-decl-tostr Java: Fix toString on field declarations with single field	2022-01-12 13:03:16 +01:00
Tony Torralba	c2105e506b	Added test cases	2022-01-12 11:06:58 +01:00
Tamas Vajk	b9e0310aa2	Java: Fix toString on field declarations with single field	2022-01-12 09:22:16 +01:00
luchua-bc	263dbd33f6	Optimize the query	2022-01-12 02:33:17 +00:00

... 51 52 53 54 55 ...

4105 Commits