Tony Torralba
Tony Torralba
Fixes a cartesian product in the `canThrow` predicate, where `callable` wasn't bound in one side of the disjunct.
Adds support for Annotation types in our Java stub generator. Due to default values for Annotation methods not being currently supported, the stubs generated may need manual correction if the...
Adds a query to detect uncontrolled data being used in `ContentProvider` methods that resolve URIs. Normally this is done to allow third party applications to provide URIs pointing to external...
Promotes `PathSanitizer.qll` from experimental and uses it in `java/tainted-path`, `java/tainted-path-local` and `java/zipslip`. The deprecation of `PathTraversalBarrierGuard` wasn't necessary since it was previously in experimental and thus it was not importable...
Promotes the query `go/uncontrolled-allocation-size` (previously [`go/denial-of-service`](https://github.com/github/codeql/pull/15130)) from experimental. Sinks and barriers have been reused from `AllocationSizeOverflow` due to their similarities. This adds coverage for CVE-2023-37279 and CVE-2023-2253.
Don't enable Android analysis when only an Android Manifest generated by Swagger Codegen is present.