hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
75,255 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.2
Commit Graph

12769 Commits

Author SHA1 Message Date
github-actions[bot]
ec70b80a0a Release preparation for version 2.20.2 2025-01-21 12:47:53 +00:00
Chris Smowton
90c396b46a Revert "Release preparation for version 2.20.2" 2025-01-21 12:02:52 +00:00
github-actions[bot]
ec1ca5dc25 Release preparation for version 2.20.2 2025-01-20 14:44:12 +00:00
Chris Smowton
060161cd5e Add change note 2025-01-14 14:22:27 +00:00
Chris Smowton
5ca7d26cf3 Add test for a JavacTool-based compiler that doesn't use standard JavaFileObjects 2025-01-14 14:22:26 +00:00
Chris Smowton
3e10e78c95 Merge pull request #18480 from github/smowton/admin/document-serialization-proxy 
Java: document serialization proxy pattern
 2025-01-14 12:34:01 +00:00
Owen Mansel-Chan
883301938b Merge pull request #18161 from owen-mc/java/weak-crypto-algo-more-informative 
Java: Make `java/weak-cryptographic-algorithm` give  a reason why the algo is insecure
 2025-01-13 23:43:04 +00:00
yoff
599411b440 Merge pull request #17787 from yoff/shared/add-location-to-typetracking-nodes 
shared: Add locations to type tracking nodes
 2025-01-13 23:06:09 +01:00
Ian Lynagh
6b182c5ebd Merge pull request #18396 from igfoo/igfoo/path_transformer 
Kotlin: Add CODEQL_PATH_TRANSFORMER support
 2025-01-13 15:11:41 +00:00
Chris Smowton
0b62338cda Java: document serialization proxy pattern 
Note I haven't included a reference because I can't find a sufficiently-authoritative source -- only a blog quoting Effective Java seems close to appropriate, and I suspect that's pirated.
 2025-01-13 11:49:36 +00:00
Tom Hvitved
303b11ec36 Merge pull request #18298 from hvitved/rust/mad-source-sink 
Rust: Add support for MaD sources and sinks with access paths
 2025-01-10 11:49:51 +01:00
Owen Mansel-Chan
0728b3bd60 Update test expectation 2025-01-10 10:37:05 +00:00
yoff
b263132ab2 Merge pull request #17998 from yoff/shared/locations-in-range-analysis 2025-01-09 14:05:54 +01:00
Owen Mansel-Chan
0f8f5d2793 Merge branch 'main' into post-release-prep/codeql-cli-2.20.1 2025-01-08 16:28:23 +00:00
yoff
21e7a0e828 Merge branch 'main' into shared/locations-in-range-analysis 2025-01-08 16:40:59 +01:00
Tom Hvitved
868caf948c Rename {Source,Sink}Node to {Source,Sink}Element 2025-01-08 15:21:43 +01:00
yoff
aca5a51a78 Merge branch 'main' into shared/add-location-to-typetracking-nodes 2025-01-08 12:47:05 +01:00
github-actions[bot]
fb20f6ca63 Post-release preparation for codeql-cli-2.20.1 2025-01-07 22:07:40 +00:00
github-actions[bot]
88b6f1e79a Release preparation for version 2.20.1 2025-01-07 20:50:36 +00:00
Dave Bartolomeo
72a53c4b23 Revert "Release preparation for version 2.20.1" 2025-01-07 13:32:23 -05:00
github-actions[bot]
fbf9f2fff8 Release preparation for version 2.20.1 2025-01-07 17:20:13 +00:00
Dave Bartolomeo
22e030584c Revert "Release preparation for version 2.20.1" 2025-01-07 12:14:27 -05:00
Owen Mansel-Chan
5959a736ac Only recommend GCM, and tighten wording 2025-01-07 16:55:10 +00:00
Chris Smowton
dd0012edcb ASCII 2025-01-06 23:28:02 +01:00
Chris Smowton
03c6529961 Spelling 2025-01-06 22:46:22 +01:00
