codeql

mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00

Author	SHA1	Message	Date
Chris Smowton	e3559d8f93	Adjust test expectations	2024-07-28 10:27:11 +02:00
Chris Smowton	142d7ae005	Make test compatible with Servlet 2.5; use old Servlet stubs	2024-07-28 10:26:58 +02:00
Jami	0ba5a74f6a	Merge pull request #17074 from jcogs33/jcogs33/java/fix-regex-use-comments Java: fix comments about use of sink kind `regex-use`	2024-07-26 08:57:39 -04:00
Jami	ff9093f2de	Merge branch 'main' into jcogs33/java/add-apache-ant-path-inj-sinks	2024-07-26 08:54:27 -04:00
Arthur Baars	b34b589005	Merge branch 'main' into aibaars/proxy-tests	2024-07-26 09:24:54 +02:00
Owen Mansel-Chan	c051d33cc7	Merge branch 'main' into dataflow/provenance-postprocess-qltest	2024-07-26 08:04:05 +01:00
RobbingDaHood	feb31d2006	Merge branch 'main' into 17052-second-try-do-not-expose-error-message	2024-07-25 18:13:49 +02:00
Daniel Winther Petersen	1c1ba7734f	Now alerts about exposing `exception.getMessage()` in servlet responses are split out of `java/stack-trace-exposure` into its own alert `java/error-message-exposure` because this is a better fit.	2024-07-25 18:12:45 +02:00
Jami	91f5f086fb	Merge pull request #17025 from jcogs33/jcogs33/java/adjust-url-syntheticfield Java: add TaintInheritingContent for URL synthetic fields	2024-07-25 12:11:39 -04:00
Arthur Baars	9d6260b334	Copy os.environment Prevents cryptic "OSError: [WinError 10106] The requested service provider could not be loaded or initialized" error from Python subprocess call	2024-07-25 17:59:11 +02:00
Jami Cogswell	eea3e82cca	Java: fix 'regex-use' comments	2024-07-25 10:39:03 -04:00
Anders Schack-Mulligen	c693f03462	Merge pull request #17070 from aschackmull/dataflow/pptype-refactor Dataflow: Replace `ppReprType` with `DataFlowType.toString`.	2024-07-25 14:30:08 +02:00
Ian Lynagh	225d2915e5	Java/Kotlin: Add changenote for dropping SOURCE_ARCHIVE/TRAP_FOLDER	2024-07-25 12:48:55 +01:00
Ian Lynagh	e4b9335ce0	Kotlin: Remove support for deprecated SOURCE_ARCHIVE and TRAP_FOLDER	2024-07-25 12:46:13 +01:00
Anders Schack-Mulligen	7a48fe1102	Dataflow: Replace ppReprType with DataFlowType.toString.	2024-07-25 13:08:47 +02:00
Arthur Baars	8e7e7c0188	Update exepected output	2024-07-25 10:50:18 +02:00
Arthur Baars	9478139390	Java: buildless: proxy test with gradle	2024-07-25 08:34:11 +02:00
Arthur Baars	5a1adc51c1	Java: buildless: proxy test with maven	2024-07-25 08:32:48 +02:00
Arthur Baars	a35be08d18	Java: buildess proxy tests: add mitm_proxy.py A mock implementation of an https man-in-the-middle proxy	2024-07-25 08:32:02 +02:00
Owen Mansel-Chan	5a39610ba7	Merge pull request #17053 from owen-mc/java/fix/regex-use-sink-kind Java: Add comments about use of sink kind `regex-use`	2024-07-24 21:08:52 +01:00
Jami Cogswell	5854e88f63	Java: add change note	2024-07-24 16:00:38 -04:00
Owen Mansel-Chan	3edeb82d5b	Add comment by models using `regex-use` sink kind	2024-07-23 21:40:45 +01:00
