hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 20:56:33 +01:00
Code Issues Packages Projects Releases Wiki Activity
31,654 Commits 1,673 Branches 157 Tags
cb9e14f54410a184eeea94792ea712df136e8d12
Commit Graph

3123 Commits

Author SHA1 Message Date
Chris Smowton
84097468cc Merge pull request #7286 from luchua-bc/java/unsafe-url-forward-dispatch 
Java: CWE-552 Query to detect unsafe request dispatcher usage
 2022-01-18 18:19:20 +00:00
Chris Smowton
1e32514600 Avoid using this for a non-extending supertype, and remove needless casts 2022-01-18 17:20:40 +00:00
Chris Smowton
d744cf9053 Clean up guard logic: 
* Always sanitize after the second guard, not the first
* Only check basic-block dominance in one place
* One BarrierGuard extension per final guard
 2022-01-18 17:10:06 +00:00
Chris Smowton
748008ad51 Remove dangling reference to UnsafeRequestPath.java 2022-01-18 17:08:38 +00:00
luchua-bc
a3d65a8ed0 Update recommendation in qldoc and make examples more comprehendible 2022-01-18 17:01:26 +00:00
Tony Torralba
f103d45340 Merge branch 'main' into atorralba/android-implicit-pending-intents 2022-01-18 10:50:49 +01:00
Tony Torralba
e967b8a9be Merge pull request #6576 from atorralba/atorralba/android-cleartext-storage-filesystem 
Java: Create new query Cleartext storage of sensitive information in Android filesystem
 2022-01-17 14:02:38 +01:00
Tony Torralba
227929508f Merge pull request #6923 from atorralba/atorralba/android-fragment-injection 
Java: CWE-470  - Queries to detect Fragment Injection in Android applications
 2022-01-17 14:02:15 +01:00
Tony Torralba
a23b8a4a43 Update java/ql/src/Security/CWE/CWE-470/FragmentInjection.inc.qhelp 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-01-17 11:20:39 +01:00
Tony Torralba
500deac12d Change query description 2022-01-17 11:11:05 +01:00
Tony Torralba
22aad17d0e Apply review suggestions 
Co-authored-by: Ethan Palm <56270045+ethanpalm@users.noreply.github.com>
 2022-01-17 11:11:04 +01:00
Tony Torralba
1e4840e071 Fix predicate name 2022-01-17 11:11:03 +01:00
Tony Torralba
79ddbd6fe4 Fix QLDoc and the qhelp example 2022-01-17 11:11:03 +01:00
Tony Torralba
c1ac09a063 Added query for Cleartext Storage in Android Filesystem 2022-01-17 11:11:00 +01:00
luchua-bc
4797fce48a Update use cases and qldoc 2022-01-16 01:15:29 +00:00
luchua-bc
978ef1570a Update method names 2022-01-16 01:11:25 +00:00
Andrew Eisenberg
fbb5d7196f Merge branch 'main' into post-release-prep/codeql-cli-2.7.5 2022-01-14 08:23:43 -08:00
Tony Torralba
a2c98baf29 Reordering 2022-01-14 17:17:57 +01:00
Tony Torralba
eb1806c0a9 Split PathMatchGuard into three guards 2022-01-14 17:14:18 +01:00
Tony Torralba
fb1287d577 Use dominance instead of getParent 
Add clarification comments to PathMatchGuard
 2022-01-14 15:28:02 +01:00
Tony Torralba
136fefbab5 Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-01-14 13:38:17 +01:00
Tony Torralba
cde7a35c1f QLDoc 2022-01-14 13:12:30 +01:00
Tony Torralba
6f06be9419 Update change note 2022-01-14 10:33:19 +01:00
Tony Torralba
a0a914466c Rewording 2022-01-14 10:32:33 +01:00
Tony Torralba
9c12c5f8b8 Remove duplicated models 2022-01-14 10:32:01 +01:00
Tony Torralba
1e3e48132c Rewording 2022-01-14 10:31:59 +01:00
Tony Torralba
d0077b8c12 Added query ImplicitPendingIntents 2022-01-14 10:31:53 +01:00
Tony Torralba
b6886b8e43 Move code to qll file 2022-01-13 15:28:57 +01:00
Tony Torralba
81feaaec02 Refactor PathMatchGuard 2022-01-13 15:24:41 +01:00
Tony Torralba
cd9a485c47 Refactor NullOrEmptyCheckGuard 2022-01-13 14:44:08 +01:00
Anders Schack-Mulligen
61490e74d8 Merge pull request #7561 from aschackmull/java/misc-perf 
Java: A few perf fixes for getASupertype*().
 2022-01-13 14:43:28 +01:00
github-actions[bot]
8a2d92badc Post-release preparation for codeql-cli-2.7.5 2022-01-12 13:28:43 +00:00
luchua-bc
263dbd33f6 Optimize the query 2022-01-12 02:33:17 +00:00
Tony Torralba
7b0d9ea525 Merge pull request #7054 from atorralba/atorralba/promote-log-injection 
Java: Promote Log Injection from experimental
 2022-01-11 17:26:18 +01:00
Tony Torralba
1030ff7063 Update java/ql/src/Security/CWE/CWE-117/LogInjection.ql 2022-01-11 16:25:32 +01:00
Anders Schack-Mulligen
fdb4851521 Java: A few perf fixes for getASupertype*(). 2022-01-11 13:33:54 +01:00
Tony Torralba
50caf7d8dc Move change note to new location and remove import 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2022-01-11 12:24:44 +01:00
Tony Torralba
b9e32208ee Move change note to new location 2022-01-11 12:23:16 +01:00
Tony Torralba
0e738622df Merge branch 'main' into atorralba/promote-log-injection 2022-01-10 17:24:25 +01:00
Tony Torralba
d17e973b6b Apply suggestions from code review 
Co-authored-by: Ethan Palm <56270045+ethanpalm@users.noreply.github.com>
 2022-01-10 17:09:41 +01:00
Tony Torralba
ec8c234872 Fix predicate name 2022-01-10 17:09:41 +01:00
Tony Torralba
55dc783f28 Move from experimental and refactor 2022-01-10 17:09:37 +01:00
github-actions[bot]
1dfcf427aa Release preparation for version 2.7.5 2022-01-04 14:44:56 +00:00
Dave Bartolomeo
ded3c52a34 Merge pull request #7407 from github/post-release-prep/codeql-cli-2.7.4 
Post-release preparation for codeql-cli-2.7.4
 2022-01-03 17:09:58 -05:00
github-actions[bot]
1334d207fa Post-release version bumps 2022-01-03 20:11:15 +00:00
Nick Rolfe
28912c508f Fix non-US spelling of 'behavior' 2021-12-17 15:29:31 +00:00
Tony Torralba
6f2d91a8ad Sinks for CloseableThreadContext 2021-12-17 09:17:04 +01:00
Tony Torralba
7d70b77141 Add new sinks and taint steps 2021-12-16 13:43:58 +01:00
luchua-bc
29ce0e9ef1 Add sanitizer for virtual method calls 2021-12-15 16:19:50 +00:00
Tony Torralba
6dfe0ce7c5 Adapt chage note to new format 2021-12-15 16:57:20 +01:00