Commit Graph

805 Commits

Author SHA1 Message Date
Jami
cfbaf5e53b Merge pull request #10785 from jcogs33/insuff-key-size-globalflow-keysize
Java: Promote insufficient key size query from experimental
2022-11-08 18:05:01 -05:00
Jami Cogswell
345e4e0e8f remove unnecessary 'exists' 2022-10-20 23:52:31 -04:00
Jami Cogswell
e5982f19fa minor updates 2022-10-19 11:05:40 -04:00
Tony Torralba
fd8f8cb930 Merge pull request #10223 from atorralba/atorralba/unsafe-content-resolver
Java: New Android query to detect unsafe content URI resolution
2022-10-19 11:22:04 +02:00
Jami Cogswell
383b8a84e9 update select statement to be closer to cpp's 2022-10-18 21:55:11 -04:00
Tony Torralba
01a08d44bb Apply suggestions from code review
Co-authored-by: Felicity Chapman <felicitymay@github.com>
2022-10-17 14:14:38 +02:00
Tony Torralba
a540aaa35b Address alert message style violation 2022-10-17 10:22:31 +02:00
Tony Torralba
434a2a9f5d Improve qhelp example text 2022-10-17 10:19:40 +02:00
Tony Torralba
c909b8824c Apply suggestions from code review
Co-authored-by: Felicity Chapman <felicitymay@github.com>
2022-10-17 10:12:56 +02:00
Jami Cogswell
da218fdbf1 clean up code 2022-10-14 13:03:34 -04:00
Jami Cogswell
2daa3457d7 combine three configs into one 2022-10-13 17:57:56 -04:00
Jami Cogswell
bfbb6db436 clean up code 2022-10-12 16:58:34 -04:00
Jami Cogswell
37d85587e0 refactor code into InsufficientKeySize.qll 2022-10-12 15:39:57 -04:00
Edward Minnix III
ce740b47ae Merge pull request #10637 from egregius313/egregius313/android-misconfigured-contentprovider
Android ContentProvider Incomplete Permissions
2022-10-12 09:41:03 -04:00
Jami Cogswell
01c2a8cbba add symm to the single config; still seems to work 2022-10-12 08:51:22 -04:00
Josh Soref
1a14c06008 spelling: receiver
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
2022-10-12 04:40:26 -04:00
Josh Soref
ba0f34afed spelling: owasp
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
2022-10-12 04:40:26 -04:00
Jami Cogswell
29de0c6748 make one config for asymm with flow states; seems to work... 2022-10-11 22:29:48 -04:00
Jami Cogswell
3e8748e639 add path-graph back to query alerts 2022-10-11 16:56:11 -04:00
Jami Cogswell
e64825ff7a fix code-scanning bot problems 2022-10-11 16:56:11 -04:00
Jami Cogswell
bd76b1fcc0 clean-up and update configurations to have specs as sink 2022-10-11 16:56:10 -04:00
Jami Cogswell
3cc7f143b2 clean up code somewhat 2022-10-11 16:56:10 -04:00
Jami Cogswell
b0af9f936c added kg taintracking config to all 2022-10-11 16:56:10 -04:00
Jami Cogswell
b7123c17f8 draft of adding kpg tracking into dataflow config 2022-10-11 16:56:10 -04:00
Jami Cogswell
cdac0e2b52 add local algo name tracking, still need to add ability to track algo name when KeyGen obj is param to other method 2022-10-11 16:56:10 -04:00
Jami Cogswell
c414ee0e25 add ECC dataflow config; passes all test cases; still don't have algo name tracking 2022-10-11 16:56:10 -04:00
Jami Cogswell
5e2ef66014 refactoring to use both dataflow configs; commit before deleting unused code 2022-10-11 16:56:10 -04:00
Jami Cogswell
8ffd2522e7 add draft code to find algo type to replace tainttracking configs 2022-10-11 16:56:10 -04:00
Jami Cogswell
d3b1a04c13 handle FN case with simple VarAccess; add draft of dataflow config to handle complex VarAccess 2022-10-11 16:56:10 -04:00
Jami Cogswell
9eb45c3787 refactor tests and code, update help file 2022-10-11 16:56:10 -04:00
Jami Cogswell
657e1e62ca start refactoring query logic into lib file 2022-10-11 16:56:10 -04:00
Jami Cogswell
3643c9e658 update metadata 2022-10-11 16:56:10 -04:00
Jami Cogswell
9b7df354e6 move files 2022-10-11 16:56:10 -04:00
Ed Minnix
80cc3fc518 Reword first sentence of documentation 2022-10-11 11:02:37 -04:00
Edward Minnix III
1f0a48de28 Documentation suggestion
Co-authored-by: Felicity Chapman <felicitymay@github.com>
2022-10-11 10:59:00 -04:00
Edward Minnix III
b6270ebe52 Apply suggestions from documentation review
Co-authored-by: Felicity Chapman <felicitymay@github.com>
2022-10-10 14:57:14 -04:00
Edward Minnix III
b94b78115e Style fix.
Co-authored-by: Felicity Chapman <felicitymay@github.com>
2022-10-10 14:52:17 -04:00
Tony Torralba
015d48ef66 Fix select message 2022-10-06 16:28:17 +02:00
Tony Torralba
39b5ebfd7b Fix qhelp 2022-10-06 16:28:17 +02:00
Tony Torralba
76ea255277 Add security-severity 2022-10-06 16:28:17 +02:00
Tony Torralba
4a18892da9 Second query version
Remove sinks flowing to write operations requirement
2022-10-06 16:28:17 +02:00
Tony Torralba
153ec5368e First query version requiring sinks to flow to write operations 2022-10-06 16:28:17 +02:00
Ed Minnix
3c7f5420db Update metadata to match CWE-926 2022-10-04 10:48:05 -04:00
Ed Minnix
f888c4b279 Move files from CWE-276 to CWE-926 2022-10-04 10:40:34 -04:00
Tony Torralba
f19eb783be Generalize file/path taint steps
This is needed by PathSanitizer but also helps simplify ZipSlip.ql
2022-10-04 12:27:01 +02:00
Tony Torralba
4e29c39c78 Merge ZipSlip sanitization logic into PathSanitizer.qll
Apply code review suggestions regarding weak sanitizers
2022-10-04 12:27:01 +02:00
Tony Torralba
08c67fb174 Use PathInjectionSanitizer in relevant queries 2022-10-04 12:27:01 +02:00
Tony Torralba
dff878e531 Apply TaintedPath recent changes to TaintedPathLocal 2022-10-04 12:26:59 +02:00
Ed Minnix
c6f91500f0 Update query description to better describe issue 2022-10-03 13:12:53 -04:00
Edward Minnix III
071f082b64 Add mention of content provider in query description
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
2022-10-03 11:21:33 -04:00