hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 02:13:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
74,247 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.1
Commit Graph

12735 Commits

Author SHA1 Message Date
Jami Cogswell
c5a59d6c51 Java: add QLDoc 2024-03-13 16:28:44 -04:00
Jami Cogswell
7310c155e2 Java: rename SpringUrlForwardSink 2024-03-13 16:28:44 -04:00
Jami Cogswell
a002674587 Java: clean up comments on test cases 2024-03-13 16:28:44 -04:00
Jami Cogswell
a8075969d8 Java: add QLDocs to UrlPathBarrier code 2024-03-13 16:28:44 -04:00
Jami Cogswell
042dcf9cd9 Java: some updates to UrlPathBarrier code 2024-03-13 16:28:44 -04:00
Jami Cogswell
052452b186 Java: create UrlDecodeMethod 2024-03-13 16:28:44 -04:00
Jami Cogswell
d220b3a298 Java: some updates to test cases 2024-03-13 16:28:43 -04:00
Jami Cogswell
d9772c1880 Java: update change note 2024-03-13 16:28:43 -04:00
Jami Cogswell
43b49628fc Java: use new 'SimpleTypeSanitizer', and update some non-extending subtype relationships 2024-03-13 16:28:43 -04:00
Jami Cogswell
2708e53c7f Java: remove redundant imports 2024-03-13 16:28:43 -04:00
Jami Cogswell
f573032b2e Java: remove todo comments from ext files 2024-03-13 16:28:43 -04:00
Jami Cogswell
911a61df22 Java: initial update of barrier and test cases to remove FN 2024-03-13 16:28:42 -04:00
Jami Cogswell
c8ec301793 Java: add change note 2024-03-13 16:28:42 -04:00
Jami Cogswell
e75c96c0f9 Java: combine test cases; add test for StaplerResponse.forward 2024-03-13 16:28:41 -04:00
Jami Cogswell
5fa63ab5c2 Java: update/add some TODO comments 2024-03-13 16:28:41 -04:00
Jami Cogswell
c331393cfd Java: update qhelp 2024-03-13 16:28:41 -04:00
Jami Cogswell
09bc21dbd3 Java: rename 'UnsafeUrlForward' to 'UrlForward' 2024-03-13 16:28:41 -04:00
Jami Cogswell
6e7c05467b Java: update query metadata and alert message 2024-03-13 16:28:41 -04:00
Jami Cogswell
5a9d7552b3 Java: add some comments and minor code reorg 2024-03-13 16:28:41 -04:00
Jami Cogswell
1da1e896cb Java: convert SpringModelAndViewSink to MaD 2024-03-13 16:28:41 -04:00
Jami Cogswell
8d66097483 Java: switch StaplerResponse.forward from request-forgery sink to url-forward sink 2024-03-13 16:28:41 -04:00
Jami Cogswell
42e3825ea3 Java: convert RequestDispatcherSink to MaD 2024-03-13 16:28:40 -04:00
Jami Cogswell
4ff884e26c Java: remove more path-injection related classes (will maybe add some of these back in a separate PR) 2024-03-13 16:28:40 -04:00
Jami Cogswell
2a682995ae Java: move MaD models to correct files, delete ones that already exist 2024-03-13 16:28:40 -04:00
Jami Cogswell
915e106ab3 Java: remove path-injection related models and tests for now 2024-03-13 16:28:40 -04:00
Jami Cogswell
35a083ae9e Java: update test cases to use inline expectations 2024-03-13 16:28:40 -04:00
Jami Cogswell
2793f28428 Java: move config to Query.qll file 2024-03-13 16:28:40 -04:00
Jami Cogswell
0d38a9625e Java: copy files from experimental 2024-03-13 16:28:39 -04:00
Tony Torralba
039bea1625 Java: Add more neutral JDK models 
This is similar to https://github.com/github/codeql/pull/15766, in the sense that it adds neutral models to prevent the model generator from generating summaries for them. These models were spotted while evaluating https://github.com/github/codeql/pull/14919.
 2024-03-13 16:59:38 +01:00
Tom Hvitved
02ae2d1520 Java: Implement new data flow interface 2024-03-13 14:41:57 +01:00
Ian Lynagh
adefdfd59f Merge pull request #15889 from igfoo/igfoo/k2exprs 
Kotlin 2: Accept more changes in the exprs test
 2024-03-13 11:34:10 +00:00
erik-krogh
013ed7adb3 Java: update the url-redirection in the same style as the C# qhelp 2024-03-13 11:58:16 +01:00
github-actions[bot]
cff2cdb9e4 Add changed framework coverage reports 2024-03-13 00:15:53 +00:00
Edward Minnix III
d54489931c Merge pull request #15869 from egregius313/egregius313/java/fix/parcelfiledescriptor-open-sink 
Java: Add path-injection sink for `ParcelFileDescriptor::open`
 2024-03-12 16:39:20 -04:00
Erik Krogh Kristensen
863e3f79e5 Merge pull request #15731 from erik-krogh/java-url 
Java: More sanitizers for request-forgery
 2024-03-12 19:31:52 +01:00
Ian Lynagh
0e94aa0eb5 Kotlin 2: Accept more changes in the exprs test 2024-03-12 16:42:37 +00:00
erik-krogh
f613823047 add explicit QLDoc that any method named "contains" is matched 2024-03-12 15:25:27 +01:00
erik-krogh
35aae0a981 move changenote to src/ 2024-03-12 15:22:57 +01:00
Erik Krogh Kristensen
b53ae77c56 expand change-note 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2024-03-12 15:22:17 +01:00
erik-krogh
74876ff49b add change-note 2024-03-12 15:07:36 +01:00
erik-krogh
52f71e4553 small fixes based on review 2024-03-12 15:07:29 +01:00
Ian Lynagh
c2aa334465 Java: Accept test changes 2024-03-12 14:03:02 +00:00
Henry Mercer
c325ff8a23 Mark lines of code queries as telemetry queries 
The new file coverage metrics are available in all supported GHES
versions. This PR tags lines of code queries as telemetry queries. Lines
of code information will still be available in the SARIF file, but it
will no longer be displayed in the logging output of the CLI.

The one exception is the metric queries for Java/Kotlin that provides
separate lines of code information for Java and Kotlin. I've kept these
since separate file coverage information for languages like Java and
Kotlin is only available for GHES 3.12 and later.
 2024-03-11 16:40:31 +00:00
Ed Minnix
76aeee2820 Change note 2024-03-11 10:34:15 -04:00
Ed Minnix
61dbe26858 Add sinks for android.os.ParcelFileDescriptor 2024-03-11 10:31:51 -04:00
Tom Hvitved
da66281fef Sync files 2024-03-11 13:02:04 +01:00
Tom Hvitved
7a39f077d9 Data flow: Add ConfigSig::accessPathLimit 2024-03-11 13:01:58 +01:00
Ian Lynagh
a9bab18804 Merge pull request #15848 from igfoo/igfoo/deleg2 
Kotlin 2: Accept some more loc changes in exprs test
 2024-03-08 11:49:11 +00:00
Chris Smowton
2321eecb9e Add tests for multi-release jars under Java 11 and 17 2024-03-07 21:07:49 +00:00
Ian Lynagh
e74606eba3 Kotlin 2: Accept some more loc changes 2024-03-07 18:40:59 +00:00