hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
48,255 Commits 1,672 Branches 157 Tags
bbce52535a84e38ffd8fc1036fbcdf7a758c935e
Commit Graph

8325 Commits

Author SHA1 Message Date
gx1
1c4488e7c8 Updated vulnerable XSS.java version 2022-09-13 15:58:25 +02:00
Tamas Vajk
2c757c714d Kotlin: Code quality improvements: refactor a cast 2022-09-13 15:44:54 +02:00
Ian Lynagh
2f8151d8d2 Kotlin: Remove a throw statement 
We have a way to carry on here, so we may as well do so
 2022-09-13 13:51:00 +01:00
Anders Schack-Mulligen
b8a1818422 Java: Fix test expectation. 2022-09-13 13:30:40 +02:00
Anders Schack-Mulligen
0e376b32d2 Java: extend typeflow tests to cover union types. 2022-09-13 13:30:40 +02:00
Anders Schack-Mulligen
d0f7052de2 Java: Support instanceof disjunction in union type flow. 2022-09-13 13:30:40 +02:00
Anders Schack-Mulligen
686e03e1cc Java: Fix perf issue. 2022-09-13 13:30:40 +02:00
Anders Schack-Mulligen
c8b93e0910 Java: Replace uses of deprecated variableTrack. 2022-09-13 13:30:40 +02:00
Anders Schack-Mulligen
a8eedce8ab Java: Replace ad-hoc variable tracking with union type flow in dispatch. 2022-09-13 13:30:40 +02:00
Anders Schack-Mulligen
6f06267892 Java: Implement union type flow. 2022-09-13 13:30:40 +02:00
Anders Schack-Mulligen
7692a9e2e7 Java: Minor TypeFlow tweaks. 2022-09-13 13:30:40 +02:00
Anders Schack-Mulligen
85d4742a01 Java: Add dispatch test showing lack of union types. 2022-09-13 13:30:40 +02:00
Sebastian Bauersfeld
f95663cdfb Java: Added change note. 2022-09-13 11:38:15 +07:00
Sebastian Bauersfeld
0468b3a361 Java: Track taint through constructor arguments of java.net.URI. 2022-09-13 11:35:04 +07:00
Tony Torralba
f412f433bf Add thymeleaf steps 2022-09-12 17:52:38 +02:00
Edward Minnix III
eadb8a3988 Merge pull request #10106 from egregius313/egregius313/android-backup-allowed 
Java: Query to detect Android backup allowed
 2022-09-12 11:14:03 -04:00
Tamás Vajk
4569b9585f Merge pull request #10313 from tamasvajk/kotlin-fix-vararg 
Kotlin: Fix `vararg` extraction outside of method call
 2022-09-12 15:54:50 +02:00
Tamás Vajk
ed772e54d1 Merge pull request #10328 from tamasvajk/kotlin-kfunction-fix 
Kotlin: fix `KFunctionX.invoke` extraction
 2022-09-12 15:54:33 +02:00
Erik Krogh Kristensen
818601b612 Merge pull request #10285 from erik-krogh/paramClass 
ReDoS: convert RelevantState to a class in the PrefixConstruction module
 2022-09-12 15:23:19 +02:00
Tony Torralba
79a32f1a3e Tainting the freemarker dataModel isn't exploitable 2022-09-12 14:22:06 +02:00
Tony Torralba
dd6257c757 Add security-severity 2022-09-12 11:59:01 +02:00
Tony Torralba
409a123490 Tainting the velocity context isn't exploitable 2022-09-12 11:38:29 +02:00
Ed Minnix
817f12cae6 Updated expectations file with new message 
The warning message for the `android:allowBackup` query was updated.
This updates the message in the expectations file.
 2022-09-09 11:35:48 -04:00
Ian Lynagh
c7e3051edd Merge pull request #10239 from tamasvajk/kotlin-fix-declaration-stack 
Kotlin: Fix declaration stack
 2022-09-09 16:03:31 +01:00
Tamás Vajk
05fcbdd9e3 Merge pull request #10365 from tamasvajk/kotlin-fix-isUnspecialised-2 
Kotlin: Fix `isUnspecialised` to handle generic classes inside generic methods
 2022-09-09 16:27:19 +02:00
Edward Minnix III
08a17b355e allowBackup documentation updates 
Make error messages and descriptions clearer about application backups not being disabled, rather than focusing on `android:allowBackup` specifically.

Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2022-09-09 09:30:49 -04:00
Tamas Vajk
b8b0fd8a74 Kotlin: Fix isUnspecialised to handle generic classes inside generic methods 2022-09-09 14:32:38 +02:00
Tamas Vajk
3267d7c96e Kotlin: Add test case with various nested generics 2022-09-09 11:09:50 +02:00
Tony Torralba
d748fb5648 Fix bad models, add tests for those 2022-09-09 10:08:52 +02:00
Edward Minnix III
83c8e22225 Apply suggestions from documentation review 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2022-09-08 15:55:00 -04:00
Tony Torralba
6413de6c20 Add change note 2022-09-08 17:38:26 +02:00
Tony Torralba
fb13e7f307 Docs changes 2022-09-08 17:38:25 +02:00
Tony Torralba
e311155acd Use InlineExpectationsTest 2022-09-08 17:38:25 +02:00
Tony Torralba
b68e6669b8 Refactor TemplateInjection libraries 2022-09-08 17:38:25 +02:00
Tony Torralba
c9728098ef Generate stubs, adapt tests 2022-09-08 17:38:21 +02:00
Tony Torralba
7db1eb98f5 Sync files 2022-09-08 17:32:03 +02:00
Tony Torralba
1b87167d96 Add implicit reads for FlowState sinks and steps 2022-09-08 17:26:59 +02:00
Tony Torralba
d5f101d7e6 Add implicit read FlowState test 2022-09-08 17:19:39 +02:00
Ed Minnix
59909751ae Change allowBackup tests to use qlref test format 
Due to some limitations of comments in XML, it is simpler to implement
the `android:allowBackup` tests using the qlref/expectations test format.
 2022-09-08 10:34:17 -04:00
Ed Minnix
e69a8269ad Move CleartextStorage test files into separate dir 
Move the files for the CleartextStorage tests into their own directory
to avoid issues with extraction
 2022-09-08 10:33:05 -04:00
Tamas Vajk
824ba6ed2a Kotlin: Catch exception thrown by kotlinc 2022-09-08 14:09:18 +02:00
github-actions[bot]
a9d80a5a48 Release preparation for version 2.10.5 2022-09-08 11:35:54 +00:00
Ian Lynagh
b62193d4bf Merge pull request #10333 from igfoo/igfoo/extractStaticInitializer2 
Kotlin: Remove a cast from extractStaticInitializer
 2022-09-08 10:51:36 +01:00
Tamas Vajk
56ef1739a3 Kotlin: fix KFunctionX.invoke extraction 2022-09-08 10:49:10 +02:00
Tamas Vajk
fdf3488500 Kotlin: Add test with extraction error due to missing base class of KFunctionX 2022-09-08 10:49:01 +02:00
Michael Nebel
e265b07a93 Merge pull request #10127 from michaelnebel/csharp/clearscontent 
C#: Replace clears content with CSV summaries.
 2022-09-08 09:26:08 +02:00
github-actions[bot]
7e72f53631 Add changed framework coverage reports 2022-09-08 00:21:30 +00:00
Ed Minnix
09b723fc6d Formatting fixes for allowBackup tests 2022-09-07 13:30:19 -04:00
Ed Minnix
c69a2be976 Moved allowBackup query logic to allowsBackup pred 2022-09-07 12:08:25 -04:00
Ed Minnix
5206c792b0 Additional Unit tests for the allowBackup query 2022-09-07 12:07:48 -04:00