hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,347 Commits 1,672 Branches 157 Tags
hmac-cli-injection-from-library-inputs
Commit Graph

4613 Commits

Author SHA1 Message Date
Artem Smotrakov
dcf251bb93 Fixed typos in IgnoredHostnameVerification.qhelp 2022-01-16 18:27:49 +00:00
Fosstars
2b33265d0f Added a query for ignored hostname verification 
- Added IgnoredHostnameVerification.ql
- Added a qhelp file with examples
- Added tests
 2022-01-16 18:27:49 +00:00
Artem Smotrakov
f78002bc02 Fixed a false-positive in CWE-297/IgnoredHostnameVerification.ql 2022-01-16 18:25:18 +00:00
Fosstars
e11cb943a6 Added a query for ignored hostname verification 
- Added IgnoredHostnameVerification.ql
- Added a qhelp file with examples
- Added tests
 2022-01-16 18:25:18 +00:00
luchua-bc
4797fce48a Update use cases and qldoc 2022-01-16 01:15:29 +00:00
luchua-bc
978ef1570a Update method names 2022-01-16 01:11:25 +00:00
Andrew Eisenberg
fbb5d7196f Merge branch 'main' into post-release-prep/codeql-cli-2.7.5 2022-01-14 08:23:43 -08:00
Tony Torralba
a2c98baf29 Reordering 2022-01-14 17:17:57 +01:00
Tony Torralba
eb1806c0a9 Split PathMatchGuard into three guards 2022-01-14 17:14:18 +01:00
Ian Lynagh
22dc24629f Fix a couple of typos: clases / clasess 2022-01-14 14:28:29 +00:00
Tony Torralba
fb1287d577 Use dominance instead of getParent 
Add clarification comments to PathMatchGuard
 2022-01-14 15:28:02 +01:00
Tony Torralba
136fefbab5 Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-01-14 13:38:17 +01:00
luchua-bc
877c52981f Remove the deprecated library keyword 2022-01-14 12:13:41 +00:00
Tony Torralba
cde7a35c1f QLDoc 2022-01-14 13:12:30 +01:00
Tony Torralba
6aac848015 Fix imports 2022-01-14 12:43:08 +01:00
Tony Torralba
9f616e7cbe Refactor to use FlowState 
Remove the auxiliary DataFlow configuration
 2022-01-14 12:24:35 +01:00
Benjamin Muskalla
a4429d01a3 Add tests for writer models 2022-01-14 11:12:35 +01:00
Benjamin Muskalla
37ca6a5e41 Model Appenable and Writer 
This allows us to track taint carried through all kind of writers.
 2022-01-14 11:12:35 +01:00
Tony Torralba
df95317a58 Fix tests after stub change 2022-01-14 10:33:21 +01:00
Tony Torralba
6f06be9419 Update change note 2022-01-14 10:33:19 +01:00
Tony Torralba
bd4abf4fd0 Additional Notification models 2022-01-14 10:32:38 +01:00
Tony Torralba
a9757fbc83 Setting null Components is not a sanitizer 2022-01-14 10:32:37 +01:00
Tony Torralba
a59a4024a5 Update stubs 2022-01-14 10:32:36 +01:00
Tony Torralba
66794665f3 Remove unneeded implicit read step 2022-01-14 10:32:36 +01:00
Tony Torralba
a0a914466c Rewording 2022-01-14 10:32:33 +01:00
Tony Torralba
9c12c5f8b8 Remove duplicated models 2022-01-14 10:32:01 +01:00
Tony Torralba
f963887c58 Change test to avoid collision with SensitiveCommunication.ql 2022-01-14 10:32:01 +01:00
Tony Torralba
48acff9262 Remove unneeded code 2022-01-14 10:32:00 +01:00
Tony Torralba
9e3594fcf1 Added more sinks 2022-01-14 10:32:00 +01:00
Tony Torralba
1e3e48132c Rewording 2022-01-14 10:31:59 +01:00
Tony Torralba
47c851efaf Consider more startService methods 2022-01-14 10:31:59 +01:00
Tony Torralba
12059a8a50 Update models to use synthetic fields 2022-01-14 10:31:58 +01:00
Tony Torralba
d49e52fb73 Add support for PendingIntents in Notifications 2022-01-14 10:31:58 +01:00
Tony Torralba
c73e4ebc48 Remove models after rebase 2022-01-14 10:31:58 +01:00
Tony Torralba
7f85dae63b Add support for implicit field read flows 2022-01-14 10:31:57 +01:00
Tony Torralba
e58a8587db Add support for Slices 2022-01-14 10:31:56 +01:00
Tony Torralba
d43242d09e Added tests 2022-01-14 10:31:56 +01:00
Tony Torralba
d0077b8c12 Added query ImplicitPendingIntents 2022-01-14 10:31:53 +01:00
Tony Torralba
8f73772955 Merge pull request #7595 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2022-01-14 09:32:13 +01:00
Anders Schack-Mulligen
0b24af901d Merge pull request #7349 from aschackmull/dataflow/state 
Dataflow: Add support for flow state
 2022-01-14 09:12:38 +01:00
github-actions[bot]
685336fa23 Add changed framework coverage reports 2022-01-14 00:10:33 +00:00
Andrew Eisenberg
4ffd8c62ac Merge pull request #7579 from github/aeisenberg/changenote-upgrades-removal 
Changenotes: Add changenotes for upgrades refactoring
 2022-01-13 09:09:06 -08:00
Owen Mansel-Chan
83a25698bb Allow adding inputs and outputs needing reference 2022-01-13 15:09:17 +00:00
Tony Torralba
b6886b8e43 Move code to qll file 2022-01-13 15:28:57 +01:00
Tony Torralba
81feaaec02 Refactor PathMatchGuard 2022-01-13 15:24:41 +01:00
Anders Schack-Mulligen
c44cf29992 Merge pull request #7587 from owen-mc/add-default-taint-sanitizer-guard 
Dataflow: Add default taint sanitizer guard
 2022-01-13 14:44:55 +01:00
Tony Torralba
cd9a485c47 Refactor NullOrEmptyCheckGuard 2022-01-13 14:44:08 +01:00
Anders Schack-Mulligen
61490e74d8 Merge pull request #7561 from aschackmull/java/misc-perf 
Java: A few perf fixes for getASupertype*().
 2022-01-13 14:43:28 +01:00
Anders Schack-Mulligen
f7cf327e71 Dataflow: Sync 2022-01-13 13:28:43 +01:00
Anders Schack-Mulligen
a34c981209 Dataflow: Address comments. 2022-01-13 13:28:24 +01:00