hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,246 Commits 1,672 Branches 157 Tags
codeql-cli-2.23.0
Commit Graph

5817 Commits

Author SHA1 Message Date
Joe Farebrother
ed8ec89497 Reword suggestion on using debug flags 2022-09-21 13:57:31 +01:00
Joe Farebrother
44bd038339 Apply docs suggestions from code review 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2022-09-21 13:57:31 +01:00
Joe Farebrother
a6a500ade2 Apply suggestions from code review - doc improvements, simplification 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2022-09-21 13:57:31 +01:00
Joe Farebrother
6014a75e0e Fix qhelp 2022-09-21 13:57:30 +01:00
Joe Farebrother
eed2df0fb3 Fix qhelp & ql-for-ql errors 2022-09-21 13:57:30 +01:00
Joe Farebrother
414e0b20b3 Add change note 2022-09-21 13:57:30 +01:00
Joe Farebrother
f934554143 Add docs + add an additional case 2022-09-21 13:57:29 +01:00
Joe Farebrother
20b2956322 Add webview debugging query 2022-09-21 13:57:28 +01:00
Marcono1234
431aa2cb79 Java: Add CompilationUnit.getATypeAvailableBySimpleName() 
This predicate is mainly helpful for Javadoc queries and for queries which
check whether the name of an element shadows another type.
 2022-09-20 23:15:50 +02:00
Andrew Eisenberg
58e4861b45 Merge branch 'main' into rc/3.7 2022-09-20 12:43:20 -07:00
Tony Torralba
cbb64cc8c1 Merge pull request #10352 from atorralba/atorralba/promote-template-injection 
Java: Promote Server-side template injection from experimental
 2022-09-20 16:11:58 +02:00
Chris Smowton
f826342112 Merge pull request #6246 from Marcono1234/marcono1234/annotation-improvements 
Java: Improve and add predicates and classes for annotations
 2022-09-20 11:48:29 +01:00
erik-krogh
70eced62b6 delete unused predicate that couldn't be imported from outside the folder 2022-09-20 12:40:39 +02:00
Tony Torralba
4af29e6abf Update java/ql/src/Security/CWE/CWE-094/TemplateInjection.qhelp 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-09-20 11:48:40 +02:00
Tony Torralba
4997f36f05 Apply suggestions from code review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-09-20 11:48:18 +02:00
Michael Nebel
eefe457c4b Merge pull request #10238 from michaelnebel/csharp/theoremsforfree 
C#: Theorems for Free - Model generation
 2022-09-20 09:30:10 +02:00
Ed Minnix
e37f62bb5e Android ContentProvider.openFile does not check mode initital commit 
Initial commit for work on a query finding instances where the `mode`
parameter of an override of the `openFile` method of the
`android.content.ContentProvider` class
 2022-09-19 10:32:02 -04:00
Ed Minnix
00891fa455 Android Manifest Incomplete provider permissions initial commit 
Initial work on checking provider elements in Android manifests for
complete permissions.
 2022-09-19 10:31:02 -04:00
Marcono1234
e3c1b96830 Java: Fix incorrect annotation handling for SpringControllerRequestMappingGetMethod 2022-09-16 15:49:16 +01:00
Marcono1234
b96061aa7e Java: Rename Annotation value predicates 2022-09-16 15:49:16 +01:00
Marcono1234
02c8fe9346 Java: Add convenience predicates for AnnotationType 2022-09-16 15:49:16 +01:00
Marcono1234
536f5c7f89 Java: Add Annotation value convenience predicates 2022-09-16 15:49:15 +01:00
github-actions[bot]
67ce442674 Post-release preparation for codeql-cli-2.10.5 2022-09-16 14:23:44 +00:00
Tony Torralba
e140f04881 Merge pull request #10393 from zbazztian/uri-constructor-flow 
Java: Model taint flow for java.net.URI constructors in tainted path queries
