hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
81,475 Commits 1,672 Branches 157 Tags
js/move-cors-query-from-experimental
Commit Graph

5747 Commits

Author SHA1 Message Date
erik-krogh
39ffa558f1 make a few more queries consistent with the other languages 2022-10-02 22:38:25 +02:00
erik-krogh
2f673efc67 autoformat 2022-10-01 13:21:20 +02:00
erik-krogh
129cda00db get a few more queries in sync with other languages 2022-10-01 11:17:48 +02:00
erik-krogh
acfcc4bfe2 update two more queries to better follow the style-guide 2022-10-01 10:59:59 +02:00
erik-krogh
7d643e41f3 Merge branch 'main' into java-followMsg 2022-10-01 10:48:06 +02:00
Tony Torralba
585cbe2b95 Fix cartesian product 2022-09-30 10:47:22 +02:00
Ed Minnix
2a2878fc7b Move text into paragraph tag 2022-09-29 16:33:22 -04:00
Ed Minnix
e3c0e6f52a Remove location link from alert message 
Follow the style suggestion from the github-code-scanning bot and remove
provider element from alert link
 2022-09-29 16:20:48 -04:00
Ed Minnix
f2bda1525a Revert "Android ContentProvider.openFile does not check mode initital commit" 
This reverts commit e37f62bb5e.

