codeql

mirror of https://github.com/github/codeql.git synced 2026-06-18 19:31:11 +02:00

Author	SHA1	Message	Date
Jonathan Leitschuh	7dee22a130	Fix implicit 'this' usage	2022-02-14 11:00:41 -05:00
Jonathan Leitschuh	bafcce17d4	Apply suggestions from code review Co-authored-by: Chris Smowton <smowton@github.com>	2022-02-09 22:14:17 -05:00
Jonathan Leitschuh	49a73673b6	Fix FP from mkdirs call on exact temp directory	2022-02-09 11:04:23 -05:00
Jonathan Leitschuh	787e3dac31	Update java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql Co-authored-by: Chris Smowton <smowton@github.com>	2022-02-09 10:07:56 -05:00
Jonathan Leitschuh	7f46640176	Consider calls to setReadable(false, false) then setReadable(true, true) to be safe	2022-02-08 17:57:10 -05:00
Chris Smowton	a6596ea7ce	Fix test requirements, formatting	2022-02-08 12:01:32 +00:00
Chris Smowton	79654592d9	Apply suggestions from code review	2022-02-08 10:23:46 +00:00
Jonathan Leitschuh	c4112e6d4c	Post refactor fixiup	2022-02-07 15:02:13 -05:00
Chris Smowton	de38638db6	Combine CWE-200 queries	2022-02-07 14:22:36 -05:00
Jonathan Leitschuh	0268dd9f0a	Add file creation sanitizer	2022-02-04 17:10:27 -05:00
Jonathan Leitschuh	0a621c2801	Fix the formatting in TempDirLocalInformationDisclosureFromMethodCall	2022-02-04 17:10:27 -05:00
Jonathan Leitschuh	d5c9af31b2	Fixup documentation/code from PR feedback	2022-02-04 17:10:26 -05:00
Jonathan Leitschuh	f7a4aac525	Apply suggestions from code review Co-authored-by: Chris Smowton <smowton@github.com>	2022-02-04 17:10:26 -05:00
Jonathan Leitschuh	a4b5573f53	Apply suggestions from code review Co-authored-by: Chris Smowton <smowton@github.com>	2022-02-04 17:10:26 -05:00
Jonathan Leitschuh	a8d25b63ac	Apply suggestions from code review Co-authored-by: Chris Smowton <smowton@github.com>	2022-02-04 17:10:26 -05:00
Chris Smowton	e795823d97	Autoformat TempDirUtils.qll	2022-02-04 17:10:26 -05:00
Jonathan Leitschuh	7e514e9ef9	Add QLdoc and fix Compiler Errors in Tests	2022-02-04 17:10:26 -05:00
Jonathan Leitschuh	cb30385684	Update java/ql/src/Security/CWE/CWE-200/TempDirUtils.qll Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2022-02-04 17:10:26 -05:00
Jonathan Leitschuh	66831989b7	Add QLdoc to TempDirUtils	2022-02-04 17:10:25 -05:00
Jonathan Leitschuh	7e55c92eb4	Apply suggestions from code review Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2022-02-04 17:10:25 -05:00
Jonathan Leitschuh	f6067d28f9	Fix file names and formatting from PR feedback	2022-02-04 17:10:25 -05:00
Jonathan Leitschuh	41b5011b81	Apply suggestions from code review Co-authored-by: Felicity Chapman <felicitymay@github.com>	2022-02-04 17:10:25 -05:00
Jonathan Leitschuh	7929faedc0	Apply suggestions from code review Co-authored-by: Felicity Chapman <felicitymay@github.com>	2022-02-04 17:10:25 -05:00
Jonathan Leitschuh	f910fd4719	Remove path flow tracking in 'TempDirLocalInformationDisclosureFromMethodCall'	2022-02-04 17:10:25 -05:00
Jonathan Leitschuh	e4c017e888	Apply suggestions from code review Co-authored-by: Arthur Baars <aibaars@github.com>	2022-02-04 17:10:24 -05:00
Jonathan Leitschuh	13fed0e9b6	Temp Dir Info Disclosure: Final pass and add documentation	2022-02-04 17:10:24 -05:00
Jonathan Leitschuh	bc12e994b0	Add `java.nio.file.Files` API checks	2022-02-04 17:10:24 -05:00
Jonathan Leitschuh	ecad7534ae	Add mkdirs check	2022-02-04 17:10:24 -05:00
Jonathan Leitschuh	cf0ed81575	Add TempDir taint tracking for Files.write	2022-02-04 17:10:24 -05:00
Jonathan Leitschuh	3a15678b1e	Java: CWE-200: Temp directory local information disclosure vulnerability	2022-02-04 17:10:23 -05:00
Tony Torralba	4f13bf8941	Merge pull request #6492 from atorralba/atorralba/android-cleartext-storage-database Java: Create new query Cleartext storage of sensitive information in Android databases	2022-02-02 16:23:05 +01:00
Tony Torralba	b59fd4070f	Merge pull request #7136 from atorralba/atorralba/promote-insecure-trustmanager Java: Promote Insecure TrustManager from experimental	2022-01-24 14:05:14 +01:00
Tony Torralba	c5ed5fcaac	Apply suggestions from code review Co-authored-by: Ethan Palm <56270045+ethanpalm@users.noreply.github.com>	2022-01-21 16:55:42 +01:00
Tony Torralba	ee84dae164	Fix predicate name	2022-01-21 16:55:42 +01:00
Tony Torralba	16b61f78e6	Fix QLDocs and the qhelp example	2022-01-21 16:55:42 +01:00
Tony Torralba	f0604e2e84	Added query for Cleartext Storage in Android Database	2022-01-21 16:55:42 +01:00
Tony Torralba	c7e1df5689	Update java/ql/src/Security/CWE/CWE-927/ImplicitPendingIntents.qhelp Co-authored-by: Felicity Chapman <felicitymay@github.com>	2022-01-21 11:57:11 +01:00
Tony Torralba	3f6e035016	Docs improvements	2022-01-21 11:37:02 +01:00
Tony Torralba	8767d2db23	Don't capitalize the term content provider Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>	2022-01-20 13:23:52 +01:00
Tony Torralba	596cfd399e	Improve description	2022-01-20 13:23:52 +01:00
Tony Torralba	3405db31b8	Add qhelp	2022-01-20 13:23:51 +01:00
Tony Torralba	e1d30ebc09	Added severity Removed duplicated code	2022-01-20 13:23:15 +01:00
Tony Torralba	ec8ffeed07	Add Intent URI Permission Manipulation query	2022-01-20 13:23:14 +01:00
mc	c105d71952	Update InsecureTrustManager.qhelp Fixed typos and carried out and editorial review	2022-01-20 10:24:46 +01:00
Tony Torralba	77c2b43560	Add change note and severity score	2022-01-20 10:24:43 +01:00
Tony Torralba	d58bb4753e	Refactor tests	2022-01-20 10:23:19 +01:00
Tony Torralba	ab4dc30f54	Refactor into libraries	2022-01-20 10:23:18 +01:00
Tony Torralba	7cd05fb685	Move from experimental	2022-01-20 10:23:18 +01:00
Tony Torralba	e442e50e6b	Apply suggestions from code review Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2022-01-19 16:43:48 +01:00
Tony Torralba	03020582af	Apply suggestions from code review Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>	2022-01-19 16:43:47 +01:00

1 2 3 4 5 ...

516 Commits