Edward Minnix III
Edward Minnix III
Add a query for checking for an exported `` element in `AndroidManifest.xml` which has improperly configured permissions. Cf. [GHSL Research], [CVE-2021-41166] [GHSL Research]: https://securitylab.github.com/advisories/GHSL-2021-1007-Nextcloud_Android_app/#issue-2-permission-bypass-in-disklruimagecachefileprovider-ghsl-2021-1008 [CVE-2021-41166]: https://nvd.nist.gov/vuln/detail/CVE-2021-41166
Adds more models for the `environment` and `commandargs` local source kinds. This primarily focuses on the .NET standard library and the `Microsoft.Extensions.Configuration` library.
WIP, but adds source and summary models related to file (streams) in `System.IO`.
Adds information about threat modeling to the C# MaD docs.
The `AddLocalSource` classes were added in https://github.com/github/codeql/pull/15419 to make deprecating `LocalSource` classes easier. This removes them so that queries rely on `ThreatModelFlowSource`.
This is a follow-up to #15419. This removes the `Stored` variants of queries, as the results are now accessible by using the `local` threat model. The affected queries are: -...
Adds source models for the `stdin` threat model. These models are implemented in QL instead of MaD due to limitations in MaD: - MaD does not currently handle variable arguments...
This introduces documentation for the Models-as-Data library for Go.
### Pull Request checklist #### All query authors - [ ] A change note is added if necessary. See [the documentation](https://github.com/github/codeql/blob/main/docs/change-notes.md) in this repository. - [x] All new queries have...