hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
49,684 Commits 1,672 Branches 157 Tags
dd31be43e07d901bafb543c8f65be8e9b5abb364
Commit Graph

8654 Commits

Author SHA1 Message Date
Tony Torralba
409a123490 Tainting the velocity context isn't exploitable 2022-09-12 11:38:29 +02:00
Ed Minnix
817f12cae6 Updated expectations file with new message 
The warning message for the `android:allowBackup` query was updated.
This updates the message in the expectations file.
 2022-09-09 11:35:48 -04:00
Ian Lynagh
c7e3051edd Merge pull request #10239 from tamasvajk/kotlin-fix-declaration-stack 
Kotlin: Fix declaration stack
 2022-09-09 16:03:31 +01:00
Tamás Vajk
05fcbdd9e3 Merge pull request #10365 from tamasvajk/kotlin-fix-isUnspecialised-2 
Kotlin: Fix `isUnspecialised` to handle generic classes inside generic methods
 2022-09-09 16:27:19 +02:00
Edward Minnix III
08a17b355e allowBackup documentation updates 
Make error messages and descriptions clearer about application backups not being disabled, rather than focusing on `android:allowBackup` specifically.

Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2022-09-09 09:30:49 -04:00
Tamas Vajk
b8b0fd8a74 Kotlin: Fix isUnspecialised to handle generic classes inside generic methods 2022-09-09 14:32:38 +02:00
Tamas Vajk
3267d7c96e Kotlin: Add test case with various nested generics 2022-09-09 11:09:50 +02:00
Tony Torralba
d748fb5648 Fix bad models, add tests for those 2022-09-09 10:08:52 +02:00
Edward Minnix III
83c8e22225 Apply suggestions from documentation review 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2022-09-08 15:55:00 -04:00
Tony Torralba
6413de6c20 Add change note 2022-09-08 17:38:26 +02:00
Tony Torralba
fb13e7f307 Docs changes 2022-09-08 17:38:25 +02:00
Tony Torralba
e311155acd Use InlineExpectationsTest 2022-09-08 17:38:25 +02:00
Tony Torralba
b68e6669b8 Refactor TemplateInjection libraries 2022-09-08 17:38:25 +02:00
Tony Torralba
c9728098ef Generate stubs, adapt tests 2022-09-08 17:38:21 +02:00
Tony Torralba
7db1eb98f5 Sync files 2022-09-08 17:32:03 +02:00
Tony Torralba
1b87167d96 Add implicit reads for FlowState sinks and steps 2022-09-08 17:26:59 +02:00
Tony Torralba
d5f101d7e6 Add implicit read FlowState test 2022-09-08 17:19:39 +02:00
Ed Minnix
59909751ae Change allowBackup tests to use qlref test format 
Due to some limitations of comments in XML, it is simpler to implement
the `android:allowBackup` tests using the qlref/expectations test format.
 2022-09-08 10:34:17 -04:00
Ed Minnix
e69a8269ad Move CleartextStorage test files into separate dir 
Move the files for the CleartextStorage tests into their own directory
to avoid issues with extraction
 2022-09-08 10:33:05 -04:00
Tamas Vajk
824ba6ed2a Kotlin: Catch exception thrown by kotlinc 2022-09-08 14:09:18 +02:00
github-actions[bot]
a9d80a5a48 Release preparation for version 2.10.5 2022-09-08 11:35:54 +00:00
Ian Lynagh
b62193d4bf Merge pull request #10333 from igfoo/igfoo/extractStaticInitializer2 
Kotlin: Remove a cast from extractStaticInitializer
 2022-09-08 10:51:36 +01:00
Tamas Vajk
56ef1739a3 Kotlin: fix KFunctionX.invoke extraction 2022-09-08 10:49:10 +02:00
Tamas Vajk
fdf3488500 Kotlin: Add test with extraction error due to missing base class of KFunctionX 2022-09-08 10:49:01 +02:00
