hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-11 12:41:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
51,797 Commits 1,688 Branches 160 Tags
codeql-cli/v2.12.5
Commit Graph

51797 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jami
5e694b5983 Merge pull request #11192 from jcogs33/jcogs33/share-key-sizes 
Share encryption key sizes between Java and Python
 2022-12-07 08:08:24 -05:00
Paolo Tranquilli
ef348453fe Swift: accept new, correct test result on TypeTuple::getNumberOfTypes 2022-12-07 13:46:51 +01:00
Paolo Tranquilli
194c99c513 Swift: fix getNumberOf predicate 2022-12-07 13:46:51 +01:00
Paolo Tranquilli
23626f2c69 Swift: add TupleType test 2022-12-07 13:46:51 +01:00
Paolo Tranquilli
9b89ded908 Swift: accept test changes 2022-12-07 13:46:51 +01:00
Paolo Tranquilli
d39f37540e Swift: add has and getNumberOf properties to generated tests 2022-12-07 13:46:51 +01:00
Michael Nebel
2d9975d73f C#: nint/System.IntPtr and nuint/System.UIntPtr are indistinguishable by the extractor. 2022-12-07 13:45:23 +01:00
Jeroen Ketema
01d8ad98f6 C++: Model secure_getenv and _wgetenv as local flow sources 2022-12-07 13:37:12 +01:00
erik-krogh
ee8e0188a6 remove redundant call, the charpred ensures it always holds 2022-12-07 13:23:18 +01:00
erik-krogh
360a99f026 delete getKernelMethod and don't special-case the methodName on super-calls in the Kernel model 2022-12-07 13:14:48 +01:00
Chris Smowton
c526020fd4 Note TODO re: re-enabling suspend function Java interop testing 2022-12-07 11:51:48 +00:00
Chris Smowton
ecbb96ffc1 Remove no-longer-needed diagnostic expectations 2022-12-07 11:50:41 +00:00
Jeroen Ketema
2c08b95430 Merge pull request #11434 from jketema/deprecate-default-taint-tracking 
C++: Deprecate `DefaultTaintTracking` and `TaintTrackingImpl`
 2022-12-07 12:41:04 +01:00
Tony Torralba
cabce5fb36 Merge pull request #11549 from mbaluda/mbaluda/insecure-cookie 
Java: Support interprocedural setting of cookie security
 2022-12-07 12:14:46 +01:00
Tony Torralba
321a2f5a73 Merge pull request #11550 from atorralba/atorralba/kotlin/adapt-path-sanitizer 
Kotlin: Adapt PathSanitizer
 2022-12-07 12:08:00 +01:00
Anders Schack-Mulligen
f17f19c821 Java: Switch to qualified imports. 2022-12-07 11:41:32 +01:00
Asger F
fcdb2fa03f JS: Remove MaD models from .qll files 2022-12-07 11:35:13 +01:00
Asger F
d8e566a50e Add data-extension files 2022-12-07 11:35:13 +01:00
Asger F
5af1b367c7 Support data extensions 2022-12-07 11:35:05 +01:00
Owen Mansel-Chan
2ed8d5d798 Merge pull request #11288 from pwntester/new_sudo_like_argument 
Golang: add `rsync` as a program capable of arbitrary shell command execution
 2022-12-07 10:20:49 +00:00
Tony Torralba
6dcc0cc188 Further simplification 2022-12-07 10:50:23 +01:00
Alvaro Muñoz
af015d3d30 restoring previous casts to avoid super type ambiguity 2022-12-07 10:39:58 +01:00
Tony Torralba
ccd465d669 Update java/ql/lib/semmle/code/java/security/PathSanitizer.qll 2022-12-07 10:38:33 +01:00
Alvaro Muñoz
407df37a74 Add feedback from Code review 2022-12-07 10:36:44 +01:00
Tony Torralba
2f622ad72c Refactor by introducing helper predicates 2022-12-07 10:31:54 +01:00
Alvaro Muñoz
3e92b4c596 Apply suggestions from code review 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2022-12-07 10:29:29 +01:00
erik-krogh
52c0afa03f change getMethodName to getKernelMethod in other files 2022-12-07 10:27:35 +01:00
Tony Torralba
85b2642a5e Extraction discrepancy fixed in kotlinc 1.7.21 2022-12-07 09:57:31 +01:00
Tom Hvitved
51f11f19cc Merge pull request #11576 from ethanwilloner/main 
csharp: URI should be Uri in Owin.qll library.
