hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
35,614 Commits 1,672 Branches 157 Tags
c20ee76826e10318f8f39c6fae901b743c2e8254
Commit Graph

211 Commits

Author SHA1 Message Date
Jonathan Leitschuh
2565cdb964 Add additional File taint value flow models 
Adds
 - File::getAbsoluteFile
 - File::getCanonicalFile
 - File::getAbsolutePath
 - File::getCanonicalPath
 2022-04-26 10:42:53 -04:00
Tom Hvitved
b033f107df Merge remote-tracking branch 'upstream/main' into dataflow/interpret-read-store 2022-04-22 14:35:02 +02:00
Michael Nebel
72d4c97463 Merge pull request #8628 from michaelnebel/csharp/generatedkind 
C#: Introduce generated flag as a part of the kind column for flow summaries
 2022-04-07 08:43:30 +02:00
Michael Nebel
d7bf024318 Java: Add testcase for generated summary model. 2022-04-05 14:25:34 +02:00
Tom Hvitved
b91858e7cf Java: Implement ContentSet 2022-04-04 13:51:44 +02:00
Chris Smowton
04325abfa5 Add test 2022-03-31 12:26:38 +01:00
Asger Feldthaus
a121b73181 Java: update CSV rows to dot-separated syntax 2022-02-21 08:16:55 +01:00
Chris Smowton
9819752bdd Merge pull request #7526 from smowton/smowton/fix/restore-nodes-edges-consistency 
Don't include arg -> param edges in PathGraph::edges where arg is not reachable
 2022-01-18 11:05:47 +00:00
Benjamin Muskalla
8e6a15640f Model basic channel APIs 2022-01-18 10:40:39 +01:00
Anders Schack-Mulligen
aa9912a699 Java: Fix expected output 2022-01-18 10:36:52 +01:00
Benjamin Muskalla
a4429d01a3 Add tests for writer models 2022-01-14 11:12:35 +01:00
Anders Schack-Mulligen
0b24af901d Merge pull request #7349 from aschackmull/dataflow/state 
Dataflow: Add support for flow state
 2022-01-14 09:12:38 +01:00
Anders Schack-Mulligen
a34c981209 Dataflow: Address comments. 2022-01-13 13:28:24 +01:00
Tony Torralba
c2105e506b Added test cases 2022-01-12 11:06:58 +01:00
Anders Schack-Mulligen
f590d2566e DataFlow: Fix test. 2022-01-10 11:25:52 +01:00
Tony Torralba
a3b25f0eb5 Don't consider subtypes of fields 2021-12-15 13:00:16 +01:00
Tony Torralba
47002a3bd7 Fix test 2021-12-15 13:00:16 +01:00
Tony Torralba
1426c5b406 Consider parameterized types 2021-12-15 13:00:16 +01:00
Tony Torralba
5e80044f11 Preserve taint on field-read-steps on entrypoint types 2021-12-15 13:00:15 +01:00
Anders Schack-Mulligen
32cb8f362b Dataflow: Add test for FlowState. 2021-12-10 11:20:01 +01:00
Anders Schack-Mulligen
2b1f34ed9b Java: Don't clear content in store steps in summaries. 2021-11-19 14:22:28 +01:00
Anders Schack-Mulligen
6815a13a00 Merge pull request #6931 from hvitved/dataflow/restrict-derived-summaries 
Data flow: Restrict derived flow summaries
 2021-11-18 15:31:55 +01:00
Tom Hvitved
6d58dd2823 Java: Update expected test output 2021-11-17 10:49:51 +01:00
Benjamin Muskalla
7dae6122d9 Support CharSequence#toString 
Given CharSequence is often used as an
alias for String, ensure taint through toString is flowing
 2021-11-10 16:30:20 +01:00
Benjamin Muskalla
bfe2e2e0b9 Model taint for FilterOutputStream 2021-11-09 14:21:50 +01:00
Tony Torralba
f4704f1325 Merge pull request #6397 from atorralba/atorralba/android-intent-redirect-query 
Java: Create new Android Intent Redirection query
 2021-11-04 10:42:59 +01:00
Tony Torralba
1333f67a69 Merge pull request #6917 from JLLeitschuh/feat/JLL/jdk_lambda_collections_model_tracking 
[Java] JDK Collection lambda models
 2021-10-22 10:26:50 +02:00
Tom Hvitved
29cdc8a49a Java: Update expected test output after rebase 2021-10-20 12:11:59 +02:00
Jonathan Leitschuh
d4b18fe6a3 [Java] JDK Collection lambda models 
Adds support for data flow tracking through simple JDK collection
functional APIs.
 - `Iterable::forEach`
 - `Iterator::forEachRemaining`
 - `Map::forEach`

