codeql

mirror of https://github.com/github/codeql.git synced 2026-02-28 21:03:50 +01:00

Author	SHA1	Message	Date
Ed Minnix	909b1d70d9	Rename files to say "Allow" instead of "Permit"	2023-01-09 10:11:03 -05:00
Ed Minnix	c723df3ca7	Fix alert message in expected file	2023-01-09 10:08:19 -05:00
Ed Minnix	28ad9d00fb	Merge both setAllowContentAccess queries into one query Previously, the query to detect whether or not access to `content://` links was done using two queries. Now they can be merged into one query	2023-01-03 15:17:07 -05:00
Ed Minnix	68392aa8d8	Fix test expectations	2022-12-31 15:25:25 -05:00
Ed Minnix	9ef319f659	Java: setAllowContentAccess query tests	2022-12-31 15:00:28 -05:00
Ed Minnix	7cc53126f3	Java: WebView setAllowContentAccess query test cases	2022-12-31 15:00:28 -05:00
Ed Minnix	a023726c03	Java: add Android stubs to options file for CWE-200 tests	2022-12-31 15:00:28 -05:00
Ed Minnix	10875568ec	Java: add negative test cases for WebView file access query	2022-11-15 13:50:31 -05:00
Ed Minnix	7a0544d80e	Java: test files for WebView file access query	2022-11-14 15:11:15 -05:00
Jonathan Leitschuh	2565cdb964	Add additional `File` taint value flow models Adds - File::getAbsoluteFile - File::getCanonicalFile - File::getAbsolutePath - File::getCanonicalPath	2022-04-26 10:42:53 -04:00
Jonathan Leitschuh	2753521650	Java: Fix Local Temp File/Dir Incorrect Guard Logic Resolves https://github.com/github/codeql/pull/8032#discussion_r841723906	2022-04-06 12:16:09 -04:00
Jonathan Leitschuh	5b651f29d8	Fix insufficient tests and add documentation	2022-03-07 16:39:40 -05:00
Jonathan Leitschuh	dad9a02fbd	Update TempDirInfoDisclosure with new OS Guards	2022-03-02 12:51:15 -05:00
Jonathan Leitschuh	39828fd596	Apply OS guard checks to TempDirLocalInformationDisclosure	2022-03-02 12:50:37 -05:00
Jonathan Leitschuh	eee521e6ce	Fix test failure for TempDirLocalInformationDisclosure	2022-02-10 10:40:40 -05:00
Jonathan Leitschuh	49a73673b6	Fix FP from mkdirs call on exact temp directory	2022-02-09 11:04:23 -05:00
Jonathan Leitschuh	7f46640176	Consider calls to setReadable(false, false) then setReadable(true, true) to be safe	2022-02-08 17:57:10 -05:00
Chris Smowton	a6596ea7ce	Fix test requirements, formatting	2022-02-08 12:01:32 +00:00
Jonathan Leitschuh	c4112e6d4c	Post refactor fixiup	2022-02-07 15:02:13 -05:00
Chris Smowton	de38638db6	Combine CWE-200 queries	2022-02-07 14:22:36 -05:00
Jonathan Leitschuh	0268dd9f0a	Add file creation sanitizer	2022-02-04 17:10:27 -05:00
Jonathan Leitschuh	9299c7996d	Add information disclosure test fix suggestions	2022-02-04 17:10:27 -05:00
Jonathan Leitschuh	79db76dcf8	Fix test failures TempDirLocalInformationDisclosureFromSystemProperty	2022-02-04 17:10:27 -05:00
Jonathan Leitschuh	7e514e9ef9	Add QLdoc and fix Compiler Errors in Tests	2022-02-04 17:10:26 -05:00
Jonathan Leitschuh	f910fd4719	Remove path flow tracking in 'TempDirLocalInformationDisclosureFromMethodCall'	2022-02-04 17:10:25 -05:00
Jonathan Leitschuh	13fed0e9b6	Temp Dir Info Disclosure: Final pass and add documentation	2022-02-04 17:10:24 -05:00
Jonathan Leitschuh	bc12e994b0	Add `java.nio.file.Files` API checks	2022-02-04 17:10:24 -05:00
Jonathan Leitschuh	ecad7534ae	Add mkdirs check	2022-02-04 17:10:24 -05:00
Jonathan Leitschuh	cf0ed81575	Add TempDir taint tracking for Files.write	2022-02-04 17:10:24 -05:00
Jonathan Leitschuh	3a15678b1e	Java: CWE-200: Temp directory local information disclosure vulnerability	2022-02-04 17:10:23 -05:00

30 Commits