codeql

mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00

Author	SHA1	Message	Date
Owen Mansel-Chan	883301938b	Merge pull request #18161 from owen-mc/java/weak-crypto-algo-more-informative Java: Make `java/weak-cryptographic-algorithm` give a reason why the algo is insecure	2025-01-13 23:43:04 +00:00
Owen Mansel-Chan	0728b3bd60	Update test expectation	2025-01-10 10:37:05 +00:00
Chris Smowton	03c6529961	Spelling	2025-01-06 22:46:22 +01:00
Chris Smowton	5c2df36786	Exclude classes with a writeReplace method from serializability checks	2025-01-06 14:42:44 +00:00
Asger F	be939dca29	Merge pull request #14350 from asgerf/shared/deduplicate-path-graph Shared: Add DataFlow::DeduplicatePathGraph	2024-12-18 14:04:29 +01:00
Asger F	8340841d54	Shared: Fix propagation of call bit	2024-12-17 11:16:04 +01:00
Asger F	950ae44d03	Shared: Show test failures	2024-12-17 11:15:57 +01:00
Asger F	f2968f4e14	Shared: Ensure subpath-induced edges are handled properly Argument-passing and flow-through edges are present in 'edges' in addition to 'subpaths', but the implementation didn't take this into account.	2024-12-16 13:21:43 +01:00
Michael Nebel	0a1d2d0bbb	Java: Update all test util paths to point to the new location.	2024-12-12 13:21:25 +01:00
Michael Nebel	91cfb30513	Java: Move test utilities to the java query pack.	2024-12-12 13:21:22 +01:00
Owen Mansel-Chan	066db766ef	Merge pull request #18153 from owen-mc/java/resttemplate-getforobject Java: add SSRF sink model for the third parameter of `RestTemplate.getForObject`	2024-12-11 16:37:35 +00:00
Jami	538dee81b6	Merge pull request #18214 from jcogs33/jcogs33/java/file-getname-path-sanitizer Java: add File.getName as a path injection sanitizer	2024-12-11 10:18:02 -05:00
Anders Schack-Mulligen	066cfa31d2	Merge pull request #18258 from aschackmull/dataflow/simplify-apapprox3 Dataflow: Simplify references to access paths from prior stage.	2024-12-11 14:23:31 +01:00
Asger F	889100a243	Java: update test output with provenance	2024-12-11 13:19:47 +01:00
Asger F	afdbf2c3c6	Java: update test to account for key,val	2024-12-11 13:19:36 +01:00
Asger F	736388809d	Java: MethodAccess -> MethodCall	2024-12-11 13:19:25 +01:00
Asger F	5aa1242117	Shared: use a call bit when tracking reachability to/from a discriminator	2024-12-11 11:29:14 +01:00
Asger F	0eb543e0a9	Java: add test for spurious flow from path graph deduplication	2024-12-11 11:29:13 +01:00
Owen Mansel-Chan	0f3dd6d8f1	Java: IPA the CFG	2024-12-10 15:26:11 +00:00
Anders Schack-Mulligen	da179705c3	Java: Accept expected file changes.	2024-12-10 14:52:06 +01:00
Anders Schack-Mulligen	4bf63fedc9	Merge pull request #18179 from aschackmull/dataflow/accesspath-notypes Dataflow: Remove tracked types from Access Paths, track tainted object type, and tweak type pruning.	2024-12-05 09:58:36 +01:00
Jami Cogswell	121780c55a	Java: add File.getName as a path injection sanitizer	2024-12-04 18:57:51 -05:00
Jeroen Ketema	89d20fd086	Java: Update expected test results	2024-12-03 19:18:59 +01:00
Anders Schack-Mulligen	9734cff15b	Java/C#: Update expected files.	2024-12-03 12:57:44 +01:00
Owen Mansel-Chan	e6409e159f	Give reason why crypto algorithm is insecure	2024-11-29 11:54:27 +00:00
Owen Mansel-Chan	7648d397f8	Improve model to remove some false positives	2024-11-29 09:46:41 +00:00
Owen Mansel-Chan	b5fbf2e944	Add models for third arg of getForObject No attempt to stop FPs.	2024-11-28 16:51:13 +00:00
Anders Schack-Mulligen	df2e2e503a	Merge pull request #17901 from aschackmull/java/allowlist-sanitizer Java: Add a default taint sanitizer for contains-checks on lists of constants	2024-11-27 11:09:05 +01:00
Anders Schack-Mulligen	85778f7fea	Java: Fix semantic merge conflict in expected file.	2024-11-27 08:53:41 +01:00
Jami	36acfeb305	Merge pull request #18087 from jcogs33/jcogs33/java-sha2 Java: add SHA-384 to list of secure crypto algorithms	2024-11-26 08:51:58 -05:00
yoff	6d6f269e6c	Merge pull request #17997 from yoff/java/inline-range-tests	2024-11-26 14:48:07 +01:00
Anders Schack-Mulligen	a6fc41ec4b	Java: Accept consistency failure.	2024-11-26 13:25:44 +01:00
Anders Schack-Mulligen	38eb3e4952	Java: Adjust expected output.	2024-11-26 13:25:44 +01:00
Anders Schack-Mulligen	2ff2d25784	Java: Cherry-pick test from https://github.com/github/codeql/pull/17051	2024-11-26 13:25:43 +01:00
Anders Schack-Mulligen	0d45f0efb2	Java: Accept consistency check result.	2024-11-26 13:25:43 +01:00
Anders Schack-Mulligen	2b1caa8a35	Java: Add test.	2024-11-26 13:25:42 +01:00
Rasmus Lerchedahl Petersen	f508f8eb83	Java: address review comments	2024-11-26 11:44:16 +01:00
Jami Cogswell	05b6700607	Java: add SHA384 to list of secure algorithms	2024-11-25 09:27:53 -05:00
Arthur Baars	c2b342f1a0	Merge pull request #18084 from github/aibaars/java-sha3 Java: add SHA3 family to list of secure crypto algorithms	2024-11-25 15:07:43 +01:00
Rasmus Lerchedahl Petersen	25664d0e53	Java: Add support for non-integer bounds in inline expectations	2024-11-25 14:48:17 +01:00
Rasmus Lerchedahl Petersen	37935eea3b	java: separate bounds onto different lines	2024-11-25 12:32:11 +01:00
Jami	f0045692a7	Merge pull request #17869 from jcogs33/jcogs33/improve-weak-crypto Java: Improve weak crypto query	2024-11-24 12:04:00 -05:00
Arthur Baars	c6eaed343d	Java: add SHA3 family to list of secure crypto algorithms	2024-11-22 19:03:00 +01:00
Arthur Baars	7f84cf6d72	Add test case	2024-11-22 19:02:11 +01:00
Tom Hvitved	5f9b8c05bd	Java: Update expected test output	2024-11-20 12:58:00 +01:00
yoff	6ed895064f	Apply suggestions from code review Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2024-11-19 13:37:53 +01:00
Rasmus Lerchedahl Petersen	15953bf569	java: inline range test	2024-11-15 12:31:18 +01:00
Owen Mansel-Chan	efb34aea45	Fix bug in UnreachableBlocks	2024-11-14 14:50:25 +00:00
Tom Hvitved	95e9d013cc	Update expected test output	2024-11-04 12:07:06 +01:00
Jami Cogswell	459d16824e	Java: weak crypto: do not report weak hash algorithms	2024-11-03 18:22:06 -05:00

1 2 3 4 5 ...

3994 Commits