hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-18 11:21:07 +02:00
Code Issues Packages Projects Releases Wiki Activity
42,489 Commits 1,778 Branches 169 Tags
f6c8144eed5a2e3af9b5ad1e4c5074b803a9fb13
Commit Graph

704 Commits

Author SHA1 Message Date
Edward Minnix III
f6c8144eed Update java/ql/src/Security/CWE/CWE-312/AllowBackupAttributeEnabled.ql 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2022-09-07 09:46:36 -04:00
Ed Minnix
dca4cd221a Documentation cleanup for allowBackup query 2022-09-06 14:35:11 -04:00
Ed Minnix
500a6f3b86 Add check for files which provide the app launcher 
Adds support for filtering which applications include the
`android.intent.action.MAIN` intent.
 2022-08-30 12:54:26 -04:00
Edward Minnix III
e6a1b1fab9 Rename allowBackup query id 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2022-08-24 15:54:13 -04:00
Ed Minnix
dad4a403db Add support for android:allowBackup default value 
The default value of `android:allowBackup` is `true`. Added support for
detecting if the default value is used.
 2022-08-24 15:54:13 -04:00
Ed Minnix
6509426fb3 android:allowBackup query documentation 2022-08-24 15:54:13 -04:00
Ed Minnix
44b0a2b8af Android allowBackup query 2022-08-24 15:54:13 -04:00
Ed Minnix
dac64eeca7 Query test files 2022-08-24 15:54:13 -04:00
Jami
b3e88f8234 Merge pull request #9983 from jcogs33/android-implicit-export 
Java: query to detect implicitly exported Android components
 2022-08-24 10:52:50 -04:00
Erik Krogh Kristensen
4df2e5d937 Merge pull request #10096 from erik-krogh/acronyms-part1 
make acronyms camelcase
 2022-08-24 09:33:53 +02:00
Chris Smowton
0a7350f3bf Merge pull request #10041 from smowton/AddSensitiveApiCalls 
Java: support more libraries in hardcoded-credentials queries
 2022-08-23 10:51:04 +01:00
Tony Torralba
e3c1101b79 Merge pull request #10136 from atorralba/atorralba/redos-cwe-tag 
Java: Add CWE-1333 tag to Java ReDoS queries
 2022-08-23 11:07:51 +02:00
Joe Farebrother
ac79866799 Merge pull request #9982 from joefarebrother/rsa-without-oaep 
Java: Add query for RSA without OAEP
 2022-08-23 09:14:46 +01:00
Tony Torralba
cd10f559ca Add CWE-1333 tag to Java ReDoS queries 2022-08-23 09:56:59 +02:00
erik-krogh
e89e0eb7fb make some acronyms camelCase 2022-08-22 21:22:35 +02:00
Jami Cogswell
733078183e update query description 2022-08-22 12:41:22 -04:00
Jami Cogswell
f34e23bdba adjusted comments and precision level 2022-08-22 12:41:22 -04:00
Jami Cogswell
eacce03073 resolved merge conflict in AndroidManifest lib 2022-08-22 12:41:22 -04:00
Jami Cogswell
0934c1d184 resolved merge conflict in AndroidManifest lib 2022-08-22 12:41:22 -04:00
Jami Cogswell
9968d5d816 updated predicates 2022-08-22 12:41:22 -04:00
Jami Cogswell
58d3d89b2e resolved merge conflict in AndroidManifest 2022-08-22 12:41:22 -04:00
Jami Cogswell
084b9830bc resolved merge conflict in AndroidManifest 2022-08-22 12:41:22 -04:00
Jami Cogswell
55bd9f943f minor wording updates in help file 2022-08-22 12:41:22 -04:00
Jami Cogswell
10fa687e26 updated help file and unit tests 2022-08-22 12:41:22 -04:00
Jami Cogswell
eea1089ee0 resolved merge conflict in AndroidManifest 2022-08-22 12:41:22 -04:00
Jami Cogswell
60921a0355 switched to checking for permission attr in application elem instead of in manifest elem 2022-08-22 12:41:22 -04:00
Jami Cogswell
a6ecac6e00 third draft with category launcher and permission element excluded 2022-08-22 12:41:22 -04:00
Jami Cogswell
8d5bbc458f first draft of query and tests 2022-08-22 12:41:22 -04:00
Jami Cogswell
3e09d86a4f adding starter files 2022-08-22 12:41:22 -04:00
Erik Krogh Kristensen
4f93f2b9ba Merge pull request #10076 from erik-krogh/ql-for-ql-fixes 
various QL-for-QL fixes
 2022-08-18 15:46:48 +02:00
Joe Farebrother
e8f027dab2 Apply docs suggestions from code review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-08-18 14:21:40 +01:00
Anders Schack-Mulligen
f6eccd390e Java: Move sink-constraints into the configuration. 2022-08-17 15:06:55 +02:00
erik-krogh
2e44fba67d add explicit this 2022-08-17 13:33:31 +02:00
Joe Farebrother
5d00b871d4 Correct node type 2022-08-17 11:58:11 +01:00
Joe Farebrother
de69827711 Use a full dataflow config rather than local flow 2022-08-17 10:35:48 +01:00
Joe Farebrother
fe5a61bdde Fix typos in docs and comments 2022-08-17 10:35:48 +01:00
Joe Farebrother
c77b17574a Use CryptoAlgoSpec rather than hadcoding Cipher.getInstance 2022-08-17 10:35:47 +01:00
Joe Farebrother
08b77493d2 Add security severity and change note 2022-08-17 10:35:47 +01:00
Joe Farebrother
9ae652dd6a Add tests 2022-08-17 10:35:47 +01:00
Joe Farebrother
41bdd6d4cc Add RSA without OEAP query and qhelp 2022-08-17 10:35:46 +01:00
Joe Farebrother
7c188a6b96 Apply doc suggestions 2022-08-17 10:35:16 +01:00
Joe Farebrother
5afc0b0c15 Add security severity 2022-08-17 10:35:15 +01:00
Joe Farebrother
bf32b5a8fd Reiview suggestions - add doc comment, reword description, simplify a part 2022-08-17 10:35:15 +01:00
Joe Farebrother
c152a27a68 Reword docs 2022-08-17 10:35:14 +01:00
Joe Farebrother
f8f21c7ee6 Move static init vector query and tests from experimental to main 2022-08-17 10:35:13 +01:00
Jami
dd23d48ad2 Merge pull request #9939 from jcogs33/android-debug-query-inline-tests 
Java: query to detect android:debuggable attribute enabled
 2022-08-16 10:07:13 -04:00
Sid Shankar
1e1e2318b7 Merge pull request #10052 from github/task/fix-broken-links 
Docs: Replace HTTP broken links to equivalent HTTPS resources
 2022-08-16 08:45:08 -04:00
Erik Krogh Kristensen
f106e064fa Merge pull request #9422 from erik-krogh/refacReDoS 
Refactorizations of the ReDoS libraries
 2022-08-16 09:32:08 +02:00
Jami Cogswell
07e141c5be added commas to help file 2022-08-15 15:50:00 -04:00
Jami Cogswell
b779f9f935 added casting 2022-08-15 15:50:00 -04:00