hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-24 00:16:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
31,798 Commits 1,714 Branches 163 Tags
64f19637d49457e24e177a65a4fa692855cbfeef
Commit Graph

31798 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tom Hvitved
64f19637d4 Address review comments 2022-01-24 13:33:18 +01:00
Tom Hvitved
f9b906d1e2 C#: Update uses of RequiredSummaryComponentStack 2022-01-21 09:42:16 +01:00
Tom Hvitved
cba733136c Data flow: Sync 2022-01-21 09:42:16 +01:00
Tom Hvitved
f1a2b21e44 Data flow: Restructure RequiredSummaryComponentStack 2022-01-21 09:42:16 +01:00
CodeQL CI
b02f1c87a1 Merge pull request #7679 from erik-krogh/ql-doc-style 
Approved by esbena
 2022-01-20 23:43:44 -08:00
CodeQL CI
2287b6e549 Merge pull request #7675 from erik-krogh/move-url-sink-to-customizations 
Approved by esbena
 2022-01-20 23:43:15 -08:00
Erik Krogh Kristensen
15c1ce722a Merge pull request #7678 from erik-krogh/use-set 
JS: use more set literals
 2022-01-20 21:03:48 +01:00
Erik Krogh Kristensen
2bffe56580 update expected output 2022-01-20 16:06:57 +01:00
Erik Krogh Kristensen
3155114e36 use more set literals 2022-01-20 16:06:34 +01:00
Anders Schack-Mulligen
fede7dd238 Merge pull request #7676 from aschackmull/java/instanceaccessnode 
Java: Add data flow node encapsulating instance accesses.
 2022-01-20 15:40:21 +01:00
Erik Krogh Kristensen
a77b2b0209 Merge pull request #7668 from erik-krogh/simplify-casts 
simplify expressions that could be type-casts
 2022-01-20 15:20:18 +01:00
Erik Krogh Kristensen
5780161b2c fix most issues found by ql/class-doc-style in JS 2022-01-20 15:10:16 +01:00
Alex Ford
9613ff743b Merge pull request #7611 from github/ruby/protect_from_forgery-without-exception 
Ruby: flag up `protect_from_forgery` calls without an exception strategy
 2022-01-20 13:45:30 +00:00
Tony Torralba
caab1c3332 Merge pull request #6963 from atorralba/atorralba/android-onactivityresult-source 
Android: Add the Intent parameter of the `onActivityResult` method as a source
 2022-01-20 14:27:30 +01:00
Tony Torralba
29e87b3abd Merge pull request #6975 from atorralba/atorralba/android-intent-uri-permission-manipulation 
Java: CWE-266 - Query to detect Intent URI Permission Manipulation in Android applications
 2022-01-20 14:27:02 +01:00
Geoffrey White
b230681bc8 Merge pull request #7650 from geoffw0/clrtxt3 
C++: Improve cpp/cleartext-transmission
 2022-01-20 13:21:54 +00:00
Anders Schack-Mulligen
43da5aabbe Java: Add dataflow node encapsulating instance accesses. 2022-01-20 14:12:33 +01:00
Erik Krogh Kristensen
7167e856fe move electron sink to the customizations file 2022-01-20 14:07:23 +01:00
Tony Torralba
62f847a82e Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2022-01-20 13:44:10 +01:00
Tony Torralba
3957ebe880 Fix bitwiseLocalTaintStep 2022-01-20 13:34:32 +01:00
Tony Torralba
265f8a3b19 Make bitwise taintsteps specific for this query 2022-01-20 13:23:56 +01:00
Tony Torralba
4e9849e19d Refactor IntentFlagsOrDataCheckedGuard to avoid footgun 2022-01-20 13:23:55 +01:00
Tony Torralba
62c21918b2 Add QLDoc to guard and sanitizer 2022-01-20 13:23:54 +01:00
Tony Torralba
58a0bcd70f Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-01-20 13:23:53 +01:00
