hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,275 Commits 1,671 Branches 157 Tags
tausbn/python-refine-location-of-flask-request-sources
Commit Graph

3153 Commits

Author SHA1 Message Date
Jami Cogswell
eea3e82cca Java: fix 'regex-use' comments 2024-07-25 10:39:03 -04:00
Anders Schack-Mulligen
c693f03462 Merge pull request #17070 from aschackmull/dataflow/pptype-refactor 
Dataflow: Replace `ppReprType` with `DataFlowType.toString`.
 2024-07-25 14:30:08 +02:00
Anders Schack-Mulligen
7a48fe1102 Dataflow: Replace ppReprType with DataFlowType.toString. 2024-07-25 13:08:47 +02:00
Owen Mansel-Chan
5a39610ba7 Merge pull request #17053 from owen-mc/java/fix/regex-use-sink-kind 
Java: Add comments about use of sink kind `regex-use`
 2024-07-24 21:08:52 +01:00
Owen Mansel-Chan
89f958105a Mention regex-use sink kind in QLDoc for regexSinkKindInfo 2024-07-23 21:38:30 +01:00
Salah Baddou
4f80ae2190 Merge branch 'main' into sbaddou/fix 2024-07-23 12:03:13 +01:00
Owen Mansel-Chan
ff8bb2b1f8 Merge pull request #16760 from owen-mc/java/reverse-dns-separate-threat-model-kind 
Java: make a separate threat model kind for reverse DNS sources
 2024-07-23 10:08:52 +01:00
Anders Schack-Mulligen
b5b9c4d931 Update java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll 
Java: Make class private
 2024-07-23 10:07:51 +02:00
Anders Schack-Mulligen
bb86a07a93 Update java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll 
fix typo
 2024-07-23 10:03:07 +02:00
Anders Schack-Mulligen
5912a17ab4 Update java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll 
Autoformat
 2024-07-23 10:01:49 +02:00
Salah Baddou
2ad70cbee2 Move SensitiveLoggerConfig source to extensible format 2024-07-22 17:34:00 +01:00
Jami Cogswell
4790656b79 Java: add TaintInheritingContent for URL synthetic fields 2024-07-20 23:03:32 -04:00
Michael Nebel
2796597d1a Code quality improvements. 2024-07-19 09:36:17 +02:00
Michael Nebel
ca4bd0c606 C#/Java/Go: Neutrals are split into seperate classes. 2024-07-18 16:29:38 +02:00
Owen Mansel-Chan
e2356d9820 Merge pull request #16914 from owen-mc/java/android-app-detection 
Java: Improve Android app detection
 2024-07-16 21:52:43 +01:00
Owen Mansel-Chan
db6cd1877c Accept suggested QLDoc fix 
Co-authored-by: Chris Smowton <smowton@github.com>
 2024-07-16 12:24:42 +01:00
Anders Schack-Mulligen
938f46b888 Java: Remove superfluous clone models. 2024-07-16 11:11:53 +02:00
Anders Schack-Mulligen
12d6875cc4 Java: Replace the MaD Object.clone() models with a non-aliasing value step. 2024-07-16 11:11:50 +02:00
Anders Schack-Mulligen
da5abc8321 Dataflow: Replace MakeSets with QlBuiltins::InternSets. 2024-07-15 13:35:57 +02:00
Owen Mansel-Chan
b7a5252cb0 Refactor inAndroidApplication 2024-07-13 07:35:02 +01:00
Owen Mansel-Chan
8241d0b7ef Update QLDoc for ReverseDnsUserInput 2024-07-08 15:33:39 +01:00
Owen Mansel-Chan
5347770608 Update Android app detection 2024-07-07 00:24:25 +01:00
Owen Mansel-Chan
9c82966022 Move detection of Android app to one place 2024-07-05 23:47:56 +01:00
Tom Hvitved
4ae8720930 SSA: Add BasicBlock.{getNode/1,length/0} to the input signature 2024-07-03 11:32:35 +02:00
Owen Mansel-Chan
91db2b6c9c Make new threat model kind "reverse-dns" 2024-06-24 21:23:46 +01:00
Anders Schack-Mulligen
8c23e21073 Dataflow: Cache compatibleTypes. 2024-06-24 13:35:48 +02:00
Michael Nebel
cd9d58fdc8 Merge pull request #16772 from michaelnebel/java/taintedpermissionthreatmodel 
Java: Opt-in `java/tainted-permissions-check` to threat models.
