hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
50,320 Commits 1,671 Branches 157 Tags
7e3e10c34b855d5423007358780e96e02cb1577a
Commit Graph

8745 Commits

Author SHA1 Message Date
Ed Minnix
81df89f93e Use proper @id in changenote 2023-01-03 15:19:26 -05:00
Ed Minnix
28ad9d00fb Merge both setAllowContentAccess queries into one query 
Previously, the query to detect whether or not access to `content://`
links was done using two queries.

Now they can be merged into one query
 2023-01-03 15:17:07 -05:00
Jami Cogswell
29221ae426 Java: add summary model for System.getProperty, adjust comments 2023-01-03 15:11:21 -05:00
Jami Cogswell
21a018e5c5 Java: add summary model and test for File.getName 2023-01-03 13:12:24 -05:00
Ed Minnix
35de551f6b Formatting 2022-12-31 17:19:49 -05:00
Ed Minnix
515fa21aad Change notes 2022-12-31 17:18:37 -05:00
Ed Minnix
df1a4d2ed1 Documentation fix: Add state1 and state2 to documentation 2022-12-31 15:25:37 -05:00
Ed Minnix
68392aa8d8 Fix test expectations 2022-12-31 15:25:25 -05:00
Ed Minnix
02f70f3536 Add @security-severity tag 2022-12-31 15:00:28 -05:00
Edward Minnix III
1d345c6101 Refactoring and simplification 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2022-12-31 15:00:28 -05:00
Ed Minnix
9ef319f659 Java: setAllowContentAccess query tests 2022-12-31 15:00:28 -05:00
Ed Minnix
5265cb4b03 Merge two dataflow configurations into one taint tracking 2022-12-31 15:00:28 -05:00
Ed Minnix
973f649e76 Break dataflow into two steps in order to capture flow from WebView to settings call 2022-12-31 15:00:28 -05:00
Ed Minnix
0e15dd9fa9 Query metadata 2022-12-31 15:00:28 -05:00
Edward Minnix III
778749184b Change id to use android/ instead of prepending android- 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2022-12-31 15:00:28 -05:00
Ed Minnix
da25c586e6 Dataflow query for detecting paths that disable content access 
Since the default value is `true`, we need to determine whether or not
the `setAllowContentAccess` method is ever called using dataflow.
 2022-12-31 15:00:28 -05:00
Ed Minnix
8a763015e6 Reduce precision rating to medium 
This query won't always be a security problem, so it should have a lower
precision rating than `high`.
 2022-12-31 15:00:28 -05:00
Ed Minnix
7cc53126f3 Java: WebView setAllowContentAccess query test cases 2022-12-31 15:00:28 -05:00
Ed Minnix
a023726c03 Java: add Android stubs to options file for CWE-200 tests 2022-12-31 15:00:28 -05:00
Ed Minnix
e4e13d38b7 Java: query for Android WebView setAllowContentAccess 2022-12-31 15:00:28 -05:00
Ed Minnix
e259ef5d1d Java: Add class for android.webkit.WebSettings.setAllowContentAccess 2022-12-31 15:00:28 -05:00
Jami Cogswell
939279af38 Java: add comments 2022-12-22 16:25:12 -05:00
Jami Cogswell
673d37cc3d Java: update Math.min test case 2022-12-22 14:36:06 -05:00
Jami Cogswell
a81c54b58c Java: updates to order alphabetically 2022-12-22 13:22:12 -05:00
Jami Cogswell
e6331dc2e6 Java: update test case affected by Long.parseLong summary model 2022-12-22 12:57:37 -05:00
Jami Cogswell
997219a280 Java: update test case affected by Class.isAssignableFrom neutral model 2022-12-22 12:54:02 -05:00
Jami Cogswell
6007827dd3 Java: update test cases 2022-12-22 12:29:57 -05:00
erik-krogh
b3dd50bc36 inline Location into the shared implementation of InlineExpectationsTest 2022-12-22 11:09:43 +01:00
Rasmus Lerchedahl Petersen
4667068017 java: use shared inline tests 
- remove from identical-files
 2022-12-22 10:20:06 +01:00
Jami Cogswell
de5965525f Java: add initial test cases for summary models 2022-12-21 16:19:37 -05:00
Jami Cogswell
c251da799f Java: update TopJdkApis test 2022-12-21 13:19:09 -05:00
Jami Cogswell
16de30e07e Java: add java.util.stream models 2022-12-21 13:05:23 -05:00
Jami Cogswell
1db829e55c Java: add java.util models 2022-12-21 13:03:57 -05:00
Jami Cogswell
573de92441 Java: add java.util.function models 2022-12-21 12:59:58 -05:00
Jami Cogswell
a8c55ee4b7 Java: add java.util.concurrent models 2022-12-21 12:59:00 -05:00
Jami Cogswell
db0d24fdd1 Java: add java.util.concurrent.atomic models 2022-12-21 12:57:22 -05:00
Jami Cogswell
cfe075ef54 Java: add java.time models 2022-12-21 12:54:35 -05:00
Jami Cogswell
8e20aeb314 Java: add java.text models 2022-12-21 12:51:44 -05:00
Jami Cogswell
b9ce588076 Java: add java.sql models 2022-12-21 12:49:29 -05:00
Jami Cogswell
1544f49f91 Java: add java.math models 2022-12-21 12:47:32 -05:00
Jami Cogswell
ed534b06d5 Java: add java.lang models 2022-12-21 12:45:12 -05:00
Jami Cogswell
99ddd484be Java: add java.io models 2022-12-21 12:34:26 -05:00
Edward Minnix III
b77923f6e6 Merge pull request #11767 from atorralba/atorralba/java/fix-pinning-tests 
Java: Small simplification in Missing Certificate Pinning tests
 2022-12-21 11:21:47 -05:00
Edward Minnix III
597523e65a Merge pull request #11766 from atorralba/atorralba/java/fix-android-query-id 
Java: Fix new Android queries' IDs
 2022-12-21 11:21:12 -05:00
Arthur Baars
98c5b81456 Merge pull request #11723 from aibaars/alert-suppression 
CodeQL alert suppression
 2022-12-21 10:59:57 +01:00
Arthur Baars
035ad65e43 AlertSuppression: move library into util folder 2022-12-21 10:39:57 +01:00
Tony Torralba
ab73d13d8b Small simplification 2022-12-21 09:58:13 +01:00
Tony Torralba
345c383acc Fix new Android queries' IDs 2022-12-21 09:36:57 +01:00
github-actions[bot]
eb98bb2842 Add changed framework coverage reports 2022-12-21 00:15:01 +00:00
Jami
c9258effb6 Merge pull request #11572 from jcogs33/jcogs33/model-top-jdk-apis 
Java: model top 100 JDK APIs
 2022-12-20 09:13:53 -05:00