1185 Commits

Author	SHA1	Message	Date
Tony Torralba	72c204063d	Merge pull request #10115 from atorralba/atorralba/fragment-fix ... Java: Add support for androidx.fragment.app.Fragment	2022-08-22 12:53:19 +02:00
Chris Smowton	f3ef8510d3	Merge pull request #10093 from smowton/smowton/feature/java-singular-locations ... Java: pick an arbitrary representative location when an entity has many candidate locations.	2022-08-22 09:32:43 +01:00
Tony Torralba	794fd976a9	Add androidx Fragment support	2022-08-19 16:32:06 +02:00
Erik Krogh Kristensen	4f93f2b9ba	Merge pull request #10076 from erik-krogh/ql-for-ql-fixes ... various QL-for-QL fixes	2022-08-18 15:46:48 +02:00
Chris Smowton	17dd1f64ec	Java: pick an arbitrary representative location when an entity has many candidate locations.	2022-08-18 14:29:16 +01:00
erik-krogh	9e7c0c6ab9	revert changing imports in java/	2022-08-18 10:19:12 +02:00
erik-krogh	4bc10f9b5c	explicitly import required frameworks that were previously implicitly imported	2022-08-18 08:40:46 +02:00
Anders Schack-Mulligen	c3ba632a32	Java: Add some type-based sanitizers to SensitiveInfoLog.ql.	2022-08-17 14:54:28 +02:00
Anders Schack-Mulligen	6e495ba6e5	Merge pull request #10068 from aschackmull/java/summarizedcallable-split ... Java: Make synthesized method bodies disjoint from source code.	2022-08-17 14:13:56 +02:00
erik-krogh	14d83ab1b5	make the framework imports in FlowSources.qll private	2022-08-17 13:50:08 +02:00
erik-krogh	b7b80fe176	reintroduce redundant cast in synced file	2022-08-17 13:34:22 +02:00
erik-krogh	ffb65d054e	delete redundant inline casts	2022-08-17 13:34:22 +02:00
erik-krogh	2e44fba67d	add explicit this	2022-08-17 13:33:31 +02:00
Anders Schack-Mulligen	27f76330be	Java: Fix models.	2022-08-17 12:46:09 +02:00
Joe Farebrother	7989ba3391	Replace a tainttracking instance with local flow	2022-08-17 10:35:16 +01:00
Joe Farebrother	bf32b5a8fd	Reiview suggestions - add doc comment, reword description, simplify a part	2022-08-17 10:35:15 +01:00
Joe Farebrother	4d0957711b	Reduce FPs from empty arrays	2022-08-17 10:35:14 +01:00
Joe Farebrother	c0a1300955	Improve initializedWthConstants to no longer need a workaround	2022-08-17 10:35:13 +01:00
Joe Farebrother	f8f21c7ee6	Move static init vector query and tests from experimental to main	2022-08-17 10:35:13 +01:00
Jami	dd23d48ad2	Merge pull request #9939 from jcogs33/android-debug-query-inline-tests ... Java: query to detect android:debuggable attribute enabled	2022-08-16 10:07:13 -04:00
Anders Schack-Mulligen	df40ccd129	Java: Make synthesized method bodies disjoint from source code.	2022-08-16 13:36:39 +02:00
erik-krogh	8e6a36256c	import the non-deprecated NfaUtils in the overly-large-range query	2022-08-16 11:21:43 +02:00
Anders Schack-Mulligen	28e4224ab1	Merge pull request #10023 from aschackmull/java/numbertype-perf ... Java: Minor perf improvement.	2022-08-16 09:52:55 +02:00
Erik Krogh Kristensen	f106e064fa	Merge pull request #9422 from erik-krogh/refacReDoS ... Refactorizations of the ReDoS libraries	2022-08-16 09:32:08 +02:00
