hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,920 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.2
Commit Graph

4541 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
699630af54 Dataflow: Sync. 2021-10-27 13:57:44 +02:00
Anders Schack-Mulligen
92e4a1ed17 Dataflow: Review fixes. 2021-10-27 13:57:44 +02:00
Anders Schack-Mulligen
034c7f3538 Dataflow: Sync. 2021-10-27 13:57:44 +02:00
Anders Schack-Mulligen
51cebdce83 Dataflow: Add support for call context restrictions on sources/sinks. 2021-10-27 13:57:44 +02:00
Anders Schack-Mulligen
4a67ac5e0b Merge pull request #4991 from JLLeitschuh/feat/JLL/early_ratpack_support 
Java: Simple support for Ratpack HTTP Framework
 2021-10-27 09:25:52 +02:00
Tony Torralba
6f7d0b62d7 Add ExplicitIntentSanitizer and allowIntentExtrasImplicitRead 2021-10-26 17:11:27 +02:00
Joe Farebrother
02b440b0ed Merge pull request #6599 from joefarebrother/android-sensitive-communication 
Java: Promote android sensitive broadcast query
 2021-10-26 13:48:58 +01:00
Anders Schack-Mulligen
ba95d46ec3 Apply suggestions from code review 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2021-10-26 14:04:13 +02:00
Erik Krogh Kristensen
a3c55c2aec use set literal instead of big disjunction of literals 2021-10-26 12:55:25 +02:00
Joe Farebrother
6dac86b9be Fix unneeded import and spelling mistake 2021-10-25 14:11:00 +01:00
Anders Schack-Mulligen
5709365c0f Merge pull request #6921 from igfoo/igfoo/types 
Java: Replace @type with more specific types
 2021-10-25 13:15:12 +02:00
Tony Torralba
1333f67a69 Merge pull request #6917 from JLLeitschuh/feat/JLL/jdk_lambda_collections_model_tracking 
[Java] JDK Collection lambda models
 2021-10-22 10:26:50 +02:00
Joe Farebrother
2d368a7d9a Remove redundant imports from ExternalFlow 2021-10-21 16:48:53 +01:00
Joe Farebrother
a9dde419d2 Fix up test 2021-10-21 16:46:07 +01:00
Ian Lynagh
830f81bfdb Java: Autoformat 2021-10-20 17:45:01 +01:00
Joe Farebrother
3e3503a763 Fix failing checks 2021-10-20 17:25:38 +01:00
Joe Farebrother
447e06d92a Rename from SensitiveBroadcast to SensitiveCommmunication 2021-10-20 17:09:59 +01:00
Joe Farebrother
54e9c49080 Remove SendBroadcastMethodAccess 2021-10-20 17:09:59 +01:00
Joe Farebrother
e02be6cf93 Add additional sinks 2021-10-20 17:09:59 +01:00
Joe Farebrother
e616122982 Rename parameter 2021-10-20 17:09:59 +01:00
Joe Farebrother
fede77a934 Rename some utility methods 2021-10-20 17:09:59 +01:00
Joe Farebrother
069d6627b5 Improve sanitizers 2021-10-20 17:09:59 +01:00
Joe Farebrother
174ac3d6c3 Move to correct directory 2021-10-20 17:09:59 +01:00
Joe Farebrother
4012866c6f Allow arbitrary read steps at the sink 2021-10-20 17:09:57 +01:00
Ian Lynagh
25fcae1c51 Java: Make some types more specific 
Where we used to use RefType, we now use ClassOrInterface.
 2021-10-20 12:18:20 +01:00
Tom Hvitved
0bf5238f39 Update QL doc for allowParameterReturnInSelf 2021-10-20 12:08:58 +02:00
Tom Hvitved
dd138b0429 Address review comments 2021-10-20 12:08:58 +02:00
Tom Hvitved
ec5d8ab2db Java: Restrict use-use flow 2021-10-20 12:08:57 +02:00
Tom Hvitved
a1511e13d8 Data flow: Sync files 2021-10-20 12:08:57 +02:00
Jonathan Leitschuh
d4b18fe6a3 [Java] JDK Collection lambda models 
Adds support for data flow tracking through simple JDK collection
functional APIs.
 - `Iterable::forEach`
 - `Iterator::forEachRemaining`
 - `Map::forEach`

Replaces #5871

Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
 2021-10-19 15:57:58 -04:00
Ian Lynagh
90299033d1 Java: Replace @type with more specific types 2021-10-19 20:23:53 +01:00
Jonathan Leitschuh
8231907116 Ratpack code cleanup from code review 2021-10-19 11:42:35 -04:00
haby0
283376eb19 Modify the model 2021-10-19 12:49:08 +01:00
haby0
d0eec1e381 Add CWE-552-UnsafeUrlForward 2021-10-19 12:49:07 +01:00
Chris Smowton
d46b897492 Add explicit this 2021-10-19 11:32:24 +01:00
Chris Smowton
beaa1cffd2 Make import private 2021-10-19 11:28:56 +01:00
Chris Smowton
3bf9abb4ce Avoid ambiguous term 'successor'. 2021-10-19 11:28:56 +01:00
Chris Smowton
0d66cebfba Autoformat 2021-10-19 11:28:56 +01:00
Chris Smowton
3c25301593 Extend documentation 2021-10-19 11:28:55 +01:00
Chris Smowton
d0d17e3b84 Make import private 2021-10-19 11:28:55 +01:00
Chris Smowton
b71920209e Factor out string prefix logic 2021-10-19 11:28:54 +01:00
Anders Schack-Mulligen
90a50e7ca9 Java: Fix bad join-order. 2021-10-19 10:55:52 +02:00
Anders Schack-Mulligen
6508afe824 Merge pull request #6900 from Marcono1234/marcono1234/MemberRefExpr-receiver-type 
Java: Add `MemberRefExpr.getReceiverType()`
 2021-10-19 10:49:15 +02:00
Jonathan Leitschuh
db2892b9ea Resove taint tracking issues from asMultimap 
Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
 2021-10-18 14:30:46 -04:00
Jonathan Leitschuh
5a2bdc9a0f Jackson taint tracking of elements 
Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
 2021-10-18 12:21:11 -04:00
Jonathan Leitschuh
8fecc158ff Add support for Map.forEach 
Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
 2021-10-18 12:21:11 -04:00
Jonathan Leitschuh
ebbbda70c0 Ratpack tests all passing 
Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
 2021-10-18 12:21:11 -04:00
Jonathan Leitschuh
fe374f5e9c Ratpack: Add support for Promise::apply 
Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
 2021-10-18 12:21:10 -04:00
Jonathan Leitschuh
6562ac3680 Ratpack conversion to new lambda model 
Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
 2021-10-18 12:21:10 -04:00
Jonathan Leitschuh
4f90f0a748 Begin refactoring Ratpack to use functional taint tracking 
Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
 2021-10-18 12:21:10 -04:00