hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,643 Commits 1,672 Branches 157 Tags
alexet/avoid-path-node-java
Commit Graph

4531 Commits

Author SHA1 Message Date
Tony Torralba
8b65937159 Move ConstantStringExpr to RangeUtils.qll 2023-04-26 12:11:08 +02:00
Tony Torralba
4c102ab99c Refactor to models-as-data 2023-04-26 10:13:15 +02:00
Tony Torralba
389e8c4fe8 Add review suggestions 2023-04-26 10:08:16 +02:00
Tony Torralba
d54c444606 Add change note 2023-04-26 10:07:49 +02:00
Jami
cff7f63193 Merge pull request #12838 from jcogs33/jcogs33/add-class-for-callables-interesting-for-modeling 
Java: add class that represents callables that are interesting for MaD models
 2023-04-25 09:28:56 -04:00
Tony Torralba
89ee2b9ace Merge pull request #12911 from atorralba/atorralba/java/filecopyutils-file-sinks 
Java: Fix FileCopyUtils.copy models
 2023-04-25 12:06:13 +02:00
Anders Schack-Mulligen
934a455908 Apply suggestions from code review 
Update qldoc.
 2023-04-25 09:35:26 +02:00
Tony Torralba
e3d93c3581 Fix FileCopyUtils models 2023-04-24 15:07:19 +02:00
Jami Cogswell
85542638d7 Java: refactor CaptureModelsSpecific; resolve conflict for isInTestFile 2023-04-20 16:23:12 -04:00
Jami Cogswell
94f11029ee Java: refactor ExternalApi 2023-04-20 16:19:15 -04:00
Jami Cogswell
2ca8103a7e Java: remove isImplicitlyPublic predicate since not needed for this use-case 2023-04-20 16:19:15 -04:00
Jami Cogswell
5dbd11a584 Java: move veryPublic predicate 2023-04-20 16:19:15 -04:00
Jami Cogswell
9828ad0fc3 Java: add draft of class to represent callables we are interested in modeling 2023-04-20 16:19:15 -04:00
Jami Cogswell
2e76e12316 Java: add class and predicates to approximate an effectively public method 2023-04-20 16:19:15 -04:00
Michael Nebel
656d8d2451 Sync files. 2023-04-20 11:29:51 +02:00
Tony Torralba
62f5a5dcd5 Merge pull request #10707 from atorralba/atorralba/log-injection-sanitizers 
Java: Add line break sanitizers to java/log-injection
 2023-04-19 08:20:04 +02:00
Alex Ford
924ce250dd Merge pull request #12847 from github/post-release-prep/codeql-cli-2.13.0 
Post-release preparation for codeql-cli-2.13.0
 2023-04-18 14:40:40 +01:00
Tony Torralba
ba49386e6c Merge pull request #12806 from GeekMasher/main 
Java: Add missing write-file models for Java IO / NIO
 2023-04-18 11:15:53 +02:00
Jami
a149c41baf Merge pull request #12155 from jcogs33/jcogs33/add-heuristic-ssrf-models 
Java: add ssrf models discovered with heuristics
 2023-04-17 15:45:48 -04:00
Jami Cogswell
25786f61be Java: minorAnalysis in change note 2023-04-17 13:48:04 -04:00
github-actions[bot]
648f0e19ec Post-release preparation for codeql-cli-2.13.0 2023-04-17 15:39:24 +00:00
Mathew Payne
44c1b48f94 Merge branch 'main' into main 2023-04-17 12:40:23 +01:00
Mathew Payne
c77cdcf4c3 Removed the OutputStream models 2023-04-17 11:38:28 +00:00
Tony Torralba
f5702f5c69 Address review comment 
Handle more regex cases that cover line breaks
 2023-04-17 09:33:44 +02:00
Tony Torralba
e167d3ce00 Add line break sanitizers 2023-04-17 09:33:44 +02:00
Edward Minnix III
38826c98f1 Merge pull request #12751 from egregius313/egregius313/dataflow-refactor-cleanup 
Java: Finish dataflow refactor
 2023-04-14 10:35:11 -04:00
Jeroen Ketema
0c7346707b Fix minor issues with change notes 2023-04-14 15:37:04 +02:00
github-actions[bot]
075d063370 Release preparation for version 2.13.0 2023-04-14 13:31:30 +00:00
Tony Torralba
f106783c39 SensitiveResultReceiverFlow needs to be public 2023-04-14 09:04:56 +02:00
Ed Minnix
7b56383b52 Make SensitiveResultReceiver modules private 2023-04-13 23:08:46 -04:00
Ed Minnix
0a26916245 Re-Add SensitiveResultReceiverConf as deprecated 2023-04-13 23:06:16 -04:00
Edward Minnix III
77b67cbf2e Fix typo 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2023-04-13 23:06:16 -04:00
Ed Minnix
0fc775027f Fix SensitiveResultReceiver test case 2023-04-13 23:06:16 -04:00
Ed Minnix
3826b9be6c Re-add allowImplicitRead 2023-04-13 23:06:16 -04:00
Ed Minnix
74b71ff7e3 Replace allowImplicitRead with default implementation 2023-04-13 23:06:16 -04:00
Ed Minnix
ea54ea47b1 Deprecate sensitiveResultReceiver 2023-04-13 23:06:16 -04:00
Ed Minnix
cd661f1d9f Refactor SensitiveResultReceiver 2023-04-13 23:06:16 -04:00
Ed Minnix
735a7383c6 Refactor HardcodedCredentialsSourceCall 2023-04-13 23:06:16 -04:00
Alex Eyers-Taylor
c6a482819a Bump all qlpacks major versions 2023-04-13 19:15:27 +01:00
Jami Cogswell
108b7a38aa Java: update provenance to hq-manual 2023-04-13 10:24:24 -04:00
Jami Cogswell
4f9c51a02b Java: update provenance to hq-manual now that 12595 is merged 2023-04-13 10:11:31 -04:00
Jami Cogswell
523feabaa2 Java: switch Netty setUri method from summary to sink; resolve conflicts 2023-04-13 09:16:18 -04:00
Jami Cogswell
6890434d63 Java: add change note 2023-04-13 09:15:02 -04:00
Jami Cogswell
d85bcacf84 Java: update some models, undo temp edits; resolve conflicts 2023-04-13 09:14:52 -04:00
Jami Cogswell
540b8391dc Java: add more tests 2023-04-13 09:12:55 -04:00
Jami Cogswell
99320857af Java: change model to summary and update comments 2023-04-13 09:12:55 -04:00
Jami Cogswell
8a6ff95035 Java: remove neutral which will be added in a different PR 2023-04-13 09:12:54 -04:00
Jami Cogswell
4daaf783e1 Java: remove cache ones for now 2023-04-13 09:12:54 -04:00
Jami Cogswell
cd7b79f62b Java: add tests for org.apache.hc.client5.http.fluent 2023-04-13 09:12:54 -04:00
Jami Cogswell
a9595647c4 Java: fix typo 2023-04-13 09:12:54 -04:00