hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-02 08:12:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
32,141 Commits 1,684 Branches 159 Tags
c8a0a8635452dc603d9db6e839af9f34b6cd7086
Commit Graph

4425 Commits

Author SHA1 Message Date
Dave Bartolomeo
72725875a5 Undo debugging changes 2022-03-15 06:05:33 -04:00
Dave Bartolomeo
20c3cfb1a0 Squash a few sign analysis diffs due to range analysis fixes 2022-03-14 13:07:45 -04:00
Dave Bartolomeo
afa3399e27 Zero diffs between Java AST and Semantic range analysis 2022-03-13 13:38:21 -04:00
Dave Bartolomeo
8b4d6a26ef Performance improvements for semantic layer construction 2022-03-12 11:28:12 -05:00
Dave Bartolomeo
00ae5de780 Make semantic modulus analysismatch Java results 2022-03-09 18:06:43 -05:00
Dave Bartolomeo
ec3e643120 Remove direct dependencies on import java 2022-03-09 00:06:17 -05:00
Dave Bartolomeo
09a5fded1c Clean up SemanticCFG 2022-03-08 17:36:13 -05:00
Dave Bartolomeo
04fae43734 Minimize language-specific code for sign analysis 2022-03-08 17:13:06 -05:00
Dave Bartolomeo
952e495ef5 New SemanticExpr implementation 
Cleans up SignAnalysis to reduce need for language-specific enhancements
 2022-03-03 18:18:58 -05:00
Dave Bartolomeo
02bf008610 Fix formatting 2022-02-23 12:18:27 -05:00
Dave Bartolomeo
b11c55ff23 Fix mismatched results between semantic and AST range analysis 2022-02-22 18:19:38 -05:00
Dave Bartolomeo
ac9e2d0c6d Parallel semantic modulus analysis 2022-02-18 17:43:27 -05:00
Dave Bartolomeo
e2e2c0e540 Fix a few bugs to make results of semantic sign analysis match the original AST analysis 2022-02-18 17:03:10 -05:00
Dave Bartolomeo
99f24e5a9e Fix up sign analysis and create diff query 2022-02-18 13:03:26 -05:00
Dave Bartolomeo
5bd5f39ad8 Try parallel versions of sign analysis, AST vs. semantic 2022-02-18 12:28:36 -05:00
github-actions[bot]
c6130ea2d4 Add changed framework coverage reports 2022-01-28 00:11:49 +00:00
Andrew Eisenberg
a7f755cf12 Add new groups for examples packs 
Also, remove version numbers. Will make it easier to avoid publishing
the examples packs.
 2022-01-26 14:49:18 -08:00
Chris Smowton
df87297c59 Merge pull request #7733 from pwntester/java_util_regex_qll 
Java: Add models for java.util.regex.Pattern and Matcher
 2022-01-26 12:04:56 +00:00
Alvaro Muñoz Sanchez
ba90fecc98 retab Test.java 2022-01-26 11:20:10 +01:00
Edoardo Pirovano
1b539eb4dc Merge branch rc/3.4 into main 2022-01-25 16:22:01 +00:00
Alvaro Muñoz Sanchez
9ee967d6db update test file 2022-01-25 12:42:41 +01:00
Alvaro Muñoz Sanchez
c49c7903a8 add java.util.regex models and tests 2022-01-25 10:50:39 +01:00
github-actions[bot]
1c2f4e79ff Add changed framework coverage reports 2022-01-25 00:10:23 +00:00
Tom Hvitved
6efa595478 Merge pull request #7688 from hvitved/dataflow/required-component-stack 
Data flow: Restructure `RequiredSummaryComponentStack`
 2022-01-24 15:10:08 +01:00
Tony Torralba
b59fd4070f Merge pull request #7136 from atorralba/atorralba/promote-insecure-trustmanager 
Java: Promote Insecure TrustManager from experimental
 2022-01-24 14:05:14 +01:00
Tom Hvitved
64f19637d4 Address review comments 2022-01-24 13:33:18 +01:00
Anders Schack-Mulligen
7af6dc7164 Merge pull request #7702 from atorralba/atorralba/fix-jndi-injection-sinks 
Java: Remove some JNDI Injection sinks
 2022-01-24 10:53:58 +01:00
Tony Torralba
908b7c43f2 Fix stubs 2022-01-24 09:34:43 +01:00
Anders Schack-Mulligen
9bd2ac96ea Merge pull request #7705 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2022-01-24 09:14:35 +01:00
Anders Schack-Mulligen
b4bf7a1561 Merge pull request #7698 from aschackmull/java/bitwise-assignop-guards 
Java: Add support for bitwise compound assignments in Guards.
