hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-28 18:11:25 +02:00
Code Issues Packages Projects Releases Wiki Activity
31,838 Commits 1,763 Branches 168 Tags
a6d4ff285fc7b9514c3b16a246ceacac3329be83
Commit Graph

475 Commits

Author SHA1 Message Date
Tony Torralba
c7e1df5689 Update java/ql/src/Security/CWE/CWE-927/ImplicitPendingIntents.qhelp 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2022-01-21 11:57:11 +01:00
Tony Torralba
3f6e035016 Docs improvements 2022-01-21 11:37:02 +01:00
Tony Torralba
8767d2db23 Don't capitalize the term content provider 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-01-20 13:23:52 +01:00
Tony Torralba
596cfd399e Improve description 2022-01-20 13:23:52 +01:00
Tony Torralba
3405db31b8 Add qhelp 2022-01-20 13:23:51 +01:00
Tony Torralba
e1d30ebc09 Added severity 
Removed duplicated code
 2022-01-20 13:23:15 +01:00
Tony Torralba
ec8ffeed07 Add Intent URI Permission Manipulation query 2022-01-20 13:23:14 +01:00
Tony Torralba
e442e50e6b Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2022-01-19 16:43:48 +01:00
Tony Torralba
03020582af Apply suggestions from code review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-01-19 16:43:47 +01:00
Tony Torralba
000a544729 Decouple UnsafeCertTrust.qll to reuse the taint tracking configuration 2022-01-19 16:43:43 +01:00
Tony Torralba
999acb0021 Improve qhelp references 2022-01-19 16:43:00 +01:00
Tony Torralba
c24520cb75 Adjust qhelp after rebase 2022-01-19 16:42:58 +01:00
Tony Torralba
e842acf9e0 Improve qhelp 2022-01-19 16:42:03 +01:00
Tony Torralba
5d4cd70f8c Adjusted sources and sanitizer of UnsafeCertTrust taint tracking config 2022-01-19 16:42:02 +01:00
Tony Torralba
e43fff2d30 Use InlineExpectationsTest 2022-01-19 16:42:02 +01:00
Tony Torralba
02d0fa9188 Minor changes in QLDocs and a sanitizer's type 2022-01-19 16:42:01 +01:00
Tony Torralba
4313baf622 Big refactor: 
- Move classes and predicates to appropriate libraries
- Overhaul the endpoint identification algorithm logic to use taint tracking
- Adapt tests
 2022-01-19 16:42:00 +01:00
Tony Torralba
e0f4c73aed Move from experimental 2022-01-19 16:42:00 +01:00
Tony Torralba
f103d45340 Merge branch 'main' into atorralba/android-implicit-pending-intents 2022-01-18 10:50:49 +01:00
Tony Torralba
e967b8a9be Merge pull request #6576 from atorralba/atorralba/android-cleartext-storage-filesystem 
Java: Create new query Cleartext storage of sensitive information in Android filesystem
 2022-01-17 14:02:38 +01:00
Tony Torralba
227929508f Merge pull request #6923 from atorralba/atorralba/android-fragment-injection 
Java: CWE-470  - Queries to detect Fragment Injection in Android applications
 2022-01-17 14:02:15 +01:00
Tony Torralba
a23b8a4a43 Update java/ql/src/Security/CWE/CWE-470/FragmentInjection.inc.qhelp 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-01-17 11:20:39 +01:00
Tony Torralba
500deac12d Change query description 2022-01-17 11:11:05 +01:00
Tony Torralba
22aad17d0e Apply review suggestions 
Co-authored-by: Ethan Palm <56270045+ethanpalm@users.noreply.github.com>
 2022-01-17 11:11:04 +01:00
Tony Torralba
1e4840e071 Fix predicate name 2022-01-17 11:11:03 +01:00
Tony Torralba
79ddbd6fe4 Fix QLDoc and the qhelp example 2022-01-17 11:11:03 +01:00
Tony Torralba
c1ac09a063 Added query for Cleartext Storage in Android Filesystem 2022-01-17 11:11:00 +01:00
Tony Torralba
cde7a35c1f QLDoc 2022-01-14 13:12:30 +01:00
Tony Torralba
a0a914466c Rewording 2022-01-14 10:32:33 +01:00
Tony Torralba
9c12c5f8b8 Remove duplicated models 2022-01-14 10:32:01 +01:00
Tony Torralba
1e3e48132c Rewording 2022-01-14 10:31:59 +01:00
Tony Torralba
d0077b8c12 Added query ImplicitPendingIntents 2022-01-14 10:31:53 +01:00
Tony Torralba
7b0d9ea525 Merge pull request #7054 from atorralba/atorralba/promote-log-injection 
Java: Promote Log Injection from experimental
 2022-01-11 17:26:18 +01:00
Tony Torralba
1030ff7063 Update java/ql/src/Security/CWE/CWE-117/LogInjection.ql 2022-01-11 16:25:32 +01:00
Tony Torralba
0e738622df Merge branch 'main' into atorralba/promote-log-injection 2022-01-10 17:24:25 +01:00
Tony Torralba
d17e973b6b Apply suggestions from code review 
Co-authored-by: Ethan Palm <56270045+ethanpalm@users.noreply.github.com>
 2022-01-10 17:09:41 +01:00
Tony Torralba
ec8c234872 Fix predicate name 2022-01-10 17:09:41 +01:00
Tony Torralba
55dc783f28 Move from experimental and refactor 2022-01-10 17:09:37 +01:00
Tony Torralba
f0e9b768f2 Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2021-12-15 16:53:47 +01:00
Tony Torralba
85526d71da Add Fragment injection in PreferenceActivity query 2021-12-15 16:53:46 +01:00
Tony Torralba
701d12fb5b Add Fragment injection query 2021-12-15 16:53:45 +01:00
Anders Schack-Mulligen
6c739b67fa Merge pull request #7318 from RasmusWL/java-cwe-328 
Java: Tag queries with CWE-328
 2021-12-07 11:39:48 +01:00
Rasmus Wriedt Larsen
ff9ed0d4fb Java: Tag queries with CWE-328 
CWE-328: Use of Weak Hash, see https://cwe.mitre.org/data/definitions/328.html

Since weak hash functions (md5/sha1) are considered for the
`java/weak-cryptographic-algorithm` query. See
caeeebf572/java/ql/lib/semmle/code/java/security/Encryption.qll (L148)

To keep things consistent between `java/weak-cryptographic-algorithm`
and `java/potentially-weak-cryptographic-algorithm`, I also added the
tag to the latter.
 2021-12-06 13:59:00 +01:00
Erik Krogh Kristensen
6ff8d4de5c add all remaining explicit this 2021-11-26 13:50:10 +01:00
Chris Smowton
120f2045cd Document XXE sanitisation policy 2021-11-24 12:03:28 +00:00
Tony Torralba
f4704f1325 Merge pull request #6397 from atorralba/atorralba/android-intent-redirect-query 
Java: Create new Android Intent Redirection query
 2021-11-04 10:42:59 +01:00
Tony Torralba
fd92c4e435 Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-11-04 10:08:53 +01:00
Tony Torralba
474bf576a7 Minor corrections in QLDoc, qhelp and example code 2021-11-04 08:46:23 +01:00
CodeQL CI
5d62aa5b29 Merge pull request #6994 from erik-krogh/redundant-cast 
Approved by RasmusWL, aschackmull, esbena, geoffw0, hvitved, nickrolfe
 2021-11-02 03:45:48 -07:00
Tony Torralba
3ea1af3819 Refactor into separate libraries 2021-10-29 17:36:02 +02:00