github-actions[bot]
a121c5a5d0 Release preparation for version 2.20.1 2025-01-06 18:20:22 +00:00
Chris Smowton
d0eab598b1 Change note 2025-01-06 14:44:12 +00:00
Chris Smowton
5c2df36786 Exclude classes with a writeReplace method from serializability checks 2025-01-06 14:42:44 +00:00
Tom Hvitved
1b31c90d26 Implement FlowSummaryImpl stubs 2025-01-06 13:26:51 +01:00
Ian Lynagh
78b277b46f Java/Kotlin: Add a changenote for CODEQL_PATH_TRANSFORMER support. 2025-01-03 16:02:36 +00:00
Ian Lynagh
dedb0cb11f Kotlin: Support CODEQL_PATH_TRANSFORMER 2025-01-03 16:02:36 +00:00
Asger F
be939dca29 Merge pull request #14350 from asgerf/shared/deduplicate-path-graph 
Shared: Add DataFlow::DeduplicatePathGraph
 2024-12-18 14:04:29 +01:00
Asger F
8340841d54 Shared: Fix propagation of call bit 2024-12-17 11:16:04 +01:00
Asger F
950ae44d03 Shared: Show test failures 2024-12-17 11:15:57 +01:00
Michael Nebel
aaf0cd5dee Merge pull request #17968 from michaelnebel/java/movetestutils 
Move test utilities to the query pack.
 2024-12-16 13:41:30 +01:00
Asger F
f2968f4e14 Shared: Ensure subpath-induced edges are handled properly 
Argument-passing and flow-through edges are present in 'edges' in addition to 'subpaths', but the implementation didn't take this into account.
 2024-12-16 13:21:43 +01:00
Michael Nebel
0bfc1b6ea8 Also move the postprocessing queries to the library pack. 2024-12-12 15:03:03 +01:00
Michael Nebel
941b0abbf6 Move modules to the library packs. 2024-12-12 15:03:01 +01:00
Owen Mansel-Chan
8703e21f62 Merge pull request #17996 from owen-mc/java/lightweight-IR-layer-classes 
Java: Make separate classes for different control flow node kinds
 2024-12-12 13:36:54 +00:00
Owen Mansel-Chan
8e11789186 Restore asStmt, asExpr and asCall to Node 
It doesn't really make sense to define them in terms of dispatch.
 2024-12-12 12:30:01 +00:00
Michael Nebel
0a1d2d0bbb Java: Update all test util paths to point to the new location. 2024-12-12 13:21:25 +01:00
Michael Nebel
91cfb30513 Java: Move test utilities to the java query pack. 2024-12-12 13:21:22 +01:00
Owen Mansel-Chan
066db766ef Merge pull request #18153 from owen-mc/java/resttemplate-getforobject 
Java: add SSRF sink model for the third parameter of `RestTemplate.getForObject`
 2024-12-11 16:37:35 +00:00
Jami
538dee81b6 Merge pull request #18214 from jcogs33/jcogs33/java/file-getname-path-sanitizer 
Java: add File.getName as a path injection sanitizer
 2024-12-11 10:18:02 -05:00
Owen Mansel-Chan
1420bce36a Move import statement in SpringWebClient.qll 2024-12-11 14:19:24 +00:00
Anders Schack-Mulligen
066cfa31d2 Merge pull request #18258 from aschackmull/dataflow/simplify-apapprox3 
Dataflow: Simplify references to access paths from prior stage.
 2024-12-11 14:23:31 +01:00
Asger F
889100a243 Java: update test output with provenance 2024-12-11 13:19:47 +01:00
Asger F
afdbf2c3c6 Java: update test to account for key,val 2024-12-11 13:19:36 +01:00
Asger F
736388809d Java: MethodAccess -> MethodCall 2024-12-11 13:19:25 +01:00
Owen Mansel-Chan
aaa4361120 Rearrange member predicates in ControlFlow::Node 
Put all the ones which might need to be overrridden by subclasses
together for ease of reading.
 2024-12-11 10:34:18 +00:00