hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
35,614 Commits 1,671 Branches 157 Tags
c20ee76826e10318f8f39c6fae901b743c2e8254
Commit Graph

804 Commits

Author SHA1 Message Date
Tom Hvitved
64f19637d4 Address review comments 2022-01-24 13:33:18 +01:00
Anders Schack-Mulligen
7af6dc7164 Merge pull request #7702 from atorralba/atorralba/fix-jndi-injection-sinks 
Java: Remove some JNDI Injection sinks
 2022-01-24 10:53:58 +01:00
Anders Schack-Mulligen
b4bf7a1561 Merge pull request #7698 from aschackmull/java/bitwise-assignop-guards 
Java: Add support for bitwise compound assignments in Guards.
 2022-01-24 09:11:53 +01:00
Tony Torralba
78d7e538a5 Remove some JNDI Injection sinks 
Add tests and stubs
 2022-01-21 17:47:15 +01:00
Tony Torralba
4df0f399cd Move ContentProvider models to the appropriate file 2022-01-21 16:55:43 +01:00
Tony Torralba
4f253590f1 Fix method name in LocalDatabaseOpenMethodAccess 2022-01-21 16:55:43 +01:00
Tony Torralba
5cf664411b Remove unneeded nonSuspicious values 2022-01-21 16:55:43 +01:00
Tony Torralba
baa1f71a53 Add QLDoc 2022-01-21 16:55:43 +01:00
Tony Torralba
4e4f619ae4 Update java/ql/lib/semmle/code/java/security/CleartextStorageAndroidDatabaseQuery.qll 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-01-21 16:55:43 +01:00
Tony Torralba
16b61f78e6 Fix QLDocs and the qhelp example 2022-01-21 16:55:42 +01:00
Tony Torralba
f0604e2e84 Added query for Cleartext Storage in Android Database 2022-01-21 16:55:42 +01:00
yoff
a77a6ec864 Merge pull request #7684 from erik-krogh/patches 
small refactorizations across CodeQL
 2022-01-21 15:04:14 +01:00
Anders Schack-Mulligen
5f7ee337cd Java: Use more set literal syntax. 2022-01-21 13:58:27 +01:00
Anders Schack-Mulligen
41d294229d Java: Add support for bitwise compound assignments in Guards. 2022-01-21 13:56:07 +01:00
Tony Torralba
1eaa379bb7 Merge pull request #7681 from atorralba/atorralba/improve-android-implicit-intents-query 
Java: Improvements to the Android query Use of implicit PendingIntents
 2022-01-21 13:46:17 +01:00
Erik Krogh Kristensen
f500bccbe4 add explicit this to member call 2022-01-21 11:46:33 +01:00
Erik Krogh Kristensen
ddfc3bc00f use set literals instead of big disjunctions 2022-01-21 11:46:33 +01:00
Benjamin Muskalla
830c2dc90a Merge pull request #7603 from bmuskalla/commonsIoModel 
Java: Replace Commons IO model
 2022-01-21 11:42:27 +01:00
Tony Torralba
d22632ef78 Fix recursion in entrypointFieldStep 
When using local taint tracking to define a RemoteFlowSource, a recursion was created because entrypointFieldStep adds new RemoteFlowSources and was a local taint step. This is fixed by converting entrypointFieldStep into a defaultAdditionalTaintStep instead of a localAdditionalTaintStep, i.e. it will only affect global taint tracking from now on.
 2022-01-21 10:48:13 +01:00
Tom Hvitved
cba733136c Data flow: Sync 2022-01-21 09:42:16 +01:00
Tony Torralba
6fe0b78978 Remove PendingIntentAsField step and add SliceProviderLifecycle step 2022-01-20 16:52:07 +01:00
Anders Schack-Mulligen
fede7dd238 Merge pull request #7676 from aschackmull/java/instanceaccessnode 
Java: Add data flow node encapsulating instance accesses.