Michael Nebel
e265b07a93 Merge pull request #10127 from michaelnebel/csharp/clearscontent 
C#: Replace clears content with CSV summaries.
 2022-09-08 09:26:08 +02:00
github-actions[bot]
7e72f53631 Add changed framework coverage reports 2022-09-08 00:21:30 +00:00
Ed Minnix
09b723fc6d Formatting fixes for allowBackup tests 2022-09-07 13:30:19 -04:00
Ed Minnix
c69a2be976 Moved allowBackup query logic to allowsBackup pred 2022-09-07 12:08:25 -04:00
Ed Minnix
5206c792b0 Additional Unit tests for the allowBackup query 2022-09-07 12:07:48 -04:00
Tamás Vajk
b129c4098d Merge pull request #10278 from tamasvajk/kotlin-reified-enum 
Kotlin: Extract error expression for `enumValues<T>` calls
 2022-09-07 17:33:08 +02:00
Edward Minnix III
f6c8144eed Update java/ql/src/Security/CWE/CWE-312/AllowBackupAttributeEnabled.ql 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2022-09-07 09:46:36 -04:00
Edward Minnix III
9ddfcf935b Update java/ql/src/change-notes/2022-08-18-android-allowbackup-query.md 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2022-09-07 09:46:16 -04:00
Tamas Vajk
2728517c7f Improve error handling 2022-09-07 15:31:23 +02:00
Tamas Vajk
0f967060e5 Fix merge conflict 2022-09-07 15:24:25 +02:00
Tamas Vajk
acac5fe4fd Improve code quality 2022-09-07 15:21:12 +02:00
Tamas Vajk
7f7cb2c579 Kotlin: refactor declaration stack to handle file as declaration parent 2022-09-07 15:21:11 +02:00
Tamas Vajk
25977778a2 Kotlin: Fix duplicate field entry in declaration stack 2022-09-07 15:21:11 +02:00
Tamas Vajk
0c257a1b78 Kotlin: add test for incorrect declaration stack 2022-09-07 15:21:10 +02:00
Ian Lynagh
bf6e988fcd Merge pull request #10331 from igfoo/igfoo/extractConstructorCall3 
Kotlin: Remove a cast from extractConstructorCall
 2022-09-07 14:01:40 +01:00
Tamas Vajk
f84e62e16b Add todo comment based on PR review 2022-09-07 13:47:28 +02:00
Ian Lynagh
b2c83ae69b Kotlin: Remove a cast from extractStaticInitializer 2022-09-07 12:46:26 +01:00
Ian Lynagh
159ee99b6d Kotlin: Remove a cast from extractConstructorCall 2022-09-07 12:29:24 +01:00
Tony Torralba
cd61bd0606 Move files from experimental 2022-09-07 13:13:40 +02:00
Tamás Vajk
3410dd589d Merge pull request #9783 from tamasvajk/feature/kotlin-stdlib-mad 
Kotlin: Add MaD for stdlib
 2022-09-07 12:57:23 +02:00
Tamás Vajk
5c37430031 Merge pull request #10329 from tamasvajk/kotlin-type-access-todo 
Kotlin: Add todo comment describing type access extraction inconsistency
 2022-09-07 12:56:54 +02:00
Ian Lynagh
89fc84d29a Merge pull request #10322 from igfoo/igfoo/arrays2 
Kotlin: Rewrite array type extraction
 2022-09-07 10:45:33 +01:00
Ian Lynagh
6bee9d8dee Merge pull request #10323 from igfoo/igfoo/extractPropertyReference 
Kotlin: Remove a cast from extractPropertyReference
 2022-09-07 10:44:17 +01:00
Ian Lynagh
67f8c8215c Merge pull request #10325 from igfoo/igfoo/getDeclaringTypeArguments2 
Kotlin: Remove a cast from getDeclaringTypeArguments
 2022-09-07 10:44:02 +01:00
Ian Lynagh
b4b52b9074 Merge pull request #10324 from igfoo/igfoo/extractConstructorCall2 
Kotlin: Remove a cast from extractConstructorCall
 2022-09-07 10:43:54 +01:00
Ian Lynagh
4a8d08e21f Merge pull request #10326 from igfoo/igfoo/useClassSource 
Kotlin: Remove some redundant code
 2022-09-07 10:43:42 +01:00