hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
35,614 Commits 1,672 Branches 157 Tags
c20ee76826e10318f8f39c6fae901b743c2e8254
Commit Graph

645 Commits

Author SHA1 Message Date
Alvaro Muñoz Sanchez
ba90fecc98 retab Test.java 2022-01-26 11:20:10 +01:00
Alvaro Muñoz Sanchez
9ee967d6db update test file 2022-01-25 12:42:41 +01:00
Alvaro Muñoz Sanchez
c49c7903a8 add java.util.regex models and tests 2022-01-25 10:50:39 +01:00
Tony Torralba
caab1c3332 Merge pull request #6963 from atorralba/atorralba/android-onactivityresult-source 
Android: Add the Intent parameter of the `onActivityResult` method as a source
 2022-01-20 14:27:30 +01:00
Tony Torralba
62f847a82e Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2022-01-20 13:44:10 +01:00
Tony Torralba
8767d2db23 Don't capitalize the term content provider 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-01-20 13:23:52 +01:00
Tony Torralba
c675028537 Add Fragment and Activity edge case 2022-01-19 16:08:28 +01:00
Tony Torralba
211cb9370f Add the Intent parameter of onActivityResult as a source 2022-01-19 16:08:25 +01:00
Tony Torralba
b16b0270d2 Merge pull request #6779 from atorralba/atorralba/android-implicit-pending-intents 
Java: CWE-927 - Query to detect the use of implicit PendingIntents
 2022-01-18 12:14:47 +01:00
Chris Smowton
9819752bdd Merge pull request #7526 from smowton/smowton/fix/restore-nodes-edges-consistency 
Don't include arg -> param edges in PathGraph::edges where arg is not reachable
 2022-01-18 11:05:47 +00:00
Benjamin Muskalla
8e6a15640f Model basic channel APIs 2022-01-18 10:40:39 +01:00
Anders Schack-Mulligen
aa9912a699 Java: Fix expected output 2022-01-18 10:36:52 +01:00
Benjamin Muskalla
a4429d01a3 Add tests for writer models 2022-01-14 11:12:35 +01:00
Tony Torralba
df95317a58 Fix tests after stub change 2022-01-14 10:33:21 +01:00
Tony Torralba
bd4abf4fd0 Additional Notification models 2022-01-14 10:32:38 +01:00
Tony Torralba
a59a4024a5 Update stubs 2022-01-14 10:32:36 +01:00
Tony Torralba
a0a914466c Rewording 2022-01-14 10:32:33 +01:00
Anders Schack-Mulligen
0b24af901d Merge pull request #7349 from aschackmull/dataflow/state 
Dataflow: Add support for flow state
 2022-01-14 09:12:38 +01:00
Anders Schack-Mulligen
a34c981209 Dataflow: Address comments. 2022-01-13 13:28:24 +01:00
Anders Schack-Mulligen
69973dadb3 Merge pull request #7548 from zbazztian/spring-taint-summaries 
Java: Add Spring and Apache Common Langs taint flow steps
 2022-01-13 13:00:41 +01:00
Sebastian Bauersfeld
69f329ffec Java: Add test cases for AbstractMessageSource.getMessage() methods 2022-01-13 14:13:27 +07:00
Sebastian Bauersfeld
39b6678b7d Java: Add test case for StringEscapeUtils.escapeJson() taint step. 2022-01-13 11:18:37 +07:00
Tamás Vajk
9065a7f320 Merge pull request #7573 from tamasvajk/fix/java-field-decl-tostr 
Java: Fix toString on field declarations with single field
 2022-01-12 13:03:16 +01:00
Tony Torralba
c2105e506b Added test cases 2022-01-12 11:06:58 +01:00
Tamas Vajk
b9e0310aa2 Java: Fix toString on field declarations with single field 2022-01-12 09:22:16 +01:00
Tony Torralba
