hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,643 Commits 1,671 Branches 157 Tags
alexet/avoid-path-node-java
Commit Graph

3543 Commits

Author SHA1 Message Date
github-actions[bot]
71ab804274 Release preparation for version 2.16.6 2024-03-25 16:58:08 +00:00
Tamas Vajk
78912d5eea C#: Reword public mentions of C# buildless 2024-03-25 14:33:51 +01:00
Tamás Vajk
d6374f65e4 Merge pull request #15957 from tamasvajk/feature/limit-message-extraction 
C#: Limit extracted compilation and extraction messages
 2024-03-25 10:30:10 +01:00
Peter Stöckli
d62d68a40b C#: add hint regarding ECB to weak encryption QHelp 2024-03-22 12:08:30 +01:00
Tamas Vajk
205d6a3bc5 Extract total number of diagnostic per ID and compilation 2024-03-22 08:55:41 +01:00
Arthur Baars
c219b1a3c7 Merge pull request #16013 from github/rc/3.13 
Merge rc/3.13 into main
 2024-03-21 16:04:58 +01:00
Tamás Vajk
0aa7de295b Merge pull request #16004 from tamasvajk/feature/adjust-incorrect-compare-to 
C#: Simplify the output of `cs/wrong-compareto-signature` to remove e…
 2024-03-21 14:38:54 +01:00
Henry Mercer
4e3a6e2140 Merge pull request #15874 from github/henrymercer/mark-loc-as-telemetry 
Show lines of code data in debug mode only
 2024-03-21 12:20:09 +00:00
Tamas Vajk
9d655520cc Code quality improvement 2024-03-21 11:26:45 +01:00
Tamas Vajk
d0c09f43a9 Add change note 2024-03-21 11:13:42 +01:00
Tamas Vajk
9da8cb1165 C#: Simplify the output of cs/wrong-compareto-signature to remove entity locations 2024-03-21 10:27:55 +01:00
Henry Mercer
a76832f4e0 Mark LOC queries as debug instead 2024-03-20 21:18:55 +00:00
Dave Bartolomeo
311ba8ea1b Merge from main to resolve conflicts 2024-03-19 10:41:31 -04:00
Erik Krogh Kristensen
a3da6c886b Merge pull request #15895 from erik-krogh/url-java-qhelp 
Java: update the url-redirection in the same style as the C# qhelp
 2024-03-18 21:10:07 +01:00
github-actions[bot]
aebe9f6992 Post-release preparation for codeql-cli-2.16.5 2024-03-18 12:16:26 +00:00
github-actions[bot]
0a6243d07b Release preparation for version 2.16.5 2024-03-18 10:14:07 +00:00
Arthur Baars
a810165e35 Fix minor formatting issues in changenotes 2024-03-18 10:57:05 +01:00
erik-krogh
ef8368cfc4 fix typo 2024-03-13 22:37:13 +01:00
Michael Nebel
560b355e0c C#: Remove hard-coded local sources from the uncontrolled-format-string query. 2024-03-13 14:26:30 +01:00
Henry Mercer
c325ff8a23 Mark lines of code queries as telemetry queries 
The new file coverage metrics are available in all supported GHES
versions. This PR tags lines of code queries as telemetry queries. Lines
of code information will still be available in the SARIF file, but it
will no longer be displayed in the logging output of the CLI.

