4017 Commits

Author	SHA1	Message	Date
Owen Mansel-Chan	065043b311	Merge pull request #7588 from owen-mc/add-specific-needs-reference-predicates ... Dataflow: Add language-specific NeedsReference predicates	2022-01-17 15:51:34 +00:00
Tony Torralba	e967b8a9be	Merge pull request #6576 from atorralba/atorralba/android-cleartext-storage-filesystem ... Java: Create new query Cleartext storage of sensitive information in Android filesystem	2022-01-17 14:02:38 +01:00
Tony Torralba	227929508f	Merge pull request #6923 from atorralba/atorralba/android-fragment-injection ... Java: CWE-470 - Queries to detect Fragment Injection in Android applications	2022-01-17 14:02:15 +01:00
Tony Torralba	7beab7cb59	Apply code review suggestions	2022-01-17 12:02:27 +01:00
Tony Torralba	a23b8a4a43	Update java/ql/src/Security/CWE/CWE-470/FragmentInjection.inc.qhelp ... Co-authored-by: Chris Smowton <smowton@github.com>	2022-01-17 11:20:39 +01:00
Tony Torralba	ba3a4fb717	Rename filesystemStore predicate after d9e6e5aa04	2022-01-17 11:13:41 +01:00
Tony Torralba	500deac12d	Change query description	2022-01-17 11:11:05 +01:00
Tony Torralba	d9e6e5aa04	Apply suggestions from code review ... Co-authored-by: Chris Smowton <smowton@github.com>	2022-01-17 11:11:05 +01:00
Tony Torralba	22aad17d0e	Apply review suggestions ... Co-authored-by: Ethan Palm <56270045+ethanpalm@users.noreply.github.com>	2022-01-17 11:11:04 +01:00
Tony Torralba	9bbba3c96f	Adjust UnsupportedExternalAPIs test	2022-01-17 11:11:04 +01:00
Tony Torralba	1e4840e071	Fix predicate name	2022-01-17 11:11:03 +01:00
Tony Torralba	79ddbd6fe4	Fix QLDoc and the qhelp example	2022-01-17 11:11:03 +01:00
Tony Torralba	c1ac09a063	Added query for Cleartext Storage in Android Filesystem	2022-01-17 11:11:00 +01:00
Andrew Eisenberg	fbb5d7196f	Merge branch 'main' into post-release-prep/codeql-cli-2.7.5	2022-01-14 08:23:43 -08:00
Ian Lynagh	22dc24629f	Fix a couple of typos: clases / clasess	2022-01-14 14:28:29 +00:00
Anders Schack-Mulligen	0b24af901d	Merge pull request #7349 from aschackmull/dataflow/state ... Dataflow: Add support for flow state	2022-01-14 09:12:38 +01:00
Andrew Eisenberg	4ffd8c62ac	Merge pull request #7579 from github/aeisenberg/changenote-upgrades-removal ... Changenotes: Add changenotes for upgrades refactoring	2022-01-13 09:09:06 -08:00
Owen Mansel-Chan	83a25698bb	Allow adding inputs and outputs needing reference	2022-01-13 15:09:17 +00:00
Anders Schack-Mulligen	c44cf29992	Merge pull request #7587 from owen-mc/add-default-taint-sanitizer-guard ... Dataflow: Add default taint sanitizer guard	2022-01-13 14:44:55 +01:00
Anders Schack-Mulligen	61490e74d8	Merge pull request #7561 from aschackmull/java/misc-perf ... Java: A few perf fixes for getASupertype*().	2022-01-13 14:43:28 +01:00
Anders Schack-Mulligen	f7cf327e71	Dataflow: Sync	2022-01-13 13:28:43 +01:00
Anders Schack-Mulligen	a34c981209	Dataflow: Address comments.	2022-01-13 13:28:24 +01:00
Anders Schack-Mulligen	69973dadb3	Merge pull request #7548 from zbazztian/spring-taint-summaries ... Java: Add Spring and Apache Common Langs taint flow steps	2022-01-13 13:00:41 +01:00
Owen Mansel-Chan	7e42ccfbf1	Don't cache defaultTaintSanitizerGuard for java	2022-01-13 11:36:20 +00:00
Sebastian Bauersfeld	a6e4f29560	Java: Use the interface instead of the abstract class	2022-01-13 14:13:36 +07:00