Jami Cogswell	4986cc8458	update isDebuggable predicate	2022-08-15 15:50:00 -04:00
Jami Cogswell	c010f92811	simplified predicates, removed overridden getFile predicate	2022-08-15 15:50:00 -04:00
Jami Cogswell	6e10fcf519	added predicates in the AndroidManifest library and adjusted tests	2022-08-15 15:50:00 -04:00
Chris Smowton	774e379eb1	Merge pull request #9742 from smehta23/feat/SM/java_partial_path_traversal_vulnerability ... [JAVA] Partial Path Traversal Vuln Query	2022-08-15 12:56:16 +01:00
Erik Krogh Kristensen	0adb588fe8	Merge pull request #9712 from erik-krogh/badRange ... JS/RB/PY/Java: add suspicious range query	2022-08-15 13:55:44 +02:00
Anders Schack-Mulligen	a3fb54c9de	Merge pull request #10007 from aschackmull/dataflow/source-node-identity ... Dataflow: Fix identification of source PathNodes in the presence of source-to-source flow	2022-08-15 10:39:17 +02:00
erik-krogh	3a4a3437b5	fix some QL-for-QL warnings	2022-08-12 20:38:50 +02:00
erik-krogh	b54f037424	Merge branch 'main' into refacReDoS	2022-08-12 20:28:30 +02:00
erik-krogh	b9e96fb078	sync changes to other languages	2022-08-12 20:28:12 +02:00
Anders Schack-Mulligen	a3fc463d0a	Java: Minor perf improvement.	2022-08-11 14:21:10 +02:00
Erik Krogh Kristensen	73df8e4c7d	Merge pull request #9832 from erik-krogh/misspellings ... Fix lots of misspellings	2022-08-11 12:43:26 +02:00
Chris Smowton	e9df675f88	Autoformat ql	2022-08-11 09:55:46 +01:00
Anders Schack-Mulligen	87461fece4	Merge pull request #10006 from aschackmull/java/sensitive-log-dedup ... Java: Remove SensitiveLoggingQuery results that flow through a source.	2022-08-11 09:26:33 +02:00
Erik Krogh Kristensen	887f6557ed	fix common misspellings throughout github/codeql	2022-08-10 23:21:41 +02:00
Anders Schack-Mulligen	abad133ab5	Dataflow: Fix identification of source PathNodes in the presence of source-to-source flow.	2022-08-10 15:02:56 +02:00
Anders Schack-Mulligen	cbd6d24b9c	Merge pull request #9963 from intrigus-lgtm/java/model-set-properties ... Model `java.util.Properties.setProperty`	2022-08-10 14:51:00 +02:00
Anders Schack-Mulligen	ecc15a1f95	Java: Remove SensitiveLoggingQuery results that flow through a source.	2022-08-10 14:28:07 +02:00
Tony Torralba	7f5fe85e2e	Merge pull request #9975 from atorralba/atorralba/asynctask-improvs ... Java: Improve AsyncTask data flow support	2022-08-09 17:10:09 +02:00
Erik Krogh Kristensen	49276b1f38	Merge branch 'main' into refacReDoS	2022-08-09 16:18:46 +02:00
Anders Schack-Mulligen	aa3655678e	Merge pull request #9823 from aschackmull/dataflow/stage-module ... Dataflow: Replace stage duplication with parameterised modules.	2022-08-08 10:56:32 +02:00
Joe Farebrother	dd83c17144	Use more precise control flow logic	2022-08-05 12:56:21 +01:00
Joe Farebrother	abf894a64c	Fix typos	2022-08-05 12:56:20 +01:00
Joe Farebrother	03c2a0e818	Add missing qldoc	2022-08-05 12:56:20 +01:00
Joe Farebrother	a2245bb858	Fix test	2022-08-05 12:56:19 +01:00
Joe Farebrother	16e16f08dc	Add webview cert validation query	2022-08-05 12:56:18 +01:00
Tony Torralba	b75b073dae	Remove unused class member	2022-08-05 12:21:22 +02:00