hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,068 Commits 1,671 Branches 157 Tags
d249b51a5e94a2682b3aec519e7f31e82df12d59
Commit Graph

1277 Commits

Author SHA1 Message Date
Chris Smowton
3e03db178f Merge pull request #4483 from smowton/smowton/admin/droid-webview-pr-rebase 
Rebase of #3706
 2020-10-19 09:29:04 +01:00
Chris Smowton
5a480bfb13 Give query an id and PathGraph query predicates 2020-10-16 16:19:58 +01:00
Anders Schack-Mulligen
a806a4f086 Merge pull request #4312 from JLLeitschuh/feat/JLL/java/jhipster_CVE-2019-16303 
Java: QL Query Detector for JHipster Generated CVE-2019-16303
 2020-10-16 15:47:09 +02:00
Anders Schack-Mulligen
b352605d12 Dataflow: Code review fixes. 2020-10-16 13:45:51 +02:00
Anders Schack-Mulligen
664f04020f Revert "Dataflow: Count callables instead of nodes for fieldFlowBranchLimit." 
This reverts commit 1501a40de8.
 2020-10-16 12:51:50 +02:00
Anders Schack-Mulligen
1501a40de8 Dataflow: Count callables instead of nodes for fieldFlowBranchLimit. 2020-10-16 12:51:17 +02:00
Anders Schack-Mulligen
6aae51fa4f Dataflow: Sync. 2020-10-16 12:51:17 +02:00
Anders Schack-Mulligen
8f055f56b8 Dataflow: Adaptive field flow precision. 2020-10-16 12:51:17 +02:00
Anders Schack-Mulligen
b0f0f89dbc Dataflow: Minor pruning improvements. 2020-10-16 12:51:17 +02:00
Tom Hvitved
5f01fda1ef Data flow: Sync files 2020-10-16 09:05:02 +02:00
Anders Schack-Mulligen
94f110f739 Sync. 2020-10-16 09:05:01 +02:00
Anders Schack-Mulligen
b4ecfaeda3 Dataflow: Remove inconsistent AccessPath.getType(). 2020-10-16 09:05:01 +02:00
Anders Schack-Mulligen
d88c551f64 Dataflow: qldoc fix 2020-10-16 09:05:01 +02:00
Anders Schack-Mulligen
98f10b29b8 Dataflow: Simplify SCC: remove some apa params. 2020-10-16 09:05:01 +02:00
Anders Schack-Mulligen
4e2f786040 Dataflow: Precalculate AccessPath to avoid massive recursion. 2020-10-16 09:05:01 +02:00
Tom Hvitved
d608138c0c Data flow: Sync files 2020-10-16 09:03:13 +02:00
Joe Farebrother
388f60f818 Merge pull request #4430 from joefarebrother/tainttrackingutils-refactor 
Java: Refactor part of TaintTrackingUtil.qll
 2020-10-15 16:05:38 +01:00
luchua-bc
b359802dd4 Replace non-ASCII apostrophe in Java stub classes 2020-10-15 14:53:32 +01:00
luchua-bc
6f6ec9d51a Change the source class type and simplify the data-flow step 2020-10-15 14:53:32 +01:00
luchua-bc
f5e9690594 Update the doc comments 2020-10-15 14:53:32 +01:00
luchua-bc
c7750fd8c2 Fine tune the query 2020-10-15 14:53:32 +01:00
luchua-bc
5338332648 Enhance the query and add more test cases 2020-10-15 14:53:31 +01:00
luchua-bc
55af37312b Text changes to the help file 2020-10-15 14:53:31 +01:00
luchua-bc
ebc2bd9a58 Text changes to the help file 2020-10-15 14:53:31 +01:00
luchua-bc
bd0c577ffd Unsafe resource loading in Android webview 2020-10-15 14:53:30 +01:00
Jonathan Leitschuh
a9c5551284 Fix formatting in Lang.qll 2020-10-15 08:52:02 -04:00
Jonathan Leitschuh
fc71ca747d Java: Track taint through java.io.File::toPath & java.nio.file.Path::toFile 2020-10-13 21:15:09 -04:00
Joe Farebrother
b2a2412f1d Java: Clean up the constructor flow steps 2020-10-13 11:30:02 +01:00
Jonathan Leitschuh
48f4b6c058 Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2020-10-12 11:16:21 -04:00
Jonathan Leitschuh
895f4d0ea6 JHipster Vuln: Add GOOD/BAD & release note links 2020-10-12 11:00:05 -04:00
Joe Farebrother
aa8bacb724 Java: Update test output 2020-10-12 15:50:47 +01:00
Joe Farebrother
3416911ac6 Java: Refector out StringBuilder and Number taint preserving callables 2020-10-12 15:50:47 +01:00
Joe Farebrother
eafde05a55 Java: Expand flow step refactoring to Callables 
Also add some missing flow steps for StringBuilder
 2020-10-12 15:50:47 +01:00
Joe Farebrother
7e2c49fadd Java: Fix a couple of flow step issues 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2020-10-12 15:50:47 +01:00
Joe Farebrother
4a8b7f64e8 Java: Rename returnsTaint to returnsTaintFrom 2020-10-12 15:50:47 +01:00
Joe Farebrother
ca9038350c Java: Add this. and fix mistake 2020-10-12 15:50:46 +01:00
Joe Farebrother
5d487b97da Java: Merge TaintPreservingMethod with TaintTransferringMethod 2020-10-12 15:50:46 +01:00
Joe Farebrother
a510f58865 Java: Implement code review changes 2020-10-12 15:50:46 +01:00
Joe Farebrother
91ce02aad4 Java: Fix bug involving varadic parameters 2020-10-12 15:50:46 +01:00
Joe Farebrother
79209af9c0 Java: Refactor out flow steps for more frameworks. 2020-10-12 15:50:41 +01:00
Joe Farebrother
92fd8c4128 Java: Move new definitions to new file 2020-10-12 15:48:43 +01:00
Joe Farebrother
60a7666105 Java: Refactor Android SQLite flow steps 2020-10-12 15:48:43 +01:00
Joe Farebrother
ca60f2cc18 Java: Fix failing tests 2020-10-12 15:48:43 +01:00
Joe Farebrother
ff6c5c219c Java: Start TaintTrackingUtils refactor 2020-10-12 15:48:43 +01:00
Joe Farebrother
551d86c6ea Java: Define classes for taint propagation methods 2020-10-12 15:48:43 +01:00
Arthur Baars
fc4a3426ac Merge pull request #4457 from daniel-beck/file-taint 
Java: Track taint through java.io.File constructor and #toURI; URI#toURL
 2020-10-12 16:42:11 +02:00
Anders Schack-Mulligen
725194a3b8 Merge pull request #4447 from aschackmull/dataflow/postupdate-flow-consistency 
Dataflow: Introduce consistency check for flow targeting PostUpdateNodes
 2020-10-12 08:56:19 +02:00
Daniel Beck
0c70be145f Track taint through java.io.File constructor and #toURI; URI#toURL 2020-10-10 20:54:55 +02:00
Anders Schack-Mulligen
1c043447e8 Dataflow: Introduce consistency check for flow targeting PostUpdateNodes. 2020-10-09 14:29:52 +02:00
Anders Schack-Mulligen
cb00f8bcc4 Merge pull request #4362 from tamasvajk/feature/sign-analysis-cleanup 
Sign analysis cleanup
 2020-10-08 09:10:04 +02:00