Tony Torralba
8767d2db23 Don't capitalize the term content provider 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-01-20 13:23:52 +01:00
Tony Torralba
596cfd399e Improve description 2022-01-20 13:23:52 +01:00
Tony Torralba
ab560234e3 Update java/change-notes/2021-10-27-android-intent-uri-permission-manipulation-query.md 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-01-20 13:23:51 +01:00
Tony Torralba
3405db31b8 Add qhelp 2022-01-20 13:23:51 +01:00
Tony Torralba
6152c8a989 Add change note 2022-01-20 13:23:48 +01:00
Tony Torralba
e1d30ebc09 Added severity 
Removed duplicated code
 2022-01-20 13:23:15 +01:00
Tony Torralba
ec8ffeed07 Add Intent URI Permission Manipulation query 2022-01-20 13:23:14 +01:00
Tony Torralba
c09b6691e1 Merge pull request #6171 from atorralba/atorralba/promote-unsafe-certificate-trust 
Java: Promote Unsafe certificate trust query from experimental
 2022-01-20 12:07:03 +01:00
Anders Schack-Mulligen
f154530141 Merge pull request #7662 from JLLeitschuh/patch-2 
Fix typo in FileWritable
 2022-01-20 11:13:59 +01:00
Anders Schack-Mulligen
4aa2661dc1 Merge pull request #7634 from bmuskalla/refactorLangModel 
Refactor Apache Commons Lang model
 2022-01-20 11:01:25 +01:00
Geoffrey White
8bdbaf4b57 C++: Autoformat. 2022-01-20 09:52:24 +00:00
CodeQL CI
cfa670c123 Merge pull request #7651 from erik-krogh/CWE-471 
Approved by asgerf, esbena
 2022-01-20 01:47:39 -08:00
Erik Krogh Kristensen
4e8e3a7420 simplify expressions that could be type-casts 2022-01-20 10:41:35 +01:00
Benjamin Muskalla
2748bbffa3 Merge pull request #7656 from bmuskalla/excludeMainLoggingGenerator 
Java: Exclude irrelevant rows from models
 2022-01-20 10:40:51 +01:00
Michael Nebel
547f492be0 Merge pull request #7577 from michaelnebel/csharp/line-pragma 
C#: Make support for Line span pragma
 2022-01-20 09:51:57 +01:00
Jonathan Leitschuh
23548c50e1 Fix typo in FileWritable 2022-01-19 16:14:38 -05:00
Tom Hvitved
70f4efb834 Merge pull request #7646 from hvitved/csharp/roslyn-tuple-elements-workaround 
C#: Workaround Roslyn bug in `INamedTypeSymbol.TupleElements`
 2022-01-19 19:54:29 +01:00
Tony Torralba
695e77a219 Simplify isSslSocket predicate 2022-01-19 17:01:28 +01:00
Mathias Vorreiter Pedersen
40c8881575 Merge pull request #7472 from erik-krogh/redundant-aggregate 
QL-for-QL: Add a could-be-cast query
 2022-01-19 15:48:00 +00:00
Henry Mercer
58b1a6fd40 Merge pull request #7655 from github/henrymercer/bump-atm-query-pack-v0.0.6 
JS: Bump ML-powered query packs to v0.0.6
 2022-01-19 15:44:55 +00:00
Tony Torralba
e442e50e6b Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2022-01-19 16:43:48 +01:00
Tony Torralba
101ad777e3 Move things around after rebase 2022-01-19 16:43:48 +01:00
Tony Torralba
03020582af Apply suggestions from code review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-01-19 16:43:47 +01:00
Tony Torralba
9ffc5ab183 Update java/ql/src/semmle/code/java/security/UnsafeCertTrustQuery.qll 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2022-01-19 16:43:47 +01:00
Tony Torralba
c16181dd2f QLDocs 2022-01-19 16:43:46 +01:00
Tony Torralba
000a544729 Decouple UnsafeCertTrust.qll to reuse the taint tracking configuration 2022-01-19 16:43:43 +01:00