hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-26 05:36:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,334 Commits 1,673 Branches 157 Tags
ginsbach/OverlayLocalJava
Commit Graph

11714 Commits

Author SHA1 Message Date
Sebastian Bauersfeld
36b5e5f61a Java: Add change notes. 2022-08-25 17:58:24 +07:00
Sebastian Bauersfeld
a486a89cee Java: Taint flow through org.springframework.data.repository.CrudRepository.save(). 2022-08-25 17:58:24 +07:00
Erik Krogh Kristensen
ba1ad00d2a Merge pull request #10062 from erik-krogh/redosPrefix 
JS: use the shared regular expression libraries in `js/case-sensitive-middleware-path`
 2022-08-25 12:57:16 +02:00
erik-krogh
c7aa58252a change "does not seem to check" to "does not check" in unchecked-cast-in-equals queries 2022-08-25 12:31:58 +02:00
Ian Lynagh
bf6d9f8c23 Merge pull request #10161 from igfoo/igfoo/exec 
Make a load of files non-executable
 2022-08-25 10:05:39 +01:00
Tamas Vajk
15305fd9bb Kotlin: Fix iterator extraction of IntArray, BooleanArray, ... 2022-08-25 11:05:17 +02:00
Tamas Vajk
7196fdd475 Kotlin: fix array iterator extraction to work outside of for loops 2022-08-25 09:23:34 +02:00
Tamas Vajk
af2614be84 Kotlin: Add array iterator tests 2022-08-25 09:17:50 +02:00
Edward Minnix III
e6a1b1fab9 Rename allowBackup query id 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2022-08-24 15:54:13 -04:00
Ed Minnix
de36372d1c Refactor android:backupAllowed query 
Refactor the query to check for the nonexistence of the
`android:allowBackup` attribute being set to false.

The default value is true, so we need to check for it being explicitly
marked false.
 2022-08-24 15:54:13 -04:00
Ed Minnix
a036639ecd Added change notes 2022-08-24 15:54:13 -04:00
Ed Minnix
dad4a403db Add support for android:allowBackup default value 
The default value of `android:allowBackup` is `true`. Added support for
detecting if the default value is used.
 2022-08-24 15:54:13 -04:00
Ed Minnix
6509426fb3 android:allowBackup query documentation 2022-08-24 15:54:13 -04:00
Ed Minnix
44b0a2b8af Android allowBackup query 2022-08-24 15:54:13 -04:00
Ed Minnix
7d15af6caa Add allowBackup check to AndroidManifest 2022-08-24 15:54:13 -04:00
Ed Minnix
dac64eeca7 Query test files 2022-08-24 15:54:13 -04:00
Ian Lynagh
3fcfd32eb1 Make *.ql non-executable 2022-08-24 16:55:11 +01:00
Ian Lynagh
237b3670b4 Make *.xml non-executable 2022-08-24 16:53:48 +01:00
Ian Lynagh
bb73767042 Make *.java non-executable 2022-08-24 16:38:03 +01:00
Ian Lynagh
5f8d8cdf40 Make *.dbscheme non-executable 2022-08-24 16:37:26 +01:00
Ian Lynagh
501a9b3c6b Make *.qll non-executable 2022-08-24 16:36:15 +01:00
Jami
b3e88f8234 Merge pull request #9983 from jcogs33/android-implicit-export 
Java: query to detect implicitly exported Android components
 2022-08-24 10:52:50 -04:00
erik-krogh
1c0f2251e2 Merge branch 'main' into msgConsis 2022-08-24 14:38:57 +02:00
Michael Nebel
c514c8838d Merge pull request #9867 from michaelnebel/csharp/nosummary 
C#: Negative summaries (ie. no flow through)
 2022-08-24 12:06:05 +02:00
Ian Lynagh
8b4cf295bc Merge pull request #10110 from igfoo/igfoo/compression 
Kotlin: Add support for TRAP compression
 2022-08-24 10:37:20 +01:00
Michael Nebel
a412c955e7 Java: One implementation of the interface has no flow (which seems unsound and contradicting our assumptions on interface 'contracts') - this now yields a negative summary. 2022-08-24 09:58:54 +02:00
Michael Nebel
761ed283b6 C#/Java/Ruby/Swift: Address review comments. 2022-08-24 09:58:54 +02:00
Michael Nebel
2e273f2273 C#: Re-arange the import order, such that CsvValidation follows ExternalFlow directly. 2022-08-24 09:58:54 +02:00
Michael Nebel
30d554503a C#/Java: Fix some QL doc spelling typos. 2022-08-24 09:58:53 +02:00
Michael Nebel
160ae934af C#/Java/Ruby/Swift: Fix typo in QL doc. 2022-08-24 09:58:53 +02:00
Michael Nebel
37976d56bc C#/Java/Go/Swift: Move CsvValidation back into ExternalFlow. 2022-08-24 09:58:53 +02:00
Michael Nebel
581824a9b4 C#/Java/Ruby/Swift: Fix various typos. 2022-08-24 09:58:53 +02:00
Michael Nebel
9f9129d3c9 Java: Introduce column validation for negative summaries. 2022-08-24 09:58:52 +02:00
Michael Nebel
4939439982 Java: Re-factor CSV Validation into standalone module. 2022-08-24 09:58:52 +02:00
Michael Nebel
120fb25702 Java: Sync files and model generator and tests. 2022-08-24 09:58:52 +02:00
Michael Nebel
5255e16816 Java: Sync files and make framework specific code. 2022-08-24 09:58:51 +02:00
Michael Nebel
15c05e201d Java: Re-factor specialized CSV predicates into overrides of the row predicate. 2022-08-24 09:58:46 +02:00
Anders Schack-Mulligen
92f2976399 Java: Improve unification check for wildcards with lower bounds. 2022-08-24 09:50:13 +02:00
Anders Schack-Mulligen
f248c6a11e Java: Improve unification check for bounded types. 2022-08-24 09:50:13 +02:00
Anders Schack-Mulligen
6b01f02df6 Java: Deduplicate unification code as a parameterised module. 2022-08-24 09:50:13 +02:00
Erik Krogh Kristensen
4df2e5d937 Merge pull request #10096 from erik-krogh/acronyms-part1 
make acronyms camelcase
 2022-08-24 09:33:53 +02:00
erik-krogh
27fcc90a97 Merge branch 'main' into msgConsis 2022-08-24 09:21:43 +02:00
Tamás Vajk
ecde0abc04 Merge pull request #10091 from tamasvajk/kotlin-data-class 
Kotlin: Identify data classes during extraction
 2022-08-24 08:45:41 +02:00
erik-krogh
a50234adb0 apply suggestion from review 2022-08-23 15:41:37 +02:00
Tony Torralba
22558e573d Add change note 2022-08-23 14:19:00 +02:00
Tony Torralba
7070c4a2d2 Add summaries for ContentResolver and adjacent classes 2022-08-23 14:12:35 +02:00
erik-krogh
5e3cb08ed2 rename stateInPumpableRegexp to stateInRelevantRegexp 2022-08-23 12:40:45 +02:00
erik-krogh
1a7d3ee831 update expected output after changing queries 2022-08-23 12:35:32 +02:00
Chris Smowton
0a7350f3bf Merge pull request #10041 from smowton/AddSensitiveApiCalls 
Java: support more libraries in hardcoded-credentials queries
 2022-08-23 10:51:04 +01:00
Tony Torralba
085c12a51f Merge pull request #10116 from atorralba/atorralba/static-init-vector-fix 
Java: Improve Static Initialization Vector query
 2022-08-23 11:38:41 +02:00