codeql

mirror of https://github.com/github/codeql.git synced 2026-05-05 13:45:19 +02:00

Author	SHA1	Message	Date
Tony Torralba	101ad777e3	Move things around after rebase	2022-01-19 16:43:48 +01:00
Tony Torralba	000a544729	Decouple UnsafeCertTrust.qll to reuse the taint tracking configuration	2022-01-19 16:43:43 +01:00
Tony Torralba	d9e98ceacc	Consider setSslContextFactory and fix tests	2022-01-19 16:43:01 +01:00
Tony Torralba	4d207101e2	Fix QLDoc	2022-01-19 16:43:00 +01:00
Tony Torralba	19d1a780ca	Generalize sanitizer using local flow	2022-01-19 16:42:05 +01:00
Tony Torralba	64518bf91a	Handle a specific pass-by-reference flow issue	2022-01-19 16:42:04 +01:00
Tony Torralba	4508945f85	Fix assumption regarding when an SSLSocket does the TLS handhsake	2022-01-19 16:42:03 +01:00
Tony Torralba	5d4cd70f8c	Adjusted sources and sanitizer of UnsafeCertTrust taint tracking config	2022-01-19 16:42:02 +01:00
Tony Torralba	e43fff2d30	Use InlineExpectationsTest	2022-01-19 16:42:02 +01:00
Tony Torralba	02d0fa9188	Minor changes in QLDocs and a sanitizer's type	2022-01-19 16:42:01 +01:00
Tony Torralba	4313baf622	Big refactor: - Move classes and predicates to appropriate libraries - Overhaul the endpoint identification algorithm logic to use taint tracking - Adapt tests	2022-01-19 16:42:00 +01:00
Chris Smowton	84097468cc	Merge pull request #7286 from luchua-bc/java/unsafe-url-forward-dispatch Java: CWE-552 Query to detect unsafe request dispatcher usage	2022-01-18 18:19:20 +00:00
Tony Torralba	b16b0270d2	Merge pull request #6779 from atorralba/atorralba/android-implicit-pending-intents Java: CWE-927 - Query to detect the use of implicit PendingIntents	2022-01-18 12:14:47 +01:00
Chris Smowton	9819752bdd	Merge pull request #7526 from smowton/smowton/fix/restore-nodes-edges-consistency Don't include arg -> param edges in PathGraph::edges where arg is not reachable	2022-01-18 11:05:47 +00:00
Benjamin Muskalla	7e215a5193	Merge pull request #7599 from bmuskalla/modelWriter Java: Model Appenable and Writer	2022-01-18 11:55:27 +01:00
Tony Torralba	f103d45340	Merge branch 'main' into atorralba/android-implicit-pending-intents	2022-01-18 10:50:49 +01:00
Tony Torralba	3ff7710a18	Improve ExplicitIntent's QLDoc	2022-01-18 10:43:52 +01:00
Tony Torralba	fe2755c4a0	Apply suggestions from code review Co-authored-by: Chris Smowton <smowton@github.com>	2022-01-18 10:41:19 +01:00
Benjamin Muskalla	365a8d9bbd	Fix flow for fluent appendable api	2022-01-18 10:41:00 +01:00
Benjamin Muskalla	8e6a15640f	Model basic channel APIs	2022-01-18 10:40:39 +01:00
Anders Schack-Mulligen	fff3b5c5b4	Dataflow: Add qldoc.	2022-01-18 10:39:55 +01:00
Anders Schack-Mulligen	71e39353ca	Dataflow: Sync.	2022-01-18 10:36:52 +01:00
Anders Schack-Mulligen	b22c4e3c56	Dataflow: Bugfix: include subpaths ending at a sink.	2022-01-18 10:34:14 +01:00
Anders Schack-Mulligen	dfa79f6119	Dataflow: Sync.	2022-01-18 10:30:09 +01:00
Anders Schack-Mulligen	46736a137c	Dataflow: Don't include subpaths that can't reach a sink.	2022-01-18 10:30:09 +01:00
