hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,531 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.7
Commit Graph

3270 Commits

Author SHA1 Message Date
Tony Torralba
8b65937159 Move ConstantStringExpr to RangeUtils.qll 2023-04-26 12:11:08 +02:00
Jami
cff7f63193 Merge pull request #12838 from jcogs33/jcogs33/add-class-for-callables-interesting-for-modeling 
Java: add class that represents callables that are interesting for MaD models
 2023-04-25 09:28:56 -04:00
Anders Schack-Mulligen
934a455908 Apply suggestions from code review 
Update qldoc.
 2023-04-25 09:35:26 +02:00
Jami Cogswell
85542638d7 Java: refactor CaptureModelsSpecific; resolve conflict for isInTestFile 2023-04-20 16:23:12 -04:00
Jami Cogswell
94f11029ee Java: refactor ExternalApi 2023-04-20 16:19:15 -04:00
Jami Cogswell
2ca8103a7e Java: remove isImplicitlyPublic predicate since not needed for this use-case 2023-04-20 16:19:15 -04:00
Jami Cogswell
5dbd11a584 Java: move veryPublic predicate 2023-04-20 16:19:15 -04:00
Jami Cogswell
9828ad0fc3 Java: add draft of class to represent callables we are interested in modeling 2023-04-20 16:19:15 -04:00
Jami Cogswell
2e76e12316 Java: add class and predicates to approximate an effectively public method 2023-04-20 16:19:15 -04:00
Michael Nebel
656d8d2451 Sync files. 2023-04-20 11:29:51 +02:00
Tony Torralba
f5702f5c69 Address review comment 
Handle more regex cases that cover line breaks
 2023-04-17 09:33:44 +02:00
Tony Torralba
e167d3ce00 Add line break sanitizers 2023-04-17 09:33:44 +02:00
Tony Torralba
f106783c39 SensitiveResultReceiverFlow needs to be public 2023-04-14 09:04:56 +02:00
Ed Minnix
7b56383b52 Make SensitiveResultReceiver modules private 2023-04-13 23:08:46 -04:00
Ed Minnix
0a26916245 Re-Add SensitiveResultReceiverConf as deprecated 2023-04-13 23:06:16 -04:00
Ed Minnix
0fc775027f Fix SensitiveResultReceiver test case 2023-04-13 23:06:16 -04:00
Ed Minnix
3826b9be6c Re-add allowImplicitRead 2023-04-13 23:06:16 -04:00
Ed Minnix
74b71ff7e3 Replace allowImplicitRead with default implementation 2023-04-13 23:06:16 -04:00
Ed Minnix
ea54ea47b1 Deprecate sensitiveResultReceiver 2023-04-13 23:06:16 -04:00
Ed Minnix
cd661f1d9f Refactor SensitiveResultReceiver 2023-04-13 23:06:16 -04:00
Ed Minnix
735a7383c6 Refactor HardcodedCredentialsSourceCall 2023-04-13 23:06:16 -04:00
Michael Nebel
52bc43b22b Merge pull request #12595 from michaelnebel/enhanceprovenance 
Java/C# : Enhance provenance.
 2023-04-13 14:27:53 +02:00
Tony Torralba
4c6df3fdb9 Merge pull request #12813 from atorralba/atorralba/java/sensitive-expr-fix-and-tests 
Java: Add tests for SensitiveActions and fix getCommonSensitiveInfoRegex
 2023-04-13 13:13:37 +02:00
Tony Torralba
d7feaf4098 Merge pull request #12685 from atorralba/atorralba/java/command-injection-mad 
Java: Add command-injection sink kind and refactor command injection queries
 2023-04-13 11:38:14 +02:00
Tony Torralba
485709a133 Fix getCommonSensitiveInfoRegex 2023-04-13 10:33:03 +02:00
Michael Nebel
03482e5e59 Java/C#: Update the internal documentation. 2023-04-13 09:21:05 +02:00
Michael Nebel
54e55e2262 Java: Introduce more provenance values. 2023-04-13 09:21:04 +02:00
Michael Nebel
efc0650b86 Java: Set the provenance default to manual. 2023-04-13 09:21:04 +02:00
Chris Smowton
7eefa43f5a Rename and document viableArgParamSpecific to make clear it is a temporary hook. 2023-04-12 14:33:46 +01:00
Chris Smowton
4d8ca3d759 Add dataflow callback to filter out receiver argument flow to Golang interface dispatch candidates. 
Other langauges stub the callback.
 2023-04-12 14:19:06 +01:00
Edward Minnix III
2b9daed26a Merge pull request #12563 from egregius313/egregius313/refactor-java-libs-to-dataflow-modules 
Java: Refactor Java query libraries to use dataflow modules
 2023-03-31 12:38:14 -04:00
Ed Minnix
800411cd81 More replacing of single-predicate classes to predicate 2023-03-31 10:55:17 -04:00
Ian Lynagh
c1a7d7f825 Merge pull request #12646 from igfoo/igfoo/expanded_args 
Java: Store expanded args in the database
 2023-03-31 15:27:02 +01:00
Ed Minnix
ac218ba08b Replace private classes with one method to predicates 2023-03-30 22:03:05 -04:00
Ed Minnix
03078603bf Reinstate private markers on additional predicates 2023-03-30 11:24:33 -04:00
Ed Minnix
ecbd3be5e9 Remove private marker 
This class is used in the actual query, so it needs to be exposed.
 2023-03-30 11:08:41 -04:00
Ed Minnix
dba5e9e9e2 Updates to imports 
Make some imports private
Remove unnecessary imports
 2023-03-30 11:03:48 -04:00
Edward Minnix III
c7a049a867 Mark things which can be private as private 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2023-03-30 11:00:00 -04:00
Edward Minnix III
8250e4393c Typos and rewording 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2023-03-30 10:59:12 -04:00
Ian Lynagh
81a26f0396 Java: Add expanded arguments 2023-03-30 15:53:34 +01:00
Tony Torralba
3102199a69 Make LocalUserInputToArgumentToExecFlowConfig and LocalUserInputToArgumentToExecFlow importable 2023-03-30 10:24:23 +02:00
Tony Torralba
534725f9eb Add command injection sink kind 2023-03-30 10:17:35 +02:00
Ed Minnix
312508e279 Documentation for IntentUriPermissionManipulationQuery 2023-03-29 22:33:10 -04:00
Ed Minnix
cf7aa2e420 Documentation UnsafeDeserializationQuery 2023-03-29 22:33:10 -04:00
Ed Minnix
1a89c3fa7c Documentation for AndroidSensitiveCommunicationQuery 2023-03-29 22:33:10 -04:00
Ed Minnix
1016b7323f Documentation for ConditionalBypassQuery 2023-03-29 22:33:10 -04:00
Ed Minnix
96cf4f16fa Documentation for ExternalAPIs 2023-03-29 22:33:10 -04:00
Ed Minnix
c7fd216c3c Documentation for RsaWithoutOaepQuery 2023-03-29 22:33:10 -04:00
Ed Minnix
11d72ffc1f Documentation for UnsafeContentUriResolutionQuery 2023-03-29 22:33:10 -04:00
Ed Minnix
59b1460c49 Documentation for UnsafeCertTrustQuery 2023-03-29 22:33:09 -04:00