 2022-01-24 09:11:53 +01:00
github-actions[bot]
020970ff4c Add changed framework coverage reports 2022-01-24 00:09:45 +00:00
Tony Torralba
78d7e538a5 Remove some JNDI Injection sinks 
Add tests and stubs
 2022-01-21 17:47:15 +01:00
yoff
a77a6ec864 Merge pull request #7684 from erik-krogh/patches 
small refactorizations across CodeQL
 2022-01-21 15:04:14 +01:00
Anders Schack-Mulligen
5f7ee337cd Java: Use more set literal syntax. 2022-01-21 13:58:27 +01:00
Anders Schack-Mulligen
41d294229d Java: Add support for bitwise compound assignments in Guards. 2022-01-21 13:56:07 +01:00
Tony Torralba
1eaa379bb7 Merge pull request #7681 from atorralba/atorralba/improve-android-implicit-intents-query 
Java: Improvements to the Android query Use of implicit PendingIntents
 2022-01-21 13:46:17 +01:00
Tony Torralba
c7e1df5689 Update java/ql/src/Security/CWE/CWE-927/ImplicitPendingIntents.qhelp 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2022-01-21 11:57:11 +01:00
Erik Krogh Kristensen
a235f8f023 remove redundant inline type casts 2022-01-21 11:46:33 +01:00
Erik Krogh Kristensen
f500bccbe4 add explicit this to member call 2022-01-21 11:46:33 +01:00
Erik Krogh Kristensen
ddfc3bc00f use set literals instead of big disjunctions 2022-01-21 11:46:33 +01:00
Benjamin Muskalla
830c2dc90a Merge pull request #7603 from bmuskalla/commonsIoModel 
Java: Replace Commons IO model
 2022-01-21 11:42:27 +01:00
Tony Torralba
3f6e035016 Docs improvements 2022-01-21 11:37:02 +01:00
Tony Torralba
d22632ef78 Fix recursion in entrypointFieldStep 
When using local taint tracking to define a RemoteFlowSource, a recursion was created because entrypointFieldStep adds new RemoteFlowSources and was a local taint step. This is fixed by converting entrypointFieldStep into a defaultAdditionalTaintStep instead of a localAdditionalTaintStep, i.e. it will only affect global taint tracking from now on.
 2022-01-21 10:48:13 +01:00
Tom Hvitved
cba733136c Data flow: Sync 2022-01-21 09:42:16 +01:00
Tony Torralba
6fe0b78978 Remove PendingIntentAsField step and add SliceProviderLifecycle step 2022-01-20 16:52:07 +01:00
Anders Schack-Mulligen
fede7dd238 Merge pull request #7676 from aschackmull/java/instanceaccessnode 
Java: Add data flow node encapsulating instance accesses.
 2022-01-20 15:40:21 +01:00
Erik Krogh Kristensen
a77b2b0209 Merge pull request #7668 from erik-krogh/simplify-casts 
simplify expressions that could be type-casts
 2022-01-20 15:20:18 +01:00
Tony Torralba
caab1c3332 Merge pull request #6963 from atorralba/atorralba/android-onactivityresult-source 
Android: Add the Intent parameter of the `onActivityResult` method as a source
 2022-01-20 14:27:30 +01:00
Anders Schack-Mulligen
43da5aabbe Java: Add dataflow node encapsulating instance accesses. 2022-01-20 14:12:33 +01:00
github-actions[bot]
ab218421da Post-release preparation for codeql-cli-2.7.6 2022-01-20 12:59:20 +00:00