hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity
42,503 Commits 1,673 Branches 157 Tags
a486a89ceef1cc794121873a67b30e65891525f4
Commit Graph

3751 Commits

Author SHA1 Message Date
Jami
b3e88f8234 Merge pull request #9983 from jcogs33/android-implicit-export 
Java: query to detect implicitly exported Android components
 2022-08-24 10:52:50 -04:00
Michael Nebel
761ed283b6 C#/Java/Ruby/Swift: Address review comments. 2022-08-24 09:58:54 +02:00
Michael Nebel
120fb25702 Java: Sync files and model generator and tests. 2022-08-24 09:58:52 +02:00
Michael Nebel
5255e16816 Java: Sync files and make framework specific code. 2022-08-24 09:58:51 +02:00
Erik Krogh Kristensen
4df2e5d937 Merge pull request #10096 from erik-krogh/acronyms-part1 
make acronyms camelcase
 2022-08-24 09:33:53 +02:00
Chris Smowton
0a7350f3bf Merge pull request #10041 from smowton/AddSensitiveApiCalls 
Java: support more libraries in hardcoded-credentials queries
 2022-08-23 10:51:04 +01:00
Tony Torralba
085c12a51f Merge pull request #10116 from atorralba/atorralba/static-init-vector-fix 
Java: Improve Static Initialization Vector query
 2022-08-23 11:38:41 +02:00
Tony Torralba
e3c1101b79 Merge pull request #10136 from atorralba/atorralba/redos-cwe-tag 
Java: Add CWE-1333 tag to Java ReDoS queries
 2022-08-23 11:07:51 +02:00
erik-krogh
82a5b7838c don't add deprecated alias in experimental folder 2022-08-23 10:38:23 +02:00
Joe Farebrother
ac79866799 Merge pull request #9982 from joefarebrother/rsa-without-oaep 
Java: Add query for RSA without OAEP
 2022-08-23 09:14:46 +01:00
Tony Torralba
6b4cfbbacd Add change note 2022-08-23 10:00:10 +02:00
Tony Torralba
cd10f559ca Add CWE-1333 tag to Java ReDoS queries 2022-08-23 09:56:59 +02:00
Tony Torralba
da3288fced Move change note to src 2022-08-23 09:40:34 +02:00
erik-krogh
e89e0eb7fb make some acronyms camelCase 2022-08-22 21:22:35 +02:00
Jami Cogswell
733078183e update query description 2022-08-22 12:41:22 -04:00
Jami Cogswell
f34e23bdba adjusted comments and precision level 2022-08-22 12:41:22 -04:00
Jami Cogswell
eacce03073 resolved merge conflict in AndroidManifest lib 2022-08-22 12:41:22 -04:00
Jami Cogswell
0934c1d184 resolved merge conflict in AndroidManifest lib 2022-08-22 12:41:22 -04:00
Jami Cogswell
9968d5d816 updated predicates 2022-08-22 12:41:22 -04:00
Jami Cogswell
58d3d89b2e resolved merge conflict in AndroidManifest 2022-08-22 12:41:22 -04:00
Jami Cogswell
084b9830bc resolved merge conflict in AndroidManifest 2022-08-22 12:41:22 -04:00
Jami Cogswell
55bd9f943f minor wording updates in help file 2022-08-22 12:41:22 -04:00
Jami Cogswell
a99d7ffaaf minor wording update in change note 2022-08-22 12:41:22 -04:00
Jami Cogswell
33c48ec685 updated change note 2022-08-22 12:41:22 -04:00
Jami Cogswell
10fa687e26 updated help file and unit tests 2022-08-22 12:41:22 -04:00
Jami Cogswell
eea1089ee0 resolved merge conflict in AndroidManifest 2022-08-22 12:41:22 -04:00
Jami Cogswell
60921a0355 switched to checking for permission attr in application elem instead of in manifest elem 2022-08-22 12:41:22 -04:00
Jami Cogswell
a6ecac6e00 third draft with category launcher and permission element excluded 2022-08-22 12:41:22 -04:00
Jami Cogswell
8d5bbc458f first draft of query and tests 2022-08-22 12:41:22 -04:00
Jami Cogswell
3e09d86a4f adding starter files 2022-08-22 12:41:22 -04:00
erik-krogh
ce9f69a639 rename all occurrences of XML to Xml 2022-08-22 14:08:31 +02:00
Erik Krogh Kristensen
4f93f2b9ba Merge pull request #10076 from erik-krogh/ql-for-ql-fixes 
various QL-for-QL fixes
 2022-08-18 15:46:48 +02:00
Anders Schack-Mulligen
61a2c0dab5 Merge pull request #10084 from aschackmull/java/numericcasttainted-barrier 
Java: Move sink-constraints into the configuration in NumericCastTainted.ql.
 2022-08-18 15:22:00 +02:00
Joe Farebrother
e8f027dab2 Apply docs suggestions from code review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-08-18 14:21:40 +01:00
erik-krogh
9e7c0c6ab9 revert changing imports in java/ 2022-08-18 10:19:12 +02:00
Anders Schack-Mulligen
37e5f0438c Java: Add change note. 2022-08-18 09:19:32 +02:00
erik-krogh
4bc10f9b5c explicitly import required frameworks that were previously implicitly imported 2022-08-18 08:40:46 +02:00
Anders Schack-Mulligen
f6eccd390e Java: Move sink-constraints into the configuration. 2022-08-17 15:06:55 +02:00
erik-krogh
14d83ab1b5 make the framework imports in FlowSources.qll private 2022-08-17 13:50:08 +02:00
erik-krogh
8066e39d07 delete some redundant imports 2022-08-17 13:50:04 +02:00
erik-krogh
2e44fba67d add explicit this 2022-08-17 13:33:31 +02:00
Joe Farebrother
5d00b871d4 Correct node type 2022-08-17 11:58:11 +01:00
Joe Farebrother
de69827711 Use a full dataflow config rather than local flow 2022-08-17 10:35:48 +01:00
Joe Farebrother
fe5a61bdde Fix typos in docs and comments 2022-08-17 10:35:48 +01:00
Joe Farebrother
c77b17574a Use CryptoAlgoSpec rather than hadcoding Cipher.getInstance 2022-08-17 10:35:47 +01:00
Joe Farebrother
08b77493d2 Add security severity and change note 2022-08-17 10:35:47 +01:00
Joe Farebrother
9ae652dd6a Add tests 2022-08-17 10:35:47 +01:00
Joe Farebrother
41bdd6d4cc Add RSA without OEAP query and qhelp 2022-08-17 10:35:46 +01:00
Joe Farebrother
7c188a6b96 Apply doc suggestions 2022-08-17 10:35:16 +01:00
Joe Farebrother
5afc0b0c15 Add security severity 2022-08-17 10:35:15 +01:00