hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
74,247 Commits 1,672 Branches 157 Tags
codeql-cli-2.20.1
Commit Graph

12735 Commits

Author SHA1 Message Date
Ed Minnix
fb875f5095 More variety of test cases 2023-12-11 11:18:39 -05:00
Ed Minnix
ba3c38c226 Restrict addCookie to specific interface 2023-12-11 11:18:38 -05:00
Ed Minnix
dc3e4cd928 Refactored method accesses to the RandomDataSource library 2023-12-11 11:18:38 -05:00
Ed Minnix
ce7690b53f Make imports private 2023-12-11 11:18:38 -05:00
Edward Minnix III
bc0655573f Simplifications 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2023-12-11 11:18:38 -05:00
Ed Minnix
14fdfa4428 Add new sink kind and change note 2023-12-11 11:18:38 -05:00
Ed Minnix
0313f39229 Cryptographic sinks 2023-12-11 11:18:38 -05:00
Ed Minnix
b713efb711 Add ThreadLocalRandom.current as another source 2023-12-11 11:18:38 -05:00
Ed Minnix
bf0123d6ae Add org.apache.commons.lang.RandomStringUtils as a source 2023-12-11 11:18:38 -05:00
Ed Minnix
1daa83bf46 Add test cases 2023-12-11 11:18:38 -05:00
Ed Minnix
e69ff7b601 Move to library and add docs 2023-12-11 11:18:38 -05:00
Ed Minnix
9f986ca527 Add Weak Randomness Query 2023-12-11 11:18:38 -05:00
Tom Hvitved
f9dbf676a6 Java: Use FlowSummaryImpl from dataflow pack 2023-12-10 11:25:45 +01:00
Ed Minnix
1526da5929 Deprecation change note 2023-12-08 10:50:04 -05:00
Ed Minnix
aebbc7d4ab Add private imports to prevent compile warnings 2023-12-08 10:42:11 -05:00
Ed Minnix
1b8f3f3450 Deprecate or remove imports of dataflow library copies 2023-12-08 10:42:10 -05:00
Anders Schack-Mulligen
0618568cdc Merge pull request #15045 from aschackmull/java/fix-cp 
Java: Fix accidental cartesian product.
 2023-12-08 15:43:01 +01:00
Ian Lynagh
eab32ea24b Kotlin 2: Accept changes in query-tests/UnderscoreIdentifier 2023-12-08 13:49:25 +00:00
Anders Schack-Mulligen
64eb4ff753 Merge pull request #14983 from aschackmull/dataflow/deprecate-old-api 
Data Flow: Deprecate old data flow api.
 2023-12-08 14:27:25 +01:00
Anders Schack-Mulligen
7ee3068fe7 Java: Fix accidental cartesian product. 2023-12-08 13:27:05 +01:00
github-actions[bot]
92af5f5386 Post-release preparation for codeql-cli-2.15.4 2023-12-06 22:59:22 +00:00
github-actions[bot]
c04457e9e7 Release preparation for version 2.15.4 2023-12-06 21:11:50 +00:00
Ian Lynagh
fc11a87882 Kotlin: Fix dataflow with Array.set wrappers 2023-12-06 12:19:46 +00:00
Ian Lynagh
7fc7b96ed7 Kotlin: Add a test for dataflow with an Array.set wrapper 2023-12-06 12:19:25 +00:00
Ian Lynagh
2c625e34b5 Merge pull request #15008 from igfoo/igfoo/kot-arr-taint 
Kotlin: Track taint through Array.get/set
 2023-12-05 18:30:21 +00:00
Ian Lynagh
8ea155ef24 Kotlin: Add changenote 2023-12-05 14:48:02 +00:00
Ian Lynagh
babf1d6648 Kotlin: Track Kotlin's Array.set when tracking taint 2023-12-05 14:42:45 +00:00
Ian Lynagh
124487c57c Kotlin: Add more taint tests 2023-12-05 14:42:45 +00:00
Ian Lynagh
821b4c727e Kotlin: Add Array.get(_) support to taint tracking 2023-12-05 14:41:32 +00:00
Ian Lynagh
9953794101 Kotlin: Add an extra test case for Kotlin array taint 2023-12-05 14:41:32 +00:00
Ian Lynagh
70ff59eee1 Merge pull request #14997 from igfoo/igfoo/locs 
Kotlin: Accept some location changes in test-kotlin2/library-tests/vararg
 2023-12-05 11:18:27 +00:00
github-actions[bot]
48c15035b9 Add changed framework coverage reports 2023-12-05 00:16:34 +00:00
Ian Lynagh
1aa1698f44 Kotlin: Accept some location changes in test-kotlin2/library-tests/vararg 2023-12-04 16:44:38 +00:00
Jami
651653998c Merge pull request #14913 from jcogs33/jcogs33/unsafe-url-forward_path-inj-related_cve-2019-3799 
Java: add Spring models
 2023-12-04 10:18:50 -05:00
Tony Torralba
649dc9d1d4 Merge pull request #14993 from github/shati-patel/fix-cwe-tags 
Update inconsistent CWE tags
 2023-12-04 14:30:32 +01:00
Chris Smowton
97266c252e Remove mention of TSP 2023-12-04 12:36:04 +00:00
Shati Patel
6284781a9b Update inconsistent CWE tags 
Most tags use the "external/cwe/cwe-xxx" format, except for these few queries. Updating them for consistency.
 2023-12-04 11:52:31 +00:00
Chris Smowton
6d5a493e2d Add change note 2023-12-04 11:48:51 +00:00
Anders Schack-Mulligen
67f0529cda Dataflow: Sync. 2023-12-04 12:36:57 +01:00
Anders Schack-Mulligen
fd920b8585 Java: Deprecate old data flow api. 2023-12-04 12:36:57 +01:00
Chris Smowton
ad713a7a93 Java: report any extracted file as successfully extracted 2023-12-01 22:35:00 +00:00
amammad
0d0dc5158c stash 2023-12-01 15:03:03 +01:00
Chris Smowton
aa8f798853 Move condition into isNonFallThroughPredecessor 2023-11-30 11:24:07 +00:00
Chris Smowton
94819e37c4 More StmtParent -> SwitchBlock 2023-11-30 11:24:07 +00:00
Chris Smowton
e93fe8d614 Update change note 2023-11-30 11:24:07 +00:00
Chris Smowton
53ca8e5fe9 autoformat 2023-11-30 11:24:07 +00:00
Chris Smowton
633b92da62 Introduce and use SwitchBlock instead of StmtParent for switch-statement-or-expression 2023-11-30 11:24:07 +00:00
Chris Smowton
e50a0eee59 Remove duplicate of expr exception propagation logic 2023-11-30 11:24:07 +00:00
Chris Smowton
6f3bff19cc Expose getFirstPatternCase, not getPatternCase/2 2023-11-30 11:24:07 +00:00
Chris Smowton
40464ed1f9 Eliminate duplicate predicate 2023-11-30 11:24:07 +00:00