Replaces #5871

Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
 2021-10-19 15:57:58 -04:00
Tony Torralba
a5749a5eb1 Add ComponentName tests to existing Intent tests 2021-10-18 15:23:52 +02:00
Tony Torralba
9604f88ae0 Undo autoformatting 2021-10-18 11:07:28 +02:00
Tony Torralba
a6f2ebe820 Fix stubs 2021-10-18 11:06:43 +02:00
Tony Torralba
5dfb0d4d64 Fix Android tests affected by changes in stubs 2021-10-18 11:04:33 +02:00
Tony Torralba
e3b46f25a5 Merge branch 'main' into atorralba/fix-local-and-remote-flow-tests 2021-10-18 08:52:37 +02:00
Anders Schack-Mulligen
0e5f89a03c Merge pull request #6463 from smowton/smowton/admin/gson-unsafe-deserialization 
Java: add Gson support to unsafe-deserialization query
 2021-10-12 16:15:27 +02:00
Tom Hvitved
296e268339 Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-10-12 14:28:32 +02:00
Chris Smowton
8816aa1431 Improve Android stub fidelity to the point that all relevant tests work 
Note these still aren't entirely mechanically generated stubs matching the real Android 9.
 2021-10-12 12:35:05 +01:00
Tony Torralba
a8aa8e3bb4 Use InlineExpectationsTest directly 2021-10-11 16:38:20 +02:00
Tom Hvitved
d5955f1ae1 Java: Add test for missing summary flow 2021-10-11 11:29:08 +02:00
Tony Torralba
2df30dc107 Use InlineFlowTest for local and remote flow tests 2021-10-08 11:48:35 +02:00
Chris Smowton
39640efc9b Remove no-longer-needed TaintPreservingCallables and update test expectations 2021-10-07 14:33:39 +01:00
Chris Smowton
3607d50994 Update remote flow source locations 2021-10-06 12:17:46 +01:00
Chris Smowton
5b13232a9d Merge pull request #6739 from joefarebrother/android-intent-extra 
Java: Model Android Bundle and Intent extras methods
 2021-10-05 15:39:42 +01:00
Joe Farebrother
5e4498a53a Add more models; fix tests 2021-10-01 16:53:53 +01:00
Anders Schack-Mulligen
9a9bbe3123 Dataflow: Support side-effects for callbacks in summaries. 2021-09-28 11:42:38 +02:00
Anders Schack-Mulligen
4841c3037d Java: Add callback dispatch to more anonymous classes. 2021-09-23 14:34:56 +02:00
Anders Schack-Mulligen
8485b6f0b3 Merge pull request #6691 from bmuskalla/moreStringMethods 
Java: Support String#getChars and #translateEscapes
 2021-09-15 10:14:54 +02:00
Anders Schack-Mulligen
e71173d953 Merge pull request #6591 from bmuskalla/inlineFlowTest 
Java: Simplify setup for flow tests using `InlineExpectationsTest`
 2021-09-14 10:31:29 +02:00
Benjamin Muskalla
199e015a06 Support missing String methods 2021-09-14 10:22:22 +02:00
Benjamin Muskalla
24d740b2da Merge branch 'main' into inlineFlowTest 2021-09-13 17:15:37 +02:00