 2022-09-16 15:10:40 +02:00
Sebastian Bauersfeld
8c35803749 Add more details to change note. 2022-09-16 16:11:34 +07:00
Anders Schack-Mulligen
726772220c Merge pull request #10191 from smowton/smowton/admin/java-implicit-this-type-tests 
Java: Add test regarding the type of an implicit `this` expression
 2022-09-16 10:58:48 +02:00
Tony Torralba
fdc8453a59 Introduce TaintedPathAdditionalTaintStep 
Use separate configurations for tainted path and tainted path local again.
 2022-09-16 10:42:15 +02:00
Sebastian Bauersfeld
95478f1af6 Address review comments. 2022-09-16 14:35:30 +07:00
Philip Ginsbach
c2bdb69476 remove upper-case variable name 2022-09-15 16:32:16 +01:00
Chris Smowton
88644b6e76 Add change note 2022-09-15 15:35:52 +01:00
Chris Smowton
5a56bb97fc deprecated-call query: notice calls to methods of specialised generic classes 2022-09-15 12:49:12 +01:00
Sebastian Bauersfeld
20d78972f5 Address review comments. 2022-09-15 16:44:36 +07:00
Chris Smowton
b926bc9efa Fix and add test for java/subtle-inherited-call involving inheritence from generic types 2022-09-14 22:17:19 +01:00
Chris Smowton
da04673cb0 Fix query java/internal-representation-exposure regarding generic callees, and add a test 2022-09-14 22:17:19 +01:00
Chris Smowton
c149754c6b Fix java/iterator-remove-failure to handle calls to specialised generic functions 2022-09-14 22:17:19 +01:00
Chris Smowton
3bdccb38b6 Adapt inner-class-could-be-static query now that specialised methods are callable via an implicit this qualifier. 
Previously such a call always targeted the unbound method, so we checked for an inherited method that could be a specialisation thereof; now we expect it should be directly inherited.
 2022-09-14 22:17:19 +01:00
Anders Schack-Mulligen
d713910714 Merge pull request #10334 from aschackmull/java/uniontypeflow 
Java: Implement union type flow and replace ad-hoc variable tracking in dispatch
 2022-09-14 13:34:28 +02:00
Michael Nebel
c5949fad75 C#/Java: Rename to Typed based summary model generation. 2022-09-14 11:06:23 +02:00
Michael Nebel
2d57b7d56a Java: Sync files. 2022-09-14 11:06:23 +02:00
Michael Nebel
13a802e260 Java: Sync files and make adjusting changes. 2022-09-14 11:06:23 +02:00
Tony Torralba
ac46a38b9d Update java/ql/src/Security/CWE/CWE-079/XSS.java 2022-09-13 16:49:20 +02:00
Tony Torralba
2b027709e4 Update XSS qhelp 2022-09-13 16:39:48 +02:00
gx1
1c4488e7c8 Updated vulnerable XSS.java version 2022-09-13 15:58:25 +02:00
Anders Schack-Mulligen
c8b93e0910 Java: Replace uses of deprecated variableTrack. 2022-09-13 13:30:40 +02:00
Sebastian Bauersfeld
f95663cdfb Java: Added change note. 2022-09-13 11:38:15 +07:00
Edward Minnix III
eadb8a3988 Merge pull request #10106 from egregius313/egregius313/android-backup-allowed 
Java: Query to detect Android backup allowed
 2022-09-12 11:14:03 -04:00
Tony Torralba
dd6257c757 Add security-severity 2022-09-12 11:59:01 +02:00
Edward Minnix III
08a17b355e allowBackup documentation updates 
Make error messages and descriptions clearer about application backups not being disabled, rather than focusing on `android:allowBackup` specifically.

Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2022-09-09 09:30:49 -04:00
Edward Minnix III
83c8e22225 Apply suggestions from documentation review 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2022-09-08 15:55:00 -04:00
Tony Torralba
6413de6c20 Add change note 2022-09-08 17:38:26 +02:00