hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-24 00:16:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
42,496 Commits 1,714 Branches 163 Tags
08a17b355eea7a3236d326ac7aa53bbad82a8716
Commit Graph

6837 Commits

Author SHA1 Message Date
Edward Minnix III
08a17b355e allowBackup documentation updates 
Make error messages and descriptions clearer about application backups not being disabled, rather than focusing on `android:allowBackup` specifically.

Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2022-09-09 09:30:49 -04:00
Edward Minnix III
83c8e22225 Apply suggestions from documentation review 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2022-09-08 15:55:00 -04:00
Ed Minnix
59909751ae Change allowBackup tests to use qlref test format 
Due to some limitations of comments in XML, it is simpler to implement
the `android:allowBackup` tests using the qlref/expectations test format.
 2022-09-08 10:34:17 -04:00
Ed Minnix
e69a8269ad Move CleartextStorage test files into separate dir 
Move the files for the CleartextStorage tests into their own directory
to avoid issues with extraction
 2022-09-08 10:33:05 -04:00
Ed Minnix
09b723fc6d Formatting fixes for allowBackup tests 2022-09-07 13:30:19 -04:00
Ed Minnix
c69a2be976 Moved allowBackup query logic to allowsBackup pred 2022-09-07 12:08:25 -04:00
Ed Minnix
5206c792b0 Additional Unit tests for the allowBackup query 2022-09-07 12:07:48 -04:00
Edward Minnix III
f6c8144eed Update java/ql/src/Security/CWE/CWE-312/AllowBackupAttributeEnabled.ql 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2022-09-07 09:46:36 -04:00
Edward Minnix III
9ddfcf935b Update java/ql/src/change-notes/2022-08-18-android-allowbackup-query.md 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2022-09-07 09:46:16 -04:00
Ed Minnix
dca4cd221a Documentation cleanup for allowBackup query 2022-09-06 14:35:11 -04:00
Ed Minnix
0a83cedeb7 Unit tests for android:allowBackup query 2022-09-06 13:52:43 -04:00
Ed Minnix
6485e73cd3 Added documentation for providesMainIntent pred 2022-08-30 13:00:44 -04:00
Ed Minnix
500a6f3b86 Add check for files which provide the app launcher 
Adds support for filtering which applications include the
`android.intent.action.MAIN` intent.
 2022-08-30 12:54:26 -04:00
Ed Minnix
b5c54f5a3b Add check for android:allowBackup explicitly set 
`android:allowBackup` has a default value of `true`. So we want to flag
any file which explicitly sets it.
 2022-08-30 12:53:12 -04:00
Edward Minnix III
e6a1b1fab9 Rename allowBackup query id 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2022-08-24 15:54:13 -04:00
Ed Minnix
de36372d1c Refactor android:backupAllowed query 
Refactor the query to check for the nonexistence of the
`android:allowBackup` attribute being set to false.

