hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 11:46:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
45,584 Commits 1,672 Branches 157 Tags
530b29ccdfb42bcb8173f270e2f89d76bc20c2bc
Commit Graph

7616 Commits

Author SHA1 Message Date
Tony Torralba
5d9f366ac5 Add change note 2022-09-01 09:53:46 +02:00
Tony Torralba
bee4e4b40a Add new AlarmManager sinks 2022-09-01 09:47:58 +02:00
github-actions[bot]
c8441abaac Add changed framework coverage reports 2022-09-01 00:18:02 +00:00
Ian Lynagh
e4ff25099b Kotlin: Be more permissive 
I think we'll end up giving a warning/error later, but that's better
than having a cast throw now.
 2022-08-31 18:09:36 +01:00
Ian Lynagh
86034dc602 Kotlin: Add a type signature 2022-08-31 18:05:30 +01:00
Ian Lynagh
7dc5bdafe3 Merge pull request #10186 from github/post-release-prep/codeql-cli-2.10.4 
Post-release preparation for codeql-cli-2.10.4
 2022-08-31 17:29:57 +01:00
Ian Lynagh
c8deb72ede Kotlin: Refactor extractConstructorCall 
Avoids some casts.
 2022-08-31 16:53:59 +01:00
Ian Lynagh
eca28af883 Kotlin: Removed a couple of casts from extractExpression 2022-08-31 15:34:18 +01:00
Ian Lynagh
6d00860cc1 Kotlin: Refactor kotlinFunctionToJavaEquivalent 
Avoids a cast.
 2022-08-31 15:03:30 +01:00
Tamás Vajk
bf7437fd2e Merge pull request #10224 from tamasvajk/kotlin-comment-fixes 
Kotlin: Fix issues in comment extraction
 2022-08-31 14:22:09 +02:00
Anders Schack-Mulligen
784eef3f2c Java: Support SCCs in TypeFlow. 2022-08-31 13:20:00 +02:00
Ian Lynagh
b5f9fbe247 Merge pull request #10228 from igfoo/igfoo/useSimpleType 
Kotlin: Refactor useSimpleType to avoid some casts
 2022-08-31 11:32:35 +01:00
Ian Lynagh
da7d2709d9 Merge pull request #10227 from igfoo/igfoo/extractStaticTypeAccessQualifier 
Kotlin: Refactor extractStaticTypeAccessQualifier
 2022-08-31 11:32:26 +01:00
Ian Lynagh
49ba391923 Merge pull request #10229 from igfoo/igfoo/singleOrNullSubType 
Kotlin: Implement and use singleOrNullSubType
 2022-08-31 11:32:11 +01:00
Michael Nebel
1cb6d78d35 Merge pull request #10170 from michaelnebel/java/models-io 
Java: Update models for commons-io and add negative models.
 2022-08-31 11:05:09 +02:00
Tony Torralba
2ec53bf78c Merge pull request #9873 from luchua-bc/java/permissive-dot-regex 
Java: CWE-625 Query to detect regex dot bypass
 2022-08-31 10:24:18 +02:00
Tamas Vajk
0cbb73a47e Improve code quality 2022-08-31 09:02:35 +02:00
github-actions[bot]
6c3c41e710 Add changed framework coverage reports 2022-08-31 00:21:31 +00:00
luchua-bc
e2e87980cc Move pattern check to MatchRegexConfiguration::isSink 2022-08-30 22:48:12 +00:00
Ian Lynagh
6f82b06bd7 Kotlin: Implement and use singleOrNullSubType 
Pulls another cast out into a utility function.
 2022-08-30 18:31:01 +01:00
Ed Minnix
6485e73cd3 Added documentation for providesMainIntent pred 2022-08-30 13:00:44 -04:00
Ian Lynagh
a07be192fa Kotlin: Refactor useSimpleType to avoid some casts 2022-08-30 17:55:57 +01:00
Ed Minnix
500a6f3b86 Add check for files which provide the app launcher 
Adds support for filtering which applications include the
`android.intent.action.MAIN` intent.
 2022-08-30 12:54:26 -04:00
Ed Minnix
b5c54f5a3b Add check for android:allowBackup explicitly set 
`android:allowBackup` has a default value of `true`. So we want to flag
any file which explicitly sets it.
