hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 03:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity
43,559 Commits 1,741 Branches 165 Tags
52d519765a3aea5cb32aee64eee22c60433488d4
Commit Graph

43559 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ed Minnix
52d519765a Merge ContentProvider tests into one manifest 
Merge the read-only, write-only, read-write, and full test cases into
one AndroidManifest.xml file.

Also added the not-exported test case.
 2022-10-03 12:16:45 -04:00
Ed Minnix
09077935b1 Added query change note 2022-10-03 11:30:43 -04:00
Edward Minnix III
071f082b64 Add mention of content provider in query description 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2022-10-03 11:21:33 -04:00
Edward Minnix III
2970e8c76a Remove redundant documentation 
Co-authored-by: Jami <57204504+jcogs33@users.noreply.github.com>
 2022-10-03 11:21:02 -04:00
Edward Minnix III
cfc0bb595f Documentation fix for hasIncompletePermissions 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2022-10-03 11:20:15 -04:00
Ed Minnix
28e7049722 Add exported requirement to ContentProvider permissions test 2022-10-03 10:52:42 -04:00
Ed Minnix
2a2878fc7b Move text into paragraph tag 2022-09-29 16:33:22 -04:00
Ed Minnix
e3c0e6f52a Remove location link from alert message 
Follow the style suggestion from the github-code-scanning bot and remove
provider element from alert link
 2022-09-29 16:20:48 -04:00
Ed Minnix
90590429e3 Added change note for ContentProvider query 2022-09-29 16:17:52 -04:00
Ed Minnix
29e34ac970 ContentProvider Incomplete Permissions Test Cases 2022-09-29 16:07:54 -04:00
Ed Minnix
f2bda1525a Revert "Android ContentProvider.openFile does not check mode initital commit" 
This reverts commit e37f62bb5e.

The MisconfiguedContentProviderUse.ql file provided a sample query which
will be useful in future checks for CVE-2021-41166, but is not needed
for the current manifest-focused check
 2022-09-29 14:43:18 -04:00
Ed Minnix
e72963986f Moved Android manifest incomplete permission logic into library 2022-09-29 14:06:18 -04:00
Ed Minnix
dedd29e1b3 Incomplete Android content provider permissions documentation 2022-09-29 14:05:18 -04:00
Ed Minnix
e37f62bb5e Android ContentProvider.openFile does not check mode initital commit 
Initial commit for work on a query finding instances where the `mode`
parameter of an override of the `openFile` method of the
`android.content.ContentProvider` class
 2022-09-19 10:32:02 -04:00
Ed Minnix
00891fa455 Android Manifest Incomplete provider permissions initial commit 
Initial work on checking provider elements in Android manifests for
complete permissions.
 2022-09-19 10:31:02 -04:00
Rasmus Wriedt Larsen
556e93ae68 Merge pull request #10384 from RasmusWL/callnode-getargbyname 
Python: Allow `CallNode.getArgByName` for keyword args after `**kwargs`
 2022-09-19 15:05:59 +02:00
Erik Krogh Kristensen
a4cd913aea Merge pull request #10312 from erik-krogh/fix-caseDiff 
ensure consistent casing of names
 2022-09-19 10:43:12 +02:00
CodeQL CI
b48808778f Merge pull request #10264 from yoff/python/port-RaisesTuple 
Approved by tausbn
 2022-09-19 00:51:29 -07:00
CodeQL CI
ed4b64b1c4 Merge pull request #10265 from yoff/python/port-UnguardedNextInGenerator 
Approved by tausbn
 2022-09-19 00:50:52 -07:00
CodeQL CI
36f8b0554d Merge pull request #10266 from yoff/python/port-CatchingBaseException 
Approved by tausbn
 2022-09-19 00:50:05 -07:00
Asger F
ab296d4d62 Merge pull request #10396 from asgerf/js/regexp-always-matches-fp 
JS: Fix FP in js/regexp/always-matches
 2022-09-19 09:32:00 +02:00
Andrew Eisenberg
13d4c4a5b9 Merge pull request #10460 from github/aeisenberg/lang-spec-packs 
Updates the library path section of the CodeQL spec
 2022-09-16 15:01:43 -07:00
Andrew Eisenberg
867e31693d Updates the library path section of the CodeQL spec 
- Remove references to `queries.xml`. It is still supported, but we
  don't want people using it.
- Add reference to `codeql-pack.yml`. It is just an alias for
  `qlpack.yml` and not being used.
- Remove reference to `libraryPathDependencies` and use `dependencies`
  instead.

