hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-27 09:48:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
44,892 Commits 1,720 Branches 163 Tags
6eb58d832c32d240a4a3ad811b16fd999c571f21
Commit Graph

381 Commits

Author SHA1 Message Date
Jami Cogswell
6eb58d832c remove dependence on typeFlag 2022-10-14 00:47:57 -04:00
Jami Cogswell
c61f23baae experiment with more code condensing 2022-10-13 23:24:06 -04:00
Jami Cogswell
2daa3457d7 combine three configs into one 2022-10-13 17:57:56 -04:00
Jami Cogswell
e0f0d554cb condense code 2022-10-12 22:18:07 -04:00
Jami Cogswell
bcb506b637 add placeholder qldocs 2022-10-12 17:04:51 -04:00
Jami Cogswell
bfbb6db436 clean up code 2022-10-12 16:58:34 -04:00
Jami Cogswell
37d85587e0 refactor code into InsufficientKeySize.qll 2022-10-12 15:39:57 -04:00
Jami Cogswell
0fc4a33d43 remove commented-out code 2022-10-12 08:54:06 -04:00
Jami Cogswell
01c2a8cbba add symm to the single config; still seems to work 2022-10-12 08:51:22 -04:00
Jami Cogswell
29de0c6748 make one config for asymm with flow states; seems to work... 2022-10-11 22:29:48 -04:00
Jami Cogswell
3e8748e639 add path-graph back to query alerts 2022-10-11 16:56:11 -04:00
Jami Cogswell
26f4abf12b remove globalflow for key(pair)gen 2022-10-11 16:56:11 -04:00
Jami Cogswell
e64825ff7a fix code-scanning bot problems 2022-10-11 16:56:11 -04:00
Jami Cogswell
b6a8c27d48 delete experimental files 2022-10-11 16:56:11 -04:00
Jami Cogswell
bd76b1fcc0 clean-up and update configurations to have specs as sink 2022-10-11 16:56:10 -04:00
Jami Cogswell
0c2cff253f updates from discussing with Tony 2022-10-11 16:56:10 -04:00
Jami Cogswell
3cc7f143b2 clean up code somewhat 2022-10-11 16:56:10 -04:00
Jami Cogswell
f5a2fef7a3 update tests for non-path version 2022-10-11 16:56:10 -04:00
Jami Cogswell
b0af9f936c added kg taintracking config to all 2022-10-11 16:56:10 -04:00
Jami Cogswell
b7123c17f8 draft of adding kpg tracking into dataflow config 2022-10-11 16:56:10 -04:00
Jami Cogswell
cdac0e2b52 add local algo name tracking, still need to add ability to track algo name when KeyGen obj is param to other method 2022-10-11 16:56:10 -04:00
Jami Cogswell
c414ee0e25 add ECC dataflow config; passes all test cases; still don't have algo name tracking 2022-10-11 16:56:10 -04:00
Jami Cogswell
5e2ef66014 refactoring to use both dataflow configs; commit before deleting unused code 2022-10-11 16:56:10 -04:00
Jami Cogswell
ac707198d5 commit before adding taint flow back (since no taint flow doesn't capture all cases) 2022-10-11 16:56:10 -04:00
Jami Cogswell
8ffd2522e7 add draft code to find algo type to replace tainttracking configs 2022-10-11 16:56:10 -04:00
Jami Cogswell
d3b1a04c13 handle FN case with simple VarAccess; add draft of dataflow config to handle complex VarAccess 2022-10-11 16:56:10 -04:00
Jami Cogswell
7de9c05c9d use CompileTimeConstantExpr for FN with VarAccess, and remove KeyGeneratorInitConfiguration 2022-10-11 16:56:10 -04:00
Jami Cogswell
75794ec7a7 false negative testing - before rewrite for variable dataflow 2022-10-11 16:56:10 -04:00
Jami Cogswell
9eb45c3787 refactor tests and code, update help file 2022-10-11 16:56:10 -04:00
Jami Cogswell
657e1e62ca start refactoring query logic into lib file 2022-10-11 16:56:10 -04:00
Anders Schack-Mulligen
6db0db431f Java: Add pruning for local taint flow. 2022-10-05 12:02:05 +02:00
Tony Torralba
9db65eae7f Address review comments 2022-10-04 12:27:01 +02:00
Tony Torralba
264d6db9d7 Rename AllowListGuard to AllowedPrefixGuard 2022-10-04 12:27:01 +02:00
Tony Torralba
90020b6aab Make block lists work with substring matching too 
A block list approach doesn't need to restrict itself to prefix matching
 2022-10-04 12:27:01 +02:00
Tony Torralba
69d1895175 Update java/ql/lib/semmle/code/java/security/PathSanitizer.qll 2022-10-04 12:27:01 +02:00
Tony Torralba
6fcaae20e7 Add tests and fix bugs highlighted by them 2022-10-04 12:27:01 +02:00
Tony Torralba
f19eb783be Generalize file/path taint steps 
This is needed by PathSanitizer but also helps simplify ZipSlip.ql
 2022-10-04 12:27:01 +02:00
Tony Torralba
4e29c39c78 Merge ZipSlip sanitization logic into PathSanitizer.qll 
Apply code review suggestions regarding weak sanitizers
 2022-10-04 12:27:01 +02:00
Tony Torralba
5706e8b377 Improve PathSanitizer 
Rename PathTraversalSanitizer to PathInjectionSanitizer
 2022-10-04 12:26:17 +02:00
Tony Torralba
50ad234694 Move PathSanitizer to the main library 2022-10-04 12:26:17 +02:00
Joe Farebrother
6cb26d5129 Merge pull request #10241 from joefarebrother/android-webview-dubugging 
Java: Add query for WebView debugging enabled
 2022-09-28 10:50:51 +01:00
Anders Schack-Mulligen
dcc3f9e0a2 Java: Improve performance of StaticInitializationVector. 2022-09-23 14:39:32 +02:00
Erik Krogh Kristensen
6e6880bbe4 Merge pull request #10486 from erik-krogh/java-unqueryable 
Java: Delete some unused code
 2022-09-22 14:21:39 +02:00
erik-krogh
a8929b6400 deprecate RegExpFlags::getFlags instead of deleting it 2022-09-22 13:43:42 +02:00
Joe Farebrother
eb3655da1c Remove type check from the barrier predicate 2022-09-21 13:57:32 +01:00
Joe Farebrother
a6a500ade2 Apply suggestions from code review - doc improvements, simplification 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2022-09-21 13:57:31 +01:00
Joe Farebrother
eed2df0fb3 Fix qhelp & ql-for-ql errors 2022-09-21 13:57:30 +01:00
Joe Farebrother
f934554143 Add docs + add an additional case 2022-09-21 13:57:29 +01:00
Joe Farebrother
20b2956322 Add webview debugging query 2022-09-21 13:57:28 +01:00
Tony Torralba
cbb64cc8c1 Merge pull request #10352 from atorralba/atorralba/promote-template-injection 
Java: Promote Server-side template injection from experimental
 2022-09-20 16:11:58 +02:00