hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
74,247 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.1
Commit Graph

12735 Commits

Author SHA1 Message Date
Ian Lynagh
ac001c37bd Merge pull request #15561 from igfoo/igfoo/kt2-tests 
Kotlin 2: Accept more test changes
 2024-02-13 14:02:45 +00:00
Max Schaefer
104a8d980c Automodel: Make description of some negative characteristics more explicit. 2024-02-13 08:18:13 +00:00
Asger F
faefa056eb Merge pull request #15507 from asgerf/shared/outbarrier-bugfix 
Shared: fix a bug in stateful outbarriers
 2024-02-12 21:44:49 +01:00
Tony Torralba
b6385f7938 Merge pull request #15533 from JLLeitschuh/patch-5 
Reduce severity of `java/relative-path-command`
 2024-02-12 15:04:05 +01:00
Joe Farebrother
3a4a841844 Add change note + update severity 2024-02-12 14:01:27 +00:00
Joe Farebrother
16a7d68780 Add documentation 2024-02-12 13:58:01 +00:00
Joe Farebrother
2eb93b7a3b Add unit tests 2024-02-12 13:49:45 +00:00
Joe Farebrother
d8985f9f5b Move tests for local auth to a folder 2024-02-12 13:49:45 +00:00
Joe Farebrother
c79a3eb6ae Add query for insecure key generation 2024-02-12 13:49:44 +00:00
Joe Farebrother
75a2b9415c Merge pull request #15481 from joefarebrother/android-local-auth 
Java: Add query for insecure local authentication
 2024-02-12 13:48:53 +00:00
Tony Torralba
db2eb202ee Merge pull request #15565 from atorralba/atorralba/java/open-redirect-sanitizer 
Java: Add extension point and default sanitizer to Open Redirect query
 2024-02-12 14:42:52 +01:00
Ian Lynagh
931b27f76c Merge pull request #15573 from igfoo/igfoo/k2-more 
Kotlin 2: Accept loc changes in library-tests/parameter-defaults/defaults.expected
 2024-02-12 13:29:19 +00:00
Ian Lynagh
a7eac1100b Merge pull request #15569 from igfoo/igfoo/kt2-accept 
Kotlin 2: Accept more location changes
 2024-02-12 13:29:10 +00:00
Joe Farebrother
d3fea4044e Apply suggestions from documentation review 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2024-02-12 10:27:56 +00:00
Tony Torralba
cf7091ae5f Merge branch 'main' into atorralba/java/open-redirect-sanitizer 2024-02-12 10:31:52 +01:00
Tony Torralba
e6623ebe4c Add change note 2024-02-12 10:10:42 +01:00
github-actions[bot]
3cba1764e2 Add changed framework coverage reports 2024-02-12 00:16:45 +00:00
Joe Farebrother
16aed18821 Address reviews - Elaborate on docs and update severity 2024-02-09 13:53:36 +00:00
Ian Lynagh
ab758d5f1e Kotlin 2: Accept loc changes in library-tests/parameter-defaults/defaults.expected 2024-02-09 13:53:05 +00:00
Tom Hvitved
1ea7717714 Capture flow: Take overwrites in nested scopes into account 2024-02-09 14:49:23 +01:00
Anders Schack-Mulligen
8fc4fae7d2 Java: Cache interpretElement. 2024-02-09 14:43:36 +01:00
Ian Lynagh
0547c877c2 Kotlin 2: Accept some location changes in library-tests/methods/exprs.expected 2024-02-09 13:34:56 +00:00
Ian Lynagh
be4413ffc8 Kotlin 2: Accept changes in library-tests/methods/parameters.expected 
These mostly make things consistent with Kotlin 1.
 2024-02-09 13:19:26 +00:00
Ian Lynagh
b836260b9a Kotlin 2: Accept some test changes 
I'm not sure these are an improvement, but they bring Kotlin 2 back in
line with Kotlin 1.
 2024-02-09 13:15:02 +00:00
Anders Schack-Mulligen
566351a49a Merge pull request #15549 from aschackmull/dataflow/empty-provenance 
Dataflow: Add empty provenance column to PathGraph.
 2024-02-09 12:58:09 +01:00
Ian Lynagh
