hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
77,098 Commits 1,672 Branches 157 Tags
66737402c20fc83b3d3a654dcccf4b26c901b100
Commit Graph

12946 Commits

Author SHA1 Message Date
Max Schaefer
a9c0fed4f5 Add test showing spurious sink candidate from method overriding a method for which we have a model. 2024-02-08 13:22:53 +00:00
Max Schaefer
02547d3839 Improve representation of implicit varargs arrays to more reliably filter out known flow steps. 2024-02-08 13:22:52 +00:00
Ian Lynagh
e0a5efef0a Merge pull request #15544 from igfoo/igfoo/k2tests 
Kotlin 2: Some test fixes
 2024-02-08 12:57:58 +00:00
Ian Lynagh
ef8e6c8805 Kotlin 2: Accept loc changes in library-tests/exprs/funcExprs.expected 2024-02-07 16:40:40 +00:00
Ian Lynagh
8a93133b81 Kotlin 2: Accept loc changes in library-tests/exprs/unaryOp.expected 2024-02-07 16:21:49 +00:00
Ian Lynagh
c314cc8b68 Kotlin 2: Accept some location changes in library-tests/exprs/binop.expected 2024-02-07 15:56:10 +00:00
Ian Lynagh
c731251e61 Kotlin 2: Remove an unused diagnostic matcher in library-tests/dataflow/func 2024-02-07 15:32:04 +00:00
Ian Lynagh
3d1f9a79fb Kotlin 2: Accept location changes in test-kotlin2/library-tests/data-classes 2024-02-07 15:17:40 +00:00
Ian Lynagh
1c6108028b Kotlin 2: Accept some location changes for arrays 2024-02-07 15:12:17 +00:00
Max Schaefer
082754a3d8 Remove problematic Kotlin model. 2024-02-07 13:21:59 +00:00
Jonathan Leitschuh
1484a169d7 Reduce severity of java/relative-path-command 
Significantly reduces the severity of `java/relative-path-command` from 9.8 to 5.4

https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
 2024-02-06 15:43:19 -05:00
github-actions[bot]
b5139078d0 Post-release preparation for codeql-cli-2.16.2 2024-02-06 19:22:35 +00:00
Erik Krogh Kristensen
879d882fa4 Java: fix typo in JndiInjection.qhelp 2024-02-06 15:17:30 +01:00
Max Schaefer
705a377060 Address review comments. 2024-02-06 12:54:29 +00:00
github-actions[bot]
c1b35fbf47 Release preparation for version 2.16.2 2024-02-05 17:58:57 +00:00
Joe Farebrother
525f27173d Merge pull request #15396 from joefarebrother/android-sensitive-ui-text 
Java: Add query for sensitive data exposed in text fields
 2024-02-05 15:47:03 +00:00
github-actions[bot]
ee5df7bf58 Add changed framework coverage reports 2024-02-05 00:16:44 +00:00
Joe Farebrother
596f48ca95 Add change note 2024-02-02 17:35:07 +00:00
Joe Farebrother
5022adba56 Fixes to qhelp example 2024-02-02 17:26:00 +00:00
Joe Farebrother
3878192810 Apply suggestions from documentation review 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2024-02-02 17:21:23 +00:00
Joe Farebrother
71852868ac Add case for androidx.biometric api 2024-02-02 17:19:20 +00:00
Ian Lynagh
643817e74e Merge pull request #15477 from igfoo/igfoo/kot_path_trans 
Kotlin: Add path transformer support
 2024-02-02 15:34:14 +00:00
Joe Farebrother
2a00375bb7 Add documentation 2024-02-02 14:34:43 +00:00
Max Schaefer
21c0422dc7 Merge pull request #15499 from github/max-schaefer/automodel-functional-interface-expr 
Automodel: Do not consider `@FunctionalInterface`-typed expressions as candidates.
 2024-02-02 14:28:41 +00:00
Anders Schack-Mulligen
49b00f3842 Java: Remove two redundant models implied by CharSequence models. 2024-02-02 13:17:26 +01:00
Ian Lynagh
68f267798e Kotlin: Add support for path transformers 2024-02-01 18:07:47 +00:00
Joe Farebrother
88c2ccbecf Generate stubs 2024-02-01 16:59:50 +00:00
Joe Farebrother
5d1edd45c5 Add unit tests 2024-02-01 16:56:20 +00:00
Joe Farebrother
9098428c2a Add security severity 2024-02-01 14:28:14 +00:00
Max Schaefer
e47b021050 Do not consider expressions as candidates whose type is annotated with @FunctionalInterface. 2024-02-01 11:04:14 +00:00
Max Schaefer
ab6cea14c8 Fix missing quotes. 2024-01-31 11:49:25 +00:00
Joe Farebrother
9130603334 Address reviews - use SimpleTypeSanitizer and alter qldoc style 2024-01-31 11:31:25 +00:00
Max Schaefer
6c6f402fa5 Merge branch 'main' into java/update-mad-decls-after-triage-2024-01-31T11-16-45 2024-01-31 11:29:33 +00:00
Max Schaefer
ad8038bade Update MaD Declarations after Triage 2024-01-31 11:28:10 +00:00
Ian Lynagh
2eb9b61412 Kotlin: Add a test for path transformers 2024-01-30 17:40:43 +00:00
Joe Farebrother
8bd79908a6 Implement local auth query 2024-01-30 16:49:55 +00:00
Tony Torralba
e2bf9ea2eb Consider File.exists() et al a path-injection sink 2024-01-30 14:51:36 +01:00
Joe Farebrother
460ffc89b2 Add additional test cases 2024-01-29 22:43:28 +00:00
Joe Farebrother
3abd67064d Add change note 2024-01-29 16:33:07 +00:00
Joe Farebrother
94075ef148 Fix FPs - consider flow through fields when determining whether a view is masked, and find more instances of findViewById. 2024-01-29 16:25:38 +00:00
Joe Farebrother
8d201626e1 Add documentation 2024-01-29 16:25:38 +00:00
Joe Farebrother
aa78050933 Implement checks for elements hidden by their xml attributes 2024-01-29 16:25:38 +00:00
Joe Farebrother
6081f18089 Add unit tests + make some fixes 2024-01-29 16:25:37 +00:00
Joe Farebrother
8582093e65 Implement checks for parent views being hidden 2024-01-29 16:25:37 +00:00
Joe Farebrother
1b13597d72 Implement checks for calls that may safely mask information 2024-01-29 16:25:37 +00:00
Joe Farebrother
5dd0addfc2 Add sensitive text flow query 2024-01-29 16:25:36 +00:00
Ian Lynagh
79d9109850 Merge pull request #15428 from igfoo/igfoo/catch_illegal_arg 
Kotlin: Catch/ignore a IllegalArgumentException exception
 2024-01-29 11:27:38 +00:00
Ian Lynagh
76e417c23e Merge pull request #14940 from igfoo/igfoo/comments 
Kotlin 2: Comment improvements
 2024-01-29 11:27:19 +00:00
github-actions[bot]
6d06c9cb7d Add changed framework coverage reports 2024-01-29 00:16:27 +00:00
Marcono1234
d8fe0f5bb8 Java: Document which assignment type is covered by which class 2024-01-28 19:03:36 +01:00