Sebastian Bauersfeld	69f329ffec	Java: Add test cases for AbstractMessageSource.getMessage() methods	2022-01-13 14:13:27 +07:00
Sebastian Bauersfeld	39b6678b7d	Java: Add test case for StringEscapeUtils.escapeJson() taint step.	2022-01-13 11:18:37 +07:00
Andrew Eisenberg	e435a3e9c3	Changenotes: Add changenotes for upgrades refactoring	2022-01-12 11:36:31 -08:00
Owen Mansel-Chan	c112980b81	Sync TaintTrackingImpl.qll ... Done automatically using sync-files.py	2022-01-12 14:44:55 +00:00
Owen Mansel-Chan	9ec3d7787c	Add option for default taint sanitizer guard ... This allows languages to specify A sanitizer guard in all global taint flow configurations but not in local taint.	2022-01-12 14:44:55 +00:00
github-actions[bot]	8a2d92badc	Post-release preparation for codeql-cli-2.7.5	2022-01-12 13:28:43 +00:00
Tamás Vajk	9065a7f320	Merge pull request #7573 from tamasvajk/fix/java-field-decl-tostr ... Java: Fix toString on field declarations with single field	2022-01-12 13:03:16 +01:00
Tony Torralba	c2105e506b	Added test cases	2022-01-12 11:06:58 +01:00
Alvaro Muñoz Sanchez	715d372572	Add models for AbstractStringBuilder.substring,subsequence,getChars	2022-01-12 10:54:27 +01:00
Tamas Vajk	b9e0310aa2	Java: Fix toString on field declarations with single field	2022-01-12 09:22:16 +01:00
Andrew Eisenberg	07228672df	Merge branch 'main' into aeisenberg/remove-upgrades	2022-01-11 11:25:27 -08:00
Tony Torralba	7b0d9ea525	Merge pull request #7054 from atorralba/atorralba/promote-log-injection ... Java: Promote Log Injection from experimental	2022-01-11 17:26:18 +01:00
Tony Torralba	1030ff7063	Update java/ql/src/Security/CWE/CWE-117/LogInjection.ql	2022-01-11 16:25:32 +01:00
Tony Torralba	4aacba8594	Merge pull request #6468 from atorralba/atorralba/promote-cleartext-sharedprefs ... Java: Promote Cleartext storage of sensitive information using SharedPreferences from experimental	2022-01-11 16:23:53 +01:00
Tony Torralba	394c4a9ee0	Remove unused code	2022-01-11 14:50:48 +01:00
Anders Schack-Mulligen	fdb4851521	Java: A few perf fixes for getASupertype*().	2022-01-11 13:33:54 +01:00
Tony Torralba	50caf7d8dc	Move change note to new location and remove import ... Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2022-01-11 12:24:44 +01:00
Tony Torralba	b9e32208ee	Move change note to new location	2022-01-11 12:23:16 +01:00
Sebastian Bauersfeld	e2a9ced691	Java: Pass taint through Apache's StringEscapeUtils.escapeJson() method.	2022-01-11 15:49:44 +07:00
Sebastian Bauersfeld	f36ee95128	Java: Pass taint through Spring's AbstractMessageSource.getMessage() methods.	2022-01-11 15:48:29 +07:00
Chris Smowton	e352a4b994	Note that parameterizations of local classes are themselves local ... Previously `LocalClass` itself would match `.isLocal()` whereas `LocalClass<Param>` would not. Rather than require each individual user to check for `.getSourceDeclaration().isLocal()`, let's note that the specializations themselves are local.	2022-01-10 18:19:31 +00:00
Tony Torralba	fbebf5e953	Move change note to new location	2022-01-10 17:27:02 +01:00
Tony Torralba	0e738622df	Merge branch 'main' into atorralba/promote-log-injection	2022-01-10 17:24:25 +01:00
Tony Torralba	cc92ce2754	Fix QLDoc	2022-01-10 17:13:13 +01:00
Tony Torralba	e1e5e78464	Apply suggestions from code review ... - Update CleartextStorage library to latest refactor - Move change note to new location	2022-01-10 17:10:55 +01:00