hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
35,614 Commits 1,672 Branches 157 Tags
c20ee76826e10318f8f39c6fae901b743c2e8254
Commit Graph

5184 Commits

Author SHA1 Message Date
github-actions[bot]
c6130ea2d4 Add changed framework coverage reports 2022-01-28 00:11:49 +00:00
github-actions[bot]
634134f283 Release preparation for version 2.8.0 2022-01-27 10:40:20 +00:00
Benjamin Muskalla
c1b5565e4d Automation to regenerate framework models 2022-01-27 11:15:10 +01:00
Andrew Eisenberg
a7f755cf12 Add new groups for examples packs 
Also, remove version numbers. Will make it easier to avoid publishing
the examples packs.
 2022-01-26 14:49:18 -08:00
Chris Smowton
df87297c59 Merge pull request #7733 from pwntester/java_util_regex_qll 
Java: Add models for java.util.regex.Pattern and Matcher
 2022-01-26 12:04:56 +00:00
Alvaro Muñoz Sanchez
ba90fecc98 retab Test.java 2022-01-26 11:20:10 +01:00
Edoardo Pirovano
1b539eb4dc Merge branch rc/3.4 into main 2022-01-25 16:22:01 +00:00
Alvaro Muñoz Sanchez
9ee967d6db update test file 2022-01-25 12:42:41 +01:00
Alvaro Muñoz Sanchez
c49c7903a8 add java.util.regex models and tests 2022-01-25 10:50:39 +01:00
Harry Maclean
517f2d0823 Add optional results to InlineExpectationsTest 
The idea behind optional results is that there may be instances where
each line of source code has many results and you don't want to annotate
all of them, but you still want to ensure that any annotations you do
have are correct.

This change makes that possible by exposing a new predicate
`hasOptionalResult`, which has the same signature as `hasResult`.

Results produced by `hasOptionalResult` will be matched against any
annotations, but the lack of a matching annotation will not cause a
failure.

