hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,246 Commits 1,672 Branches 157 Tags
codeql-cli-2.23.0
Commit Graph

3149 Commits

Author SHA1 Message Date
Michael Nebel
8112058a0a Java: Adapt TopJdpApi library to the re-factor. 2023-01-11 16:20:55 +01:00
Michael Nebel
6a047d6916 Java: Re-factor provenance related predicates for summarized callable. 2023-01-11 16:20:55 +01:00
Michael Nebel
ea173f9516 Sync files. 2023-01-11 16:20:55 +01:00
Jami Cogswell
faae811be7 Java: try simplification of paramsString and paramsStringPart 2023-01-10 13:35:52 -05:00
Jami Cogswell
65aa064838 Java: update paramsString qldoc 2023-01-10 13:33:47 -05:00
Edward Minnix III
ce06df3152 Merge pull request #11628 from egregius313/egregius313/android-webview-addjavascriptinterface-dataflow 
Java: Add parameters of methods annotated @JavascriptInterface as remote flow sources
 2023-01-10 12:41:52 -05:00
Tony Torralba
32471d326e Java: Remove omittable exists variables 2023-01-10 13:37:19 +01:00
Tony Torralba
da90ae0e8f Update java/ql/lib/semmle/code/java/dataflow/FlowSources.qll 2023-01-10 11:18:53 +01:00
Michael Nebel
16cd148961 Merge pull request #11711 from michaelnebel/externalflowcleanup 
C#/Java: Delete deprecated ModelCsv classes and related predicates.
 2023-01-10 10:22:50 +01:00
Ed Minnix
293a203756 Move JavascriptInterfaceMethod to WebView.qll 2023-01-09 15:10:23 -05:00
Chris Smowton
45c732a6f9 Java: improve naming and description of SqlUnescaped.ql 
Since the main thing it's objecting to is concatenation not lack of escaping (in particular it doesn't look for escaping sanitizers), rename and re-describe it accordingly.
 2023-01-09 10:56:13 +00:00
Ed Minnix
ab7ca1d642 Java: Add parameters of @JavascriptInterface methods as a remote flow sources 2023-01-03 15:31:40 -05:00
Ed Minnix
e259ef5d1d Java: Add class for android.webkit.WebSettings.setAllowContentAccess 2022-12-31 15:00:28 -05:00
Jami
c9258effb6 Merge pull request #11572 from jcogs33/jcogs33/model-top-jdk-apis 
Java: model top 100 JDK APIs
 2022-12-20 09:13:53 -05:00
Tony Torralba
149cae9603 Merge pull request #10971 from joefarebrother/android-certificate-pinning 
Java: Add Android missing certificate pinning query (CWE-295)
 2022-12-20 11:03:16 +01:00
Tony Torralba
3e7a819fe7 Simplification 2022-12-20 09:42:25 +01:00
Jeroen Ketema
edc768b43b Merge pull request #11707 from smowton/smowton/fix/java-empty-multiline-comment 
Java: handle printing an empty comment (/**/); add relevant tests
 2022-12-20 08:07:42 +01:00
Edward Minnix III
39a7c7bb12 Merge pull request #11282 from egregius313/egregiu313/webview-addjavascriptinterface 
Java: Query for detecting addJavascriptInterface method calls
 2022-12-19 11:28:45 -05:00
Chris Smowton
2ca56e0c1e Java: handle printing an empty comment (/**/); add relevant tests 2022-12-19 14:12:09 +01:00
erik-krogh
ba7321ac5c add qldoc to RegExpCharEscape 2022-12-18 17:23:45 +01:00
erik-krogh
26c5480ee6 share {js,rb}/regex/missing-regexp-anchor 2022-12-18 17:23:41 +01:00
erik-krogh
f67d0bc8c0 put the shared HostnameRegexp code in the shared regex pack 2022-12-17 17:26:18 +01:00
Jami
ff652f7dee Merge branch 'main' into jcogs33/model-top-jdk-apis 2022-12-16 15:32:50 -05:00
Tom Hvitved
e45edcc159 Merge pull request #11674 from hvitved/dataflow/param-context 
Data flow: Track callable in flow-through pruning
