hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity
42,328 Commits 1,673 Branches 157 Tags
28d95f4d99023d03ec1c3d39d45d6e18441e47aa
Commit Graph

519 Commits

Author SHA1 Message Date
Joe Farebrother
ac79866799 Merge pull request #9982 from joefarebrother/rsa-without-oaep 
Java: Add query for RSA without OAEP
 2022-08-23 09:14:46 +01:00
Tony Torralba
3314b56ffe Fix Fragment tests after androidx stubs update 2022-08-22 11:13:19 +02:00
Joe Farebrother
de69827711 Use a full dataflow config rather than local flow 2022-08-17 10:35:48 +01:00
Joe Farebrother
c77b17574a Use CryptoAlgoSpec rather than hadcoding Cipher.getInstance 2022-08-17 10:35:47 +01:00
Joe Farebrother
9ae652dd6a Add tests 2022-08-17 10:35:47 +01:00
Joe Farebrother
a62bb8e115 Add additional test case 2022-08-17 10:35:15 +01:00
Joe Farebrother
f8f21c7ee6 Move static init vector query and tests from experimental to main 2022-08-17 10:35:13 +01:00
Jami
dd23d48ad2 Merge pull request #9939 from jcogs33/android-debug-query-inline-tests 
Java: query to detect android:debuggable attribute enabled
 2022-08-16 10:07:13 -04:00
Erik Krogh Kristensen
f106e064fa Merge pull request #9422 from erik-krogh/refacReDoS 
Refactorizations of the ReDoS libraries
 2022-08-16 09:32:08 +02:00
Jami Cogswell
29acce1e93 remove extraneous unit test 2022-08-15 15:50:00 -04:00
Jami Cogswell
b779f9f935 added casting 2022-08-15 15:50:00 -04:00
Jami Cogswell
6e10fcf519 added predicates in the AndroidManifest library and adjusted tests 2022-08-15 15:50:00 -04:00
Jami Cogswell
af0a663ee8 remove commented-out code in Test.java file 2022-08-15 15:50:00 -04:00
Jami Cogswell
d1a23ad78c updated to getRelativePath with %build% 2022-08-15 15:50:00 -04:00
Jami Cogswell
15df392fd8 updates to InlineExpectationsTest 2022-08-15 15:50:00 -04:00
Jami Cogswell
d8dbdfcd70 rename expected file, add ql file, delete qlref file 2022-08-15 15:50:00 -04:00
Jami Cogswell
fdb437552c clean up android query and tests 2022-08-15 15:49:59 -04:00
Jami Cogswell
cf39cc0909 updates to android debug query 2022-08-15 15:49:59 -04:00
Jami Cogswell
6720dba8e7 draft android debug query 2022-08-15 15:49:59 -04:00
Chris Smowton
774e379eb1 Merge pull request #9742 from smehta23/feat/SM/java_partial_path_traversal_vulnerability 
[JAVA] Partial Path Traversal Vuln Query
 2022-08-15 12:56:16 +01:00
Erik Krogh Kristensen
0adb588fe8 Merge pull request #9712 from erik-krogh/badRange 
JS/RB/PY/Java: add suspicious range query
 2022-08-15 13:55:44 +02:00
Chris Smowton
e9df675f88 Autoformat ql 2022-08-11 09:55:46 +01:00
Erik Krogh Kristensen
49276b1f38 Merge branch 'main' into refacReDoS 2022-08-09 16:18:46 +02:00
Joe Farebrother
a2245bb858 Fix test 2022-08-05 12:56:19 +01:00
Joe Farebrother
c4de158e0d Add tests 2022-08-05 12:56:18 +01:00
Chris Smowton
84a4b6a866 Make reporting locations consistent with PathCreation; add test 2022-08-03 10:42:09 +01:00
Tony Torralba
e179126abb Merge pull request #9129 from atorralba/atorralba/get-underlying-expr 
Java: Add Expr::getUnderlyingExpr predicate
 2022-07-27 11:42:28 +02:00
Shyam Mehta
09ec37943c Partial Path Traversal split into 2 queries 2022-07-20 17:53:26 -04:00
Erik Krogh Kristensen
ff25451699 rename query to overly-large-range, and rewrite the @description 2022-07-12 16:02:46 +02:00
smehta23
781a2a73d3 Merge branch 'main' into feat/SM/java_partial_path_traversal_vulnerability 2022-07-12 01:48:12 -04:00
Erik Krogh Kristensen
9ecc3a2671 filter out potential misparses from java/suspicious-regexp-range 2022-06-29 13:16:40 +02:00
Tony Torralba
12fa6967dc Merge pull request #8669 from joefarebrother/intent-verification 
Java: Add query for Improper Verification of Intent by Broadcast Receiver (CWE-925)
 2022-06-29 09:43:07 +02:00
Shyam Mehta
b5ca2c3d9d Add additional tests from real world query run 2022-06-28 17:32:20 -04:00
Shyam Mehta
7122f29296 Finish Partial Path Traversal Query 2022-06-28 15:02:06 -04:00
Shyam Mehta
4c7d476280 [JAVA] Partial Path Traversal Vuln Query 2022-06-28 13:52:41 -04:00
Erik Krogh Kristensen
a343ceaf8b add suspicious-regexp-range query 2022-06-28 09:49:27 +02:00
Erik Krogh Kristensen
13482fc97b rename ReDoSUtil to NfaUtils, and rename the "performance" folder to "regexp" 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
3be4a86acd make ReDoSPruning into a parameterized module 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
dc06e9df02 move predicates that depend on isReDoSCandidate into a ReDoSPruning module 2022-06-23 14:36:24 +02:00
Michael Nebel
2e46e93f36 Java: Update java models with provenance column information. 2022-06-20 16:20:02 +02:00
Ian Lynagh
5ba672f035 NonSerializableField: Accept test output changes 2022-06-16 17:34:56 +01:00
Joe Farebrother
c71586e1f8 Remove checks for dynamically registered recievers 2022-06-14 14:56:24 +01:00
Joe Farebrother
4aed1a1e23 Add test cases; fix handling of recievers declared through xml 2022-06-14 14:56:22 +01:00
Tony Torralba
9c941dc7ab Add Kotlin test for UnsafeAndroidAccess 2022-05-25 10:56:18 +02:00
Tony Torralba
f0b90b391f Add Kotlin test for CleartextStorageSharedPrefs 2022-05-25 10:56:18 +02:00
Tony Torralba
616b12d011 Merge pull request #8956 from atorralba/atorralba/intent-redirection-sanitizer-fix 
Java: Fix Intent Redirection sanitizer
 2022-05-16 09:21:04 +02:00
Tony Torralba
168a184602 Merge pull request #9127 from atorralba/atorralba/sensitive-info-log-improvs 
Java: Sensitive Info Log query improvements
 2022-05-13 16:57:32 +02:00
Joe Farebrother
59e400d2e0 Merge pull request #7723 from joefarebrother/redos 
Java: Add ReDoS queries
 2022-05-12 13:50:38 +01:00
Tony Torralba
5db8306fef Stop considering usernames sensitive info 
Require variables to be static to be considered constants
 2022-05-12 11:46:52 +02:00
Chris Smowton
c17ef42cc7 Insecure cookie query: accept ServletRequest.isSecure(), and allow more than one possible input to a setSecure(...) call. 2022-05-11 11:59:37 +01:00