hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,275 Commits 1,672 Branches 157 Tags
tausbn/python-refine-location-of-flask-request-sources
Commit Graph

3153 Commits

Author SHA1 Message Date
Marcono1234
37b18914ac Java: Add annotation tests 2022-09-16 15:49:16 +01:00
Marcono1234
8c9bdeb3be Java: Address Annotation review comments and add change note 2022-09-16 15:49:16 +01:00
Marcono1234
659a3a7925 Java: Deprecate RetentionAnnotation.getRetentionPolicyExpression() 2022-09-16 15:49:16 +01:00
Marcono1234
90a9364b00 Java: Rename Annotation.getAnArrayValue with index 
As mentioned by smowton during review, the predicate only has a single result
due to being restricted by the index and therefore its name should not start
with "getA...".

Also remove deprecated `getAValue(string, int)` because it never existed on
the `main` branch.
 2022-09-16 15:49:16 +01:00
Marcono1234
4ef2d156c4 Java: Deprecate error-prone and rarely used annotation predicates 2022-09-16 15:49:16 +01:00
Marcono1234
998aa95eae Java: Add convenience array value Annotation predicates 2022-09-16 15:49:16 +01:00
Marcono1234
47e38952d1 Java: Improve Annotation.getAnAssociatedAnnotation 
As suggested by smowton during review.
 2022-09-16 15:49:16 +01:00
Marcono1234
fd5fdd89d9 Java: Rename Annotation.getAValue predicates for array values 
Predicate name could lead to confusion with non-array predicate getAValue()
 2022-09-16 15:49:16 +01:00
Marcono1234
b96061aa7e Java: Rename Annotation value predicates 2022-09-16 15:49:16 +01:00
Marcono1234
c226758889 Java: Add classes and predicates for @Repeatable 2022-09-16 15:49:16 +01:00
Marcono1234
02c8fe9346 Java: Add convenience predicates for AnnotationType 2022-09-16 15:49:16 +01:00
Marcono1234
f69b6eef7a Java: Clarify that Annotatable predicates consider inherited annotations 
Additionally changes `hasAnnotation()` to consider inherited annotations
for consistency.
 2022-09-16 15:49:16 +01:00
Marcono1234
afb7462052 Java: Clarify that Annotation value predicates have default value as result 2022-09-16 15:49:15 +01:00
Marcono1234
536f5c7f89 Java: Add Annotation value convenience predicates 2022-09-16 15:49:15 +01:00
Tony Torralba
3141fdae72 Address review comments re: flow states 2022-09-16 14:48:30 +02:00
Anders Schack-Mulligen
e6d4e87458 Merge pull request #10416 from aschackmull/java/dispatch-confidence 
Java: Remove low confidence dispatch for which we have a manual summary.
 2022-09-16 13:36:04 +02:00
Tony Torralba
df5178d7ee Merge pull request #10330 from atorralba/atorralba/implicit-pendingintents-compat-sinks 
Java: Add Implicit PendingIntents sinks for Compat classes
 2022-09-15 14:39:19 +02:00
Tony Torralba
714b37e77b Merge pull request #10318 from atorralba/atorralba/notificationcompat-steps 
Java: Add summaries for NotificationCompat and its inner classes
 2022-09-15 14:38:39 +02:00
Anders Schack-Mulligen
a4ae9a09f9 Java: Use MaD summaries for java.util.Hashtable. 2022-09-15 13:55:44 +02:00
Ian Lynagh
b3b1efb1a1 Merge pull request #10414 from igfoo/igfoo/getQualifiedName 
Java: Tweak Member.getQualifiedName()
 2022-09-14 13:30:22 +01:00
Anders Schack-Mulligen
ba3ebeec2c Java: Remove low confidence dispatch for which we have a manual summary. 2022-09-14 13:39:31 +02:00
Anders Schack-Mulligen