 2022-08-30 12:53:12 -04:00
Ian Lynagh
3459e5e432 Kotlin: Refactor extractStaticTypeAccessQualifier 
Avoids a cast
 2022-08-30 17:06:13 +01:00
Tamas Vajk
1bc105aff6 Kotlin: adjust log messages and severities in comment extraction 2022-08-30 15:45:25 +02:00
Tamas Vajk
5418c95a01 Kotlin: minor refactoring in comment extraction 2022-08-30 15:43:48 +02:00
Erik Krogh Kristensen
72942afe3e Merge pull request #10220 from erik-krogh/overlapsWithNothing 
print a correct range for ranges that doesn't contain any alpha-numeric chars
 2022-08-30 15:38:34 +02:00
Tamas Vajk
9ced14672d Kotlin: Assign container class as the owner of init block comments 2022-08-30 15:37:55 +02:00
Tamas Vajk
d9b3726ee8 Kotlin: Add test case for doc comment on init block 2022-08-30 15:37:00 +02:00
Anders Schack-Mulligen
4070860d2b Merge pull request #10208 from aschackmull/java/dispatch-fixes 
Java: A couple of small virtual dispatch fixes
 2022-08-30 15:03:48 +02:00
Tamas Vajk
3513bb8eed Kotlin: Change Modifiable::isPublic to not cover Kotlin internal members 2022-08-30 14:37:27 +02:00
Tamas Vajk
d9086e6328 Kotlin: Add test case for internal member accessed from java 2022-08-30 14:26:12 +02:00
Michael Nebel
e020ae77e0 Merge pull request #10158 from michaelnebel/csharp/narrowcollectiontypes 
C#: Narrow collection like types in model generation.
 2022-08-30 14:20:57 +02:00
erik-krogh
7fd426e748 print a correct range for ranges that doesn't contain any alpha-numeric chars 2022-08-30 13:57:11 +02:00
Ian Lynagh
f5d43b80ed Merge pull request #10193 from igfoo/igfoo/extractClassSupertypes 
Kotlin: Small simplification
 2022-08-30 11:52:02 +01:00
Ian Lynagh
f118b39844 Merge pull request #10192 from igfoo/igfoo/array 
Kotlin: Remove another cast
 2022-08-30 11:51:48 +01:00
Ian Lynagh
a5893f38c5 Merge pull request #10189 from igfoo/igfoo/substituteTypeAndArguments 
Kotlin: Remove a cast from substituteTypeAndArguments
 2022-08-30 11:51:39 +01:00
Ian Lynagh
d6bdc8c711 Merge pull request #10178 from igfoo/igfoo/AnyDbType 
Kotlin: Add AnyDbType
 2022-08-30 11:51:25 +01:00
Tony Torralba
1f83c5833b Merge pull request #10092 from zbazztian/zbazztian/string.replace-taint 
Java: Add additional taint steps for java.lang.String methods
 2022-08-30 12:24:37 +02:00
Erik Krogh Kristensen
8f0b999c31 Merge pull request #10207 from erik-krogh/fixRank 
fix performance issue in the ReDoS query
 2022-08-30 10:17:11 +02:00
erik-krogh
e2caf3e8c0 put a limit on the length of the equivalent range 2022-08-30 09:29:22 +02:00
Erik Krogh Kristensen
c2679d8632 Merge pull request #10213 from erik-krogh/wayToLargeRange 
put a limit on the length of the equivalent range in overly-large-range
 2022-08-30 09:28:16 +02:00
github-actions[bot]
f2e37d25b3 Add changed framework coverage reports 2022-08-30 00:21:28 +00:00
erik-krogh
f47b097d7c put a limit on the length of the equivalent range 2022-08-29 21:03:52 +02:00
Anders Schack-Mulligen
e26a7fc4f3 Merge pull request #10173 from zbazztian/spring-crudrepository 
Java: Add data flow model for Spring's CrudRepository.save() method
 2022-08-29 15:00:07 +02:00
Michael Nebel
e8d726606b C#/Java: Add descriptive comment on negative summaries in ExternalFlow. 2022-08-29 14:29:32 +02:00
Michael Nebel
91abf79404 Java: Update negative summaries where static initializers has been excluded. 2022-08-29 14:29:32 +02:00
Michael Nebel
2b1423dd74 Java: Exclude static initializers from model generation. 2022-08-29 14:29:32 +02:00
Michael Nebel
37aa6b2c5f C#: Add file level QL Doc. 2022-08-29 14:29:32 +02:00