Alex Eyers-Taylor
eb31b1c0d3
Jave: Use force local to make parsing local after global regex finding.
2025-08-21 19:49:48 +01:00
Alex Eyers-Taylor
979df35109
QL: make a fastTC overlay_caller.
2025-08-21 19:49:47 +01:00
Jonas Jensen
8616943794
DataFlow:Run overlay-informed if not diff-informed
...
To ensure good performance, always run data flow overlay-informed unless
the configuration has opted in to being diff-informed. This change
affects only databases with an overlay and therefore has no immediate
production consequences.
2025-08-21 19:49:47 +01:00
Alex Eyers-Taylor
ee2de0170c
SSA global annotation
2025-07-25 12:17:17 +01:00
Ian Lynagh
09dd708086
Merge pull request #20031 from igfoo/igfoo/kotlin-tests-2.2.0
...
Kotlin: Run the tests with 2.2.0
2025-07-22 22:20:40 +01:00
Ian Lynagh
cd3143f106
Kotlin: Disable the custom plugin test for now
2025-07-22 17:38:14 +01:00
Ian Lynagh
9a03f2eb26
Kotlin: Accept test changes in 2.2.0
2025-07-22 17:38:14 +01:00
Ian Lynagh
65bd1aff83
Kotlin: Update default version to 2.2.0
...
Changes the default version from 2.1.20 to 2.2.0 in the wrapper.py file.
2025-07-22 17:38:14 +01:00
github-actions[bot]
37cc78255a
Post-release preparation for codeql-cli-2.22.2
2025-07-22 14:22:20 +00:00
Nick Rolfe
43d14c28c2
Tweak changenotes
2025-07-22 15:06:09 +01:00
github-actions[bot]
997547b8ef
Release preparation for version 2.22.2
2025-07-22 14:04:14 +00:00
Nick Rolfe
825c813095
Revert "Release preparation for version 2.22.2"
2025-07-22 14:33:45 +01:00
Nick Rolfe
74cd982aca
Tweak changenotes
2025-07-22 09:51:52 +01:00
github-actions[bot]
c8632b70b7
Release preparation for version 2.22.2
2025-07-21 16:45:45 +00:00
Nick Rolfe
ad9b637bec
Revert "Merge pull request #19994 from github/post-release-prep/codeql-cli-2.22.2"
...
This reverts commit e5b4a15e3533e63109bb
2025-07-21 15:18:59 +01:00
Owen Mansel-Chan
472a6b5fe1
Merge pull request #20018 from owen-mc/java/snakeyaml-safe-unsafe-deserialization
...
Java: Update qhelp: SnakeYaml is safe from version 2.0
2025-07-21 12:22:36 +01:00
Anders Schack-Mulligen
d5cdfc673e
Merge pull request #20092 from aschackmull/java/joinorder2
...
Java: Improve more join-orders
2025-07-21 11:27:14 +02:00
Nora Dimitrijević
fbee6bbe21
Merge pull request #20077 from d10c/d10c/diff-informed-phase-3-java
...
Java: Diff-informed queries: phase 3 (non-trivial locations)
2025-07-21 11:23:12 +02:00
Anders Schack-Mulligen
937e3dc469
Merge pull request #20091 from aschackmull/java/fix-cfg-cp-assert
...
Java: Fix accidental CP in CFG for asserts.
2025-07-21 09:07:19 +02:00
Anders Schack-Mulligen
46ebf503c7
Java: Improve join-order by controlling magic and breaking up TCs.
2025-07-18 16:13:11 +02:00
Anders Schack-Mulligen
ca8fe033d7
Java: Improve join by preventing ssa use-pair join.
2025-07-18 16:12:00 +02:00
Anders Schack-Mulligen
d64a9368d2
Merge pull request #20088 from aschackmull/java/joinorders1
...
Java: Improve several join-orders
2025-07-18 14:54:26 +02:00
Anders Schack-Mulligen
bc2e7d4e0d
Java: Fix accidental CP in CFG for asserts.
2025-07-18 13:53:15 +02:00
Anders Schack-Mulligen
f6975117fe
Merge pull request #20083 from aschackmull/java/prune-csrf-unprotected-request-type
...
Java: Prune PathGraph for CsrfUnprotectedRequestType.ql
2025-07-18 13:25:00 +02:00
Anders Schack-Mulligen
d9f47bdec9
Java: Improve join-order by properly annotating haveIntersection.
2025-07-18 11:48:50 +02:00
Anders Schack-Mulligen
7883124abd
Java: getSourceDeclaration() and getASourceSupertype*() commute and this yields much better join-order.
