hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-19 01:14:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
45,940 Commits 1,679 Branches 158 Tags
86e81f523c27312bbdf2bb7805290124d15afa17
Commit Graph

780 Commits

Author SHA1 Message Date
Tony Torralba
fd8f8cb930 Merge pull request #10223 from atorralba/atorralba/unsafe-content-resolver 
Java: New Android query to detect unsafe content URI resolution
 2022-10-19 11:22:04 +02:00
Tony Torralba
01a08d44bb Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2022-10-17 14:14:38 +02:00
Tony Torralba
a540aaa35b Address alert message style violation 2022-10-17 10:22:31 +02:00
Tony Torralba
434a2a9f5d Improve qhelp example text 2022-10-17 10:19:40 +02:00
Tony Torralba
c909b8824c Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2022-10-17 10:12:56 +02:00
Edward Minnix III
ce740b47ae Merge pull request #10637 from egregius313/egregius313/android-misconfigured-contentprovider 
Android ContentProvider Incomplete Permissions
 2022-10-12 09:41:03 -04:00
Josh Soref
1a14c06008 spelling: receiver 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 04:40:26 -04:00
Josh Soref
ba0f34afed spelling: owasp 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 04:40:26 -04:00
Ed Minnix
80cc3fc518 Reword first sentence of documentation 2022-10-11 11:02:37 -04:00
Edward Minnix III
1f0a48de28 Documentation suggestion 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2022-10-11 10:59:00 -04:00
Edward Minnix III
b6270ebe52 Apply suggestions from documentation review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2022-10-10 14:57:14 -04:00
Edward Minnix III
b94b78115e Style fix. 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2022-10-10 14:52:17 -04:00
Tony Torralba
015d48ef66 Fix select message 2022-10-06 16:28:17 +02:00
Tony Torralba
39b5ebfd7b Fix qhelp 2022-10-06 16:28:17 +02:00
Tony Torralba
76ea255277 Add security-severity 2022-10-06 16:28:17 +02:00
Tony Torralba
4a18892da9 Second query version 
Remove sinks flowing to write operations requirement
 2022-10-06 16:28:17 +02:00
Tony Torralba
153ec5368e First query version requiring sinks to flow to write operations 2022-10-06 16:28:17 +02:00
Ed Minnix
3c7f5420db Update metadata to match CWE-926 2022-10-04 10:48:05 -04:00
Ed Minnix
f888c4b279 Move files from CWE-276 to CWE-926 2022-10-04 10:40:34 -04:00
Tony Torralba
f19eb783be Generalize file/path taint steps 
This is needed by PathSanitizer but also helps simplify ZipSlip.ql
 2022-10-04 12:27:01 +02:00
Tony Torralba
4e29c39c78 Merge ZipSlip sanitization logic into PathSanitizer.qll 
Apply code review suggestions regarding weak sanitizers
 2022-10-04 12:27:01 +02:00
Tony Torralba
08c67fb174 Use PathInjectionSanitizer in relevant queries 2022-10-04 12:27:01 +02:00
Tony Torralba
dff878e531 Apply TaintedPath recent changes to TaintedPathLocal 2022-10-04 12:26:59 +02:00
Ed Minnix
c6f91500f0 Update query description to better describe issue 2022-10-03 13:12:53 -04:00
Edward Minnix III
071f082b64 Add mention of content provider in query description 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2022-10-03 11:21:33 -04:00
Edward Minnix III
2970e8c76a Remove redundant documentation 
Co-authored-by: Jami <57204504+jcogs33@users.noreply.github.com>
 2022-10-03 11:21:02 -04:00
erik-krogh
39ffa558f1 make a few more queries consistent with the other languages 2022-10-02 22:38:25 +02:00
erik-krogh
129cda00db get a few more queries in sync with other languages 2022-10-01 11:17:48 +02:00
erik-krogh
acfcc4bfe2 update two more queries to better follow the style-guide 2022-10-01 10:59:59 +02:00
erik-krogh
7d643e41f3 Merge branch 'main' into java-followMsg 2022-10-01 10:48:06 +02:00
Ed Minnix
2a2878fc7b Move text into paragraph tag 2022-09-29 16:33:22 -04:00
Ed Minnix
e3c0e6f52a Remove location link from alert message 
Follow the style suggestion from the github-code-scanning bot and remove
provider element from alert link
 2022-09-29 16:20:48 -04:00
Ed Minnix
f2bda1525a Revert "Android ContentProvider.openFile does not check mode initital commit" 
This reverts commit e37f62bb5e.

The MisconfiguedContentProviderUse.ql file provided a sample query which
will be useful in future checks for CVE-2021-41166, but is not needed
for the current manifest-focused check
 2022-09-29 14:43:18 -04:00
Ed Minnix
e72963986f Moved Android manifest incomplete permission logic into library 2022-09-29 14:06:18 -04:00
Ed Minnix
dedd29e1b3 Incomplete Android content provider permissions documentation 2022-09-29 14:05:18 -04:00
Joe Farebrother
af41f2b903 Remove 'here'. 2022-09-26 13:36:14 +01:00
erik-krogh
46b5bf32f9 update alert-messsages of java queries 2022-09-26 12:15:25 +02:00
Joe Farebrother
2414239e50 Fix qhelp formatting 2022-09-21 16:36:20 +01:00
Joe Farebrother
ed8ec89497 Reword suggestion on using debug flags 2022-09-21 13:57:31 +01:00
Joe Farebrother
44bd038339 Apply docs suggestions from code review 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2022-09-21 13:57:31 +01:00
Joe Farebrother
a6a500ade2 Apply suggestions from code review - doc improvements, simplification 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2022-09-21 13:57:31 +01:00
Joe Farebrother
6014a75e0e Fix qhelp 2022-09-21 13:57:30 +01:00
Joe Farebrother
eed2df0fb3 Fix qhelp & ql-for-ql errors 2022-09-21 13:57:30 +01:00
Joe Farebrother
f934554143 Add docs + add an additional case 2022-09-21 13:57:29 +01:00
Joe Farebrother
20b2956322 Add webview debugging query 2022-09-21 13:57:28 +01:00
Tony Torralba
cbb64cc8c1 Merge pull request #10352 from atorralba/atorralba/promote-template-injection 
Java: Promote Server-side template injection from experimental
 2022-09-20 16:11:58 +02:00
Tony Torralba
4af29e6abf Update java/ql/src/Security/CWE/CWE-094/TemplateInjection.qhelp 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-09-20 11:48:40 +02:00
Tony Torralba
4997f36f05 Apply suggestions from code review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-09-20 11:48:18 +02:00
Ed Minnix
e37f62bb5e Android ContentProvider.openFile does not check mode initital commit 
Initial commit for work on a query finding instances where the `mode`
parameter of an override of the `openFile` method of the
`android.content.ContentProvider` class
 2022-09-19 10:32:02 -04:00
Ed Minnix
00891fa455 Android Manifest Incomplete provider permissions initial commit 
Initial work on checking provider elements in Android manifests for
complete permissions.
 2022-09-19 10:31:02 -04:00