 2022-12-16 09:25:15 +01:00
Jami Cogswell
f01ee9e4c2 Java: remove PR-merging comment 2022-12-15 22:56:15 -05:00
Jami
fd63348549 Merge pull request #11585 from jcogs33/jcogs33/mad-metrics-query 
Java: add MaD metrics query
 2022-12-15 19:26:51 -05:00
Tom Hvitved
f8571dd0b6 Data flow: Work around functionality-induced misoptimization 2022-12-15 15:29:14 +01:00
Tom Hvitved
6eda042229 Data flow: Sync files 2022-12-15 15:29:13 +01:00
Michael Nebel
0f038ee93a Java: Remove deprecated ModelCsv classes. 2022-12-15 15:22:44 +01:00
Michael Nebel
a67e02df21 Merge pull request #11691 from michaelnebel/renameextensibles 
C#/Java: Rename externalflow extensible predicates
 2022-12-15 11:05:22 +01:00
Jami Cogswell
46b8fbc4c9 Java: update remaining models, resolve merge conflict 2022-12-15 00:33:06 -05:00
Jami
359e49044f Merge branch 'main' into jcogs33/mad-metrics-query 2022-12-14 15:33:29 -05:00
Anders Schack-Mulligen
598b4c38b7 Merge pull request #11619 from aschackmull/java/typetrack-lambda 
Java: Switch DispatchFlow to typetracking.
 2022-12-14 14:08:29 +01:00
Michael Nebel
b45d079a01 Java: Move and rename externalflow related extensible predicates. 2022-12-14 13:43:34 +01:00
Tom Hvitved
25b2d11368 Merge pull request #11635 from hvitved/dataflow/approx-content 
Data flow: Introduce `ApproxContent` in a new pruning stage between stages 2 and 3
 2022-12-14 12:56:50 +01:00
Tamás Vajk
a6d227d52e Merge pull request #11599 from igfoo/igfoo/diags 
Java/Kotlin: Update the diagnostic severity documentation
 2022-12-14 10:13:30 +01:00
Edward Minnix III
a85de2b5f4 Merge pull request #10865 from egregius313/egregius313/android-activity-alias 
Java: Add library support for activity-alias elements in AndroidManifest.qll
 2022-12-13 11:52:01 -05:00
Jami Cogswell
a33436a39b Java: update hasProvenance 2022-12-13 11:26:23 -05:00
Tom Hvitved
2a28953e41 Java: Implement ContentApprox 2022-12-13 09:53:01 +01:00
Tom Hvitved
0c2eee2a72 Data flow: Sync files 2022-12-13 09:52:55 +01:00
Jami
93d8a03e73 Merge branch 'main' into jcogs33/mad-metrics-query 2022-12-12 20:31:53 -05:00
Jami Cogswell
5113041623 Java: add isParameterless predicate to Constructor class 2022-12-12 13:28:00 -05:00
Erik Krogh Kristensen
636d5e341c Merge pull request #11652 from erik-krogh/static-useInstanceOf 
Java/C#/GO: Use instanceof in more places
 2022-12-12 17:52:04 +01:00
Jami Cogswell
623068c4b9 Java: add hasProvenance predicate, remove isManuallyGenerated and isBothAutoAndManuallyGenerated 2022-12-12 11:23:46 -05:00
Edward Minnix III
0ebfee8b11 Merge pull request #11241 from egregius313/egregius313/webview-file-access 
Java: Query to detect Android Webview file access
 2022-12-12 11:12:26 -05:00
erik-krogh
873d3553cd Merge branch 'main' into static-useInstanceOf 2022-12-12 15:36:54 +01:00
Chris Smowton
77004f3e15 Merge pull request #11258 from smowton/smowton/feature/kotlin-annotation-extraction 
Kotlin: extract annotations
 2022-12-12 09:52:49 +00:00
Michael Nebel
e0f1b38439 Merge pull request #11580 from michaelnebel/renamenegativemodels 
C#/Java: Rename Negative Summary Model to Neutral Model
 2022-12-12 07:59:06 +01:00
erik-krogh
8262fbbfb5 Java/C#/GO: Use instanceof in more places 2022-12-11 18:32:19 +01:00
Jami Cogswell
6854845b75 Java: refactor isManuallyGenerated and isBothAutoAndManuallyGenerated 2022-12-09 18:37:50 -05:00