codeql

mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00

Author	SHA1	Message	Date
Tony Torralba	2c41c5b0e2	Make inputStreamWrapper consider supertypes transitively	2023-05-09 17:27:16 +02:00
Kasper Svendsen	0de6e4138f	Merge pull request #13037 from kaspersv/kaspersv/java-enable-implicit-this-warnings Java: Enable implicit this receiver warnings	2023-05-09 10:24:31 +02:00
Anders Schack-Mulligen	e996eaefb1	Merge pull request #13036 from aschackmull/java/typeprefix-perf Java: Minor perf fix for typePrefixContainsAux1.	2023-05-09 08:57:56 +02:00
Michael Nebel	f2f9944a1c	Merge pull request #12931 from michaelnebel/neutralkinds Java/C#: Introduce kind for neutrals.	2023-05-09 08:42:38 +02:00
Kasper Svendsen	b0714904c0	Java: Enable implicit this receiver warnings	2023-05-09 08:25:40 +02:00
Edward Minnix III	05b1bd881e	Merge pull request #12852 from egregius313/egregius313/java/webgoat/model-jwsheader Java: Model `io.jsonwebtoken.SigningKeyResolverAdapter` and `io.jsonwebtoken.JwsHeader`	2023-05-08 10:57:34 -04:00
Michael Nebel	baee4cedfd	Apply suggestions from code review Co-authored-by: Jami <57204504+jcogs33@users.noreply.github.com>	2023-05-08 16:19:00 +02:00
Michael Nebel	efa2bd8614	Apply suggestions from code review Co-authored-by: Jami <57204504+jcogs33@users.noreply.github.com>	2023-05-08 16:19:00 +02:00
Michael Nebel	7858da66e3	C#/Java: Add change note.	2023-05-08 16:18:59 +02:00
Michael Nebel	bd23814e7c	Java: Update existing neutrals to include kind information.	2023-05-08 16:18:59 +02:00
Michael Nebel	bcbda9046f	Java: Extend neutrals with a kind column and introduce validation.	2023-05-08 16:18:59 +02:00
Chuan-kai Lin	4960305022	Merge pull request #13025 from cklin/java-location-tostring-bindingset Java: Add pragma[only_bind_out] to Top::toString() calls	2023-05-08 06:27:42 -07:00
Mathias Vorreiter Pedersen	09ba9a74ce	Merge pull request #12959 from MathiasVP/identity-consistency-check DataFlow: Add an "identity-step" consistency check	2023-05-05 10:03:20 +01:00
Edward Minnix III	2d5b35067e	Merge pull request #12721 from egregius313/egregius313/java/move-configurations-to-libraries Java: Move more dataflow configurations to `*Query.qll` files	2023-05-04 20:14:22 -04:00
Ed Minnix	0c604b1c34	Remove generated model	2023-05-04 16:56:14 -04:00
Ed Minnix	7a295b554b	Remove Map rows	2023-05-04 16:52:40 -04:00
Edward Minnix III	a34a51737f	Add SyntheticFields for JwsHeader Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>	2023-05-04 16:52:40 -04:00
Ed Minnix	62cbcdb30c	Add change note	2023-05-04 16:52:40 -04:00
Ed Minnix	a4f4ff15ce	Change method resolveSigningKey from class to interface The resolveSigningKey method of SigningKeyResolverAdapter is an implementation of that defined in SigningKeyResolver. So this changes the type from the class to the interface it implements	2023-05-04 16:52:40 -04:00
Ed Minnix	a38466b0f3	Erase generics in generated model	2023-05-04 16:52:40 -04:00
