hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
31,844 Commits 1,671 Branches 157 Tags
henrymercer/codeql-worse-v0.0.6
Commit Graph

4381 Commits

Author SHA1 Message Date
yoff
a77a6ec864 Merge pull request #7684 from erik-krogh/patches 
small refactorizations across CodeQL
 2022-01-21 15:04:14 +01:00
Tony Torralba
1eaa379bb7 Merge pull request #7681 from atorralba/atorralba/improve-android-implicit-intents-query 
Java: Improvements to the Android query Use of implicit PendingIntents
 2022-01-21 13:46:17 +01:00
Tony Torralba
c7e1df5689 Update java/ql/src/Security/CWE/CWE-927/ImplicitPendingIntents.qhelp 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2022-01-21 11:57:11 +01:00
Erik Krogh Kristensen
a235f8f023 remove redundant inline type casts 2022-01-21 11:46:33 +01:00
Erik Krogh Kristensen
f500bccbe4 add explicit this to member call 2022-01-21 11:46:33 +01:00
Erik Krogh Kristensen
ddfc3bc00f use set literals instead of big disjunctions 2022-01-21 11:46:33 +01:00
Benjamin Muskalla
830c2dc90a Merge pull request #7603 from bmuskalla/commonsIoModel 
Java: Replace Commons IO model
 2022-01-21 11:42:27 +01:00
Tony Torralba
3f6e035016 Docs improvements 2022-01-21 11:37:02 +01:00
Tony Torralba
d22632ef78 Fix recursion in entrypointFieldStep 
When using local taint tracking to define a RemoteFlowSource, a recursion was created because entrypointFieldStep adds new RemoteFlowSources and was a local taint step. This is fixed by converting entrypointFieldStep into a defaultAdditionalTaintStep instead of a localAdditionalTaintStep, i.e. it will only affect global taint tracking from now on.
 2022-01-21 10:48:13 +01:00
Tony Torralba
6fe0b78978 Remove PendingIntentAsField step and add SliceProviderLifecycle step 2022-01-20 16:52:07 +01:00
Anders Schack-Mulligen
fede7dd238 Merge pull request #7676 from aschackmull/java/instanceaccessnode 
Java: Add data flow node encapsulating instance accesses.
 2022-01-20 15:40:21 +01:00
Erik Krogh Kristensen
a77b2b0209 Merge pull request #7668 from erik-krogh/simplify-casts 
simplify expressions that could be type-casts
 2022-01-20 15:20:18 +01:00
Tony Torralba
caab1c3332 Merge pull request #6963 from atorralba/atorralba/android-onactivityresult-source 
Android: Add the Intent parameter of the `onActivityResult` method as a source
 2022-01-20 14:27:30 +01:00
Anders Schack-Mulligen
43da5aabbe Java: Add dataflow node encapsulating instance accesses. 2022-01-20 14:12:33 +01:00
Tony Torralba
62f847a82e Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2022-01-20 13:44:10 +01:00
Tony Torralba
3957ebe880 Fix bitwiseLocalTaintStep 2022-01-20 13:34:32 +01:00
Tony Torralba
265f8a3b19 Make bitwise taintsteps specific for this query 2022-01-20 13:23:56 +01:00
Tony Torralba
4e9849e19d Refactor IntentFlagsOrDataCheckedGuard to avoid footgun 2022-01-20 13:23:55 +01:00
Tony Torralba
62c21918b2 Add QLDoc to guard and sanitizer 2022-01-20 13:23:54 +01:00
Tony Torralba
58a0bcd70f Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-01-20 13:23:53 +01:00
Tony Torralba
8767d2db23 Don't capitalize the term content provider 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-01-20 13:23:52 +01:00
Tony Torralba
596cfd399e Improve description 2022-01-20 13:23:52 +01:00
Tony Torralba
ab560234e3 Update java/change-notes/2021-10-27-android-intent-uri-permission-manipulation-query.md 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-01-20 13:23:51 +01:00
Tony Torralba
3405db31b8 Add qhelp 2022-01-20 13:23:51 +01:00
Tony Torralba
6152c8a989 Add change note 2022-01-20 13:23:48 +01:00
Tony Torralba
e1d30ebc09 Added severity 
Removed duplicated code
 2022-01-20 13:23:15 +01:00
Tony Torralba
ec8ffeed07 Add Intent URI Permission Manipulation query 2022-01-20 13:23:14 +01:00
Tony Torralba
c09b6691e1 Merge pull request #6171 from atorralba/atorralba/promote-unsafe-certificate-trust 
Java: Promote Unsafe certificate trust query from experimental
 2022-01-20 12:07:03 +01:00
Anders Schack-Mulligen
f154530141 Merge pull request #7662 from JLLeitschuh/patch-2 
Fix typo in FileWritable
 2022-01-20 11:13:59 +01:00
Benjamin Muskalla
8217873bae Align files with new naming pattern 2022-01-20 11:02:53 +01:00
Anders Schack-Mulligen
4aa2661dc1 Merge pull request #7634 from bmuskalla/refactorLangModel 
Refactor Apache Commons Lang model
 2022-01-20 11:01:25 +01:00
Benjamin Muskalla
4cac35adad Regnerate model to capture char[] APIs 2022-01-20 10:59:28 +01:00
Benjamin Muskalla
857c2778a6 Added missing model for ReadableByteChannel 
This reveals more models for commons io
 2022-01-20 10:59:28 +01:00
Benjamin Muskalla
b20b3ab480 Regenrate model to replace manual models 2022-01-20 10:59:27 +01:00
Benjamin Muskalla
93f6fde63c Keep not-yet-covered models 2022-01-20 10:59:27 +01:00
Benjamin Muskalla
d07997699f Introduce generated model for Commons IO 2022-01-20 10:59:24 +01:00
Erik Krogh Kristensen
4e8e3a7420 simplify expressions that could be type-casts 2022-01-20 10:41:35 +01:00
Jonathan Leitschuh
23548c50e1 Fix typo in FileWritable 2022-01-19 16:14:38 -05:00
Tony Torralba
695e77a219 Simplify isSslSocket predicate 2022-01-19 17:01:28 +01:00
Tony Torralba
e442e50e6b Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2022-01-19 16:43:48 +01:00
Tony Torralba
101ad777e3 Move things around after rebase 2022-01-19 16:43:48 +01:00
Tony Torralba
03020582af Apply suggestions from code review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-01-19 16:43:47 +01:00
Tony Torralba
9ffc5ab183 Update java/ql/src/semmle/code/java/security/UnsafeCertTrustQuery.qll 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2022-01-19 16:43:47 +01:00
Tony Torralba
c16181dd2f QLDocs 2022-01-19 16:43:46 +01:00
Tony Torralba
000a544729 Decouple UnsafeCertTrust.qll to reuse the taint tracking configuration 2022-01-19 16:43:43 +01:00
Tony Torralba
1e2a956a30 Remove unused stub 2022-01-19 16:43:02 +01:00
Tony Torralba
d9e98ceacc Consider setSslContextFactory and fix tests 2022-01-19 16:43:01 +01:00
Tony Torralba
4d207101e2 Fix QLDoc 2022-01-19 16:43:00 +01:00
Tony Torralba
999acb0021 Improve qhelp references 2022-01-19 16:43:00 +01:00
Tony Torralba
e9712f04a4 Add missing QLDoc 2022-01-19 16:42:59 +01:00