hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
35,614 Commits 1,671 Branches 157 Tags
c20ee76826e10318f8f39c6fae901b743c2e8254
Commit Graph

5184 Commits

Author SHA1 Message Date
Tony Torralba
19d1a780ca Generalize sanitizer using local flow 2022-01-19 16:42:05 +01:00
Tony Torralba
64518bf91a Handle a specific pass-by-reference flow issue 2022-01-19 16:42:04 +01:00
Tony Torralba
4508945f85 Fix assumption regarding when an SSLSocket does the TLS handhsake 2022-01-19 16:42:03 +01:00
Tony Torralba
e842acf9e0 Improve qhelp 2022-01-19 16:42:03 +01:00
Tony Torralba
5d4cd70f8c Adjusted sources and sanitizer of UnsafeCertTrust taint tracking config 2022-01-19 16:42:02 +01:00
Tony Torralba
e43fff2d30 Use InlineExpectationsTest 2022-01-19 16:42:02 +01:00
Tony Torralba
02d0fa9188 Minor changes in QLDocs and a sanitizer's type 2022-01-19 16:42:01 +01:00
Tony Torralba
4313baf622 Big refactor: 
- Move classes and predicates to appropriate libraries
- Overhaul the endpoint identification algorithm logic to use taint tracking
- Adapt tests
 2022-01-19 16:42:00 +01:00
Tony Torralba
e0f4c73aed Move from experimental 2022-01-19 16:42:00 +01:00
Tony Torralba
6096080156 Use all possible packages for Fragment classes 
Also fix stub
 2022-01-19 16:23:11 +01:00
Benjamin Muskalla
52406dc8df Exclude logging sinks 
Those sinks are too coarse grained to be exposed as sinks on any model.
 2022-01-19 16:11:59 +01:00
Benjamin Muskalla
25d251c24f Exclude main methods from models 2022-01-19 16:11:59 +01:00
Tony Torralba
3c9fac0c6e Sync DataFlowImplForOnActivityResult.qll 2022-01-19 16:11:51 +01:00
Tony Torralba
6a4d2ee850 Apply code review suggestions 2022-01-19 16:08:31 +01:00
Tony Torralba
57ff13dd19 Sync DataFlowImplForOnActivityResult to latest changes 2022-01-19 16:08:31 +01:00
Tony Torralba
37916a8368 Fix previous merge 2022-01-19 16:08:31 +01:00
Tony Torralba
d9d9ad7d63 Use dedicated instance of DataFlow 2022-01-19 16:08:31 +01:00
Tony Torralba
aef63f69b0 Formatting 2022-01-19 16:08:30 +01:00
Tony Torralba
4b3029564c Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-01-19 16:08:29 +01:00
Tony Torralba
c675028537 Add Fragment and Activity edge case 2022-01-19 16:08:28 +01:00
Tony Torralba
9ae1f1cf85 QLDoc 2022-01-19 16:08:27 +01:00
Tony Torralba
211cb9370f Add the Intent parameter of onActivityResult as a source 2022-01-19 16:08:25 +01:00
Tony Torralba
520d8f5ec5 Add stubs 2022-01-19 16:06:23 +01:00
Chris Smowton
162b3822dd Merge pull request #7613 from github/smowton/admin/tag-random-used-once 
Remove security-severity tag to java/random-used-once
 2022-01-19 14:43:08 +00:00
Chris Smowton
c63fcb2c69 Add change note 2022-01-19 14:13:45 +00:00
Chris Smowton
f0645a34b9 Remove security-severity tag instead 
This leaves the Java query in the same state as its C# cousin.
 2022-01-19 14:06:40 +00:00
github-actions[bot]
f7240be136 Add changed framework coverage reports 2022-01-19 00:09:52 +00:00
Chris Smowton
84097468cc Merge pull request #7286 from luchua-bc/java/unsafe-url-forward-dispatch 
Java: CWE-552 Query to detect unsafe request dispatcher usage
 2022-01-18 18:19:20 +00:00
Chris Smowton
1e32514600 Avoid using this for a non-extending supertype, and remove needless casts 2022-01-18 17:20:40 +00:00
Benjamin Muskalla
9e91b805d6 Sort Lang3 models 2022-01-18 18:10:37 +01:00
Benjamin Muskalla
e6800c877c Merge Lang3 rows 2022-01-18 18:10:37 +01:00
Benjamin Muskalla
736e68820c Split out Lang3 models 2022-01-18 18:10:37 +01:00
Benjamin Muskalla
67b60dcf78 Sort Lang2 rows 2022-01-18 18:10:36 +01:00
Benjamin Muskalla
82bda6d573 Merge Lang2 summary models 2022-01-18 18:10:36 +01:00
Benjamin Muskalla
8eb6743586 Split out Lang2 rows 2022-01-18 18:10:33 +01:00
Chris Smowton
d744cf9053 Clean up guard logic: 
* Always sanitize after the second guard, not the first
* Only check basic-block dominance in one place
* One BarrierGuard extension per final guard
 2022-01-18 17:10:06 +00:00
Chris Smowton
748008ad51 Remove dangling reference to UnsafeRequestPath.java 2022-01-18 17:08:38 +00:00
luchua-bc
a3d65a8ed0 Update recommendation in qldoc and make examples more comprehendible 2022-01-18 17:01:26 +00:00
Tony Torralba
b16b0270d2 Merge pull request #6779 from atorralba/atorralba/android-implicit-pending-intents 
Java: CWE-927 - Query to detect the use of implicit PendingIntents
 2022-01-18 12:14:47 +01:00
Chris Smowton
9819752bdd Merge pull request #7526 from smowton/smowton/fix/restore-nodes-edges-consistency 
Don't include arg -> param edges in PathGraph::edges where arg is not reachable
 2022-01-18 11:05:47 +00:00
Benjamin Muskalla
7e215a5193 Merge pull request #7599 from bmuskalla/modelWriter 
Java: Model Appenable and Writer
 2022-01-18 11:55:27 +01:00
Tony Torralba
f103d45340 Merge branch 'main' into atorralba/android-implicit-pending-intents 2022-01-18 10:50:49 +01:00
Tony Torralba
3ff7710a18 Improve ExplicitIntent's QLDoc 2022-01-18 10:43:52 +01:00
Tony Torralba
fe2755c4a0 Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-01-18 10:41:19 +01:00
Benjamin Muskalla
365a8d9bbd Fix flow for fluent appendable api 2022-01-18 10:41:00 +01:00
Benjamin Muskalla
8e6a15640f Model basic channel APIs 2022-01-18 10:40:39 +01:00
Anders Schack-Mulligen
fff3b5c5b4 Dataflow: Add qldoc. 2022-01-18 10:39:55 +01:00
Anders Schack-Mulligen
aa9912a699 Java: Fix expected output 2022-01-18 10:36:52 +01:00
Anders Schack-Mulligen
71e39353ca Dataflow: Sync. 2022-01-18 10:36:52 +01:00
Anders Schack-Mulligen
b22c4e3c56 Dataflow: Bugfix: include subpaths ending at a sink. 2022-01-18 10:34:14 +01:00