hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity
31,791 Commits 1,673 Branches 157 Tags
cc712c20cb0b7a35e7d581223f628150081eb6c6
Commit Graph

31791 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tom Hvitved
cc712c20cb Ruby: Use bitShiftLeft instead of pow in parseInteger 2022-01-24 16:06:35 +01:00
Tom Hvitved
2a972dc045 Address review comments 2022-01-24 14:27:42 +01:00
Tom Hvitved
85e1cda81b Ruby: Distinguish symbols from strings in ConstantValue 2022-01-21 19:16:12 +01:00
Tom Hvitved
aa9cfebc65 Ruby: Replace getValueText with getConstantValue 2022-01-21 09:19:19 +01:00
Anders Schack-Mulligen
fede7dd238 Merge pull request #7676 from aschackmull/java/instanceaccessnode 
Java: Add data flow node encapsulating instance accesses.
 2022-01-20 15:40:21 +01:00
Erik Krogh Kristensen
a77b2b0209 Merge pull request #7668 from erik-krogh/simplify-casts 
simplify expressions that could be type-casts
 2022-01-20 15:20:18 +01:00
Alex Ford
9613ff743b Merge pull request #7611 from github/ruby/protect_from_forgery-without-exception 
Ruby: flag up `protect_from_forgery` calls without an exception strategy
 2022-01-20 13:45:30 +00:00
Tony Torralba
caab1c3332 Merge pull request #6963 from atorralba/atorralba/android-onactivityresult-source 
Android: Add the Intent parameter of the `onActivityResult` method as a source
 2022-01-20 14:27:30 +01:00
Tony Torralba
29e87b3abd Merge pull request #6975 from atorralba/atorralba/android-intent-uri-permission-manipulation 
Java: CWE-266 - Query to detect Intent URI Permission Manipulation in Android applications
 2022-01-20 14:27:02 +01:00
Geoffrey White
b230681bc8 Merge pull request #7650 from geoffw0/clrtxt3 
C++: Improve cpp/cleartext-transmission
 2022-01-20 13:21:54 +00:00
Anders Schack-Mulligen
43da5aabbe Java: Add dataflow node encapsulating instance accesses. 2022-01-20 14:12:33 +01:00
Tony Torralba
62f847a82e Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2022-01-20 13:44:10 +01:00
Tony Torralba
3957ebe880 Fix bitwiseLocalTaintStep 2022-01-20 13:34:32 +01:00
Tony Torralba
265f8a3b19 Make bitwise taintsteps specific for this query 2022-01-20 13:23:56 +01:00
Tony Torralba
4e9849e19d Refactor IntentFlagsOrDataCheckedGuard to avoid footgun 2022-01-20 13:23:55 +01:00
Tony Torralba
62c21918b2 Add QLDoc to guard and sanitizer 2022-01-20 13:23:54 +01:00
Tony Torralba
58a0bcd70f Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-01-20 13:23:53 +01:00
Tony Torralba
8767d2db23 Don't capitalize the term content provider 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-01-20 13:23:52 +01:00
Tony Torralba
596cfd399e Improve description 2022-01-20 13:23:52 +01:00
Tony Torralba
ab560234e3 Update java/change-notes/2021-10-27-android-intent-uri-permission-manipulation-query.md 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-01-20 13:23:51 +01:00
Tony Torralba
3405db31b8 Add qhelp 2022-01-20 13:23:51 +01:00
Tony Torralba
6152c8a989 Add change note 2022-01-20 13:23:48 +01:00
Tony Torralba
e1d30ebc09 Added severity 
Removed duplicated code
 2022-01-20 13:23:15 +01:00
Tony Torralba
ec8ffeed07 Add Intent URI Permission Manipulation query 2022-01-20 13:23:14 +01:00
Tony Torralba
c09b6691e1 Merge pull request #6171 from atorralba/atorralba/promote-unsafe-certificate-trust 
Java: Promote Unsafe certificate trust query from experimental
 2022-01-20 12:07:03 +01:00
Anders Schack-Mulligen
f154530141 Merge pull request #7662 from JLLeitschuh/patch-2 
Fix typo in FileWritable
 2022-01-20 11:13:59 +01:00
Anders Schack-Mulligen
4aa2661dc1 Merge pull request #7634 from bmuskalla/refactorLangModel 
Refactor Apache Commons Lang model
 2022-01-20 11:01:25 +01:00
Geoffrey White
8bdbaf4b57 C++: Autoformat. 2022-01-20 09:52:24 +00:00
CodeQL CI
cfa670c123 Merge pull request #7651 from erik-krogh/CWE-471 
Approved by asgerf, esbena
 2022-01-20 01:47:39 -08:00
Erik Krogh Kristensen
4e8e3a7420 simplify expressions that could be type-casts 2022-01-20 10:41:35 +01:00
Benjamin Muskalla
2748bbffa3 Merge pull request #7656 from bmuskalla/excludeMainLoggingGenerator 
Java: Exclude irrelevant rows from models
 2022-01-20 10:40:51 +01:00
Michael Nebel
547f492be0 Merge pull request #7577 from michaelnebel/csharp/line-pragma 
C#: Make support for Line span pragma
 2022-01-20 09:51:57 +01:00
Jonathan Leitschuh
23548c50e1 Fix typo in FileWritable 2022-01-19 16:14:38 -05:00
Tom Hvitved
70f4efb834 Merge pull request #7646 from hvitved/csharp/roslyn-tuple-elements-workaround 
C#: Workaround Roslyn bug in `INamedTypeSymbol.TupleElements`
 2022-01-19 19:54:29 +01:00
Tony Torralba
695e77a219 Simplify isSslSocket predicate 2022-01-19 17:01:28 +01:00
Mathias Vorreiter Pedersen
40c8881575 Merge pull request #7472 from erik-krogh/redundant-aggregate 
QL-for-QL: Add a could-be-cast query
 2022-01-19 15:48:00 +00:00
Henry Mercer
58b1a6fd40 Merge pull request #7655 from github/henrymercer/bump-atm-query-pack-v0.0.6 
JS: Bump ML-powered query packs to v0.0.6
 2022-01-19 15:44:55 +00:00
Tony Torralba
e442e50e6b Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2022-01-19 16:43:48 +01:00
Tony Torralba
101ad777e3 Move things around after rebase 2022-01-19 16:43:48 +01:00
Tony Torralba
03020582af Apply suggestions from code review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-01-19 16:43:47 +01:00
Tony Torralba
9ffc5ab183 Update java/ql/src/semmle/code/java/security/UnsafeCertTrustQuery.qll 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2022-01-19 16:43:47 +01:00
Tony Torralba
c16181dd2f QLDocs 2022-01-19 16:43:46 +01:00
Tony Torralba
000a544729 Decouple UnsafeCertTrust.qll to reuse the taint tracking configuration 2022-01-19 16:43:43 +01:00
Tony Torralba
1e2a956a30 Remove unused stub 2022-01-19 16:43:02 +01:00
Tony Torralba
d9e98ceacc Consider setSslContextFactory and fix tests 2022-01-19 16:43:01 +01:00
Tony Torralba
4d207101e2 Fix QLDoc 2022-01-19 16:43:00 +01:00
Tony Torralba
999acb0021 Improve qhelp references 2022-01-19 16:43:00 +01:00
Tony Torralba
e9712f04a4 Add missing QLDoc 2022-01-19 16:42:59 +01:00
Tony Torralba
698fd64f7f Adjust test after rebase 2022-01-19 16:42:59 +01:00
Tony Torralba
68fe3dd9f4 Fix conflicts in experimental query 2022-01-19 16:42:58 +01:00