1b91695934 Kotlin 2: Accept some location changes in library-tests/methods 2024-02-09 11:57:23 +00:00
Max Schaefer
93990ec9df Merge pull request #15486 from github/java/update-mad-decls-after-triage-2024-01-31T11-16-45 
Java: Update MaD Declarations after Triage
 2024-02-09 11:18:17 +00:00
Anders Schack-Mulligen
0eaf117f37 Kotlin: Add empty provenance column to expected files. 2024-02-09 11:32:08 +01:00
Anders Schack-Mulligen
e9e445b2ba Java: Add empty provenance column to expected files. 2024-02-09 11:32:00 +01:00
Anders Schack-Mulligen
b7d4a6926f Dataflow: Add empty provenance column to PathGraph. 2024-02-09 11:27:30 +01:00
Joe Farebrother
f4b6a85a48 Fix typo in qldoc 2024-02-09 10:09:24 +00:00
Tony Torralba
4c0d535cc2 Merge pull request #12886 from atorralba/atorralba/java/path-injection-mad-sinks 
Java: Refactor path injection sinks
 2024-02-09 10:48:49 +01:00
Max Schaefer
fb109672b3 Address more review feedback. 2024-02-09 09:21:30 +00:00
Tony Torralba
34f74869c8 Java: Add extension point and default sanitizer to Open Redirect query 2024-02-09 09:11:07 +01:00
Ian Lynagh
2852f09a1a Kotlin: Accept test changes in library-tests/java-kotlin-collection-type-generic-methods 
I'm not sure exactly what's going on here in general, but I've made a
ticket to remind us to come back and look at this whole area.
 2024-02-08 17:44:38 +00:00
Ian Lynagh
f50dab3d93 Kotlin 2: Accept loc changes in library-tests/interface-delegate 2024-02-08 14:45:47 +00:00
Dave Bartolomeo
92bd550c55 Merge pull request #15531 from github/post-release-prep/codeql-cli-2.16.2 
Post-release preparation for codeql-cli-2.16.2
 2024-02-08 05:58:17 -08:00
Max Schaefer
48105db5b0 Fix isNeutral predicates. 2024-02-08 13:22:53 +00:00
Max Schaefer
4b9443eb15 Properly recognise existing models involving subtypes. 
If an existing source/sink model specifies `subtypes=True` we should apply it to endpoints on overriding methods.
 2024-02-08 13:22:53 +00:00
Max Schaefer
a9c0fed4f5 Add test showing spurious sink candidate from method overriding a method for which we have a model. 2024-02-08 13:22:53 +00:00
Max Schaefer
02547d3839 Improve representation of implicit varargs arrays to more reliably filter out known flow steps. 2024-02-08 13:22:52 +00:00
Ian Lynagh
e0a5efef0a Merge pull request #15544 from igfoo/igfoo/k2tests 
Kotlin 2: Some test fixes
 2024-02-08 12:57:58 +00:00
Ian Lynagh
ef8e6c8805 Kotlin 2: Accept loc changes in library-tests/exprs/funcExprs.expected 2024-02-07 16:40:40 +00:00
Ian Lynagh
8a93133b81 Kotlin 2: Accept loc changes in library-tests/exprs/unaryOp.expected 2024-02-07 16:21:49 +00:00
Ian Lynagh
c314cc8b68 Kotlin 2: Accept some location changes in library-tests/exprs/binop.expected 2024-02-07 15:56:10 +00:00
Ian Lynagh
c731251e61 Kotlin 2: Remove an unused diagnostic matcher in library-tests/dataflow/func 2024-02-07 15:32:04 +00:00
Ian Lynagh
3d1f9a79fb Kotlin 2: Accept location changes in test-kotlin2/library-tests/data-classes 2024-02-07 15:17:40 +00:00
Ian Lynagh
1c6108028b Kotlin 2: Accept some location changes for arrays 2024-02-07 15:12:17 +00:00
Max Schaefer
082754a3d8 Remove problematic Kotlin model. 2024-02-07 13:21:59 +00:00
Jonathan Leitschuh
1484a169d7 Reduce severity of java/relative-path-command 
Significantly reduces the severity of `java/relative-path-command` from 9.8 to 5.4

https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
 2024-02-06 15:43:19 -05:00