hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-13 22:44:48 +01:00
Code Issues Packages Projects Releases Wiki Activity
49,367 Commits 1,679 Branches 158 Tags
codeql-cli/v2.12.1
Commit Graph

49367 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ed Minnix
973f649e76 Break dataflow into two steps in order to capture flow from WebView to settings call 2022-12-31 15:00:28 -05:00
Ed Minnix
0e15dd9fa9 Query metadata 2022-12-31 15:00:28 -05:00
Edward Minnix III
778749184b Change id to use android/ instead of prepending android- 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2022-12-31 15:00:28 -05:00
Ed Minnix
da25c586e6 Dataflow query for detecting paths that disable content access 
Since the default value is `true`, we need to determine whether or not
the `setAllowContentAccess` method is ever called using dataflow.
 2022-12-31 15:00:28 -05:00
Ed Minnix
8a763015e6 Reduce precision rating to medium 
This query won't always be a security problem, so it should have a lower
precision rating than `high`.
 2022-12-31 15:00:28 -05:00
Ed Minnix
7cc53126f3 Java: WebView setAllowContentAccess query test cases 2022-12-31 15:00:28 -05:00
Ed Minnix
a023726c03 Java: add Android stubs to options file for CWE-200 tests 2022-12-31 15:00:28 -05:00
Ed Minnix
e4e13d38b7 Java: query for Android WebView setAllowContentAccess 2022-12-31 15:00:28 -05:00
Ed Minnix
e259ef5d1d Java: Add class for android.webkit.WebSettings.setAllowContentAccess 2022-12-31 15:00:28 -05:00
Calum Grant
2d0f8798a4 Py: Reformat test 2022-12-28 11:05:48 +00:00
Harry Maclean
a6571a05ab Ruby: Include send example in qhelp 2022-12-28 11:34:55 +13:00
Harry Maclean
d3812f5906 Ruby: Add another code injection example to qhelp 2022-12-28 11:20:56 +13:00
Harry Maclean
b70ca77afc Merge pull request #10899 from hmac/flow-summary-docs 
Ruby: Document flow summary syntax
 2022-12-28 10:47:38 +13:00
Erik Krogh Kristensen
9c255b6c16 Merge pull request #11786 from erik-krogh/fix-nomagic-termination 
QL: fix catastrophic join-order in `ql/cand-missing-nomagic`
 2022-12-24 10:54:51 +01:00
erik-krogh
9e63390c78 fix that ql/cand-missing-nomagic had a catastrophic join-order 2022-12-23 21:20:30 +01:00
Tony Torralba
07d99bd643 Add path injection sinks 2022-12-23 17:16:06 +01:00
Tony Torralba
4215a89bc8 Add cleartext storage database sinks 2022-12-23 17:15:59 +01:00
Tony Torralba
ac39aeb6b6 Add SQLi sinks 2022-12-23 17:03:31 +01:00
Erik Krogh Kristensen
393a8c2bd8 Merge pull request #11630 from erik-krogh/useInstanceOf 
QL4QL: enable medium precision queries, and make the "suggest instanceof" query louder
 2022-12-23 14:22:23 +01:00
Henry Mercer
6be790929d Specify language names in extractor packs 2022-12-23 13:15:04 +00:00
Jami Cogswell
939279af38 Java: add comments 2022-12-22 16:25:12 -05:00
Jami Cogswell
673d37cc3d Java: update Math.min test case 2022-12-22 14:36:06 -05:00
Jami Cogswell
a81c54b58c Java: updates to order alphabetically 2022-12-22 13:22:12 -05:00
Jami Cogswell
e6331dc2e6 Java: update test case affected by Long.parseLong summary model 2022-12-22 12:57:37 -05:00
Jami Cogswell
997219a280 Java: update test case affected by Class.isAssignableFrom neutral model 2022-12-22 12:54:02 -05:00
Jami Cogswell
6007827dd3 Java: update test cases 2022-12-22 12:29:57 -05:00
Mathias Vorreiter Pedersen
98c30b8545 Merge pull request #11761 from MathiasVP/ir-for-microsoft-try-except-finally 
C++: Generate IR for `__try __finally` and `__try __except`
 2022-12-22 11:23:01 +00:00
Erik Krogh Kristensen
7201071084 Merge pull request #11777 from erik-krogh/use-new-cache 
CI: use the new actions/cache@v3 instead of my own fork
 2022-12-22 12:15:14 +01:00
Erik Krogh Kristensen
c4883925bb Merge pull request #11519 from erik-krogh/equiv 
QL: Mock the `QlBuiltins` module in QL-for-QL
 2022-12-22 12:14:57 +01:00
Mathias Vorreiter Pedersen
b330b628e3 Merge pull request #11595 from d10c/swift/extract-mainactor 
Swift: MethodRefExpr -> MethodLookupExpr
 2022-12-22 10:22:33 +00:00
Tony Torralba
36ca97e4f6 Add exclusions to reduce FP 
Predicate parameters that have a database type are excluded.