We will use this in the inline tests for the API edge getASubclass,
because for each API path that uses getASubclass there is always a
shorter path that does not use it, and thus we can't use the normal
shortest-path matching approach that works for other API Graph tests.
 2022-01-25 16:41:49 +13:00
github-actions[bot]
1c2f4e79ff Add changed framework coverage reports 2022-01-25 00:10:23 +00:00
Tony Torralba
4f4f531dfc Add missing QLDoc 2022-01-24 15:13:09 +01:00
Tom Hvitved
6efa595478 Merge pull request #7688 from hvitved/dataflow/required-component-stack 
Data flow: Restructure `RequiredSummaryComponentStack`
 2022-01-24 15:10:08 +01:00
Tony Torralba
b59fd4070f Merge pull request #7136 from atorralba/atorralba/promote-insecure-trustmanager 
Java: Promote Insecure TrustManager from experimental
 2022-01-24 14:05:14 +01:00
Tom Hvitved
64f19637d4 Address review comments 2022-01-24 13:33:18 +01:00
Anders Schack-Mulligen
7af6dc7164 Merge pull request #7702 from atorralba/atorralba/fix-jndi-injection-sinks 
Java: Remove some JNDI Injection sinks
 2022-01-24 10:53:58 +01:00
Tony Torralba
908b7c43f2 Fix stubs 2022-01-24 09:34:43 +01:00
Anders Schack-Mulligen
9bd2ac96ea Merge pull request #7705 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2022-01-24 09:14:35 +01:00
Anders Schack-Mulligen
b4bf7a1561 Merge pull request #7698 from aschackmull/java/bitwise-assignop-guards 
Java: Add support for bitwise compound assignments in Guards.
 2022-01-24 09:11:53 +01:00
github-actions[bot]
020970ff4c Add changed framework coverage reports 2022-01-24 00:09:45 +00:00
luchua-bc
27043a09b3 File path injection with the JFinal framework 2022-01-23 18:07:48 +00:00
Tony Torralba
78d7e538a5 Remove some JNDI Injection sinks 
Add tests and stubs
 2022-01-21 17:47:15 +01:00
Tony Torralba
4df0f399cd Move ContentProvider models to the appropriate file 2022-01-21 16:55:43 +01:00
Tony Torralba
c6dd7ddf7a Fix stub 2022-01-21 16:55:43 +01:00
Tony Torralba
4f253590f1 Fix method name in LocalDatabaseOpenMethodAccess 2022-01-21 16:55:43 +01:00
Tony Torralba
652a1d2dc2 Fix wrongly resolved rebase conflicts 2022-01-21 16:55:43 +01:00
Tony Torralba
5cf664411b Remove unneeded nonSuspicious values 2022-01-21 16:55:43 +01:00
Tony Torralba
baa1f71a53 Add QLDoc 2022-01-21 16:55:43 +01:00
Tony Torralba
4e4f619ae4 Update java/ql/lib/semmle/code/java/security/CleartextStorageAndroidDatabaseQuery.qll 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-01-21 16:55:43 +01:00
Tony Torralba
c5ed5fcaac Apply suggestions from code review 
Co-authored-by: Ethan Palm <56270045+ethanpalm@users.noreply.github.com>
 2022-01-21 16:55:42 +01:00
Tony Torralba
ee84dae164 Fix predicate name 2022-01-21 16:55:42 +01:00
Tony Torralba
16b61f78e6 Fix QLDocs and the qhelp example 2022-01-21 16:55:42 +01:00
Tony Torralba
f0604e2e84 Added query for Cleartext Storage in Android Database 2022-01-21 16:55:42 +01:00
yoff
a77a6ec864 Merge pull request #7684 from erik-krogh/patches 
small refactorizations across CodeQL
 2022-01-21 15:04:14 +01:00
Anders Schack-Mulligen
5f7ee337cd Java: Use more set literal syntax. 2022-01-21 13:58:27 +01:00
Anders Schack-Mulligen
41d294229d Java: Add support for bitwise compound assignments in Guards. 2022-01-21 13:56:07 +01:00
Tony Torralba
1eaa379bb7 Merge pull request #7681 from atorralba/atorralba/improve-android-implicit-intents-query 
Java: Improvements to the Android query Use of implicit PendingIntents
 2022-01-21 13:46:17 +01:00
Tony Torralba
c7e1df5689 Update java/ql/src/Security/CWE/CWE-927/ImplicitPendingIntents.qhelp 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2022-01-21 11:57:11 +01:00
Erik Krogh Kristensen
a235f8f023 remove redundant inline type casts 2022-01-21 11:46:33 +01:00
Erik Krogh Kristensen
f500bccbe4 add explicit this to member call 2022-01-21 11:46:33 +01:00
Erik Krogh Kristensen
ddfc3bc00f use set literals instead of big disjunctions 2022-01-21 11:46:33 +01:00
Benjamin Muskalla
830c2dc90a Merge pull request #7603 from bmuskalla/commonsIoModel 
Java: Replace Commons IO model
 2022-01-21 11:42:27 +01:00
Tony Torralba
3f6e035016 Docs improvements 2022-01-21 11:37:02 +01:00
Tony Torralba
d22632ef78 Fix recursion in entrypointFieldStep 
When using local taint tracking to define a RemoteFlowSource, a recursion was created because entrypointFieldStep adds new RemoteFlowSources and was a local taint step. This is fixed by converting entrypointFieldStep into a defaultAdditionalTaintStep instead of a localAdditionalTaintStep, i.e. it will only affect global taint tracking from now on.
 2022-01-21 10:48:13 +01:00
Tom Hvitved
cba733136c Data flow: Sync 2022-01-21 09:42:16 +01:00
Tony Torralba
6fe0b78978 Remove PendingIntentAsField step and add SliceProviderLifecycle step 2022-01-20 16:52:07 +01:00
Anders Schack-Mulligen
fede7dd238 Merge pull request #7676 from aschackmull/java/instanceaccessnode 
Java: Add data flow node encapsulating instance accesses.
 2022-01-20 15:40:21 +01:00
Erik Krogh Kristensen
a77b2b0209 Merge pull request #7668 from erik-krogh/simplify-casts 
simplify expressions that could be type-casts
 2022-01-20 15:20:18 +01:00
Tony Torralba
caab1c3332 Merge pull request #6963 from atorralba/atorralba/android-onactivityresult-source 
Android: Add the Intent parameter of the `onActivityResult` method as a source
 2022-01-20 14:27:30 +01:00
Anders Schack-Mulligen
43da5aabbe Java: Add dataflow node encapsulating instance accesses. 2022-01-20 14:12:33 +01:00