The one exception is the metric queries for Java/Kotlin that provides
separate lines of code information for Java and Kotlin. I've kept these
since separate file coverage information for languages like Java and
Kotlin is only available for GHES 3.12 and later.
 2024-03-11 16:40:31 +00:00
Tom Hvitved
7a39f077d9 Data flow: Add ConfigSig::accessPathLimit 2024-03-11 13:01:58 +01:00
Ed Minnix
8187b00562 Change note 2024-03-10 22:20:52 -04:00
Edward Minnix III
58f2777532 Merge pull request #15629 from egregius313/egregius313/csharp/dataflow/threat-modeling/remove-stored-query-variants 
C#: Remove `Stored` variants of queries
 2024-03-10 22:17:03 -04:00
Edward Minnix III
e7852f520f Merge pull request #15605 from egregius313/egregius313/csharp/dataflow/sources/commandargs-and-environment 
C#: Add more `environment` and `commandargs` sources for the C# Standard Library
 2024-03-08 14:10:09 -05:00
Michael Nebel
5b48bc4a3e C#: Delete the experimental IR queries. 2024-03-07 19:22:47 +01:00
Ed Minnix
ec6e17360d Replace Main-method parameters with ThreatModelFlowSource 2024-03-07 12:30:08 -05:00
Michael Nebel
73040bd30f C#: Use fully qualified name with types instead of label in IR queries. 2024-03-07 09:40:34 +01:00
Michael Nebel
58a1353ddc C#: Clean up implementation and remove CIL dataflow implementation. 2024-03-07 09:40:33 +01:00
github-actions[bot]
dc9092c9ec Post-release preparation for codeql-cli-2.16.4 2024-03-06 22:19:33 +00:00
github-actions[bot]
2f058ffb4d Release preparation for version 2.16.4 2024-03-06 20:56:51 +00:00
Angela P Wen
ce31f8641a Revert "Release preparation for version 2.16.4" 2024-03-06 12:07:33 -08:00
github-actions[bot]
661e68dab5 Release preparation for version 2.16.4 2024-03-05 18:13:58 +00:00
Angela P Wen
967963a653 Revert "Release preparation for version 2.16.4" 2024-03-05 08:53:33 -08:00
github-actions[bot]
a67218a027 Release preparation for version 2.16.4 2024-03-04 17:42:08 +00:00
Ed Minnix
4dc605354c Second-order SQL injection 2024-03-01 12:51:59 -05:00
Ed Minnix
1ba3efb111 Change note updates 2024-03-01 12:51:58 -05:00
Ed Minnix
c3671c7625 Fix change note 2024-03-01 12:51:55 -05:00
Ed Minnix
be3c1ed0be Change note 2024-03-01 12:51:53 -05:00
Ed Minnix
c95abd47ce Remove stored variants of queries 2024-03-01 12:51:51 -05:00
Ed Minnix
f488f23a48 Add LocalFlowSource back to UncontrolledFormatString 2024-02-29 12:06:59 -05:00
Edward Minnix III
89bdb7f437 Remove discussion of local flow in change note 
Co-authored-by: Michael Nebel <michaelnebel@github.com>
 2024-02-29 12:03:19 -05:00
Ed Minnix
3563c7ef03 Modify deprecated RemoteSource classes to extend DataFlow::Node directly. 
Since `ThreatModelFlowSource` contains `RemoteFlowSource` by default, we
can safely remove the `RemoteSource` from the default of the queries.
 2024-02-29 12:03:16 -05:00
Ed Minnix
5198f52351 Add references to changed queries in change note 2024-02-29 12:03:11 -05:00
Ed Minnix
22e8da2928 Update change note date 2024-02-29 12:03:09 -05:00
Ed Minnix
eb81946adc Change note changes to mention local sources as well 2024-02-29 12:03:08 -05:00
Ed Minnix
b4dabee770 Remove unnecessary flowsources.Remote imports 
Since `FlowSources` now re-exports `Remote`, these can be safely removed.
 2024-02-29 12:03:07 -05:00
Ed Minnix
434fa20646 Refactor to using ThreatModelFlowSource 2024-02-29 12:03:05 -05:00
Ed Minnix
b76795fd28 Refactor to using ThreatModelFlowSource 2024-02-29 12:03:03 -05:00
Ed Minnix
fd3738b10e Refactor to using SourceNode::getSourceType 2024-02-29 12:03:01 -05:00
Ed Minnix
75772664f2 Change note 2024-02-29 12:02:58 -05:00