hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,275 Commits 1,672 Branches 157 Tags
tausbn/python-refine-location-of-flask-request-sources
Commit Graph

3153 Commits

Author SHA1 Message Date
Tony Torralba
43f4dd8bc4 Consider taint through bitwise operations on PendingIntent flags 2022-11-22 11:39:30 +01:00
Jami
8a73675483 Merge pull request #11070 from jcogs33/java-regex-injection 
Java: Promote regex injection query from experimental
 2022-11-21 15:04:26 -05:00
erik-krogh
64707f4f7b remove redundant assignments 2022-11-21 17:45:05 +01:00
Tony Torralba
e28f1ffe18 Merge pull request #11346 from atorralba/atorralba/java/fix-path-models 
Java: Fix a couple of taint models for `java.nio.file.Path(s)`
 2022-11-21 16:57:00 +01:00
Tony Torralba
57656d0a7e Fix a couple of java.nio.file.Path(s) MaD rows 2022-11-21 15:14:02 +01:00
Tony Torralba
2809c3a77c Handle disabled Maven repositories 2022-11-21 10:11:57 +01:00
Tom Hvitved
99e70e9a50 Data flow: Sync files 2022-11-20 10:19:23 +01:00
erik-krogh
a4e5d752e1 Java: delete old deprecations 2022-11-17 22:12:50 +01:00
Joe Farebrother
d6c5132f39 Merge pull request #10684 from joefarebrother/android-keyboard-cache 
Java: Add query for Sensitive Keyboard Cache
 2022-11-16 15:27:44 +00:00
Tamás Vajk
a3ff83595a Merge pull request #11300 from tamasvajk/kotlin-useless-param-2 
Kotlin: Exclude .kt files from useless parameter query
 2022-11-16 16:22:27 +01:00
Tamas Vajk
48c37a2c0f Exclude .kt files from useless parameter query 2022-11-16 14:51:49 +01:00
erik-krogh
7331363618 Java: convert some block-comments that could be QLDoc to QLDoc 2022-11-16 13:40:15 +01:00
Anders Schack-Mulligen
94bca4399a Merge pull request #11183 from aschackmull/dataflow/groupflow 
Dataflow: Introduce support for src/sink grouping in path results.
 2022-11-16 12:59:01 +01:00
Joe Farebrother
7ae41ff165 Invert the xml logic to be consistent with the dataflow logic 2022-11-16 10:54:14 +00:00
Joe Farebrother
6d465aaf52 Apply code review suggestions 2022-11-16 10:54:14 +00:00
Joe Farebrother
63f715e650 fix implicit this 2022-11-16 10:54:14 +00:00
Joe Farebrother
dd4e1d0ac3 Add tests and fix issues 2022-11-16 10:54:14 +00:00
Joe Farebrother
10a3b3bd14 Cover cases in which input type is set via code 2022-11-16 10:54:14 +00:00
Joe Farebrother
359d703ded More precise layout xml handling 2022-11-16 10:54:13 +00:00
Joe Farebrother
f48b57c95a Apply review suggestions 2022-11-16 10:54:13 +00:00
Joe Farebrother
c085c1f3ad Fix typos 2022-11-16 10:54:13 +00:00
Joe Farebrother
0bce1894ae Remove redundant import 2022-11-16 10:54:13 +00:00
Joe Farebrother
706858e211 Add test cases; fix the regex used 2022-11-16 10:54:13 +00:00
Joe Farebrother
85fe226256 Add sensitive keyboard cache query 2022-11-16 10:54:13 +00:00
erik-krogh
c029048306 port the Java regex/redos queries to use the shared pack 2022-11-14 21:29:41 +01:00
erik-krogh
d5b066636f use namespace in PrintAst.qll to avoid conflict with Top 2022-11-14 21:29:41 +01:00
erik-krogh
b737bdbca0 add a Java implementation of RegexTreeViewSig 2022-11-14 21:29:41 +01:00
erik-krogh
20254dfc08 move existing regex-tree into a module 2022-11-14 21:29:41 +01:00
Ed Minnix
73d6360eee Java: add setAllowFileAccess to CrossOriginAccessMethod in WebView.qll 
Local file access is enabled using the `WebSettings#setAllowFileAccess`
method.
 2022-11-14 15:07:46 -05:00
Ian Lynagh
3afd895d41 Merge pull request #11217 from igfoo/igfoo/kotlin_version_rec 
Java/Kotlin: Write Kotlin version information to the database
 2022-11-14 10:55:46 +00:00
Ed Minnix
30cd447f69 Java: Add class to represent android.webkit.WebView#addJavascriptInterface 2022-11-12 09:40:49 -05:00
Rasmus Wriedt Larsen
ddbcdcb4ba Merge pull request #11160 from RasmusWL/dataflow-consistency-read-store 
DataFlow: Add read/store stepIsLocal consistency checks
 2022-11-11 14:51:45 +01:00
Ian Lynagh
d0dfb4926b Kotlin/Java: Add compilation_info table 2022-11-10 20:29:04 +00:00
Michael Nebel
8c1de5958b Java: Make better QL docs and add some missing 'this'. 2022-11-10 13:57:43 +01:00
Michael Nebel
3b109db2d1 Java: Generalize the support perceiving functional interfaces as functions. 2022-11-10 13:57:42 +01:00
Michael Nebel
bdc569feea Java: Initial implementation of type based model generation. 2022-11-10 13:57:41 +01:00
Michael Nebel
9c6875ec0f Merge pull request #10777 from michaelnebel/csharp/generatedataextensions 
C#: Generate data extension files
 2022-11-10 13:08:31 +01:00
Anders Schack-Mulligen
b3b7711149 Dataflow: Sync. 2022-11-09 14:23:15 +01:00
Anders Schack-Mulligen
ade83b3cfe Dataflow: Introduce support for src/sink grouping in path results. 2022-11-09 14:22:24 +01:00
Jami
cfbaf5e53b Merge pull request #10785 from jcogs33/insuff-key-size-globalflow-keysize 
Java: Promote insufficient key size query from experimental
 2022-11-08 18:05:01 -05:00
Jami Cogswell
13decd38d9 update sink 2022-11-08 15:29:33 -05:00
Jami Cogswell
bada986433 apply review comments 2022-11-08 15:29:33 -05:00
Jami Cogswell
b99a1d2cd9 update sink and tests 2022-11-08 15:29:33 -05:00
Jami Cogswell
695d6f0e4e move files to regexp directory 2022-11-08 15:29:33 -05:00
Jami Cogswell
5402001362 remove original sanitizer 2022-11-08 15:29:33 -05:00
Jami Cogswell
be548c13e1 switch sink to use csv models 2022-11-08 15:29:33 -05:00
Jami Cogswell
5dcd3b2c0f clean up files 2022-11-08 15:29:33 -05:00
Jami Cogswell
32f7348d30 update help file 2022-11-08 15:29:33 -05:00
Jami Cogswell
eb30e8fe9e move Pattern.quote and Pattern.LITERAL models to Regex.qll 2022-11-08 15:29:33 -05:00
Jami Cogswell
81ad10bab5 update sink names 2022-11-08 15:29:33 -05:00