 2022-01-20 15:40:21 +01:00
Erik Krogh Kristensen
a77b2b0209 Merge pull request #7668 from erik-krogh/simplify-casts 
simplify expressions that could be type-casts
 2022-01-20 15:20:18 +01:00
Tony Torralba
caab1c3332 Merge pull request #6963 from atorralba/atorralba/android-onactivityresult-source 
Android: Add the Intent parameter of the `onActivityResult` method as a source
 2022-01-20 14:27:30 +01:00
Anders Schack-Mulligen
43da5aabbe Java: Add dataflow node encapsulating instance accesses. 2022-01-20 14:12:33 +01:00
Tony Torralba
62f847a82e Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2022-01-20 13:44:10 +01:00
Tony Torralba
3957ebe880 Fix bitwiseLocalTaintStep 2022-01-20 13:34:32 +01:00
Tony Torralba
265f8a3b19 Make bitwise taintsteps specific for this query 2022-01-20 13:23:56 +01:00
Tony Torralba
4e9849e19d Refactor IntentFlagsOrDataCheckedGuard to avoid footgun 2022-01-20 13:23:55 +01:00
Tony Torralba
62c21918b2 Add QLDoc to guard and sanitizer 2022-01-20 13:23:54 +01:00
Tony Torralba
58a0bcd70f Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-01-20 13:23:53 +01:00
Tony Torralba
e1d30ebc09 Added severity 
Removed duplicated code
 2022-01-20 13:23:15 +01:00
Tony Torralba
ec8ffeed07 Add Intent URI Permission Manipulation query 2022-01-20 13:23:14 +01:00
Tony Torralba
c09b6691e1 Merge pull request #6171 from atorralba/atorralba/promote-unsafe-certificate-trust 
Java: Promote Unsafe certificate trust query from experimental
 2022-01-20 12:07:03 +01:00
Anders Schack-Mulligen
f154530141 Merge pull request #7662 from JLLeitschuh/patch-2 
Fix typo in FileWritable
 2022-01-20 11:13:59 +01:00
Benjamin Muskalla
8217873bae Align files with new naming pattern 2022-01-20 11:02:53 +01:00
Anders Schack-Mulligen
4aa2661dc1 Merge pull request #7634 from bmuskalla/refactorLangModel 
Refactor Apache Commons Lang model
 2022-01-20 11:01:25 +01:00
Benjamin Muskalla
4cac35adad Regnerate model to capture char[] APIs 2022-01-20 10:59:28 +01:00
Benjamin Muskalla
857c2778a6 Added missing model for ReadableByteChannel 
This reveals more models for commons io
 2022-01-20 10:59:28 +01:00
Benjamin Muskalla
b20b3ab480 Regenrate model to replace manual models 2022-01-20 10:59:27 +01:00
Benjamin Muskalla
93f6fde63c Keep not-yet-covered models 2022-01-20 10:59:27 +01:00
Benjamin Muskalla
d07997699f Introduce generated model for Commons IO 2022-01-20 10:59:24 +01:00
Erik Krogh Kristensen
4e8e3a7420 simplify expressions that could be type-casts 2022-01-20 10:41:35 +01:00
Tony Torralba
967308fbfd Change InsecureTrustManagerConfiguration to DataFlow 2022-01-20 10:24:47 +01:00
Tony Torralba
7a1a45f5f9 QLDoc 2022-01-20 10:24:46 +01:00
Tony Torralba
ab4dc30f54 Refactor into libraries 2022-01-20 10:23:18 +01:00
Jonathan Leitschuh
23548c50e1 Fix typo in FileWritable 2022-01-19 16:14:38 -05:00
Tony Torralba
695e77a219 Simplify isSslSocket predicate 2022-01-19 17:01:28 +01:00
Tony Torralba
e442e50e6b Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2022-01-19 16:43:48 +01:00
Tony Torralba
101ad777e3 Move things around after rebase 2022-01-19 16:43:48 +01:00