4305 Commits

Author	SHA1	Message	Date
Anders Schack-Mulligen	fb2d36ddac	Merge pull request #15451 from Marcono1234/marcono1234/java-assignment-doc ... Java: Document which assignment type is covered by which class	2024-02-14 08:59:50 +01:00
Joe Farebrother	2eb93b7a3b	Add unit tests	2024-02-12 13:49:45 +00:00
Joe Farebrother	d8985f9f5b	Move tests for local auth to a folder	2024-02-12 13:49:45 +00:00
Joe Farebrother	c79a3eb6ae	Add query for insecure key generation	2024-02-12 13:49:44 +00:00
Joe Farebrother	75a2b9415c	Merge pull request #15481 from joefarebrother/android-local-auth ... Java: Add query for insecure local authentication	2024-02-12 13:48:53 +00:00
Tony Torralba	cf7091ae5f	Merge branch 'main' into atorralba/java/open-redirect-sanitizer	2024-02-12 10:31:52 +01:00
Joe Farebrother	16aed18821	Address reviews - Elaborate on docs and update severity	2024-02-09 13:53:36 +00:00
Tom Hvitved	1ea7717714	Capture flow: Take overwrites in nested scopes into account	2024-02-09 14:49:23 +01:00
Anders Schack-Mulligen	8fc4fae7d2	Java: Cache interpretElement.	2024-02-09 14:43:36 +01:00
Max Schaefer	93990ec9df	Merge pull request #15486 from github/java/update-mad-decls-after-triage-2024-01-31T11-16-45 ... Java: Update MaD Declarations after Triage	2024-02-09 11:18:17 +00:00
Tony Torralba	4c0d535cc2	Merge pull request #12886 from atorralba/atorralba/java/path-injection-mad-sinks ... Java: Refactor path injection sinks	2024-02-09 10:48:49 +01:00
Max Schaefer	fb109672b3	Address more review feedback.	2024-02-09 09:21:30 +00:00
Tony Torralba	34f74869c8	Java: Add extension point and default sanitizer to Open Redirect query	2024-02-09 09:11:07 +01:00
Max Schaefer	082754a3d8	Remove problematic Kotlin model.	2024-02-07 13:21:59 +00:00
github-actions[bot]	b5139078d0	Post-release preparation for codeql-cli-2.16.2	2024-02-06 19:22:35 +00:00
Max Schaefer	705a377060	Address review comments.	2024-02-06 12:54:29 +00:00
github-actions[bot]	c1b35fbf47	Release preparation for version 2.16.2	2024-02-05 17:58:57 +00:00
Joe Farebrother	525f27173d	Merge pull request #15396 from joefarebrother/android-sensitive-ui-text ... Java: Add query for sensitive data exposed in text fields	2024-02-05 15:47:03 +00:00
Joe Farebrother	71852868ac	Add case for androidx.biometric api	2024-02-02 17:19:20 +00:00
Anders Schack-Mulligen	49b00f3842	Java: Remove two redundant models implied by CharSequence models.	2024-02-02 13:17:26 +01:00
Max Schaefer	ab6cea14c8	Fix missing quotes.	2024-01-31 11:49:25 +00:00
Joe Farebrother	9130603334	Address reviews - use SimpleTypeSanitizer and alter qldoc style	2024-01-31 11:31:25 +00:00
Max Schaefer	6c6f402fa5	Merge branch 'main' into java/update-mad-decls-after-triage-2024-01-31T11-16-45	2024-01-31 11:29:33 +00:00
Max Schaefer	ad8038bade	Update MaD Declarations after Triage	2024-01-31 11:28:10 +00:00
Joe Farebrother	8bd79908a6	Implement local auth query	2024-01-30 16:49:55 +00:00
Tony Torralba	e2bf9ea2eb	Consider File.exists() et al a path-injection sink	2024-01-30 14:51:36 +01:00
Joe Farebrother	94075ef148	Fix FPs - consider flow through fields when determining whether a view is masked, and find more instances of findViewById.	2024-01-29 16:25:38 +00:00
Joe Farebrother	aa78050933	Implement checks for elements hidden by their xml attributes	2024-01-29 16:25:38 +00:00
Joe Farebrother	6081f18089	Add unit tests + make some fixes	2024-01-29 16:25:37 +00:00
Joe Farebrother	8582093e65	Implement checks for parent views being hidden	2024-01-29 16:25:37 +00:00
Joe Farebrother	1b13597d72	Implement checks for calls that may safely mask information	2024-01-29 16:25:37 +00:00
Joe Farebrother	5dd0addfc2	Add sensitive text flow query	2024-01-29 16:25:36 +00:00
Marcono1234	d8fe0f5bb8	Java: Document which assignment type is covered by which class	2024-01-28 19:03:36 +01:00
Edward Minnix III	4602f8933d	Merge pull request #15292 from egregius313/egregius313/java/dataflow/common-sanitizers/uuid-and-date ... Java: Add `java.util.UUID` and `java.util.Date` to the `SimpleTypeSanitizer` class	2024-01-26 13:16:18 -05:00
Joe Farebrother	031bd8bd0c	Merge pull request #15281 from joefarebrother/android-sensitive-ui-notif ... Java: Add query for exposure of sensitive information to android notifiactions	2024-01-26 16:42:55 +00:00
Max Schaefer	73130ec665	Merge pull request #15436 from github/max-schaefer-patch-1 ... Java: Add models for overloads of DatagramPacket constructor	2024-01-26 16:13:11 +00:00
Tony Torralba	b8cb514dc4	Rename the other change note	2024-01-26 12:46:51 +01:00
Tony Torralba	19a6b7858b	Remove reference to PathCreation ... ZipSlip no longer needs to make this exclusion, since PathCreation arguments are no longer path-injection sinks	2024-01-26 12:45:00 +01:00
Tony Torralba	19cb7adb6d	Migrate path injection sinks to MaD ... Deprecate and stop using PathCreation Path creation sinks are now summaries	2024-01-26 12:19:54 +01:00
Tony Torralba	52d7bd93a5	Merge pull request #15420 from github/java/update-mad-decls-after-triage-2024-01-24T10-05-04 ... Java: Update MaD Declarations after Triage	2024-01-26 08:42:49 +01:00
Tony Torralba	d299971086	Fix code review mistake	2024-01-25 17:42:11 +01:00
Max Schaefer	13f0df3588	Add two more models.	2024-01-25 15:00:22 +00:00
Max Schaefer	5235291919	Add models for overloads of DatagramPacket constructor	2024-01-25 14:49:05 +00:00
Stephan Brandauer	1f9a968774	Java: PR discussion	2024-01-25 13:59:47 +01:00
Stephan Brandauer	5d6ee9c0cb	Update java/ql/lib/ext/com.fasterxml.jackson.databind.model.yml ... Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>	2024-01-25 10:00:56 +01:00
Stephan Brandauer	4e63cbc993	Merge branch 'main' into java/update-mad-decls-after-triage-2024-01-24T10-05-04	2024-01-24 14:55:20 +01:00
Stephan Brandauer	d5bcbcddab	Update MaD Declarations after Triage	2024-01-24 11:05:07 +01:00
Ed Minnix	ef884fa721	Change note	2024-01-23 22:35:05 -05:00
github-actions[bot]	d0b74c00fe	Post-release preparation for codeql-cli-2.16.1	2024-01-23 23:02:29 +00:00
github-actions[bot]	7ef611e6dc	Release preparation for version 2.16.1	2024-01-23 19:45:16 +00:00