hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
75,255 Commits 1,672 Branches 157 Tags
codeql-cli-2.20.2
Commit Graph

12769 Commits

Author SHA1 Message Date
Ed Minnix
a528db8958 Use MapMutation instead of MethodCall 2024-01-08 09:39:05 -05:00
Ed Minnix
e14be0e971 Add BAD markers to samples 2024-01-08 09:39:04 -05:00
Ed Minnix
709649e9df Model replace and putIfAbsent 2024-01-08 09:39:03 -05:00
Ed Minnix
1544330f3f Minor fixes for code review 2024-01-08 09:38:53 -05:00
Ed Minnix
4b9b27c395 change note 2024-01-08 09:38:52 -05:00
Edward Minnix III
18e8a27fca Reworded name and description 2024-01-08 09:38:51 -05:00
Edward Minnix III
1f37e70d83 Fix typos 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2024-01-08 09:38:51 -05:00
Ed Minnix
51006aa088 Formatting fix 2024-01-08 09:38:50 -05:00
Ed Minnix
6eff72f99a Include other map mutations 2024-01-08 09:38:49 -05:00
Ed Minnix
4fc6f710a4 Fix alert message 2024-01-08 09:38:48 -05:00
Ed Minnix
1550f5df2a Environment variable injection query documentation 2024-01-08 09:38:47 -05:00
Ed Minnix
f1f0f50c92 TaintedEnvironmentVariableQuery docs 2024-01-08 09:38:47 -05:00
Ed Minnix
818c5de8d5 security-severity metadata 2024-01-08 09:38:46 -05:00
Ed Minnix
d4e2b84348 Cleanup helper dataflow configuration 2024-01-08 09:38:45 -05:00
Ed Minnix
f05f16116b Testing for Environment variable injection 2024-01-08 09:38:45 -05:00
Ed Minnix
8ed3f3c865 Move to library 2024-01-08 09:38:44 -05:00
Ed Minnix
814885f7f6 Hudson environment variables models 2024-01-08 09:38:43 -05:00
Ed Minnix
028bd49211 org.apache.commons.exec models 2024-01-08 09:38:42 -05:00
Ed Minnix
b482b36b5f Initial ProcessBuilder support 2024-01-08 09:38:41 -05:00
Ed Minnix
ad32b81492 environment-injection sink 2024-01-08 09:38:41 -05:00
Ed Minnix
93025cc8cf Argument injection initial commit 2024-01-08 09:38:40 -05:00
Tony Torralba
7e6f2d1fc5 Merge pull request #14681 from atorralba/atorralba/java/weak-randomness-cve-coverage 
Java: Add more sinks to the Insecure Randomness query
 2024-01-08 15:33:03 +01:00
Ian Lynagh
02734be287 Kotlin: Fix building with 2.0.255 snapshots 
A couple of extension functions were moved
 2024-01-08 13:25:25 +00:00
Ian Lynagh
9bc0167566 Kotlin: Add a 2.0.255 snapshot 
The current master isn't compatible with the 2.0.0-Beta1
 2024-01-08 13:25:25 +00:00
github-actions[bot]
a6c8cc9551 Release preparation for version 2.16.0 2024-01-08 13:11:26 +00:00
Marcono1234
3edfdc5ceb Java: Improve Regex flag parsing 
Fixes:
- Flag `d` not being recognized
- Syntax for disabling flags (`-`) not being recognized
- Non-capturing group with flags erroneously containing `:` as literal
 2024-01-06 04:15:09 +01:00
Chris Smowton
8144d90d4d Merge pull request #15227 from smowton/smowton/admin/add-test-buildless-maven-multimodule 
Add test for Java buildless vs Maven multimodule projects
 2024-01-04 16:36:44 +00:00
Ian Wright
dab28edfa9 0.0.11 release of automodel extraction queries 2024-01-04 13:10:46 +00:00
Chris Smowton
c90171c73f Add test for Java buildless vs Maven multimodule projects 2024-01-04 12:30:13 +00:00
Owen Mansel-Chan
ce3097e9ce Fix manual models for String.valueOf(Object) 
Add a neutral model for it, but also a summary model for `String.valueOf(CharSequence)`
 2024-01-04 11:31:20 +00:00
Owen Mansel-Chan
0076f06ce7 Improve manual models of java.lang.Exception 2024-01-04 11:31:18 +00:00
Owen Mansel-Chan
e415c54c5e Reorder manual models of java.lang.Throwable 2024-01-04 11:31:16 +00:00
Owen Mansel-Chan
f52ea5c2fd Improve manual models of java.lang.Throwable 2024-01-04 11:31:14 +00:00
Ian Wright
468454645e better 2024-01-04 11:15:05 +00:00
Ian Wright
4530510450 check if provided argument is valid 2024-01-04 11:02:58 +00:00
Ian Wright
545b5e7e83 better comment 2024-01-04 11:02:58 +00:00
Ian Wright
fb44b9c7dd better comment 2024-01-04 11:02:57 +00:00
Ian Wright
e4a798e9cc better comment 2024-01-04 11:02:57 +00:00
Ian Wright
af940f5e41 don't specify defaults 2024-01-04 11:02:57 +00:00
Ian Wright
45b1790fa2 add publication warning 2024-01-04 11:02:57 +00:00
Ian Wright
337512174f wip 
wip

wip

more checks

fix bug if release folder already exists

fix bug if release folder already exists

ensure branch has correct release; dry-run

simplify branches

step by step

fix paths

pushd/popd

pushd/popd

use bash

simplify

simplify

simplify

simplify

add dry run
 2024-01-04 11:02:57 +00:00
Ian Wright
6572be668c get release version 2024-01-04 11:02:57 +00:00
Ian Lynagh
7b48e2e4ae Merge pull request #15049 from igfoo/igfoo/UnderscoreIdentifier 
Kotlin 2: Accept changes in query-tests/UnderscoreIdentifier
 2024-01-03 13:43:24 +00:00
Eric Bickle
4fa5b2ae41 Add change nodes for GSON coverage 2024-01-02 14:17:23 -08:00
Eric Bickle
0cd89bf815 Merge branch 'main' into fix/update-gson-model 2024-01-02 14:05:33 -08:00
Aditya Sharad
bbe3269b8c Merge pull request #15189 from github/adityasharad/merge/3.12-main 
Merge `rc/3.12` into `main`
 2023-12-22 11:26:37 -08:00
Edward Minnix III
d6d76fa4f1 Merge pull request #15183 from egregius313/egregius313/java/fix-weak-hashing-adddition 
Java: Fix minor error in `java/potentially-weak-cryptographic-algorithm`
 2023-12-22 11:38:55 -05:00
Arthur Baars
c5b6f48569 Merge pull request #15127 from smowton/smowton/feature/buildless-tests 
Add buildless tests
 2023-12-22 11:39:16 +01:00
Tony Torralba
67f8bcce44 Merge pull request #14752 from masterofnow/LoadClassNoSignatureCheck 
Java: Insecure Loading of Class in Android App without Package Signature Checking
 2023-12-22 10:24:34 +01:00
Tony Torralba
8ad787f3b8 Java: Generelize MaybeBrokenCryptoAlgorithmQuery.qll 2023-12-22 10:15:40 +01:00