hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-06 10:11:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
42,524 Commits 1,690 Branches 160 Tags
codeql-cli/v2.10.5
Commit Graph

42524 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tony Torralba
6fe0b78978 Remove PendingIntentAsField step and add SliceProviderLifecycle step 2022-01-20 16:52:07 +01:00
Andrew Eisenberg
534f8999b6 Update docs/codeql/codeql-cli/getting-started-with-the-codeql-cli.rst 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2022-01-20 07:09:34 -08:00
Erik Krogh Kristensen
2bffe56580 update expected output 2022-01-20 16:06:57 +01:00
Erik Krogh Kristensen
3155114e36 use more set literals 2022-01-20 16:06:34 +01:00
Anders Schack-Mulligen
fede7dd238 Merge pull request #7676 from aschackmull/java/instanceaccessnode 
Java: Add data flow node encapsulating instance accesses.
 2022-01-20 15:40:21 +01:00
Erik Krogh Kristensen
a77b2b0209 Merge pull request #7668 from erik-krogh/simplify-casts 
simplify expressions that could be type-casts
 2022-01-20 15:20:18 +01:00
Erik Krogh Kristensen
5780161b2c fix most issues found by ql/class-doc-style in JS 2022-01-20 15:10:16 +01:00
Chris Smowton
38048399d3 Merge pull request #671 from owen-mc/misc-clean-ups 
Correct module name in file comment
 2022-01-20 14:00:46 +00:00
Alex Ford
9613ff743b Merge pull request #7611 from github/ruby/protect_from_forgery-without-exception 
Ruby: flag up `protect_from_forgery` calls without an exception strategy
 2022-01-20 13:45:30 +00:00
Tony Torralba
caab1c3332 Merge pull request #6963 from atorralba/atorralba/android-onactivityresult-source 
Android: Add the Intent parameter of the `onActivityResult` method as a source
 2022-01-20 14:27:30 +01:00
Tony Torralba
29e87b3abd Merge pull request #6975 from atorralba/atorralba/android-intent-uri-permission-manipulation 
Java: CWE-266 - Query to detect Intent URI Permission Manipulation in Android applications
 2022-01-20 14:27:02 +01:00
Geoffrey White
b230681bc8 Merge pull request #7650 from geoffw0/clrtxt3 
C++: Improve cpp/cleartext-transmission
 2022-01-20 13:21:54 +00:00
Rasmus Wriedt Larsen
f53dce3a83 Python: Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2022-01-20 14:20:15 +01:00
Anders Schack-Mulligen
43da5aabbe Java: Add dataflow node encapsulating instance accesses. 2022-01-20 14:12:33 +01:00
Erik Krogh Kristensen
7167e856fe move electron sink to the customizations file 2022-01-20 14:07:23 +01:00
Owen Mansel-Chan
44641de91b Represent ReturnValue[n] correctly in test output 2022-01-20 13:06:35 +00:00
Owen Mansel-Chan
691bb97fdc Move ReturnValue[]-specific code to non-shared file 2022-01-20 13:06:35 +00:00
Erik Krogh Kristensen
548fb47603 JS: move ExternalArtifact.qll into lib/ folder to fix ql/db-type-outside-core 2022-01-20 14:00:57 +01:00
Erik Krogh Kristensen
9b69de8588 QL: add query detecting use of db-types outside the lib folder 2022-01-20 14:00:55 +01:00
github-actions[bot]
ab218421da Post-release preparation for codeql-cli-2.7.6 2022-01-20 12:59:20 +00:00
github-actions[bot]
c52caa6322 Post-release preparation for codeql-cli-2.7.6 2022-01-20 12:59:04 +00:00
Tony Torralba
62f847a82e Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2022-01-20 13:44:10 +01:00
Tony Torralba
3957ebe880 Fix bitwiseLocalTaintStep 2022-01-20 13:34:32 +01:00
Owen Mansel-Chan
54855113c4 Correct module name in file comment 2022-01-20 12:30:52 +00:00
Chris Smowton
de07035c27 Merge pull request #670 from github/smowton/admin/remove-committed-binary 
Delete accidentally committed binary file
 2022-01-20 12:28:01 +00:00
Tony Torralba
265f8a3b19 Make bitwise taintsteps specific for this query 2022-01-20 13:23:56 +01:00
Tony Torralba
4e9849e19d Refactor IntentFlagsOrDataCheckedGuard to avoid footgun 2022-01-20 13:23:55 +01:00
Tony Torralba
62c21918b2 Add QLDoc to guard and sanitizer 2022-01-20 13:23:54 +01:00
Tony Torralba
58a0bcd70f Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-01-20 13:23:53 +01:00
Tony Torralba
8767d2db23 Don't capitalize the term content provider 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-01-20 13:23:52 +01:00
Tony Torralba
596cfd399e Improve description 2022-01-20 13:23:52 +01:00
Tony Torralba
ab560234e3 Update java/change-notes/2021-10-27-android-intent-uri-permission-manipulation-query.md 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-01-20 13:23:51 +01:00
Tony Torralba
3405db31b8 Add qhelp 2022-01-20 13:23:51 +01:00
Tony Torralba
6152c8a989 Add change note 2022-01-20 13:23:48 +01:00
Tony Torralba
e1d30ebc09 Added severity 
Removed duplicated code
 2022-01-20 13:23:15 +01:00
Tony Torralba
ec8ffeed07 Add Intent URI Permission Manipulation query 2022-01-20 13:23:14 +01:00
Michael Nebel
e804922a2c C#: Add flow test case for with expressions on anonymous types. 2022-01-20 13:14:06 +01:00
Michael Nebel
97d9985e0b C#: Add support for flow via object initializer for anonymous types. 2022-01-20 13:12:19 +01:00
Tony Torralba
c09b6691e1 Merge pull request #6171 from atorralba/atorralba/promote-unsafe-certificate-trust 
Java: Promote Unsafe certificate trust query from experimental
 2022-01-20 12:07:03 +01:00
Chris Smowton
8111fbb69b Delete m 2022-01-20 10:57:11 +00:00
Felicity Chapman
e178626226 Merge pull request #7653 from github/felicitymay-patch-1 
Port changes from main to rc/3.3 to avoid regression
lgtm/v1.29.0 		2022-01-20 10:45:13 +00:00
Erik Krogh Kristensen
6b7d84add7 QL: exclude fields that are uniquely used in call to an IPA constructor 2022-01-20 11:37:08 +01:00
Anders Schack-Mulligen
f154530141 Merge pull request #7662 from JLLeitschuh/patch-2 
Fix typo in FileWritable
 2022-01-20 11:13:59 +01:00
Benjamin Muskalla
8217873bae Align files with new naming pattern 2022-01-20 11:02:53 +01:00
Anders Schack-Mulligen
4aa2661dc1 Merge pull request #7634 from bmuskalla/refactorLangModel 
Refactor Apache Commons Lang model
 2022-01-20 11:01:25 +01:00
Benjamin Muskalla
4cac35adad Regnerate model to capture char[] APIs 2022-01-20 10:59:28 +01:00
Benjamin Muskalla
857c2778a6 Added missing model for ReadableByteChannel 
This reveals more models for commons io
 2022-01-20 10:59:28 +01:00
Benjamin Muskalla
b20b3ab480 Regenrate model to replace manual models 2022-01-20 10:59:27 +01:00
Benjamin Muskalla
93f6fde63c Keep not-yet-covered models 2022-01-20 10:59:27 +01:00
Benjamin Muskalla
d07997699f Introduce generated model for Commons IO 2022-01-20 10:59:24 +01:00