hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-18 19:31:11 +02:00
Code Issues Packages Projects Releases Wiki Activity
43,346 Commits 1,780 Branches 169 Tags
2b027709e4874b5c023debc564c57ef4bde36a45
Commit Graph

719 Commits

Author SHA1 Message Date
Tony Torralba
2b027709e4 Update XSS qhelp 2022-09-13 16:39:48 +02:00
gx1
1c4488e7c8 Updated vulnerable XSS.java version 2022-09-13 15:58:25 +02:00
Edward Minnix III
eadb8a3988 Merge pull request #10106 from egregius313/egregius313/android-backup-allowed 
Java: Query to detect Android backup allowed
 2022-09-12 11:14:03 -04:00
Edward Minnix III
08a17b355e allowBackup documentation updates 
Make error messages and descriptions clearer about application backups not being disabled, rather than focusing on `android:allowBackup` specifically.

Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2022-09-09 09:30:49 -04:00
Edward Minnix III
83c8e22225 Apply suggestions from documentation review 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2022-09-08 15:55:00 -04:00
Ed Minnix
c69a2be976 Moved allowBackup query logic to allowsBackup pred 2022-09-07 12:08:25 -04:00
Edward Minnix III
f6c8144eed Update java/ql/src/Security/CWE/CWE-312/AllowBackupAttributeEnabled.ql 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2022-09-07 09:46:36 -04:00
Ed Minnix
dca4cd221a Documentation cleanup for allowBackup query 2022-09-06 14:35:11 -04:00
Ed Minnix
500a6f3b86 Add check for files which provide the app launcher 
Adds support for filtering which applications include the
`android.intent.action.MAIN` intent.
 2022-08-30 12:54:26 -04:00
Tony Torralba
1f83c5833b Merge pull request #10092 from zbazztian/zbazztian/string.replace-taint 
Java: Add additional taint steps for java.lang.String methods
 2022-08-30 12:24:37 +02:00
Erik Krogh Kristensen
06afe9c0f4 Merge pull request #9816 from erik-krogh/msgConsis 
Make alert messages consistent across languages
 2022-08-25 15:20:01 +02:00
Edward Minnix III
e6a1b1fab9 Rename allowBackup query id 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2022-08-24 15:54:13 -04:00
Ed Minnix
dad4a403db Add support for android:allowBackup default value 
The default value of `android:allowBackup` is `true`. Added support for
detecting if the default value is used.
 2022-08-24 15:54:13 -04:00
Ed Minnix
6509426fb3 android:allowBackup query documentation 2022-08-24 15:54:13 -04:00
Ed Minnix
44b0a2b8af Android allowBackup query 2022-08-24 15:54:13 -04:00
Ed Minnix
dac64eeca7 Query test files 2022-08-24 15:54:13 -04:00
Jami
b3e88f8234 Merge pull request #9983 from jcogs33/android-implicit-export 
Java: query to detect implicitly exported Android components
 2022-08-24 10:52:50 -04:00
erik-krogh
1c0f2251e2 Merge branch 'main' into msgConsis 2022-08-24 14:38:57 +02:00
Erik Krogh Kristensen
4df2e5d937 Merge pull request #10096 from erik-krogh/acronyms-part1 
make acronyms camelcase
 2022-08-24 09:33:53 +02:00
erik-krogh
27fcc90a97 Merge branch 'main' into msgConsis 2022-08-24 09:21:43 +02:00
Chris Smowton
0a7350f3bf Merge pull request #10041 from smowton/AddSensitiveApiCalls 
Java: support more libraries in hardcoded-credentials queries
 2022-08-23 10:51:04 +01:00
Tony Torralba
e3c1101b79 Merge pull request #10136 from atorralba/atorralba/redos-cwe-tag 
Java: Add CWE-1333 tag to Java ReDoS queries
 2022-08-23 11:07:51 +02:00
Joe Farebrother
ac79866799 Merge pull request #9982 from joefarebrother/rsa-without-oaep 
Java: Add query for RSA without OAEP
 2022-08-23 09:14:46 +01:00
Tony Torralba
cd10f559ca Add CWE-1333 tag to Java ReDoS queries 2022-08-23 09:56:59 +02:00
erik-krogh
034d197e01 update {java/rb}/xxe to match python/javascript 2022-08-22 21:41:46 +02:00
erik-krogh
55c8863e92 update java/sql-injection to match go/javascript/python/ruby 2022-08-22 21:41:45 +02:00
erik-krogh
e89e0eb7fb make some acronyms camelCase 2022-08-22 21:22:35 +02:00
Jami Cogswell
733078183e update query description 2022-08-22 12:41:22 -04:00
Jami Cogswell
f34e23bdba adjusted comments and precision level 2022-08-22 12:41:22 -04:00
Jami Cogswell
eacce03073 resolved merge conflict in AndroidManifest lib 2022-08-22 12:41:22 -04:00
Jami Cogswell
0934c1d184 resolved merge conflict in AndroidManifest lib 2022-08-22 12:41:22 -04:00
Jami Cogswell
9968d5d816 updated predicates 2022-08-22 12:41:22 -04:00
Jami Cogswell
58d3d89b2e resolved merge conflict in AndroidManifest 2022-08-22 12:41:22 -04:00
Jami Cogswell
084b9830bc resolved merge conflict in AndroidManifest 2022-08-22 12:41:22 -04:00
Jami Cogswell
55bd9f943f minor wording updates in help file 2022-08-22 12:41:22 -04:00
Jami Cogswell
10fa687e26 updated help file and unit tests 2022-08-22 12:41:22 -04:00
Jami Cogswell
eea1089ee0 resolved merge conflict in AndroidManifest 2022-08-22 12:41:22 -04:00
Jami Cogswell
60921a0355 switched to checking for permission attr in application elem instead of in manifest elem 2022-08-22 12:41:22 -04:00
Jami Cogswell
a6ecac6e00 third draft with category launcher and permission element excluded 2022-08-22 12:41:22 -04:00
Jami Cogswell
8d5bbc458f first draft of query and tests 2022-08-22 12:41:22 -04:00
Jami Cogswell
3e09d86a4f adding starter files 2022-08-22 12:41:22 -04:00
Sebastian Bauersfeld
2ec3746861 Address PR comments. 2022-08-19 17:33:35 +07:00
Sebastian Bauersfeld
f6d42bd3c6 Allow blacklist sanitizers. 2022-08-19 17:33:35 +07:00
Sebastian Bauersfeld
11f527ea5b Fix up query tests. 2022-08-19 17:33:35 +07:00
Erik Krogh Kristensen
4f93f2b9ba Merge pull request #10076 from erik-krogh/ql-for-ql-fixes 
various QL-for-QL fixes
 2022-08-18 15:46:48 +02:00
Joe Farebrother
e8f027dab2 Apply docs suggestions from code review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-08-18 14:21:40 +01:00
Anders Schack-Mulligen
f6eccd390e Java: Move sink-constraints into the configuration. 2022-08-17 15:06:55 +02:00
erik-krogh
2e44fba67d add explicit this 2022-08-17 13:33:31 +02:00
Joe Farebrother
5d00b871d4 Correct node type 2022-08-17 11:58:11 +01:00
Joe Farebrother
de69827711 Use a full dataflow config rather than local flow 2022-08-17 10:35:48 +01:00