hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
75,255 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.2
Commit Graph

12769 Commits

Author SHA1 Message Date
Owen Mansel-Chan
9e25279cb8 Change category in change note to "majorAnalysis" 2024-06-24 21:23:51 +01:00
Owen Mansel-Chan
162245fb9a Fix unrelated test using reverse DNS as source 2024-06-24 21:23:50 +01:00
Owen Mansel-Chan
059ef42f41 Add change note 2024-06-24 21:23:49 +01:00
Owen Mansel-Chan
878867205e Fix taintsources test 2024-06-24 21:23:47 +01:00
Owen Mansel-Chan
91db2b6c9c Make new threat model kind "reverse-dns" 2024-06-24 21:23:46 +01:00
Chris Smowton
351b908f62 Adjust and tolerate variability in test expectations 2024-06-24 16:38:18 +01:00
github-actions[bot]
e32a587078 Release preparation for version 2.17.6 2024-06-24 14:33:10 +00:00
Anders Schack-Mulligen
8c23e21073 Dataflow: Cache compatibleTypes. 2024-06-24 13:35:48 +02:00
Michael Nebel
24685a07c0 Java: Update model generator test expected output. 2024-06-24 13:07:42 +02:00
Michael Nebel
c687dcb094 Java: Sync files and make language specific implementation. 2024-06-24 13:07:39 +02:00
Michael Nebel
30249e4f2b Java: Add some spurious source and sink examples. 2024-06-24 13:07:34 +02:00
Michael Nebel
9cd16fd9d6 Java: Base the model printing on the shared implementation. 2024-06-24 11:52:50 +02:00
Michael Nebel
94d12edfdb Merge pull request #16759 from michaelnebel/modelgen/sourcesinkmodelgen 
C#/Java: Introduce source and sink model generation sanitisers.
 2024-06-24 11:47:11 +02:00
Jonathan Leitschuh
472cca9221 Align Java CommandInjectionRuntimeExec.ql Severity 
Align severity with other command injection vulnerabilities:

- 4a448f445e/cpp/ql/src/Security/CWE/CWE-078/ExecTainted.ql (L8)
- 4a448f445e/go/ql/src/Security/CWE-078/CommandInjection.ql (L7)
- 4a448f445e/swift/ql/src/queries/Security/CWE-078/CommandInjection.ql (L7)
- 4a448f445e/javascript/ql/src/Security/CWE-078/CommandInjection.ql (L7)
 2024-06-21 10:29:27 -04:00
Michael Nebel
aa962f9b03 Java: Update expected output of model generation. 2024-06-19 14:10:59 +02:00
Michael Nebel
1185e28ea2 Java: Add some spurious source and sink model generation examples. 2024-06-19 14:10:56 +02:00
Michael Nebel
ed3f1e40db Java: Sync changes and make dummy language specific implementation. 2024-06-19 14:10:54 +02:00
Paolo Tranquilli
919ddccfdb C++/Java: Accept new warning format in ql tests 2024-06-19 09:13:18 +02:00
Michael Nebel
cd9d58fdc8 Merge pull request #16772 from michaelnebel/java/taintedpermissionthreatmodel 
Java: Opt-in `java/tainted-permissions-check` to threat models.
 2024-06-18 10:54:28 +02:00
Michael Nebel
5686efd25c Update java/ql/src/change-notes/2024-06-17-tainted-permissions-check.md 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2024-06-17 16:47:22 +02:00
Michael Nebel
197cdab43d Merge pull request #16752 from michaelnebel/shared/sourcesinkcallables 
C#/Java: Add some (shared) helper classes for Neutrals, Sources and Sink
 2024-06-17 14:58:27 +02:00
Anders Schack-Mulligen
96b6ddefe0 Merge pull request #16751 from aschackmull/java/sndlevelscope-fix 
Java: Calculate 2nd level scopes for implicit instance accesses.
 2024-06-17 13:10:46 +02:00
Michael Nebel
833b4f90bf Java: Make source and sink callable adapters. 2024-06-17 12:53:08 +02:00
Anders Schack-Mulligen
b8b95fd81d Java: Add change note. 2024-06-17 11:46:54 +02:00
Michael Nebel
c3862660e4 Java: Add change note. 2024-06-17 11:07:29 +02:00
Michael Nebel
327dab69d0 Java: Opt-in the tainted permissions check query to threat models. 2024-06-17 11:02:08 +02:00
Owen Mansel-Chan
b0afba49a2 Merge pull request #16761 from owen-mc/java/reverse-dns-get-loopback-address 
Java: Exclude loopback address from reverse DNS source
 2024-06-14 22:39:55 +01:00
Owen Mansel-Chan
9aa0c9f1f3 Fix test expectations 2024-06-14 15:55:30 +01:00
Ian Lynagh
079717bbc0 Merge pull request #16694 from igfoo/igfoo/PopulationSpecFile 
Kotlin: Remove unused PopulationSpecFile
 2024-06-14 15:06:39 +01:00
Owen Mansel-Chan
6cfd9458b0 Add change note 2024-06-14 14:05:25 +01:00
Owen Mansel-Chan
7a13c31021 Exclude loopback address from reverse DNS source 2024-06-14 14:05:01 +01:00
Owen Mansel-Chan
5973f3fadc Add test for reverse DNS from loopback address 2024-06-14 14:04:47 +01:00
Owen Mansel-Chan
098b732937 Fix formatting of inline expectation test comment 2024-06-14 14:04:42 +01:00
Paolo Tranquilli
e2a47e7c18 Merge pull request #16720 from github/redsun82/kotlin 
Kotlin: cleanup after internal changes
 2024-06-14 13:28:22 +02:00
Michael Nebel
3525967143 Merge pull request #16701 from michaelnebel/csharp/modelgentaintmembers 
C#/Java: Improve Sink and Summary model generation.
 2024-06-14 12:30:50 +02:00
Michael Nebel
a29446a566 C#/Java: Address review comments. 2024-06-14 10:46:19 +02:00
Paolo Tranquilli
f9db7864e1 Change note: reword 2024-06-13 18:04:23 +02:00
Paolo Tranquilli
0198806658 Merge branch 'main' into redsun82/kotlin 2024-06-13 16:29:13 +02:00
Paolo Tranquilli
b8de2ea03b Merge pull request #16731 from github/redsun82/kotlin-fix-version-picker 
Kotlin: expose kotlin version picker for internal packaging
 2024-06-13 13:57:38 +02:00
Anders Schack-Mulligen
b47831af14 Java: Calculate 2nd level scopes for implicit instance accesses. 2024-06-13 13:57:18 +02:00
Michael Nebel
7f7c5d7c94 Java: Update model generator expected test output. 2024-06-13 10:57:15 +02:00
Michael Nebel
e247d5b316 Java: Sync files and make dummy language specific implementation. 2024-06-13 10:55:17 +02:00
Michael Nebel
e56c185f32 Java: Add some model generator sink examples. 2024-06-13 10:49:57 +02:00
Paolo Tranquilli
11c37734c3 Kotlin: add change note for having fixed kotlin QL tests in release 2024-06-13 09:49:39 +02:00
Paolo Tranquilli
183a825841 Kotlin: expose kotlin version picker for internal packaging 2024-06-12 09:29:57 +02:00
github-actions[bot]
bbeebfae73 Add changed framework coverage reports 2024-06-12 00:17:31 +00:00
Mathias Vorreiter Pedersen
67b327a0f7 Merge pull request #16725 from MathiasVP/rc-3.14-mergeback 
Mergeback from `rc/3.14`
 2024-06-11 17:37:40 +01:00
Mathias Vorreiter Pedersen
3351b9547d Merge branch 'rc/3.14' into rc-3.14-mergeback 2024-06-11 16:21:08 +01:00
Mauro Baluda
a464a8e48e @mbaluda 
Update provenance in test expectations
 2024-06-11 15:15:50 +02:00
Mauro Baluda
29e3816412 Apply suggestions from code review 
Address reviewiew comments

Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2024-06-11 12:05:14 +02:00