 2022-12-07 09:34:51 +01:00
Alvaro Muñoz
49eedde58a Merge branch 'main' into new_sudo_like_argument 2022-12-07 09:31:17 +01:00
Asger F
afe7872838 Merge pull request #11565 from asgerf/js/rephined-variable-in-access-path 
JS: handle rephined variable in access path
 2022-12-07 09:26:38 +01:00
Michael Nebel
c1c0432c00 Merge pull request #11144 from michaelnebel/csharp/qualifiedname 
C#: Deprecate hasQualifiedName/1 and prepare for deprecating getQualifiedName/0.
 2022-12-07 09:16:38 +01:00
Ed Minnix
b6a59f0885 Java: Add support and tests for implicitly exported activity aliases 2022-12-06 23:11:48 -05:00
Ed Minnix
1472335c2e Abbreviated change note in changelog entry for activity-alias 2022-12-06 23:11:48 -05:00
Ed Minnix
2255b0d96a Modify getAndroidComponentXmlElement to handle activity-alias 
Since aliases have both the `name` and `targetActivity` attributes, we
should check all identifying attributes in order to add
`<activity-alias>` elements as dataflow sources.
 2022-12-06 23:11:48 -05:00
Ed Minnix
4620db0fe9 Activity alias: formatting changes suggested by Actions 2022-12-06 23:11:48 -05:00
Ed Minnix
ec6c421f91 Added change notes for AndroidManifest.qll 2022-12-06 23:11:48 -05:00
Ed Minnix
f4dbd41036 Test files for Activity Alias 2022-12-06 23:11:48 -05:00
Ed Minnix
4df926e148 Add method for finding aliases to AndroidActivityXmlElement 2022-12-06 23:11:48 -05:00
Ed Minnix
b4f08f8b91 Add support for Android Manifest <activity-alias> element 2022-12-06 23:11:48 -05:00
Ed Minnix
4c270fca91 Add generalized identifier resolution for AndroidManifest 
Since more than one attribute can hold an identifier, refactor
identifier resolution into a separate method.
 2022-12-06 23:11:47 -05:00
Ed Minnix
cf3e5a0abe Add class for XML Attributes meant to hold an identifier in AndroidManifest 
Some Android component attributes hold an identifier (e.g.
`android:name` and `android:targetActivity` for `<activity-alias>`).
 2022-12-06 23:11:47 -05:00
Jami Cogswell
b82f9b1911 Java: add draft of generated vs manual MaD metrics query 2022-12-06 22:15:19 -05:00
Tiferet Gazit
1a9dd48a88 Merge pull request #11551 from github/tiferet/endpoint-characteristics-test 
ATM: Test for contradictory endpoint characteristics
 2022-12-06 18:36:41 -08:00
retanoj
8ee418405b consider blankspace / comma /dot field 2022-12-07 10:06:39 +08:00
tiferet
cf29cde2e8 Apply suggestions from code review 2022-12-06 18:05:04 -08:00
Chris Smowton
522a549d61 Improve debug logging when the external decl extractor handles an IrFile 2022-12-06 20:39:14 +00:00
Chris Smowton
d2e7797485 Rename to writeStubTrapFile 2022-12-06 20:39:03 +00:00
Ed Minnix
1c81f8d8d5 Apply suggestion from docs review 2022-12-06 15:32:54 -05:00
Chris Smowton
00f323c8bd Fix: extract directly exposed fields with static modifier 2022-12-06 20:32:10 +00:00