Note that this section does not give a complete description of library
paths. That will be a part of the "Developing a codeql pack" article
that is forthcoming.
 2022-09-16 14:31:17 -07:00
Chris Smowton
3165babc88 Merge pull request #10445 from smowton/smowton/fix/annotaton-array-trap-label 
Java: Add test for annotations with annotation-array-typed fields
 2022-09-16 15:45:36 +01:00
Mathias Vorreiter Pedersen
f14df6426e Merge pull request #10455 from geoffw0/cleartexttest 
Swift: Update test for swift/cleartext-transmission
 2022-09-16 14:59:30 +01:00
yoff
0703b88f92 Merge pull request #10404 from RasmusWL/update-range-pattern 
Docs: Use `instanceof` in `::Range` pattern description
 2022-09-16 15:18:35 +02:00
Tony Torralba
e140f04881 Merge pull request #10393 from zbazztian/uri-constructor-flow 
Java: Model taint flow for java.net.URI constructors in tainted path queries
 2022-09-16 15:10:40 +02:00
Geoffrey White
213cd94047 Swift: Update the test. 2022-09-16 13:24:37 +01:00
Anders Schack-Mulligen
e6d4e87458 Merge pull request #10416 from aschackmull/java/dispatch-confidence 
Java: Remove low confidence dispatch for which we have a manual summary.
 2022-09-16 13:36:04 +02:00
Chris Smowton
80968eef47 Add test for annotations with annotation-array-typed fields 2022-09-16 11:30:16 +01:00
James Fletcher
bc93a22e7d Merge pull request #10449 from github/jf205-patch-1 
Correct link to API docs for 'Get a CodeQL database for a repository'
 2022-09-16 11:13:20 +01:00
Anders Schack-Mulligen
9714497268 Java: Add change note. 2022-09-16 11:14:44 +02:00
Sebastian Bauersfeld
8c35803749 Add more details to change note. 2022-09-16 16:11:34 +07:00
Anders Schack-Mulligen
726772220c Merge pull request #10191 from smowton/smowton/admin/java-implicit-this-type-tests 
Java: Add test regarding the type of an implicit `this` expression
 2022-09-16 10:58:48 +02:00
Tony Torralba
fdc8453a59 Introduce TaintedPathAdditionalTaintStep 
Use separate configurations for tainted path and tainted path local again.
 2022-09-16 10:42:15 +02:00
James Fletcher
8e30754356 Update download-github-database.rst 2022-09-16 09:22:32 +01:00
AlexDenisov
d8b000fae3 Merge pull request #10448 from github/alexdenisov/swift-xcode-14 
Swift: skip more unsupported CLI args (new in Xcode 14)
 2022-09-16 10:08:21 +02:00
Sebastian Bauersfeld
95478f1af6 Address review comments. 2022-09-16 14:35:30 +07:00
Alex Denisov
2b12aece63 Swift: skip more unsupported CLI args (new in Xcode 14) 2022-09-16 09:24:20 +02:00
Anders Schack-Mulligen
142d9eb6ef Merge pull request #10446 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2022-09-16 09:00:33 +02:00
github-actions[bot]
0e1aca547b Add changed framework coverage reports 2022-09-16 00:23:05 +00:00
Erik Krogh Kristensen
f648dd4a2e Merge pull request #10443 from erik-krogh/moreNames 
QL: recognize the names from all VarDefs
 2022-09-15 22:34:17 +02:00
erik-krogh
af045a025d Merge branch 'main' into moreNames 2022-09-15 21:04:49 +02:00
Philip Ginsbach
87e782560c Merge pull request #10439 from github/ginsbach/JavascriptUpperCaseVariables 
JavaScript: remove upper-case variable names
 2022-09-15 20:03:20 +01:00
erik-krogh
ac91b30ed0 recognize the names from all VarDefs 2022-09-15 20:48:12 +02:00
Tamás Vajk
d958c04a79 Merge pull request #9693 from raulgarciamsft/Token_validation 
Token validation
 2022-09-15 20:18:33 +02:00
Tony Torralba
c0762dfdb0 Merge pull request #10437 from github/atorralba/fix-0.3.4-changenote 
Java: Fix wrong packages in minor analysis change note
 2022-09-15 19:12:57 +02:00
Philip Ginsbach
d1df2aa457 remove upper-case variable names 2022-09-15 18:08:50 +01:00
Philip Ginsbach
0a2d0f7f68 Merge pull request #10440 from github/ginsbach/JavaUpperCaseVariables 
Java: remove upper-case variable name
 2022-09-15 18:07:51 +01:00
Philip Ginsbach
c2bdb69476 remove upper-case variable name 2022-09-15 16:32:16 +01:00