4531 Commits

Author	SHA1	Message	Date
Tony Torralba	6e20bd04e9	Merge pull request #13539 from atorralba/atorralba/java/url-to-string-model ... Java: Add URL.toString summary	2023-06-27 14:05:47 +02:00
Tony Torralba	3c3b53001f	Merge pull request #13550 from jorgectf/jorgectf/lang2-models ... Java: Add models for `org.apache.commons.lang`	2023-06-27 11:20:59 +02:00
Tony Torralba	55280e523a	Update java/ql/lib/semmle/code/java/security/UnsafeDeserializationQuery.qll	2023-06-26 11:14:31 +02:00
jorgectf	2dc4f23dbb	Add models for org.apache.commons.lang	2023-06-23 19:34:21 +02:00
Jorge	7d0b880bf7	Merge branch 'main' into jorgectf/deserialization-lookahead	2023-06-23 18:24:39 +02:00
jorgectf	b6e4ba6f9d	Add SerialKiller model	2023-06-23 18:19:43 +02:00
Tony Torralba	d07e2862f9	Java: Add URL.toString summary ... This adds coverage for CVE-2023-35149.	2023-06-22 17:39:30 +02:00
Henry Mercer	5afdaf8fe1	Merge pull request #13525 from github/rc/3.10 ... Merge `rc/3.10` back to `main`	2023-06-21 17:13:36 +01:00
Ian Lynagh	18a5c48c79	Merge pull request #13508 from igfoo/igfoo/rc_kot ... Kotlin: Backport some Kotlin 1.9 fixes to the rc/3.10 branch	2023-06-21 15:26:41 +01:00
Jami	622cd05b77	Merge branch 'main' into java/update-mad-decls-after-triage-2023-06-08T08-51-47	2023-06-20 21:58:15 -04:00
Jami	5259a6ecfc	Merge pull request #13324 from jcogs33/jcogs33/shared-sink-kind-validation ... Shared: share MaD kind validation across languages	2023-06-20 11:56:12 -04:00
Owen Mansel-Chan	d7c97f8759	Merge pull request #13455 from owen-mc/dataflow/add-flowCheckNodeSpecific ... Dataflow: add language-specific hook for breaking up big step relation	2023-06-20 13:24:26 +01:00
github-actions[bot]	18b678e69e	Post-release preparation for codeql-cli-2.13.4	2023-06-20 10:20:05 +00:00
Ian Lynagh	0076d8aac1	Java: Add up/downgrade scripts	2023-06-20 10:59:13 +01:00
Ian Lynagh	81142f51fb	Kotlin: Handle IrSyntheticBodyKind.ENUM_ENTRIES ... Generated by Kotlin 1.9 for some of our tests.	2023-06-20 10:59:04 +01:00
Jeroen Ketema	9c774ac97f	Merge pull request #13426 from jketema/inline-3 ... Update inline flow tests to use parameterized module	2023-06-19 17:39:29 +02:00
Tony Torralba	c62689022e	Merge pull request #13256 from atorralba/atorralba/java/stapler-models ... Java: Model the Stapler framework	2023-06-19 15:27:19 +02:00
Tony Torralba	00fe8adc09	Fix name clash	2023-06-19 15:04:33 +02:00
Ian Lynagh	ca5bc6f224	Java: Add up/downgrade scripts	2023-06-19 10:36:29 +01:00
Ian Lynagh	1f538cced3	Kotlin: Handle IrSyntheticBodyKind.ENUM_ENTRIES ... Generated by Kotlin 1.9 for some of our tests.	2023-06-19 10:36:29 +01:00
Tony Torralba	1b39faaded	QLDoc correction	2023-06-15 16:20:39 +02:00
Tony Torralba	7cbc13db40	Update java/ql/lib/change-notes/2023-06-08-new-models.md	2023-06-15 15:14:12 +02:00
Tony Torralba	dcd180f3f6	Remove model	2023-06-15 12:00:46 +02:00
Tony Torralba	af240ff533	Apply suggestions from code review	2023-06-15 11:58:53 +02:00
Owen Mansel-Chan	3ff6d033d3	Rename to neverSkipInPathGraph	2023-06-14 15:29:54 +01:00