 2024-06-18 10:54:28 +02:00
Michael Nebel
197cdab43d Merge pull request #16752 from michaelnebel/shared/sourcesinkcallables 
C#/Java: Add some (shared) helper classes for Neutrals, Sources and Sink
 2024-06-17 14:58:27 +02:00
Anders Schack-Mulligen
96b6ddefe0 Merge pull request #16751 from aschackmull/java/sndlevelscope-fix 
Java: Calculate 2nd level scopes for implicit instance accesses.
 2024-06-17 13:10:46 +02:00
Michael Nebel
833b4f90bf Java: Make source and sink callable adapters. 2024-06-17 12:53:08 +02:00
Michael Nebel
327dab69d0 Java: Opt-in the tainted permissions check query to threat models. 2024-06-17 11:02:08 +02:00
Owen Mansel-Chan
7a13c31021 Exclude loopback address from reverse DNS source 2024-06-14 14:05:01 +01:00
Anders Schack-Mulligen
b47831af14 Java: Calculate 2nd level scopes for implicit instance accesses. 2024-06-13 13:57:18 +02:00
Tony Torralba
7336dd1ae5 Merge pull request #16482 from grakshith/rakshith/tune-java-crypto 
Java: Add RSA/ECB/OEAP ciphers to the list of secure algorithms
 2024-06-10 17:27:35 +02:00
Anders Schack-Mulligen
4ec4da4c8c Dataflow/Java: Add support for pretty-printed provenace in tests. Convert one test. 2024-06-07 11:45:13 +02:00
Rakshith Gopalakrishna
65af2556ed fix: remove rsa/ecb/* from getASecureAlgorithmName 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2024-06-04 11:20:05 -07:00
Rakshith Gopala krishna
97f9a882c6 fix: address PR comments 2024-06-04 11:20:05 -07:00
Rakshith Gopala krishna
80bf7cdb52 fix: remove the pkcs1 scheme 2024-06-04 11:20:05 -07:00
Rakshith Gopala krishna
dd223ed704 feat: add rsa/ecb/... variants to the list of secure algorithms 2024-06-04 11:20:05 -07:00
Owen Mansel-Chan
3fb5ad2a0d Cover all params in QLDoc of modelCoverage 2024-06-04 17:06:00 +01:00
Anders Schack-Mulligen
06ce40c687 Merge pull request #16561 from aschackmull/java/typeflow-effectively-private 
Java: Improve dispatch through TypeFlow of effectively private calls.
 2024-05-31 15:11:18 +02:00
Mauro Baluda
bbe888c2b3 Update SpringCsrfProtection.qll 2024-05-30 23:13:08 +02:00
Mauro Baluda
e2479a7ce2 Disable csrf for ServerHttpSecurity 2024-05-30 23:08:57 +02:00
Anders Schack-Mulligen
5a259843bb Dataflow: Switch call context to a set representation. 2024-05-27 11:01:52 +02:00
Anders Schack-Mulligen
bc8ca1af86 Dataflow: Introduce NodeRegions for use in isUnreachableInCall. 2024-05-27 11:01:51 +02:00
Anders Schack-Mulligen
5a7174dcbb Merge pull request #16500 from aschackmull/java/static-field-side-effect 
Java: Add support for flow through side-effects on static fields.
 2024-05-24 09:19:31 +02:00
Anders Schack-Mulligen
4905612905 Merge pull request #16573 from aschackmull/java/dispatch-joinorder 
Java: Fix join-order in viableImplInCallContext.
 2024-05-23 14:48:25 +02:00
Anders Schack-Mulligen
bf3dbc24de Java: Add support for flow through side-effects on static fields. 2024-05-23 12:57:57 +02:00
Anders Schack-Mulligen
4b3e35ed52 Java: Fix join-order in viableImplInCallContext. 2024-05-23 12:49:57 +02:00
Anders Schack-Mulligen
527dafa346 Java: Improve dispatch through TypeFlow of effectively private calls. 2024-05-23 10:50:16 +02:00