The MisconfiguedContentProviderUse.ql file provided a sample query which
will be useful in future checks for CVE-2021-41166, but is not needed
for the current manifest-focused check
 2022-09-29 14:43:18 -04:00
Ed Minnix
e72963986f Moved Android manifest incomplete permission logic into library 2022-09-29 14:06:18 -04:00
Ed Minnix
dedd29e1b3 Incomplete Android content provider permissions documentation 2022-09-29 14:05:18 -04:00
Anders Schack-Mulligen
b48b5d45ef Merge pull request #10498 from Marcono1234/marcono1234/compilation-unit-simple-name-type 
Java: Add `CompilationUnit.getATypeInScope()`
 2022-09-28 13:18:29 +02:00
Joe Farebrother
6cb26d5129 Merge pull request #10241 from joefarebrother/android-webview-dubugging 
Java: Add query for WebView debugging enabled
 2022-09-28 10:50:51 +01:00
Tony Torralba
be9509ceb9 Merge pull request #9199 from luchua-bc/java/unsafe-url-forward-dispatch-load 
Java: CWE-552 Query to detect unsafe resource loading in Java Spring applications
 2022-09-27 15:27:51 +02:00
Tony Torralba
7ff82bbed3 Update java/ql/src/experimental/Security/CWE/CWE-552/UnsafeUrlForward.qll 2022-09-27 13:26:21 +02:00
Joe Farebrother
af41f2b903 Remove 'here'. 2022-09-26 13:36:14 +01:00
erik-krogh
46b5bf32f9 update alert-messsages of java queries 2022-09-26 12:15:25 +02:00
Marcono1234
c40b6285a2 Java: Adjust ImpossibleJavadocThrows.ql 2022-09-26 12:08:43 +02:00
Marcono1234
fd99ae78b3 Java: Rename predicate to getATypeInScope 2022-09-25 14:44:16 +02:00
github-actions[bot]
6cef0af5df Post-release preparation for codeql-cli-2.11.0 2022-09-23 21:01:40 +00:00
luchua-bc
8effbff817 Remove unused code and update qldoc 2022-09-23 12:43:39 +00:00
luchua-bc
e33d786745 Add test cases and reduce FPs 2022-09-23 12:31:16 +00:00
luchua-bc
251f67dcf3 Use the new CSV model 2022-09-23 12:31:16 +00:00
luchua-bc
b3572747f0 Simplify test case and minor update to the query 2022-09-23 12:31:15 +00:00
luchua-bc
311c9e4719 Query to detect unsafe resource loading in Java Spring applications 2022-09-23 12:31:15 +00:00
github-actions[bot]
f5cf8cffa3 Release preparation for version 2.11.0 2022-09-22 20:14:12 +00:00
Dave Bartolomeo
cee0e8e137 Merge pull request #10532 from github/henrymercer/3.7-mergeback 
Final mergeback from `rc/3.7`
 2022-09-22 13:42:59 -04:00
Erik Krogh Kristensen
6e6880bbe4 Merge pull request #10486 from erik-krogh/java-unqueryable 
Java: Delete some unused code
 2022-09-22 14:21:39 +02:00
Henry Mercer
f8f99af8b7 Bump the minor version of packs we regularly release 2022-09-22 12:14:19 +01:00
Joe Farebrother
2414239e50 Fix qhelp formatting 2022-09-21 16:36:20 +01:00
Joe Farebrother
ed8ec89497 Reword suggestion on using debug flags 2022-09-21 13:57:31 +01:00
Joe Farebrother
44bd038339 Apply docs suggestions from code review 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2022-09-21 13:57:31 +01:00
Joe Farebrother
a6a500ade2 Apply suggestions from code review - doc improvements, simplification 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2022-09-21 13:57:31 +01:00
Joe Farebrother
6014a75e0e Fix qhelp 2022-09-21 13:57:30 +01:00
Joe Farebrother
eed2df0fb3 Fix qhelp & ql-for-ql errors 2022-09-21 13:57:30 +01:00
Joe Farebrother
414e0b20b3 Add change note 2022-09-21 13:57:30 +01:00
Joe Farebrother
f934554143 Add docs + add an additional case 2022-09-21 13:57:29 +01:00
Joe Farebrother
20b2956322 Add webview debugging query 2022-09-21 13:57:28 +01:00
Marcono1234
431aa2cb79 Java: Add CompilationUnit.getATypeAvailableBySimpleName() 
This predicate is mainly helpful for Javadoc queries and for queries which
check whether the name of an element shadows another type.
 2022-09-20 23:15:50 +02:00
Andrew Eisenberg
58e4861b45 Merge branch 'main' into rc/3.7 2022-09-20 12:43:20 -07:00
Tony Torralba
cbb64cc8c1 Merge pull request #10352 from atorralba/atorralba/promote-template-injection 
Java: Promote Server-side template injection from experimental
 2022-09-20 16:11:58 +02:00
Chris Smowton
f826342112 Merge pull request #6246 from Marcono1234/marcono1234/annotation-improvements 
Java: Improve and add predicates and classes for annotations
 2022-09-20 11:48:29 +01:00
erik-krogh
70eced62b6 delete unused predicate that couldn't be imported from outside the folder 2022-09-20 12:40:39 +02:00
Tony Torralba
4af29e6abf Update java/ql/src/Security/CWE/CWE-094/TemplateInjection.qhelp 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-09-20 11:48:40 +02:00
Tony Torralba
4997f36f05 Apply suggestions from code review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-09-20 11:48:18 +02:00
Michael Nebel
eefe457c4b Merge pull request #10238 from michaelnebel/csharp/theoremsforfree 
C#: Theorems for Free - Model generation
 2022-09-20 09:30:10 +02:00
Ed Minnix
e37f62bb5e Android ContentProvider.openFile does not check mode initital commit 
Initial commit for work on a query finding instances where the `mode`
parameter of an override of the `openFile` method of the
`android.content.ContentProvider` class
 2022-09-19 10:32:02 -04:00
Ed Minnix
00891fa455 Android Manifest Incomplete provider permissions initial commit 
Initial work on checking provider elements in Android manifests for
complete permissions.
 2022-09-19 10:31:02 -04:00
Marcono1234
e3c1b96830 Java: Fix incorrect annotation handling for SpringControllerRequestMappingGetMethod 2022-09-16 15:49:16 +01:00
Marcono1234
b96061aa7e Java: Rename Annotation value predicates 2022-09-16 15:49:16 +01:00