Owen Mansel-Chan	89f958105a	Mention `regex-use` sink kind in QLDoc for `regexSinkKindInfo`	2024-07-23 21:38:30 +01:00
Owen Mansel-Chan	4c8da54b64	Merge pull request #17036 from chmodxxx/sbaddou/fix Java: Move SensitiveLoggerConfig source to extensible format	2024-07-23 14:55:26 +01:00
Chuan-kai Lin	67dac96e80	Merge pull request #17041 from github/post-release-prep/codeql-cli-2.18.1 Post-release preparation for codeql-cli-2.18.1	2024-07-23 06:48:30 -07:00
Anders Schack-Mulligen	86c63dbedf	Dataflow: Fix bug causing spurious flow for FeatureHasSinkCallContext.	2024-07-23 14:59:24 +02:00
Anders Schack-Mulligen	f598a0b607	Dataflow: Add test highlighting bug.	2024-07-23 14:34:33 +02:00
Salah Baddou	4f80ae2190	Merge branch 'main' into sbaddou/fix	2024-07-23 12:03:13 +01:00
Salah Baddou	092de640fe	add change-notes	2024-07-23 11:04:56 +01:00
Owen Mansel-Chan	ff8bb2b1f8	Merge pull request #16760 from owen-mc/java/reverse-dns-separate-threat-model-kind Java: make a separate threat model kind for reverse DNS sources	2024-07-23 10:08:52 +01:00
Anders Schack-Mulligen	b5b9c4d931	Update java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll Java: Make class private	2024-07-23 10:07:51 +02:00
Anders Schack-Mulligen	bb86a07a93	Update java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll fix typo	2024-07-23 10:03:07 +02:00
Anders Schack-Mulligen	5912a17ab4	Update java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll Autoformat	2024-07-23 10:01:49 +02:00
github-actions[bot]	49cc8f8ff8	Post-release preparation for codeql-cli-2.18.1	2024-07-22 22:00:48 +00:00
Chuan-kai Lin	a5fe3f4d9c	Minor changelog improvements	2024-07-22 14:34:56 -07:00
github-actions[bot]	368bcb684a	Release preparation for version 2.18.1	2024-07-22 21:30:50 +00:00
Chuan-kai Lin	23320b6e5e	Revert "Release preparation for version 2.18.1"	2024-07-22 13:22:49 -07:00
Chuan-kai Lin	cda4339056	Minor changelog improvements	2024-07-22 09:42:31 -07:00
Salah Baddou	2ad70cbee2	Move SensitiveLoggerConfig source to extensible format	2024-07-22 17:34:00 +01:00
github-actions[bot]	55935fc123	Release preparation for version 2.18.1	2024-07-22 14:56:15 +00:00
Jami Cogswell	4790656b79	Java: add TaintInheritingContent for URL synthetic fields	2024-07-20 23:03:32 -04:00
Owen Mansel-Chan	2a5144d9d9	Improve tests for reverse DNS sources	2024-07-20 21:40:02 +01:00
Jami Cogswell	d6d2a213e7	Java: add change note	2024-07-19 18:19:37 -04:00
Jami Cogswell	f3e5b55cc4	Java: add path injection sinks for Property.setFile and Property.setResource	2024-07-19 18:04:17 -04:00
Michael Nebel	2796597d1a	Code quality improvements.	2024-07-19 09:36:17 +02:00
Ed Minnix	ad4bca9975	Fix provenance in tests	2024-07-18 18:18:24 -04:00
Ed Minnix	0990a370c7	Convert QL classes for Lastaflute to MaD	2024-07-18 17:41:06 -04:00
Ed Minnix	9713551448	Missing QLDoc	2024-07-18 17:41:05 -04:00
Ed Minnix	4fa45bb81c	Change note	2024-07-18 17:41:03 -04:00
Ed Minnix	62944ee473	Add tests for lastaflute framework	2024-07-18 17:41:02 -04:00

... 8 9 10 11 12 ...

12735 Commits