hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-22 18:03:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
86,066 Commits 1,693 Branches 161 Tags
main
Commit Graph

12845 Commits

Author SHA1 Message Date
smehta23
781a2a73d3 Merge branch 'main' into feat/SM/java_partial_path_traversal_vulnerability 2022-07-12 01:48:12 -04:00
Raul Garcia
d5791e2d56 Addressing feedback from the PR 2022-07-11 15:45:15 -07:00
Raul Garcia
ac05577966 Making various changes based on the feedback. Pending: 2 non-trivial fixes for Java & Python. 2022-07-11 13:25:35 -07:00
Ian Lynagh
28a8999b74 Java: Add an upgrade script 2022-07-11 12:09:48 +01:00
Ian Lynagh
aa07600f5a Java: Update stats 2022-07-11 12:09:48 +01:00
Chris Smowton
74641ccfee Simplify test for no-arg constructor 2022-07-11 11:01:19 +01:00
Raul Garcia
01da877d0e Moving the new query to experimental. It was added to the wrong folder initially. 2022-07-06 14:07:14 -07:00
Raul Garcia
f5c6b45014 Update UnsafeUsageOfClientSideEncryptionVersion.qhelp 2022-07-05 13:58:11 -07:00
Raul Garcia
e43e5810cf New queries to detect unsafe client side encryption in Azure Storage 2022-07-01 17:08:35 -07:00
Shyam Mehta
39f885413f Change log 2022-07-01 11:34:56 -04:00
Ian Lynagh
1730ec22d9 Kotlin: Extract an ErrorType if we fail to correctly extract a type 2022-07-01 16:33:43 +01:00
smehta23
391dd5b38d Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversalGood.java 
Co-authored-by: Jonathan Leitschuh <jonathan.leitschuh@gmail.com>
 2022-07-01 10:55:58 -04:00
smehta23
ebe48ec30a Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.qhelp 
Co-authored-by: Jonathan Leitschuh <jonathan.leitschuh@gmail.com>
 2022-07-01 10:53:43 -04:00
smehta23
48e16e52b5 Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.qhelp 
Co-authored-by: Jonathan Leitschuh <jonathan.leitschuh@gmail.com>
 2022-07-01 10:52:41 -04:00
Shyam Mehta
1a41d4c379 Add CVE number 2022-07-01 10:51:33 -04:00
Chris Smowton
b499ba5aa8 Kotlin: don't extract private setters of external classes 
Previously these would get extracted unlike other private methods even if the class was a standard library or other external class. This could cause inconsistencies because if we also compiled the class from source we could end up deciding different names for the property's setter: setXyz$private when seen from source, and setXyz without a
suffix when seen as an external .class file. Avoiding extracting these functions from the external perspective both restores consistency with other kinds of method and avoids these consistency problems.
 2022-07-01 15:44:17 +01:00
Shyam Mehta
300a14c35c Add ESAPI reference 2022-07-01 10:43:59 -04:00
smehta23
209a21655a Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversalGood.java 
Co-authored-by: Jonathan Leitschuh <jonathan.leitschuh@gmail.com>
 2022-07-01 10:40:38 -04:00
smehta23
c6f2f61bfb Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversalBad.java 
Co-authored-by: Jonathan Leitschuh <jonathan.leitschuh@gmail.com>
 2022-07-01 10:39:46 -04:00
Chris Smowton
4c6a9772af Merge pull request #9768 from smowton/smowton/fix/internal-method-name-mangling 
Kotlin: Mangle names of internal functions to match JVM symbols
 2022-07-01 14:33:32 +01:00
Chris Smowton
14aef792e0 Accept test changes 2022-07-01 10:35:17 +01:00
Chris Smowton
b9eec13466 Accept integration test changes 2022-06-30 22:21:04 +01:00
Chris Smowton
dd93062101 Kotlin: Mangle names of internal functions to match JVM symbols 2022-06-30 21:56:25 +01:00
Chris Smowton
570e418b22 Fix ordering PrintAst nodes 2022-06-30 16:07:32 +01:00
Chris Smowton
ec95cbace4 PrintAst: Tie-break multiple class members created at the same source location 
Otherwise Kotlin introducing a getter, setter and field declaration based on the same property tied in the sort order, and so could be output in different orders on different machines.