Tony Torralba	37a62d3021	Merge pull request #13227 from atorralba/atorralba/java/jenkins-generated-models ... Java: Add autogenerated models for frameworks related to Jenkins	2023-06-14 15:59:28 +02:00
Owen Mansel-Chan	5f72ce0935	Add stub implementations of flowCheckNodeSpecific	2023-06-14 14:46:35 +01:00
Owen Mansel-Chan	e0f7437d40	Sync dataflow library	2023-06-14 14:29:56 +01:00
Tony Torralba	7c4cdbf0d6	Remove badly generated models	2023-06-14 14:20:16 +02:00
Jami	35591113c2	Merge branch 'main' into jcogs33/shared-sink-kind-validation	2023-06-14 08:06:34 -04:00
Michael Nebel	afec9b05e9	Merge pull request #13147 from michaelnebel/csharp/entityframeworkrefactor ... C#: Use synthetic global in the EntityFramework code instead of jump steps.	2023-06-14 13:47:56 +02:00
Tony Torralba	5e3d9d8136	Java: Model the Stapler framework	2023-06-14 12:34:52 +02:00
Tony Torralba	182513a981	Merge pull request #13235 from atorralba/atorralba/java/hudson-models ... Java: Add Hudson models	2023-06-14 12:33:18 +02:00
Taus	e5b17af9b5	Java: Fix bad tool output	2023-06-14 12:16:44 +02:00
Tony Torralba	8bafc22add	Replace open-url sink kinds with request-forgery	2023-06-14 09:59:59 +02:00
Tony Torralba	73d2ab7d66	Add change note	2023-06-14 09:58:30 +02:00
Tony Torralba	686c35e210	Add autogenerated models	2023-06-14 09:58:30 +02:00
Taus	b860b21ced	Update MaD Declarations after Triage	2023-06-13 16:50:58 +02:00
Anders Schack-Mulligen	2d616d494e	C#/Ruby: Add fields as per review comments.	2023-06-13 11:26:30 +02:00
Tony Torralba	ffe67689ec	Merge branch 'main' into atorralba/java/command-injection-mad-sinks	2023-06-13 09:27:33 +02:00
Tony Torralba	29d4b6fadc	Re-add public classes that shouldn't be removed yet	2023-06-13 09:24:27 +02:00
Tony Torralba	2fd2c434f2	Apply suggestions from code review ... Co-authored-by: Jami <57204504+jcogs33@users.noreply.github.com>	2023-06-13 09:24:15 +02:00
Jami Cogswell	9abe3e3da4	Shared: use a module as input to 'KindValidation'	2023-06-09 14:35:37 -04:00
Anders Schack-Mulligen	97b2bdaa9f	Java: Fix types of summary parameter nodes.	2023-06-09 15:39:28 +02:00
Anders Schack-Mulligen	254d60c826	Dataflow: Refactor FlowSummaryImpl to synthesize nodes independently from DataFlow::Node.	2023-06-09 15:27:17 +02:00
Anders Schack-Mulligen	59636c43ca	Dataflow: Rename two private predicates.	2023-06-09 15:27:17 +02:00
Stephan Brandauer	1ae2fee309	Java: Update java/ql/lib/ext/okhttp3.model.yml ... Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>	2023-06-09 13:48:16 +02:00
Stephan Brandauer	44785b72ce	Java: Update java/ql/lib/ext/okhttp3.model.yml ... Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>	2023-06-09 13:46:09 +02:00
Anders Schack-Mulligen	1b7bbf6320	Merge pull request #13083 from aschackmull/dataflow/typestrengthen ... Dataflow: Strengthen tracked types.	2023-06-09 13:23:30 +02:00
Anders Schack-Mulligen	44b09507ab	Merge pull request #13408 from aschackmull/java/loginjection-perf ... Java: Add more negation context to reduce string ops and improve perf.	2023-06-09 08:44:27 +02:00