hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
50,320 Commits 1,671 Branches 157 Tags
7e3e10c34b855d5423007358780e96e02cb1577a
Commit Graph

8745 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
e0ccb9306a Merge pull request #11908 from RasmusWL/dataflow-consistency-more-excludes 
DataFlow: Add `uniqueParameterNodePositionExclude`
 2023-01-18 10:44:51 +01:00
github-actions[bot]
571942fb21 Add changed framework coverage reports 2023-01-18 00:17:19 +00:00
Edward Minnix III
4c018759c8 Merge pull request #11283 from egregius313/egregius313/webview-setAllowContentAccess 
Java: Android WebView Content Access Query
 2023-01-17 11:02:47 -05:00
Jami
babdee36aa Merge pull request #11779 from jcogs33/jcogs33/model-more-top-jdk-apis 
Java: model top JDK APIs
 2023-01-17 10:20:32 -05:00
Jami Cogswell
10f0975812 Java: remove models for System.[get|set]Property 2023-01-17 08:51:48 -05:00
Rasmus Wriedt Larsen
a0b1c2ea79 DataFlow: Add uniqueParameterNodePositionExclude 2023-01-17 14:05:22 +01:00
Rasmus Wriedt Larsen
2b0a5fd5d1 DataFlow: Add uniqueParameterNodeAtPositionExclude 2023-01-17 14:05:17 +01:00
Antoine Taillefer
660e6d7085 Fix partial path traversal Java example 
The Java recommendation example for the "Partial path traversal vulnerability from remote" query doesn't seem right to me. Indeed, the following statement doesn't compile, since `dir.getCanonicalPath()` returns a String:
```
dir.getCanonicalPath().toPath()
```
Maybe the author wanted to state `dir.getCanonicalFile().toPath()`, which would compile, but is useless compared to `dir.getCanonicalPath()`.

Moreover, `parent.getCanonicalFile().toPath()` or `parent.getCanonicalPath()` will **not** be slash-terminated, contrary to what the description says.
From what I can see (and test), the correct fix is to concatenate `File.separator` to the parent canonical path.
 2023-01-16 21:14:29 +01:00
Ian Lynagh
17de5c120a Kotlin: Make a couple of functions private 2023-01-16 15:29:14 +00:00
Tony Torralba
cca6a13fbb Update java/ql/src/Security/CWE/CWE-927/SensitiveResultReceiver.qhelp 2023-01-16 14:21:03 +01:00
jelaiw
cf7189bb28 Fix small typo in good/bad code sample. 2023-01-13 19:16:11 -06:00
Jami Cogswell
fb6725ddaa Java: add WithoutElement comment for clear methods 2023-01-13 13:20:45 -05:00
Jami Cogswell
a43f3cf95f Java: remove Supplier.get model 2023-01-12 17:09:13 -05:00
Jami Cogswell
f040ff2d8d Java: undo change to Function.apply test case 2023-01-12 17:01:58 -05:00
Jami Cogswell
c3a1d088ac Java: update change note 2023-01-12 16:32:52 -05:00
Jami Cogswell
a39b2aaaac Java: remove endsWith test case 2023-01-12 16:24:57 -05:00
Jami Cogswell
ffb267937a Java: add endsWith additionalTaintStep to ConditionalBypassFlowConfig 2023-01-12 16:24:05 -05:00
Michael Nebel
5c466f3319 Java: Sync files and update other relavant files related to the new naming of shift. 2023-01-12 19:06:29 +01:00
Chris Smowton
8aa2c23ba8 Merge pull request #11700 from JLLeitschuh/doc/JLL/improve-java-unsafe-deserialization-documentation 