The default value is true, so we need to check for it being explicitly
marked false.
 2022-08-24 15:54:13 -04:00
Ed Minnix
a036639ecd Added change notes 2022-08-24 15:54:13 -04:00
Ed Minnix
dad4a403db Add support for android:allowBackup default value 
The default value of `android:allowBackup` is `true`. Added support for
detecting if the default value is used.
 2022-08-24 15:54:13 -04:00
Ed Minnix
6509426fb3 android:allowBackup query documentation 2022-08-24 15:54:13 -04:00
Ed Minnix
44b0a2b8af Android allowBackup query 2022-08-24 15:54:13 -04:00
Ed Minnix
7d15af6caa Add allowBackup check to AndroidManifest 2022-08-24 15:54:13 -04:00
Ed Minnix
dac64eeca7 Query test files 2022-08-24 15:54:13 -04:00
Jami
b3e88f8234 Merge pull request #9983 from jcogs33/android-implicit-export 
Java: query to detect implicitly exported Android components
 2022-08-24 10:52:50 -04:00
Ian Lynagh
20ac15d549 Merge pull request #10152 from igfoo/igfoo/not-null-exprs 
Kotlin: Remove more not-null expressions
 2022-08-24 12:18:45 +01:00
Ian Lynagh
b5f20e40fc Kotlin: Remove some more not-null-expressions 2022-08-24 11:13:27 +01:00
Ian Lynagh
8fe59e7ebc Kotlin: Remove another not-null-expr 2022-08-24 11:09:31 +01:00
Ian Lynagh
01f27ea331 Kotlin: Remove another not-null-expr 2022-08-24 11:07:10 +01:00
Michael Nebel
c514c8838d Merge pull request #9867 from michaelnebel/csharp/nosummary 
C#: Negative summaries (ie. no flow through)
 2022-08-24 12:06:05 +02:00
Ian Lynagh
940f18f5ae Kotlin: Remove another not-null-expr 2022-08-24 10:59:15 +01:00
Ian Lynagh
44501f5318 Kotlin: Remove another not-null-expr 2022-08-24 10:57:36 +01:00
Ian Lynagh
da7b7ce9f5 Kotlin: Remove some not-null-exprs 2022-08-24 10:55:31 +01:00
Ian Lynagh
623d87aaca Merge pull request #10142 from igfoo/igfoo/not-null-expr 
Kotlin: Remove some more non-null-expressions
 2022-08-24 10:37:37 +01:00
Ian Lynagh
8b4cf295bc Merge pull request #10110 from igfoo/igfoo/compression 
Kotlin: Add support for TRAP compression
 2022-08-24 10:37:20 +01:00
Michael Nebel
a412c955e7 Java: One implementation of the interface has no flow (which seems unsound and contradicting our assumptions on interface 'contracts') - this now yields a negative summary. 2022-08-24 09:58:54 +02:00
Michael Nebel
761ed283b6 C#/Java/Ruby/Swift: Address review comments. 2022-08-24 09:58:54 +02:00
Michael Nebel
2e273f2273 C#: Re-arange the import order, such that CsvValidation follows ExternalFlow directly. 2022-08-24 09:58:54 +02:00
Michael Nebel
30d554503a C#/Java: Fix some QL doc spelling typos. 2022-08-24 09:58:53 +02:00
Michael Nebel
160ae934af C#/Java/Ruby/Swift: Fix typo in QL doc. 2022-08-24 09:58:53 +02:00
Michael Nebel
37976d56bc C#/Java/Go/Swift: Move CsvValidation back into ExternalFlow. 2022-08-24 09:58:53 +02:00
Michael Nebel
581824a9b4 C#/Java/Ruby/Swift: Fix various typos. 2022-08-24 09:58:53 +02:00
Michael Nebel
9f9129d3c9 Java: Introduce column validation for negative summaries. 2022-08-24 09:58:52 +02:00
Michael Nebel
4939439982 Java: Re-factor CSV Validation into standalone module. 2022-08-24 09:58:52 +02:00
Michael Nebel
120fb25702 Java: Sync files and model generator and tests. 2022-08-24 09:58:52 +02:00
Michael Nebel
5255e16816 Java: Sync files and make framework specific code. 2022-08-24 09:58:51 +02:00
Michael Nebel
15c05e201d Java: Re-factor specialized CSV predicates into overrides of the row predicate. 2022-08-24 09:58:46 +02:00
Erik Krogh Kristensen
4df2e5d937 Merge pull request #10096 from erik-krogh/acronyms-part1 
make acronyms camelcase
 2022-08-24 09:33:53 +02:00
Tony Torralba
f0e5ef68c2 Merge pull request #10149 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2022-08-24 09:13:49 +02:00
Tamás Vajk
ecde0abc04 Merge pull request #10091 from tamasvajk/kotlin-data-class 
Kotlin: Identify data classes during extraction
 2022-08-24 08:45:41 +02:00
github-actions[bot]
03faddd7eb Add changed framework coverage reports 2022-08-24 00:18:31 +00:00
Ian Lynagh
910372bfb7 Kotlin: Refactor CallableReferenceHelper 
This removes some non-null-expressions, and also makes the code more
robust and easier to understand.
 2022-08-23 15:24:13 +01:00