codeql

mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00

Author	SHA1	Message	Date
Anders Schack-Mulligen	6e495ba6e5	Merge pull request #10068 from aschackmull/java/summarizedcallable-split Java: Make synthesized method bodies disjoint from source code.	2022-08-17 14:13:56 +02:00
erik-krogh	14d83ab1b5	make the framework imports in FlowSources.qll private	2022-08-17 13:50:08 +02:00
erik-krogh	b7b80fe176	reintroduce redundant cast in synced file	2022-08-17 13:34:22 +02:00
erik-krogh	ffb65d054e	delete redundant inline casts	2022-08-17 13:34:22 +02:00
erik-krogh	2e44fba67d	add explicit this	2022-08-17 13:33:31 +02:00
Anders Schack-Mulligen	27f76330be	Java: Fix models.	2022-08-17 12:46:09 +02:00
Joe Farebrother	de69827711	Use a full dataflow config rather than local flow	2022-08-17 10:35:48 +01:00
Joe Farebrother	fe5a61bdde	Fix typos in docs and comments	2022-08-17 10:35:48 +01:00
Joe Farebrother	c77b17574a	Use CryptoAlgoSpec rather than hadcoding Cipher.getInstance	2022-08-17 10:35:47 +01:00
Joe Farebrother	41bdd6d4cc	Add RSA without OEAP query and qhelp	2022-08-17 10:35:46 +01:00
Joe Farebrother	7989ba3391	Replace a tainttracking instance with local flow	2022-08-17 10:35:16 +01:00
Joe Farebrother	bf32b5a8fd	Reiview suggestions - add doc comment, reword description, simplify a part	2022-08-17 10:35:15 +01:00
Joe Farebrother	4d0957711b	Reduce FPs from empty arrays	2022-08-17 10:35:14 +01:00
Joe Farebrother	c0a1300955	Improve initializedWthConstants to no longer need a workaround	2022-08-17 10:35:13 +01:00
Joe Farebrother	f8f21c7ee6	Move static init vector query and tests from experimental to main	2022-08-17 10:35:13 +01:00
Jami	dd23d48ad2	Merge pull request #9939 from jcogs33/android-debug-query-inline-tests Java: query to detect android:debuggable attribute enabled	2022-08-16 10:07:13 -04:00
Anders Schack-Mulligen	df40ccd129	Java: Make synthesized method bodies disjoint from source code.	2022-08-16 13:36:39 +02:00
erik-krogh	8e6a36256c	import the non-deprecated NfaUtils in the overly-large-range query	2022-08-16 11:21:43 +02:00
Anders Schack-Mulligen	28e4224ab1	Merge pull request #10023 from aschackmull/java/numbertype-perf Java: Minor perf improvement.	2022-08-16 09:52:55 +02:00
Erik Krogh Kristensen	f106e064fa	Merge pull request #9422 from erik-krogh/refacReDoS Refactorizations of the ReDoS libraries	2022-08-16 09:32:08 +02:00
Jami Cogswell	4986cc8458	update isDebuggable predicate	2022-08-15 15:50:00 -04:00
Jami Cogswell	c010f92811	simplified predicates, removed overridden getFile predicate	2022-08-15 15:50:00 -04:00
Jami Cogswell	6e10fcf519	added predicates in the AndroidManifest library and adjusted tests	2022-08-15 15:50:00 -04:00
Chris Smowton	774e379eb1	Merge pull request #9742 from smehta23/feat/SM/java_partial_path_traversal_vulnerability [JAVA] Partial Path Traversal Vuln Query	2022-08-15 12:56:16 +01:00
Erik Krogh Kristensen	0adb588fe8	Merge pull request #9712 from erik-krogh/badRange JS/RB/PY/Java: add suspicious range query	2022-08-15 13:55:44 +02:00
Chris Smowton	e27d62b0b4	Fix qldoc wording	2022-08-15 12:08:14 +01:00
Anders Schack-Mulligen	a3fb54c9de	Merge pull request #10007 from aschackmull/dataflow/source-node-identity Dataflow: Fix identification of source PathNodes in the presence of source-to-source flow	2022-08-15 10:39:17 +02:00
Chris Smowton	ca4ef6578d	Spelling	2022-08-13 14:37:08 +01:00
Chris Smowton	8bea2a5f6c	Add missing qldoc	2022-08-13 14:20:48 +01:00
Chris Smowton	b62e9dc92c	Convert tests to inline expectations and fix one bug revealed doing so Specifically Apache sshd defines its sensitive api calls on an inherited interface, and they need to be described that way for us to pick them up.	2022-08-13 14:02:05 +01:00
Chris Smowton	ddb0846e06	Split up hardcoded creds queries, ready for conversion to inline expectations	2022-08-13 12:39:16 +01:00
erik-krogh	3a4a3437b5	fix some QL-for-QL warnings	2022-08-12 20:38:50 +02:00
erik-krogh	b54f037424	Merge branch 'main' into refacReDoS	2022-08-12 20:28:30 +02:00
erik-krogh	b9e96fb078	sync changes to other languages	2022-08-12 20:28:12 +02:00
Anders Schack-Mulligen	a3fc463d0a	Java: Minor perf improvement.	2022-08-11 14:21:10 +02:00
Erik Krogh Kristensen	73df8e4c7d	Merge pull request #9832 from erik-krogh/misspellings Fix lots of misspellings	2022-08-11 12:43:26 +02:00
Chris Smowton	e9df675f88	Autoformat ql	2022-08-11 09:55:46 +01:00
Anders Schack-Mulligen	87461fece4	Merge pull request #10006 from aschackmull/java/sensitive-log-dedup Java: Remove SensitiveLoggingQuery results that flow through a source.	2022-08-11 09:26:33 +02:00
Erik Krogh Kristensen	887f6557ed	fix common misspellings throughout github/codeql	2022-08-10 23:21:41 +02:00
Anders Schack-Mulligen	abad133ab5	Dataflow: Fix identification of source PathNodes in the presence of source-to-source flow.	2022-08-10 15:02:56 +02:00
Anders Schack-Mulligen	cbd6d24b9c	Merge pull request #9963 from intrigus-lgtm/java/model-set-properties Model `java.util.Properties.setProperty`	2022-08-10 14:51:00 +02:00
Anders Schack-Mulligen	ecc15a1f95	Java: Remove SensitiveLoggingQuery results that flow through a source.	2022-08-10 14:28:07 +02:00
Tony Torralba	7f5fe85e2e	Merge pull request #9975 from atorralba/atorralba/asynctask-improvs Java: Improve AsyncTask data flow support	2022-08-09 17:10:09 +02:00
Erik Krogh Kristensen	49276b1f38	Merge branch 'main' into refacReDoS	2022-08-09 16:18:46 +02:00
Anders Schack-Mulligen	aa3655678e	Merge pull request #9823 from aschackmull/dataflow/stage-module Dataflow: Replace stage duplication with parameterised modules.	2022-08-08 10:56:32 +02:00
Joe Farebrother	dd83c17144	Use more precise control flow logic	2022-08-05 12:56:21 +01:00
Joe Farebrother	abf894a64c	Fix typos	2022-08-05 12:56:20 +01:00
Joe Farebrother	03c2a0e818	Add missing qldoc	2022-08-05 12:56:20 +01:00
Joe Farebrother	a2245bb858	Fix test	2022-08-05 12:56:19 +01:00
Joe Farebrother	16e16f08dc	Add webview cert validation query	2022-08-05 12:56:18 +01:00

... 39 40 41 42 43 ...

3186 Commits