 2022-06-30 15:29:56 +01:00
Chris Smowton
0d0d240fd4 Accept test changes re: new compiler-generated nodes 2022-06-30 15:29:20 +01:00
Chris Smowton
8214c3b78e Add AST dump for JvmStatic annotation test 2022-06-30 13:11:43 +01:00
Chris Smowton
5a47e1dd95 Annotate generated static proxy methods as compiler-generated 2022-06-30 12:48:11 +01:00
Chris Smowton
466cf7573b Autoformat 2022-06-30 12:42:39 +01:00
Chris Smowton
b4124ac553 Add test 2022-06-30 12:42:39 +01:00
Chris Smowton
ab52a020fa Add test 2022-06-30 10:22:56 +01:00
Shyam Mehta
16814071df Fix typo in .qhelp 2022-06-29 18:03:57 -04:00
Shyam Mehta
7ab8f0262c Fix duplicate class header and better fix using toPath() 2022-06-29 18:01:12 -04:00
Shyam Mehta
955e614563 Add documentation of the Partial Path Traversal vuln 2022-06-29 17:31:04 -04:00
Andrew Eisenberg
fbeecd6c08 Merge pull request #9744 from github/aeisenberg/move-contextual-queries 2022-06-29 11:44:33 -07:00
Andrew Eisenberg
ddf06f8617 Add change notes and qldoc for moved files 2022-06-29 10:03:12 -07:00
Andrew Eisenberg
a3f4d1bf66 Move contextual queries from src to lib 
With this change, users are now able to run View AST command in
vscode within vscode workspaces that do not include the core libraries.
The relevant core library only needs to be installed in the package
cache.
 2022-06-29 07:51:26 -07:00
Erik Krogh Kristensen
9ecc3a2671 filter out potential misparses from java/suspicious-regexp-range 2022-06-29 13:16:40 +02:00
Jeroen Ketema
55e052af26 Merge pull request #9686 from aschackmull/dataflow/no-node-scan 
Dataflow performance: Avoid node scans
 2022-06-29 10:38:56 +02:00
Tony Torralba
12fa6967dc Merge pull request #8669 from joefarebrother/intent-verification 
Java: Add query for Improper Verification of Intent by Broadcast Receiver (CWE-925)
 2022-06-29 09:43:07 +02:00
Tony Torralba
741b2a923a Merge pull request #9207 from joefarebrother/android-external-storage 
Java: Add sources for Android external storage
 2022-06-29 09:34:51 +02:00
Shyam Mehta
b5ca2c3d9d Add additional tests from real world query run 2022-06-28 17:32:20 -04:00
Shyam Mehta
7122f29296 Finish Partial Path Traversal Query 2022-06-28 15:02:06 -04:00
Shyam Mehta
4c7d476280 [JAVA] Partial Path Traversal Vuln Query 2022-06-28 13:52:41 -04:00
Ian Lynagh
b6790ef735 Merge pull request #9725 from igfoo/igfoo/inline 
Kotlin: Extract inlineability of functions
 2022-06-28 10:21:30 +01:00
Tony Torralba
e0b4c63a53 Add new source kind to CsvValidation 2022-06-28 10:16:40 +02:00
Joe Farebrother
49b419c52e Update models to include manual tag 2022-06-28 10:10:28 +02:00
Joe Farebrother
55e78e3e25 Minor doc fixes + making directFileRead private 2022-06-28 10:10:28 +02:00
Joe Farebrother
a41f28ebe5 Use more file openning methods 2022-06-28 10:10:28 +02:00
Joe Farebrother
58fba20689 Add change note 2022-06-28 10:10:28 +02:00