codeql

mirror of https://github.com/github/codeql.git synced 2026-01-13 06:24:46 +01:00

Author	SHA1	Message	Date
Ed Minnix	f9b8200009	Add stub for android.webkit.JavascriptInterface annoation	2023-01-03 15:31:40 -05:00
Edward Minnix III	69fd5e93bc	Merge pull request #28 from egregius313/egregisu313/webview-setAllowContentAccess-single-query Merge `setAllowContentAccess` queries into singular query	2023-01-03 15:27:09 -05:00
Ed Minnix	81df89f93e	Use proper @id in changenote	2023-01-03 15:19:26 -05:00
Ed Minnix	28ad9d00fb	Merge both setAllowContentAccess queries into one query Previously, the query to detect whether or not access to `content://` links was done using two queries. Now they can be merged into one query	2023-01-03 15:17:07 -05:00
Jami Cogswell	29221ae426	Java: add summary model for System.getProperty, adjust comments	2023-01-03 15:11:21 -05:00
Jami Cogswell	21a018e5c5	Java: add summary model and test for File.getName	2023-01-03 13:12:24 -05:00
Geoffrey White	e5a74cb29c	Swift: Add a reference for swift/hardcoded-key.	2023-01-03 17:27:31 +00:00
Chris Smowton	c5138674a4	Merge pull request #11800 from github/smowton/admin/delete-install-deps Remove Go's install-deps.sh script	2023-01-03 17:16:15 +00:00
Geoffrey White	fc646a6d48	Swift: Update .expected following a toString change in main.	2023-01-03 16:25:14 +00:00
Geoffrey White	e05bb7fcee	Merge branch 'main' into format	2023-01-03 15:14:55 +00:00
Michael Nebel	17cd182d72	C#: Update stats based on projects.	2023-01-03 15:44:47 +01:00
Calum Grant	b3a3957dc9	Merge pull request #11741 from github/calumgrant/remove-lgtm Remove references to LGTM in code	2023-01-03 14:23:38 +00:00
Michael Nebel	9d608a78a3	C#: Add change note on renamed query ids.	2023-01-03 15:18:22 +01:00
Michael Nebel	bfe5a0c438	C#: Rename query id's to be prefixed with cs instead of csharp.	2023-01-03 15:13:54 +01:00
Jeroen Ketema	5f4326f2bf	C++: Mark a number of private predicates in the GVN library as deprecated This silences a number of warnings related to GVN deprecation.	2023-01-03 12:47:36 +01:00
Chris Smowton	781e96e2a0	Remove Go's install-deps.sh script	2023-01-03 10:45:06 +00:00
Calum Grant	ad55706527	Merge branch 'main' into calumgrant/remove-lgtm	2023-01-03 10:27:30 +00:00
Jeroen Ketema	dcd0be04c4	Merge pull request #11794 from sigfaulterror/main Update annotations-in-java.rst	2023-01-02 17:13:14 +01:00
erik-krogh	3811eae679	simplify the qhelp for unsafe-code-construction The `send()` example is not flagged by any current query, so it was weird talking about it as "vulnerable".	2023-01-02 13:33:56 +01:00
Arthur Baars	1092326699	Merge pull request #11796 from erik-krogh/fixBinding Ruby: Fix compile error in test	2023-01-02 13:26:20 +01:00
sigfaulterror	1dd545ed99	Update annotations-in-java.rst A typo in the SuppressWarnings's annotation value, it should be `deprecation` and not `deprecated`.	2023-01-02 13:24:17 +01:00
Erik Krogh Kristensen	79a2b6d0b0	use `any()` instead of `this = this` Co-authored-by: Arthur Baars <aibaars@github.com>	2023-01-02 10:49:54 +01:00
erik-krogh	99dc0a8356	fix binding	2023-01-02 10:30:28 +01:00
erik-krogh	3815a5a096	fix qhelp syntax	2023-01-02 10:19:05 +01:00
Ed Minnix	35de551f6b	Formatting	2022-12-31 17:19:49 -05:00
Ed Minnix	515fa21aad	Change notes	2022-12-31 17:18:37 -05:00
Ed Minnix	df1a4d2ed1	Documentation fix: Add `state1` and `state2` to documentation	2022-12-31 15:25:37 -05:00
Ed Minnix	68392aa8d8	Fix test expectations	2022-12-31 15:25:25 -05:00
Ed Minnix	02f70f3536	Add @security-severity tag	2022-12-31 15:00:28 -05:00
Edward Minnix III	1d345c6101	Refactoring and simplification Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>	2022-12-31 15:00:28 -05:00
Ed Minnix	9ef319f659	Java: setAllowContentAccess query tests	2022-12-31 15:00:28 -05:00
Ed Minnix	5265cb4b03	Merge two dataflow configurations into one taint tracking	2022-12-31 15:00:28 -05:00
Ed Minnix	973f649e76	Break dataflow into two steps in order to capture flow from WebView to settings call	2022-12-31 15:00:28 -05:00
Ed Minnix	0e15dd9fa9	Query metadata	2022-12-31 15:00:28 -05:00
Edward Minnix III	778749184b	Change id to use android/ instead of prepending android- Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>	2022-12-31 15:00:28 -05:00
Ed Minnix	da25c586e6	Dataflow query for detecting paths that disable content access Since the default value is `true`, we need to determine whether or not the `setAllowContentAccess` method is ever called using dataflow.	2022-12-31 15:00:28 -05:00
Ed Minnix	8a763015e6	Reduce precision rating to medium This query won't always be a security problem, so it should have a lower precision rating than `high`.	2022-12-31 15:00:28 -05:00
Ed Minnix	7cc53126f3	Java: WebView setAllowContentAccess query test cases	2022-12-31 15:00:28 -05:00
Ed Minnix	a023726c03	Java: add Android stubs to options file for CWE-200 tests	2022-12-31 15:00:28 -05:00
Ed Minnix	e4e13d38b7	Java: query for Android WebView setAllowContentAccess	2022-12-31 15:00:28 -05:00
Ed Minnix	e259ef5d1d	Java: Add class for `android.webkit.WebSettings.setAllowContentAccess`	2022-12-31 15:00:28 -05:00
Calum Grant	2d0f8798a4	Py: Reformat test	2022-12-28 11:05:48 +00:00
Harry Maclean	a6571a05ab	Ruby: Include send example in qhelp	2022-12-28 11:34:55 +13:00
Harry Maclean	d3812f5906	Ruby: Add another code injection example to qhelp	2022-12-28 11:20:56 +13:00
Harry Maclean	b70ca77afc	Merge pull request #10899 from hmac/flow-summary-docs Ruby: Document flow summary syntax	2022-12-28 10:47:38 +13:00
Erik Krogh Kristensen	9c255b6c16	Merge pull request #11786 from erik-krogh/fix-nomagic-termination QL: fix catastrophic join-order in `ql/cand-missing-nomagic`	2022-12-24 10:54:51 +01:00
erik-krogh	9e63390c78	fix that ql/cand-missing-nomagic had a catastrophic join-order	2022-12-23 21:20:30 +01:00
Tony Torralba	07d99bd643	Add path injection sinks	2022-12-23 17:16:06 +01:00
Tony Torralba	4215a89bc8	Add cleartext storage database sinks	2022-12-23 17:15:59 +01:00
Tony Torralba	ac39aeb6b6	Add SQLi sinks	2022-12-23 17:03:31 +01:00

... 15 16 17 18 19 ...

49749 Commits