codeql

mirror of https://github.com/github/codeql.git synced 2026-02-23 18:33:42 +01:00

Author	SHA1	Message	Date
Tony Torralba	101ad777e3	Move things around after rebase	2022-01-19 16:43:48 +01:00
Tony Torralba	03020582af	Apply suggestions from code review Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>	2022-01-19 16:43:47 +01:00
Tony Torralba	9ffc5ab183	Update java/ql/src/semmle/code/java/security/UnsafeCertTrustQuery.qll Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>	2022-01-19 16:43:47 +01:00
Tony Torralba	c16181dd2f	QLDocs	2022-01-19 16:43:46 +01:00
Tony Torralba	000a544729	Decouple UnsafeCertTrust.qll to reuse the taint tracking configuration	2022-01-19 16:43:43 +01:00
Tony Torralba	1e2a956a30	Remove unused stub	2022-01-19 16:43:02 +01:00
Tony Torralba	d9e98ceacc	Consider setSslContextFactory and fix tests	2022-01-19 16:43:01 +01:00
Tony Torralba	4d207101e2	Fix QLDoc	2022-01-19 16:43:00 +01:00
Tony Torralba	999acb0021	Improve qhelp references	2022-01-19 16:43:00 +01:00
Tony Torralba	e9712f04a4	Add missing QLDoc	2022-01-19 16:42:59 +01:00
Tony Torralba	698fd64f7f	Adjust test after rebase	2022-01-19 16:42:59 +01:00
Tony Torralba	68fe3dd9f4	Fix conflicts in experimental query	2022-01-19 16:42:58 +01:00
Tony Torralba	c24520cb75	Adjust qhelp after rebase	2022-01-19 16:42:58 +01:00
Tony Torralba	5997b874de	Add change note	2022-01-19 16:42:53 +01:00
Tony Torralba	9e93aecf75	Add spurious test case	2022-01-19 16:42:06 +01:00
Tony Torralba	19d1a780ca	Generalize sanitizer using local flow	2022-01-19 16:42:05 +01:00
Tony Torralba	64518bf91a	Handle a specific pass-by-reference flow issue	2022-01-19 16:42:04 +01:00
Tony Torralba	4508945f85	Fix assumption regarding when an SSLSocket does the TLS handhsake	2022-01-19 16:42:03 +01:00
Tony Torralba	e842acf9e0	Improve qhelp	2022-01-19 16:42:03 +01:00
Tony Torralba	5d4cd70f8c	Adjusted sources and sanitizer of UnsafeCertTrust taint tracking config	2022-01-19 16:42:02 +01:00
Tony Torralba	e43fff2d30	Use InlineExpectationsTest	2022-01-19 16:42:02 +01:00
Tony Torralba	02d0fa9188	Minor changes in QLDocs and a sanitizer's type	2022-01-19 16:42:01 +01:00
Tony Torralba	4313baf622	Big refactor: - Move classes and predicates to appropriate libraries - Overhaul the endpoint identification algorithm logic to use taint tracking - Adapt tests	2022-01-19 16:42:00 +01:00
Tony Torralba	e0f4c73aed	Move from experimental	2022-01-19 16:42:00 +01:00
Chris Smowton	162b3822dd	Merge pull request #7613 from github/smowton/admin/tag-random-used-once Remove security-severity tag to java/random-used-once	2022-01-19 14:43:08 +00:00
Chris Smowton	c63fcb2c69	Add change note	2022-01-19 14:13:45 +00:00
Chris Smowton	f0645a34b9	Remove security-severity tag instead This leaves the Java query in the same state as its C# cousin.	2022-01-19 14:06:40 +00:00
github-actions[bot]	f7240be136	Add changed framework coverage reports	2022-01-19 00:09:52 +00:00
Chris Smowton	84097468cc	Merge pull request #7286 from luchua-bc/java/unsafe-url-forward-dispatch Java: CWE-552 Query to detect unsafe request dispatcher usage	2022-01-18 18:19:20 +00:00
Chris Smowton	1e32514600	Avoid using `this` for a non-extending supertype, and remove needless casts	2022-01-18 17:20:40 +00:00
Chris Smowton	d744cf9053	Clean up guard logic: * Always sanitize after the second guard, not the first * Only check basic-block dominance in one place * One BarrierGuard extension per final guard	2022-01-18 17:10:06 +00:00
Chris Smowton	748008ad51	Remove dangling reference to UnsafeRequestPath.java	2022-01-18 17:08:38 +00:00
luchua-bc	a3d65a8ed0	Update recommendation in qldoc and make examples more comprehendible	2022-01-18 17:01:26 +00:00
Tony Torralba	b16b0270d2	Merge pull request #6779 from atorralba/atorralba/android-implicit-pending-intents Java: CWE-927 - Query to detect the use of implicit PendingIntents	2022-01-18 12:14:47 +01:00
Chris Smowton	9819752bdd	Merge pull request #7526 from smowton/smowton/fix/restore-nodes-edges-consistency Don't include arg -> param edges in PathGraph::edges where arg is not reachable	2022-01-18 11:05:47 +00:00
Benjamin Muskalla	7e215a5193	Merge pull request #7599 from bmuskalla/modelWriter Java: Model Appenable and Writer	2022-01-18 11:55:27 +01:00
Tony Torralba	f103d45340	Merge branch 'main' into atorralba/android-implicit-pending-intents	2022-01-18 10:50:49 +01:00
Tony Torralba	3ff7710a18	Improve ExplicitIntent's QLDoc	2022-01-18 10:43:52 +01:00
Tony Torralba	fe2755c4a0	Apply suggestions from code review Co-authored-by: Chris Smowton <smowton@github.com>	2022-01-18 10:41:19 +01:00
Benjamin Muskalla	365a8d9bbd	Fix flow for fluent appendable api	2022-01-18 10:41:00 +01:00
Benjamin Muskalla	8e6a15640f	Model basic channel APIs	2022-01-18 10:40:39 +01:00
Anders Schack-Mulligen	fff3b5c5b4	Dataflow: Add qldoc.	2022-01-18 10:39:55 +01:00
Anders Schack-Mulligen	aa9912a699	Java: Fix expected output	2022-01-18 10:36:52 +01:00
Anders Schack-Mulligen	71e39353ca	Dataflow: Sync.	2022-01-18 10:36:52 +01:00
Anders Schack-Mulligen	b22c4e3c56	Dataflow: Bugfix: include subpaths ending at a sink.	2022-01-18 10:34:14 +01:00
Anders Schack-Mulligen	dfa79f6119	Dataflow: Sync.	2022-01-18 10:30:09 +01:00
Anders Schack-Mulligen	46736a137c	Dataflow: Don't include subpaths that can't reach a sink.	2022-01-18 10:30:09 +01:00
Chris Smowton	2c37885f6e	Sync dataflow	2022-01-18 10:30:09 +01:00
Chris Smowton	7c9b44b4cb	Don't include arg -> param edges in `PathGraph::edges` whose arg is not reachable This avoids lots of missing-node warnings from `codeql bqrs interpret` as it discards the nodes that occur in the `edges` relation but not `nodes`. The problem arises because subpaths introduced two variants of `reach`, one of which is more restrictive than simply `reach(succ) and succ = pred.getASuccessor()`, so it no longer suffices to just check that the successor is reachable.	2022-01-18 10:30:09 +01:00
github-actions[bot]	b8959f7bdb	Add changed framework coverage reports	2022-01-18 00:10:52 +00:00

1 2 3 4 5 ...

4321 Commits