hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,540 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.8
Commit Graph

4689 Commits

Author SHA1 Message Date
Joe Farebrother
e797d2195c Topologically sort RegexString 2022-05-04 15:41:34 +01:00
Joe Farebrother
bc109521aa Simplify octal handling 2022-05-04 15:41:34 +01:00
Joe Farebrother
9e88c67c19 Add more test cases; make some fixes 2022-05-04 15:41:34 +01:00
Joe Farebrother
aa1337db86 Apply style suggestions from code review 2022-05-04 15:41:34 +01:00
Joe Farebrother
e954db293a Convert snake case predicates to camel case 2022-05-04 15:41:34 +01:00
Joe Farebrother
5b61de67de Implement style/doc suggestions from code review 2022-05-04 15:41:33 +01:00
Joe Farebrother
28649da187 Add parser tests; fix some parser issues. 
[temporarily renamed existing regex/Test.java during rebasing to avoid conflict]
 2022-05-04 15:41:33 +01:00
Joe Farebrother
8e1918216e Add PrintAst support for regex terms 2022-05-04 15:41:33 +01:00
Joe Farebrother
ca422a2186 Use explicit this 2022-05-04 15:41:33 +01:00
Joe Farebrother
f9f7a01f57 Add Java ReDoS libraries to identical-files.json 2022-05-04 15:41:33 +01:00
Joe Farebrother
11e465f2ac Implement remaining syntax differences 2022-05-04 15:41:33 +01:00
Joe Farebrother
7530902ad7 Add approximate support for nested character classes. 
This shouldn't fail to parse on any correctly formed character class; but may give incorrect contents when nested classes are involved.
 2022-05-04 15:41:33 +01:00
Joe Farebrother
d04c99b0be Support quote sequences 2022-05-04 15:41:32 +01:00
Joe Farebrother
59945cd8b3 Add dataflow logic to PolynomialRedDoS 2022-05-04 15:41:30 +01:00
Joe Farebrother
a8f7a4459e Port redos libraries from Python 2022-05-04 15:40:56 +01:00
Tom Hvitved
8e33653d25 Merge pull request #9017 from hvitved/dataflow/subpaths-perf 
Data flow: Speedup `subpaths` predicate
 2022-05-04 16:37:52 +02:00
Tom Hvitved
9cb63c0a5e Data flow: Sync files 2022-05-04 14:49:26 +02:00
Tony Torralba
2d3b15f936 Add more taint models 2022-05-04 12:32:59 +02:00
Tony Torralba
8601137602 Fix bad join order by moving WebViewRef::getAnAccess from callsites into predicates 2022-05-04 11:58:47 +02:00
Tony Torralba
3b1210eacb Update java/ql/lib/semmle/code/java/security/UnsafeAndroidAccess.qll 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-05-04 10:53:31 +02:00
Tony Torralba
49259a6575 Remove everything related to WebView CSV models 
This reverts commit c6c72eb.
 2022-05-04 10:53:31 +02:00
Tony Torralba
dce11f3984 Removed unnecessary imports 2022-05-04 10:53:30 +02:00
Tony Torralba
f5e72e6e33 Remove getUnderlyingExpr 2022-05-04 10:53:30 +02:00
Tony Torralba
7ba5a032ce Add tests and stubs for the new sources and flow steps 2022-05-04 10:53:30 +02:00
Tony Torralba
b678467e9d Move things around 2022-05-04 10:53:30 +02:00
Tony Torralba
d68311e26d Consider implicit this accesses in WebViewRef 2022-05-04 10:53:30 +02:00
Tony Torralba
51dfebf4c9 Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-05-04 10:53:29 +02:00
Tony Torralba
91bdb4299f Improvements to UnsafeAndroidAccess 2022-05-04 10:53:29 +02:00
Tony Torralba
b876431950 Merge pull request #8706 from luchua-bc/java/unsafe-get-resource 
Java: CWE-552 Add sources and sinks to to detect unsafe getResource calls in Java EE applications
 2022-05-04 10:12:28 +02:00
Tom Hvitved
74e99302d6 Address review comments 2022-05-04 09:57:59 +02:00
Tom Hvitved
da72ba46d4 Data flow: Add stub expectsContent for all languages 2022-05-04 09:57:59 +02:00
Tom Hvitved
6e2e8440eb Data flow: Sync files 2022-05-04 09:57:59 +02:00
Tony Torralba
02822c6284 Merge pull request #9013 from atorralba/atorralba/private-externalflow-imports 
Java: Make more ExternalFlow imports private
 2022-05-03 16:02:09 +02:00
Tony Torralba
cf55f180c4 Add change note 2022-05-03 15:46:17 +02:00
Tony Torralba
7b3a803d19 Add flow step from startActivity to getIntent 2022-05-03 15:46:17 +02:00
Tony Torralba
9c92454fa7 Merge pull request #8872 from atorralba/atorralba/android-widget-flowstep 
Java: Add Editable.toString flow step
 2022-05-03 15:27:52 +02:00
Tony Torralba
fbceb8de57 Update java/ql/lib/semmle/code/java/frameworks/OkHttp.qll 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-05-03 14:40:40 +02:00
Tom Hvitved
e9c8f979f9 Data flow: Sync files 2022-05-03 11:46:51 +02:00
Anders Schack-Mulligen
249f771fad Merge pull request #8952 from cklin/fix-ql-comments-syntax 
Fix syntax errors in QL comments
 2022-05-03 11:15:56 +02:00
Tony Torralba
c66e583aea Make more ExternalFlow imports private 2022-05-03 10:31:29 +02:00
Tony Torralba
29b430e49b Make commits private 2022-05-02 16:55:01 +02:00
Anders Schack-Mulligen
86516b157b Merge pull request #8884 from JLLeitschuh/feat/JLL/additional-file-taint-flow 
Java: Add additional `File` taint value flow models
 2022-05-02 16:30:45 +02:00
Tony Torralba
9a35aba465 Add change notes 2022-05-02 15:45:44 +02:00
Tony Torralba
8602a6f6c9 Add models for OkHttp and Retrofit 2022-05-02 15:42:15 +02:00
Jonathan Leitschuh
c8e0d7f847 Summary model for File should include overriden methods 2022-04-29 14:51:26 -04:00
Jorge
37b051a851 Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2022-04-29 14:44:17 +02:00
Tony Torralba
12320aa5d2 Fix Intent Redirection sanitizer 2022-04-29 12:19:49 +02:00
jorgectf
548721a8cf Fix MyBatisInjectionSink 2022-04-28 23:36:51 +02:00
Jorge
193ea1a86e Merge branch 'main' into mybatis-new-sinks 2022-04-28 22:26:38 +02:00
Jorge
50e95b5aad Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2022-04-28 21:56:20 +02:00