hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-18 11:21:07 +02:00
Code Issues Packages Projects Releases Wiki Activity
87,884 Commits 1,778 Branches 169 Tags
7d546696968613dec39cd4ddabb6da3dfd0335da
Commit Graph

1297 Commits

Author SHA1 Message Date
Tony Torralba
c909b8824c Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2022-10-17 10:12:56 +02:00
Jami Cogswell
da218fdbf1 clean up code 2022-10-14 13:03:34 -04:00
Jami Cogswell
2daa3457d7 combine three configs into one 2022-10-13 17:57:56 -04:00
Jami Cogswell
bfbb6db436 clean up code 2022-10-12 16:58:34 -04:00
Jami Cogswell
37d85587e0 refactor code into InsufficientKeySize.qll 2022-10-12 15:39:57 -04:00
Edward Minnix III
ce740b47ae Merge pull request #10637 from egregius313/egregius313/android-misconfigured-contentprovider 
Android ContentProvider Incomplete Permissions
 2022-10-12 09:41:03 -04:00
Jami Cogswell
01c2a8cbba add symm to the single config; still seems to work 2022-10-12 08:51:22 -04:00
Josh Soref
1a14c06008 spelling: receiver 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 04:40:26 -04:00
Josh Soref
ba0f34afed spelling: owasp 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 04:40:26 -04:00
Jami Cogswell
29de0c6748 make one config for asymm with flow states; seems to work... 2022-10-11 22:29:48 -04:00
Jami Cogswell
3e8748e639 add path-graph back to query alerts 2022-10-11 16:56:11 -04:00
Jami Cogswell
e64825ff7a fix code-scanning bot problems 2022-10-11 16:56:11 -04:00
Jami Cogswell
bd76b1fcc0 clean-up and update configurations to have specs as sink 2022-10-11 16:56:10 -04:00
Jami Cogswell
3cc7f143b2 clean up code somewhat 2022-10-11 16:56:10 -04:00
Jami Cogswell
b0af9f936c added kg taintracking config to all 2022-10-11 16:56:10 -04:00
Jami Cogswell
b7123c17f8 draft of adding kpg tracking into dataflow config 2022-10-11 16:56:10 -04:00
Jami Cogswell
cdac0e2b52 add local algo name tracking, still need to add ability to track algo name when KeyGen obj is param to other method 2022-10-11 16:56:10 -04:00
Jami Cogswell
c414ee0e25 add ECC dataflow config; passes all test cases; still don't have algo name tracking 2022-10-11 16:56:10 -04:00
Jami Cogswell
5e2ef66014 refactoring to use both dataflow configs; commit before deleting unused code 2022-10-11 16:56:10 -04:00
Jami Cogswell
8ffd2522e7 add draft code to find algo type to replace tainttracking configs 2022-10-11 16:56:10 -04:00
Jami Cogswell
d3b1a04c13 handle FN case with simple VarAccess; add draft of dataflow config to handle complex VarAccess 2022-10-11 16:56:10 -04:00
Jami Cogswell
9eb45c3787 refactor tests and code, update help file 2022-10-11 16:56:10 -04:00
Jami Cogswell
657e1e62ca start refactoring query logic into lib file 2022-10-11 16:56:10 -04:00
Jami Cogswell
3643c9e658 update metadata 2022-10-11 16:56:10 -04:00
Jami Cogswell
9b7df354e6 move files 2022-10-11 16:56:10 -04:00
Ed Minnix
80cc3fc518 Reword first sentence of documentation 2022-10-11 11:02:37 -04:00
Edward Minnix III
1f0a48de28 Documentation suggestion 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2022-10-11 10:59:00 -04:00
Edward Minnix III
b6270ebe52 Apply suggestions from documentation review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2022-10-10 14:57:14 -04:00
Edward Minnix III
b94b78115e Style fix. 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2022-10-10 14:52:17 -04:00
Tony Torralba
015d48ef66 Fix select message 2022-10-06 16:28:17 +02:00
Tony Torralba
39b5ebfd7b Fix qhelp 2022-10-06 16:28:17 +02:00
Tony Torralba
76ea255277 Add security-severity 2022-10-06 16:28:17 +02:00
Tony Torralba
4a18892da9 Second query version 
Remove sinks flowing to write operations requirement
 2022-10-06 16:28:17 +02:00
Tony Torralba
153ec5368e First query version requiring sinks to flow to write operations 2022-10-06 16:28:17 +02:00
Ed Minnix
3c7f5420db Update metadata to match CWE-926 2022-10-04 10:48:05 -04:00
Ed Minnix
f888c4b279 Move files from CWE-276 to CWE-926 2022-10-04 10:40:34 -04:00
Tony Torralba
f19eb783be Generalize file/path taint steps 
This is needed by PathSanitizer but also helps simplify ZipSlip.ql
 2022-10-04 12:27:01 +02:00
Tony Torralba
4e29c39c78 Merge ZipSlip sanitization logic into PathSanitizer.qll 
Apply code review suggestions regarding weak sanitizers
 2022-10-04 12:27:01 +02:00
Tony Torralba
08c67fb174 Use PathInjectionSanitizer in relevant queries 2022-10-04 12:27:01 +02:00
Tony Torralba
dff878e531 Apply TaintedPath recent changes to TaintedPathLocal 2022-10-04 12:26:59 +02:00
Ed Minnix
c6f91500f0 Update query description to better describe issue 2022-10-03 13:12:53 -04:00
Edward Minnix III
071f082b64 Add mention of content provider in query description 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2022-10-03 11:21:33 -04:00
Edward Minnix III
2970e8c76a Remove redundant documentation 
Co-authored-by: Jami <57204504+jcogs33@users.noreply.github.com>
 2022-10-03 11:21:02 -04:00
erik-krogh
39ffa558f1 make a few more queries consistent with the other languages 2022-10-02 22:38:25 +02:00
erik-krogh
129cda00db get a few more queries in sync with other languages 2022-10-01 11:17:48 +02:00
erik-krogh
acfcc4bfe2 update two more queries to better follow the style-guide 2022-10-01 10:59:59 +02:00
erik-krogh
7d643e41f3 Merge branch 'main' into java-followMsg 2022-10-01 10:48:06 +02:00
Ed Minnix
2a2878fc7b Move text into paragraph tag 2022-09-29 16:33:22 -04:00
Ed Minnix
e3c0e6f52a Remove location link from alert message 
Follow the style suggestion from the github-code-scanning bot and remove
provider element from alert link
 2022-09-29 16:20:48 -04:00
Ed Minnix
f2bda1525a Revert "Android ContentProvider.openFile does not check mode initital commit" 
This reverts commit e37f62bb5e.

The MisconfiguedContentProviderUse.ql file provided a sample query which
will be useful in future checks for CVE-2021-41166, but is not needed
for the current manifest-focused check
 2022-09-29 14:43:18 -04:00