d713910714 Merge pull request #10334 from aschackmull/java/uniontypeflow 
Java: Implement union type flow and replace ad-hoc variable tracking in dispatch
 2022-09-14 13:34:28 +02:00
Ian Lynagh
d735b9e6f2 Java: Format QL 2022-09-14 11:56:13 +01:00
Anders Schack-Mulligen
83e7bf71d7 Java: Adjust qldoc. 2022-09-14 10:16:09 +02:00
erik-krogh
252394666c sync files 2022-09-13 20:44:05 +02:00
Ian Lynagh
6a63b86f8a Java: Member.getQualifiedName() tweaked 
It now includes the qualified name of the declaring type.
 2022-09-13 16:05:51 +01:00
Ian Lynagh
fc445736b2 Java: Use hasQualifiedName rather than getQualifiedName in ExternalAPIs 
It's more efficient, as it doesn't require building intermediate
strings.
 2022-09-13 15:58:00 +01:00
Anders Schack-Mulligen
d0f7052de2 Java: Support instanceof disjunction in union type flow. 2022-09-13 13:30:40 +02:00
Anders Schack-Mulligen
686e03e1cc Java: Fix perf issue. 2022-09-13 13:30:40 +02:00
Anders Schack-Mulligen
c8b93e0910 Java: Replace uses of deprecated variableTrack. 2022-09-13 13:30:40 +02:00
Anders Schack-Mulligen
a8eedce8ab Java: Replace ad-hoc variable tracking with union type flow in dispatch. 2022-09-13 13:30:40 +02:00
Anders Schack-Mulligen
6f06267892 Java: Implement union type flow. 2022-09-13 13:30:40 +02:00
Anders Schack-Mulligen
7692a9e2e7 Java: Minor TypeFlow tweaks. 2022-09-13 13:30:40 +02:00
Tony Torralba
f412f433bf Add thymeleaf steps 2022-09-12 17:52:38 +02:00
Edward Minnix III
eadb8a3988 Merge pull request #10106 from egregius313/egregius313/android-backup-allowed 
Java: Query to detect Android backup allowed
 2022-09-12 11:14:03 -04:00
Erik Krogh Kristensen
818601b612 Merge pull request #10285 from erik-krogh/paramClass 
ReDoS: convert RelevantState to a class in the PrefixConstruction module
 2022-09-12 15:23:19 +02:00
Tony Torralba
79a32f1a3e Tainting the freemarker dataModel isn't exploitable 2022-09-12 14:22:06 +02:00
Tony Torralba
409a123490 Tainting the velocity context isn't exploitable 2022-09-12 11:38:29 +02:00
Tony Torralba
d748fb5648 Fix bad models, add tests for those 2022-09-09 10:08:52 +02:00
Tony Torralba
fb13e7f307 Docs changes 2022-09-08 17:38:25 +02:00
Tony Torralba
b68e6669b8 Refactor TemplateInjection libraries 2022-09-08 17:38:25 +02:00
Tony Torralba
7db1eb98f5 Sync files 2022-09-08 17:32:03 +02:00
Tony Torralba
1b87167d96 Add implicit reads for FlowState sinks and steps 2022-09-08 17:26:59 +02:00
Michael Nebel
e265b07a93 Merge pull request #10127 from michaelnebel/csharp/clearscontent 
C#: Replace clears content with CSV summaries.
 2022-09-08 09:26:08 +02:00
Ed Minnix
c69a2be976 Moved allowBackup query logic to allowsBackup pred 2022-09-07 12:08:25 -04:00
Tony Torralba
cd61bd0606 Move files from experimental 2022-09-07 13:13:40 +02:00
Tamás Vajk
3410dd589d Merge pull request #9783 from tamasvajk/feature/kotlin-stdlib-mad 
Kotlin: Add MaD for stdlib
 2022-09-07 12:57:23 +02:00
Tony Torralba
8e0b4892ee Add Implicit PendingIntents sinks for Compat classes 2022-09-07 11:04:22 +02:00
Ed Minnix
dca4cd221a Documentation cleanup for allowBackup query 2022-09-06 14:35:11 -04:00
Tony Torralba
ff731f1d83 Merge pull request #10138 from atorralba/atorralba/contentresolver-summaries 
Java: Add summaries for ContentResolver and adjacent classes
 2022-09-06 16:28:28 +02:00