[Java] Document fixes for deserialization vulnerabilities by framework
 2023-01-12 18:04:13 +00:00
Chris Smowton
09d8a50494 Spelling 2023-01-12 17:46:00 +00:00
Jami Cogswell
e0444449c8 Java: remove Function.apply model 2023-01-12 09:58:53 -05:00
Jami
c725c447ac Merge branch 'main' into jcogs33/update-paramsString 2023-01-12 08:24:57 -05:00
Ian Lynagh
9ebe59d353 Merge pull request #11637 from igfoo/igfoo/kotlin-1.8 
Kotlin: Add 1.8 support
 2023-01-12 12:15:00 +00:00
Joe Farebrother
e12febfd96 Add change note 2023-01-12 11:44:39 +00:00
Joe Farebrother
b565f997a0 Improve qhelp 2023-01-12 11:44:39 +00:00
Joe Farebrother
639c42c9e9 Fix qhelp errors and ql-for-ql errors 2023-01-12 11:44:39 +00:00
Joe Farebrother
f52db7f9a3 Add qhelp 2023-01-12 11:44:39 +00:00
Joe Farebrother
a88759283a Fix typo in qldoc 2023-01-12 11:44:39 +00:00
Joe Farebrother
7e7b5b4488 Improve test case 2023-01-12 11:44:39 +00:00
Joe Farebrother
8449dabefe Add qldoc 2023-01-12 11:44:39 +00:00
Joe Farebrother
de565f9ccc Add test and fix a bug 2023-01-12 11:44:39 +00:00
Joe Farebrother
b96edb9c64 Add Sensitive Result Receiver query 2023-01-12 11:44:39 +00:00
Michael Nebel
18a815ca8b Merge pull request #11721 from michaelnebel/csharpjava/refactorprovenance 
C#/Java: Re-factor provenance related predicates.
 2023-01-12 10:50:31 +01:00
Jami Cogswell
fd593fd4f0 Java: undo changes to tests that were affected by numeric-flow summary models 2023-01-11 22:34:19 -05:00
Jami Cogswell
ce74c9d959 Java: Date models as neutral 2023-01-11 22:15:41 -05:00
Jami Cogswell
6bb865ad05 Java: make numeric flow models neutral 2023-01-11 18:04:43 -05:00
Jami Cogswell
0c7ffb0554 Java: update System.getProperty model 2023-01-11 12:04:22 -05:00
Pierre
c3116b3f0f Merge branch 'main' into turbo/experimental/combined 2023-01-11 18:02:55 +01:00
Jami Cogswell
2a99af0e6d Java: remove summary model for String.endsWith 2023-01-11 10:58:46 -05:00
Jami Cogswell
99ee6c95a1 Java: remove models for Consumer.accept and Collectors.toMap 2023-01-11 10:44:38 -05:00
Jami Cogswell
ac064ac2a7 Java: remove model for Collectors.joining 2023-01-11 10:30:49 -05:00
Michael Nebel
7e4f7a0c17 C#: Address review comments and sync files. 2023-01-11 16:29:24 +01:00
Michael Nebel
8112058a0a Java: Adapt TopJdpApi library to the re-factor. 2023-01-11 16:20:55 +01:00
Michael Nebel
6a047d6916 Java: Re-factor provenance related predicates for summarized callable. 2023-01-11 16:20:55 +01:00
Michael Nebel
ea173f9516 Sync files. 2023-01-11 16:20:55 +01:00
Michael Nebel
11ca3f49f6 C#/Java: Adjust imports after moving files. 2023-01-11 13:13:33 +01:00
Michael Nebel
787b4743ee C#/Java: Rename the directories containing the model generator and tests. 2023-01-11 13:13:33 +01:00
Michael Nebel
178fd0e9e1 C#/Java: Remove all dashes in mode-generator. 2023-01-11 13:13:33 +01:00
Jami Cogswell
181a711f04 Java: switch Collectors.joining model from neutral to summary 2023-01-10 21:06:03 -05:00
Jami Cogswell
faae811be7 Java: try simplification of paramsString and paramsStringPart 2023-01-10 13:35:52 -05:00