hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
74,247 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.1
Commit Graph

12735 Commits

Author SHA1 Message Date
Chris Smowton
80cb908289 Amend message 2024-06-27 09:57:35 +01:00
Chris Smowton
567ba9f9c3 Change note 2024-06-27 09:57:30 +01:00
Chris Smowton
df860d4128 autoformat 2024-06-27 09:57:25 +01:00
Chris Smowton
16a90aa180 autoformat 2024-06-27 09:57:19 +01:00
Chris Smowton
6292cacd74 Add link to build modes docs 2024-06-27 09:57:13 +01:00
Chris Smowton
d43762cae3 Apply suggestions from code review 
Co-authored-by: Sarita Iyer <66540150+saritai@users.noreply.github.com>
Co-authored-by: Chad Bentz <1760475+felickz@users.noreply.github.com>
 2024-06-27 09:57:07 +01:00
Chris Smowton
f397ab2d72 Java: add diagnostic query indicating low database quality 2024-06-27 09:57:02 +01:00
Jami
901245ae3d Merge branch 'main' into jcogs33/unsafe-url-forward-promotion-resource-and-file-methods 2024-06-26 21:57:07 -04:00
Chris Smowton
f2cbf08d15 Adjust test expectations 2024-06-26 17:37:48 +01:00
Paolo Tranquilli
a52a412c24 Kotlin: exclude KotlinExtractorDbScheme.kt generated by hand 2024-06-26 09:05:09 +02:00
Ian Lynagh
f9ae44ca5c Merge pull request #16736 from igfoo/igfoo/debugLoC 
Java/Kotlin: Tag the LoC queries 'debug'
 2024-06-25 22:57:36 +01:00
Ian Lynagh
c12adbeeaa Java/Kotlin: Tag the LoC queries 'debug' 
This brings them into line with LinesOfCode.ql
 2024-06-25 15:46:10 +01:00
Michael Nebel
8dc95ce9b0 Merge pull request #16722 from michaelnebel/csharp/modelgensourcesink 
C#/Java: Respect manual neutrals, sources and sinks in model generation.
 2024-06-25 15:55:06 +02:00
Arthur Baars
046a5f0881 Merge branch 'rc/3.14' into post-release-prep/codeql-cli-2.17.6 2024-06-25 11:43:38 +02:00
Chris Smowton
5608e0141c Adjust and tolerate variability in test expectations 2024-06-25 09:02:58 +01:00
github-actions[bot]
fd385736e6 Post-release preparation for codeql-cli-2.17.6 2024-06-25 06:39:45 +00:00
Owen Mansel-Chan
9e25279cb8 Change category in change note to "majorAnalysis" 2024-06-24 21:23:51 +01:00
Owen Mansel-Chan
162245fb9a Fix unrelated test using reverse DNS as source 2024-06-24 21:23:50 +01:00
Owen Mansel-Chan
059ef42f41 Add change note 2024-06-24 21:23:49 +01:00
Owen Mansel-Chan
878867205e Fix taintsources test 2024-06-24 21:23:47 +01:00
Owen Mansel-Chan
91db2b6c9c Make new threat model kind "reverse-dns" 2024-06-24 21:23:46 +01:00
Chris Smowton
351b908f62 Adjust and tolerate variability in test expectations 2024-06-24 16:38:18 +01:00
github-actions[bot]
e32a587078 Release preparation for version 2.17.6 2024-06-24 14:33:10 +00:00
Anders Schack-Mulligen
8c23e21073 Dataflow: Cache compatibleTypes. 2024-06-24 13:35:48 +02:00
Michael Nebel
24685a07c0 Java: Update model generator test expected output. 2024-06-24 13:07:42 +02:00
Michael Nebel
c687dcb094 Java: Sync files and make language specific implementation. 2024-06-24 13:07:39 +02:00
Michael Nebel
30249e4f2b Java: Add some spurious source and sink examples. 2024-06-24 13:07:34 +02:00
Michael Nebel
9cd16fd9d6 Java: Base the model printing on the shared implementation. 2024-06-24 11:52:50 +02:00
Michael Nebel
94d12edfdb Merge pull request #16759 from michaelnebel/modelgen/sourcesinkmodelgen 
C#/Java: Introduce source and sink model generation sanitisers.
 2024-06-24 11:47:11 +02:00
Jonathan Leitschuh
472cca9221 Align Java CommandInjectionRuntimeExec.ql Severity 
Align severity with other command injection vulnerabilities:

- 4a448f445e/cpp/ql/src/Security/CWE/CWE-078/ExecTainted.ql (L8)
- 4a448f445e/go/ql/src/Security/CWE-078/CommandInjection.ql (L7)
- 4a448f445e/swift/ql/src/queries/Security/CWE-078/CommandInjection.ql (L7)
- 4a448f445e/javascript/ql/src/Security/CWE-078/CommandInjection.ql (L7)
 2024-06-21 10:29:27 -04:00
Michael Nebel
aa962f9b03 Java: Update expected output of model generation. 2024-06-19 14:10:59 +02:00
Michael Nebel
1185e28ea2 Java: Add some spurious source and sink model generation examples. 2024-06-19 14:10:56 +02:00
Michael Nebel
ed3f1e40db Java: Sync changes and make dummy language specific implementation. 2024-06-19 14:10:54 +02:00
Paolo Tranquilli
919ddccfdb C++/Java: Accept new warning format in ql tests 2024-06-19 09:13:18 +02:00
Michael Nebel
cd9d58fdc8 Merge pull request #16772 from michaelnebel/java/taintedpermissionthreatmodel 
Java: Opt-in `java/tainted-permissions-check` to threat models.
 2024-06-18 10:54:28 +02:00
Michael Nebel
5686efd25c Update java/ql/src/change-notes/2024-06-17-tainted-permissions-check.md 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2024-06-17 16:47:22 +02:00
Michael Nebel
197cdab43d Merge pull request #16752 from michaelnebel/shared/sourcesinkcallables 
C#/Java: Add some (shared) helper classes for Neutrals, Sources and Sink
 2024-06-17 14:58:27 +02:00
Anders Schack-Mulligen
96b6ddefe0 Merge pull request #16751 from aschackmull/java/sndlevelscope-fix 
Java: Calculate 2nd level scopes for implicit instance accesses.
 2024-06-17 13:10:46 +02:00
Michael Nebel
833b4f90bf Java: Make source and sink callable adapters. 2024-06-17 12:53:08 +02:00
Anders Schack-Mulligen
b8b95fd81d Java: Add change note. 2024-06-17 11:46:54 +02:00
Michael Nebel
c3862660e4 Java: Add change note. 2024-06-17 11:07:29 +02:00
Michael Nebel
327dab69d0 Java: Opt-in the tainted permissions check query to threat models. 2024-06-17 11:02:08 +02:00
Owen Mansel-Chan
b0afba49a2 Merge pull request #16761 from owen-mc/java/reverse-dns-get-loopback-address 
Java: Exclude loopback address from reverse DNS source
 2024-06-14 22:39:55 +01:00
Owen Mansel-Chan
9aa0c9f1f3 Fix test expectations 2024-06-14 15:55:30 +01:00
Ian Lynagh
079717bbc0 Merge pull request #16694 from igfoo/igfoo/PopulationSpecFile 
Kotlin: Remove unused PopulationSpecFile
 2024-06-14 15:06:39 +01:00
Owen Mansel-Chan
6cfd9458b0 Add change note 2024-06-14 14:05:25 +01:00
Owen Mansel-Chan
7a13c31021 Exclude loopback address from reverse DNS source 2024-06-14 14:05:01 +01:00
Owen Mansel-Chan
5973f3fadc Add test for reverse DNS from loopback address 2024-06-14 14:04:47 +01:00
Owen Mansel-Chan
098b732937 Fix formatting of inline expectation test comment 2024-06-14 14:04:42 +01:00
Paolo Tranquilli
e2a47e7c18 Merge pull request #16720 from github/redsun82/kotlin 
Kotlin: cleanup after internal changes
 2024-06-14 13:28:22 +02:00