Chris Smowton	2c37885f6e	Sync dataflow	2022-01-18 10:30:09 +01:00
Chris Smowton	7c9b44b4cb	Don't include arg -> param edges in `PathGraph::edges` whose arg is not reachable This avoids lots of missing-node warnings from `codeql bqrs interpret` as it discards the nodes that occur in the `edges` relation but not `nodes`. The problem arises because subpaths introduced two variants of `reach`, one of which is more restrictive than simply `reach(succ) and succ = pred.getASuccessor()`, so it no longer suffices to just check that the successor is reachable.	2022-01-18 10:30:09 +01:00
Owen Mansel-Chan	065043b311	Merge pull request #7588 from owen-mc/add-specific-needs-reference-predicates Dataflow: Add language-specific NeedsReference predicates	2022-01-17 15:51:34 +00:00
Tony Torralba	e967b8a9be	Merge pull request #6576 from atorralba/atorralba/android-cleartext-storage-filesystem Java: Create new query Cleartext storage of sensitive information in Android filesystem	2022-01-17 14:02:38 +01:00
Tony Torralba	227929508f	Merge pull request #6923 from atorralba/atorralba/android-fragment-injection Java: CWE-470 - Queries to detect Fragment Injection in Android applications	2022-01-17 14:02:15 +01:00
Tony Torralba	7beab7cb59	Apply code review suggestions	2022-01-17 12:02:27 +01:00
Tony Torralba	ba3a4fb717	Rename filesystemStore predicate after `d9e6e5aa04`	2022-01-17 11:13:41 +01:00
Tony Torralba	d9e6e5aa04	Apply suggestions from code review Co-authored-by: Chris Smowton <smowton@github.com>	2022-01-17 11:11:05 +01:00
Tony Torralba	79ddbd6fe4	Fix QLDoc and the qhelp example	2022-01-17 11:11:03 +01:00
Tony Torralba	c1ac09a063	Added query for Cleartext Storage in Android Filesystem	2022-01-17 11:11:00 +01:00
Ian Lynagh	22dc24629f	Fix a couple of typos: clases / clasess	2022-01-14 14:28:29 +00:00
luchua-bc	877c52981f	Remove the deprecated library keyword	2022-01-14 12:13:41 +00:00
Tony Torralba	cde7a35c1f	QLDoc	2022-01-14 13:12:30 +01:00
Tony Torralba	6aac848015	Fix imports	2022-01-14 12:43:08 +01:00
Tony Torralba	9f616e7cbe	Refactor to use FlowState Remove the auxiliary DataFlow configuration	2022-01-14 12:24:35 +01:00
Benjamin Muskalla	a4429d01a3	Add tests for writer models	2022-01-14 11:12:35 +01:00
Benjamin Muskalla	37ca6a5e41	Model Appenable and Writer This allows us to track taint carried through all kind of writers.	2022-01-14 11:12:35 +01:00
Tony Torralba	bd4abf4fd0	Additional Notification models	2022-01-14 10:32:38 +01:00
Tony Torralba	a9757fbc83	Setting null Components is not a sanitizer	2022-01-14 10:32:37 +01:00
Tony Torralba	a59a4024a5	Update stubs	2022-01-14 10:32:36 +01:00
Tony Torralba	66794665f3	Remove unneeded implicit read step	2022-01-14 10:32:36 +01:00
Tony Torralba	9c12c5f8b8	Remove duplicated models	2022-01-14 10:32:01 +01:00
Tony Torralba	f963887c58	Change test to avoid collision with SensitiveCommunication.ql	2022-01-14 10:32:01 +01:00
Tony Torralba	48acff9262	Remove unneeded code	2022-01-14 10:32:00 +01:00
Tony Torralba	9e3594fcf1	Added more sinks	2022-01-14 10:32:00 +01:00

1 2 3 4 5 ...

488 Commits