7b0d9ea525 Merge pull request #7054 from atorralba/atorralba/promote-log-injection 
Java: Promote Log Injection from experimental
 2022-01-11 17:26:18 +01:00
Chris Smowton
e352a4b994 Note that parameterizations of local classes are themselves local 
Previously `LocalClass` itself would match `.isLocal()` whereas `LocalClass<Param>` would not. Rather than require each individual user to check for `.getSourceDeclaration().isLocal()`, let's note that the specializations themselves are local.
 2022-01-10 18:19:31 +00:00
Tony Torralba
0e738622df Merge branch 'main' into atorralba/promote-log-injection 2022-01-10 17:24:25 +01:00
Anders Schack-Mulligen
f590d2566e DataFlow: Fix test. 2022-01-10 11:25:52 +01:00
Tony Torralba
a3b25f0eb5 Don't consider subtypes of fields 2021-12-15 13:00:16 +01:00
Tony Torralba
47002a3bd7 Fix test 2021-12-15 13:00:16 +01:00
Tony Torralba
1426c5b406 Consider parameterized types 2021-12-15 13:00:16 +01:00
Tony Torralba
5e80044f11 Preserve taint on field-read-steps on entrypoint types 2021-12-15 13:00:15 +01:00
Anders Schack-Mulligen
32cb8f362b Dataflow: Add test for FlowState. 2021-12-10 11:20:01 +01:00
Tony Torralba
38250b0821 Remove unnecessary implicit read step 2021-12-09 15:18:38 +01:00
Tony Torralba
522a4bb9fa Propagate extras through build methods 2021-12-09 14:56:52 +01:00
Tony Torralba
c0c40cc05b Remove synthetic fields 2021-12-09 13:34:41 +01:00
Tony Torralba
f209ff4f76 Use synthetic fields to improve taint precision 2021-12-09 13:34:39 +01:00
Tony Torralba
b7f7c5ba20 Change format of fluent models to make review easier 2021-12-09 13:33:19 +01:00
Tony Torralba
f63ffb0630 Add models for Notification builders 2021-12-09 13:33:17 +01:00
Tony Torralba
8ffa195538 Merge branch 'main' into atorralba/android_slice_models 2021-12-03 16:59:33 +01:00
Chris Smowton
27f40e08e5 Merge pull request #7007 from JLLeitschuh/feat/JLL/improve_ratpack_support 
Java: Ratpack HTTP Framework Additional Modeling
 2021-11-29 16:20:53 +00:00
Jonathan Leitschuh
1ddf5fb133 Java: Ratpack HTTP Framework Additional Modeling 
Adds models for `ratpack.func.Pair`, and `ratpack.exec.Result`.
Improve moels for `ratpack.exec.Promise`.

Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
 2021-11-25 12:55:32 -05:00
Chris Smowton
7ac5791c49 Update charLiterals.expected 2021-11-25 16:13:06 +00:00
Anders Schack-Mulligen
2b1f34ed9b Java: Don't clear content in store steps in summaries. 2021-11-19 14:22:28 +01:00
Anders Schack-Mulligen
6815a13a00 Merge pull request #6931 from hvitved/dataflow/restrict-derived-summaries 
Data flow: Restrict derived flow summaries
 2021-11-18 15:31:55 +01:00
Anders Schack-Mulligen
22ebe68b1b Merge pull request #7132 from aschackmull/java/overrides 
Java: Fix overrides to not be transitive.
 2021-11-17 15:38:11 +01:00
Benjamin Muskalla
3c3a65243f Merge pull request #6664 from bmuskalla/bmuskalla/modelGenerator 
Java: Initial CSV model generator
 2021-11-17 12:30:45 +01:00
Tom Hvitved
6d58dd2823 Java: Update expected test output 2021-11-17 10:49:51 +01:00
Tony Torralba
87ebcea913 Add AsyncTask value step 2021-11-15 16:13:36 +01:00