Ed Minnix	26cdf24bf0	Added MaD models for io.jsonwebtoken	2023-05-04 16:52:39 -04:00
Jami	3c74c8bbe0	Merge pull request #13019 from jcogs33/jcogs33/url-open-stream-updates Java: switch `url-open-stream` sink models to `experimentalSinkModel`	2023-05-04 15:07:44 -04:00
Chuan-kai Lin	d968cee2c4	Java: Add pragma[only_bind_out] to Top::toString() calls	2023-05-04 11:46:35 -07:00
Jami	4e31c46b0c	Merge pull request #13024 from jcogs33/jcogs33/remove-hardcoded-jwt-key-summaries Java: remove `hardcoded-jwt-key` experimental summary models	2023-05-04 11:18:18 -04:00
Ed Minnix	5f3c8fef3f	Privacy markers and fixed imports	2023-05-04 10:25:17 -04:00
Ed Minnix	3100e98513	Add missing change notes and update date	2023-05-04 10:25:17 -04:00
Ed Minnix	74fc6382a6	Add improper validation of array size query libraries	2023-05-04 10:25:17 -04:00
Ed Minnix	c319ee4c0d	Add TempDirLocalInformationDisclosureQuery	2023-05-04 10:25:16 -04:00
Ed Minnix	b087cf9a0a	Add Arithmetic query libraries	2023-05-04 10:25:16 -04:00
Ed Minnix	b6361cdd3d	Move CWE-190/ArithmeticCommon.qll to semmle.code.java.security	2023-05-04 10:25:16 -04:00
Ed Minnix	77ee80fd81	Add missing change notes	2023-05-04 10:25:16 -04:00
Ed Minnix	24b00bac11	Add UnsafeHostnameVerificationQuery	2023-05-04 10:25:16 -04:00
Ed Minnix	f4a6f555b4	Add NumericCastTaintedQuery	2023-05-04 10:25:13 -04:00
Ed Minnix	e65a54b85f	Add BrokenCryptoAlgorithmQuery	2023-05-04 10:19:12 -04:00
Ed Minnix	4b76564911	Add MaybeBrokenCryptoAlgorithmQuery	2023-05-04 10:15:00 -04:00
Ed Minnix	e4f47ece43	Add ResponseSplittingLocalQuery	2023-05-04 10:15:00 -04:00
Ed Minnix	91b3533035	Add SqlTaintedLocalQuery	2023-05-04 10:14:59 -04:00
Ed Minnix	a0f7575b34	Add StackTraceExposureQuery	2023-05-04 10:14:59 -04:00
Ed Minnix	aff299eafd	Add ExecTaintedLocal	2023-05-04 10:14:59 -04:00
Ed Minnix	b39d5088de	Add InsecureCookieQuery	2023-05-04 10:14:59 -04:00
Ed Minnix	be24b29e7a	Add UrlRedirectLocalQuery.qll	2023-05-04 10:14:59 -04:00
Ed Minnix	0249187282	Add ExternallyControlledFormatStringLocalQuery.qll	2023-05-04 10:14:59 -04:00
Ed Minnix	5834e4ac52	Add UrlRedirectQuery.qll	2023-05-04 10:14:59 -04:00
Ed Minnix	cc22a7d4b4	Add XssLocalQuery	2023-05-04 10:14:59 -04:00
Ed Minnix	c2b6a3f4e0	Add XPathInjectionQuery	2023-05-04 10:14:59 -04:00
Ed Minnix	c15ce27957	Add SqlConcatenatedQuery	2023-05-04 10:14:59 -04:00
Ed Minnix	1af6d5f7b3	Add TaintedPermissionsCheckQuery	2023-05-04 10:14:59 -04:00
Kasper Svendsen	4035b16ac1	Merge pull request #13008 from kaspersv/kaspersv/explicit-this-receivers-shared1 Java, C#: Make implicit this receivers explicit	2023-05-04 15:38:45 +02:00
Anders Schack-Mulligen	1185bfc90f	Merge pull request #12986 from aschackmull/java/mapvalue-precision Java: Force high precision for MapValueContent.	2023-05-04 14:52:41 +02:00
Anders Schack-Mulligen	3b004b06b0	Java: Minor perf fix for typePrefixContainsAux1.	2023-05-04 14:21:36 +02:00

... 36 37 38 39 40 ...

4531 Commits