2025-07-18 11:47:14 +02:00
Anders Schack-Mulligen
12732525b5
Java: Allow 2-column join on delta to improve join-order.
2025-07-18 11:45:45 +02:00
github-actions[bot]
2f84a4a5b5
Add changed framework coverage reports
2025-07-18 00:25:03 +00:00
Nora Dimitrijević
05df1d3cb9
[DIFF-INFORMED] Java: AndroidWebViewSettingsAllowsContentAccess
2025-07-17 19:02:15 +02:00
Nora Dimitrijević
24c28ed873
[DIFF-INFORMED] Java: UnsafeCertTrust
...
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-273/UnsafeCertTrust.ql#L21
2025-07-17 19:02:13 +02:00
Nora Dimitrijević
ea4af8323c
[DIFF-INFORMED] Java: TrustBoundaryViolation
...
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-501/TrustBoundaryViolation.ql#L18
2025-07-17 19:02:09 +02:00
Nora Dimitrijević
7888dcbce2
[DIFF-INFORMED] Java: TempDirLocalInformationDisclosure
...
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql#L56
2025-07-17 19:02:07 +02:00
Nora Dimitrijević
3785dbec9e
[DIFF-INFORMED] Java: TaintedEnvironmentVariable
...
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-078/ExecTaintedEnvironment.ql#L22
2025-07-17 19:02:05 +02:00
Nora Dimitrijević
b3b139bb02
[DIFF-INFORMED] Java: SqlConcatenated
...
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-089/SqlConcatenated.ql#L27
2025-07-17 19:02:04 +02:00
Nora Dimitrijević
45b627df1d
[DIFF-INFORMED] Java: SensitiveLogging
...
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-532/SensitiveInfoLog.ql#L20
2025-07-17 19:02:02 +02:00
Nora Dimitrijević
bc0b383595
[DIFF-INFORMED] Java: MaybeBrokenCryptoAlgorithm
...
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql#L25
2025-07-17 19:02:00 +02:00
Nora Dimitrijević
b688df9dec
[DIFF-INFORMED] Java: LogInjection
...
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-117/LogInjection.ql#L20
2025-07-17 19:01:58 +02:00
Nora Dimitrijević
2d734056b1
[DIFF-INFORMED] Java: InsecureLdapAuth
...
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-522/InsecureLdapAuth.ql#L21
2025-07-17 19:01:56 +02:00
Nora Dimitrijević
74b37e71a0
[DIFF-INFORMED] Java: InsecureCookie
...
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql#L21
2025-07-17 19:01:52 +02:00
Nora Dimitrijević
19e5c3d805
[DIFF-INFORMED] Java: ImproperValidationOfArray…
...
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndexCodeSpecified.ql#L48
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstructionCodeSpecified.ql#L28
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstruction.ql#L26
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndex.ql#L24
2025-07-17 19:01:50 +02:00
Nora Dimitrijević
1c6ecf1216
[DIFF-INFORMED] Java: UntrustedDataToExternalAPI
...
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-020/UntrustedDataToExternalAPI.ql#L20
2025-07-17 18:59:15 +02:00
Nora Dimitrijević
0cf1195678
[DIFF-INFORMED] Java: ConditionalBypass
...
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-807/ConditionalBypass.ql#L26
2025-07-17 18:59:14 +02:00
Nora Dimitrijević
0bcdb421ed
[DIFF-INFORMED] Java: ArithmeticUncontrolled
...
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql#L36
2025-07-17 18:59:11 +02:00
Nora Dimitrijević
54546f6e99
[DIFF-INFORMED] Java: ArithmeticTainted
...
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql#L35
2025-07-17 18:59:09 +02:00
Nora Dimitrijević
8353fdd041
[DIFF-INFORMED] Java: (Android)SensitiveCommunication
...
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-927/SensitiveCommunication.ql#L20
2025-07-17 18:59:06 +02:00
Nora Dimitrijević
b33058c967
[TEST] Java: SensitiveCommunication: convert to qlref
2025-07-17 18:59:05 +02:00
Nora Dimitrijević
44bb5e7220
[TEST] Java: ConditionalBypass: convert to qlref
2025-07-17 18:59:03 +02:00
Nora Dimitrijević
6134518d60
[TEST] Java: SensitiveLogInfo: convert to qlref
2025-07-17 18:59:01 +02:00
Nora Dimitrijević
94386f0550
[TEST] Java: TrustBoundaryViolations: convert test to qlref
2025-07-17 18:58:59 +02:00
Nora Dimitrijević
49e03b4dfd
[TEST] Java: UnsafeCertTrust: convert test to qlref
2025-07-17 18:58:56 +02:00
