5825 Commits

Author	SHA1	Message	Date
Dave Bartolomeo	485fc04029	Initial merge from main	2024-09-15 08:55:31 -04:00
Rasmus Wriedt Larsen	8c10155eb7	mass rename to ActiveThreatModelSource	2024-09-12 10:16:55 +02:00
Michael Nebel	9149a17d79	Java: Only keep the best generated model in terms of taint/value.	2024-09-10 15:23:38 +02:00
Michael Nebel	d2c98c86dc	Java: Improve content based model generation.	2024-09-10 15:23:20 +02:00
github-actions[bot]	97edff3f70	Post-release preparation for codeql-cli-2.18.4	2024-09-09 18:45:46 +00:00
github-actions[bot]	91537cdf9a	Release preparation for version 2.18.4	2024-09-09 16:08:48 +00:00
Michael Nebel	a5b462292f	Merge pull request #17330 from michaelnebel/java/modelgenfieldbased ... Java/C#: Field based model generator (Experimental).	2024-09-06 11:11:46 +02:00
Michael Nebel	e1048cf8ea	Java/C#: Address review comments.	2024-09-05 19:23:05 +02:00
erik-krogh	846882d22c	delete imports to a deleted file	2024-09-03 20:31:00 +02:00
Michael Nebel	5ddcb16cd6	Java: Add content based model generation test.	2024-09-03 12:58:01 +02:00
Michael Nebel	6365e5edff	Java: Initial implementation of content based model generation.	2024-09-03 09:45:11 +02:00
Henry Mercer	3490067316	Merge branch 'main' into henrymercer/rc-3.15-mergeback	2024-08-29 19:48:01 +01:00
Michael Nebel	e81fdc951a	Merge pull request #17246 from michaelnebel/modelgendebug ... C#/Java: Add some model generator summary debugging queries.	2024-08-26 16:13:03 +02:00
Michael Nebel	34d83a6b0d	C#/Java: Address review comments.	2024-08-26 15:02:27 +02:00
Tom Hvitved	d41d7c8246	Merge pull request #17207 from hvitved/csharp/content-set ... C#: Implement `ContentSet`	2024-08-22 10:55:11 +02:00
github-actions[bot]	0724fd7ce2	Post-release preparation for codeql-cli-2.18.3	2024-08-21 18:25:54 +00:00
github-actions[bot]	17cd9624fb	Release preparation for version 2.18.3	2024-08-21 17:13:52 +00:00
Chris Smowton	15989ce213	Merge pull request #14089 from am0o0/amammad-java-JWT ... Java: JWT decoding without verification	2024-08-21 14:14:08 +01:00
Michael Nebel	fd311d5143	Java: Add some summary debugging queries.	2024-08-20 16:28:15 +02:00
am0o0	f4764378c9	update tests to contain the new source, delete query with local sources	2024-08-16 16:15:46 +02:00
Anders Schack-Mulligen	3a9610795b	Merge pull request #16808 from JLLeitschuh/patch-8 ... Align Java CommandInjectionRuntimeExec.ql Severity	2024-08-16 15:14:48 +02:00
Tom Hvitved	d638b5c7d4	Sync shared file	2024-08-13 15:27:38 +02:00
Alexander Eyers-Taylor	ffd811a55d	Merge pull request #17182 from github/post-release-prep/codeql-cli-2.18.2 ... Post-release preparation for codeql-cli-2.18.2	2024-08-08 16:28:03 +01:00
github-actions[bot]	cc6d87c276	Post-release preparation for codeql-cli-2.18.2	2024-08-08 12:56:21 +00:00
github-actions[bot]	019da8c287	Release preparation for version 2.18.2	2024-08-07 14:02:38 +00:00
Tamas Vajk	0263cc1609	Improve code quality	2024-08-07 15:27:14 +02:00
Alexander Eyers-Taylor	46577b585e	Revert "Release preparation for version 2.18.2"	2024-08-07 14:24:37 +01:00
github-actions[bot]	c14ba0e4bd	Release preparation for version 2.18.2	2024-08-06 12:46:15 +00:00
Andrew Eisenberg	6a49647a28	Merge pull request #17132 from github/aeisenberg-patch-1 ... Update CHANGELOG.md	2024-08-02 07:55:06 -07:00
Anders Schack-Mulligen	4d023f14a6	Merge pull request #17075 from RobbingDaHood/17052-second-try-do-not-expose-error-message ... Java: 17052 Second try: do not expose error message	2024-08-02 12:44:27 +02:00
Andrew Eisenberg	c8994003c1	Update CHANGELOG.md ... Drive-by fix of a typo.	2024-08-01 16:16:17 -07:00
Owen Mansel-Chan	6280ed2a6b	Merge pull request #13555 from am0o0/amammad-java-bombs ... Java: Decompression Bombs	2024-07-31 14:55:28 +01:00
Owen Mansel-Chan	8901b1fd14	Merge pull request #17100 from owen-mc/java/sensitive-log/ignore-tokenizer ... Java: whitelist variable names containing "tokenizer" for `java/sensitive-log`	2024-07-31 12:16:03 +01:00
am0o0	d560c1ea0f	fix formatting	2024-07-31 11:08:06 +02:00
am0o0	9110df6e80	Merge branch 'amammad-java-JWT' of https://github.com/am0o0/codeql into amammad-java-JWT	2024-07-31 11:04:24 +02:00
am0o0	c6814fcf47	merge duplicate module into a module file	2024-07-31 11:04:03 +02:00
am0o0	701e3d7e53	add same query but with local source support to comply with the CVE-2021-37580	2024-07-31 10:58:22 +02:00
am0o0	40eef25133	use more specefic Classes instead of Call	2024-07-30 18:07:03 +02:00
Owen Mansel-Chan	1cb5f35c56	Add change note	2024-07-30 16:29:38 +01:00
Owen Mansel-Chan	cd0af0fc57	Ignore types with methods which have annotations ... The motivation is test classes in JUnit 4 and 5 are currently FPs for this. They have methods with `@Test`, so this should fix the FPs.	2024-07-30 16:29:35 +01:00
Owen Mansel-Chan	44b6309e07	Add change note	2024-07-30 15:44:00 +01:00
Chris Smowton	8f52b2cd95	Fix link	2024-07-30 12:23:38 +01:00
Chris Smowton	a781522ca0	Copyedit documentation	2024-07-30 12:19:16 +01:00
am0o0	4dc1a10f71	update tests for zip4j, add aditional flow steps for zip4j, remove BombTypeInputStream class since we don't need it anymore, add a predicate which was for testing porpose and was junk	2024-07-29 18:10:04 +02:00
RobbingDaHood	1cb58922a2	Minor changes to formulations for java/error-message-exposure ... Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2024-07-29 16:48:15 +02:00
am0o0	c8749ff82e	Merge branch 'amammad-java-bombs' of https://github.com/am0o0/codeql into amammad-java-bombs	2024-07-28 12:15:23 +02:00
am0o0	0593eaad52	we don't need ConstructorCall for ZipFile anymore since we have a more accurate sink for this	2024-07-28 12:12:07 +02:00
am0o0	cc752113af	we don't need TypeInputStreamConstructorArgumentSink anymore	2024-07-28 12:09:52 +02:00
am0o0	7689db7d42	change apache commons sink	2024-07-28 12:09:33 +02:00
Am	96c142bf0a	Merge branch 'main' into amammad-java-JWT	2024-07-28 13:03:23 +03:30