Also, uses of the exists variable in an agreggation or another quantifier are excluded.
 2022-12-22 11:15:07 +01:00
erik-krogh
b3dd50bc36 inline Location into the shared implementation of InlineExpectationsTest 2022-12-22 11:09:43 +01:00
Mathias Vorreiter Pedersen
a974cb1861 C++: Add another test with an _actual_ throw. 2022-12-22 10:01:41 +00:00
Mathias Vorreiter Pedersen
5fa968138c C++: Add another test case with a throw. 2022-12-22 09:38:57 +00:00
Rasmus Lerchedahl Petersen
08e9d3391f swift: use shared inline tests 
- add util shared pack to swift
 - remove from identical-files
 2022-12-22 10:20:07 +01:00
Rasmus Lerchedahl Petersen
b0d7998342 go: use shared inline tests 
- remove from identical-files
 2022-12-22 10:20:07 +01:00
Rasmus Lerchedahl Petersen
f28eb6bf31 ql4ql: use shared inline tests 
- add util shared pack to ql
 - remove from identical-files
 2022-12-22 10:20:07 +01:00
Rasmus Lerchedahl Petersen
0d6c643d77 ruby: use shared inline tests 
- remove from identical-files
 2022-12-22 10:20:07 +01:00
Rasmus Lerchedahl Petersen
4667068017 java: use shared inline tests 
- remove from identical-files
 2022-12-22 10:20:06 +01:00
Rasmus Lerchedahl Petersen
a9b232bff4 csharp: use shared inline tests 
- remove from identical-files
 2022-12-22 10:20:06 +01:00
Rasmus Lerchedahl Petersen
d97e185994 cpp: use shared inline tests 
- remove from identical-files
 2022-12-22 10:20:06 +01:00
Rasmus Lerchedahl Petersen
e8d3802ee5 Python: use shared inline tests 
- remove from identical-files
 2022-12-22 10:20:05 +01:00
Rasmus Lerchedahl Petersen
b767dcfd18 shared: Add shared inline expectation test library 2022-12-22 10:20:05 +01:00
Jami Cogswell
de5965525f Java: add initial test cases for summary models 2022-12-21 16:19:37 -05:00
erik-krogh
38bd4d9b12 update expected output to have more copies of "T" 2022-12-21 21:45:59 +01:00
erik-krogh
dbdc7275fc have unique parents, also for mock AST nodes 2022-12-21 21:38:52 +01:00
erik-krogh
5728e3ee8f Merge branch 'main' into equiv 2022-12-21 21:28:32 +01:00
erik-krogh
b4dddc07f1 use the new actions/cache@v3 instead of my own fork 2022-12-21 21:10:55 +01:00
Jami Cogswell
c251da799f Java: update TopJdkApis test 2022-12-21 13:19:09 -05:00
Jami Cogswell
16de30e07e Java: add java.util.stream models 2022-12-21 13:05:23 -05:00