hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
75,734 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.4
Commit Graph

5453 Commits

Author SHA1 Message Date
Ian Lynagh
e49b278d61 Java/Kotlin: Add a changenote for the lines-of-code changes. 2023-06-05 16:33:12 +01:00
Ian Lynagh
a4a7ad8f99 Java/Kotlin: Split lines of code by language 
We were giving the sum of all lines for both languages, but labelling it
as "Total lines of Java code in the database", which was confusing.

Now we give separate sums for Kotlin and Java lines.
 2023-06-05 13:57:47 +01:00
erik-krogh
44b6366586 delete old deprecations 2023-06-02 11:58:08 +02:00
Tony Torralba
527fe523a8 Add PathCreation.qll sinks to models-as-data 
The old PathCreation sinks can't be removed because doing so would cause alert wobble in the path injection queries. See their getReportingNode predicates.
 2023-06-02 09:14:35 +02:00
Tony Torralba
c3b1ef2cdf Merge branch 'main' into atorralba/java/command-injection-mad-sinks 2023-06-02 08:57:24 +02:00
Jami
617107de35 Merge pull request #12916 from jcogs33/jcogs33/revamp-java-sink-kinds 
Java: revamp MaD sink kinds
 2023-06-01 12:48:30 -04:00
Nick Rolfe
7290e2bfd9 Java: avoid call to Location.toString() 2023-06-01 17:06:34 +01:00
Erik Krogh Kristensen
96a720cfa0 Merge pull request #13285 from erik-krogh/redoshelp 
ReDoS: fix whitespace in the samples in ReDoS.qhelp
 2023-06-01 15:53:58 +02:00
Jami Cogswell
5dbb698481 Java: update open/jdbc-url sink kinds to request-forgery 2023-05-31 15:50:31 -04:00
Jami Cogswell
cb10f4976b Java: update create/read-file sink kinds to path-injection 2023-05-31 15:49:07 -04:00
Jami Cogswell
eb1a8e2189 Java: update write-file sink kind to file-system-store 2023-05-31 15:49:07 -04:00
Jami Cogswell
430010daa3 Java: update logging sink kind to log-injection 2023-05-31 15:49:06 -04:00
Stephan Brandauer
5de56db3af Java: QlDoc for isKnownKind 2023-05-31 14:13:14 +02:00
Stephan Brandauer
03051dde7f Java: spelling 2023-05-31 14:13:14 +02:00
Taus
ea5c36491b Java: Improve documentation of sampling strategy 2023-05-31 11:39:54 +00:00
Stephan Brandauer
5a9d09c49e Java: docs update 
Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>
 2023-05-31 13:36:58 +02:00
Stephan Brandauer
12ea5e0e90 Java: fix sanitizer bug 2023-05-31 11:53:02 +02:00
Stephan Brandauer
86559317d7 Java: update comments 2023-05-31 11:52:26 +02:00
Stephan Brandauer
96bae2d5ec Java: avoid downcasting to DollarAtString 2023-05-31 10:41:52 +02:00
Arthur Baars
490d22d123 Merge remote-tracking branch 'upstream/main' into post-release-prep/codeql-cli-2.13.3 2023-05-30 21:31:28 +02:00
Andrew Eisenberg
6ba8f9eb36 Merge pull request #13314 from github/aeisenberg/adds-to-pack 
Fix `addsTo.pack` references
 2023-05-30 08:30:16 -07:00
Taus
73aa790cdd Java: Improve sampling strategy 
Instead of the "random" sampling used before (which could -- in rare circumstances -- end up sampling fewer points than we want) we now sample an equally distributed set of points.
 2023-05-30 11:22:26 +00:00
Stephan Brandauer
d4b964c849 add support for sanitizers 2023-05-30 10:25:52 +02:00
Andrew Eisenberg
2d81e30d81 Fix addsTo.pack references 
This change is a prerequisite for a CLI change where there will be
strict testing of the `addsTo.pack` values. It must resolve to a pack
reference that is a transitive dependency of the current query's pack.
 2023-05-29 13:45:41 -07:00
Tony Torralba
6386ef3b96 Further perf improvements 2023-05-29 09:58:52 +02:00
Taus
227c5fab40 Java: Get location ordering without toString 2023-05-26 14:52:08 +00:00
Stephan Brandauer
efe539eb32 Java: better sampling of negative examples 2023-05-26 14:15:32 +02:00
Stephan Brandauer
a89378d86d Java: add extra known frameworks and sample negative samples to manage sarif file sizes 2023-05-26 13:20:04 +02:00
Tony Torralba
4dfc9b13cd Java: Fix performance issue in the stub generator 2023-05-26 12:44:53 +02:00
Stephan Brandauer
5ca2221097 remove some of the biggest frameworks from application mode consideration 2023-05-25 17:06:02 +02:00
Stephan Brandauer
db77c6b9a3 Java: mark functional expressions as likely not sinks 2023-05-25 16:39:27 +02:00
Stephan Brandauer
76d731a61d improve CannotBeTaintedCharacteristic 2023-05-25 16:28:07 +02:00
Stephan Brandauer
9a041243ff Java: fine-tune characteristics 2023-05-25 14:16:32 +02:00
Stephan Brandauer
f224a40dec Java: use containing call as call context, not argument 2023-05-25 14:16:23 +02:00
Stephan Brandauer
33fdb0fc52 Java: remove superfluous characteristic 2023-05-25 14:16:23 +02:00
Taus
2000f22533 Java: Port over characteristics from codex branch 2023-05-25 14:16:23 +02:00
Taus
11ab7e2e71 Java: Share argument indexing logic 
Adds a utility predicate for turning integer indices into the desired string representation.
 2023-05-25 14:16:23 +02:00
Taus
04b8bf35d4 Java: Avoid overlapping import 
Importing `AutomodelEndpointTypes` inside `AutomodelSharedUtil` non-privately made it overlap with the imports in the candidate extraction queries.
 2023-05-25 14:16:23 +02:00
Stephan Brandauer
db61a2d099 Java: share isKnownKind between modes 2023-05-25 14:16:16 +02:00
Stephan Brandauer
d93ad9b398 Java: remove unneeded abstract metadata extractor classes and fix some names 2023-05-25 14:16:11 +02:00
Stephan Brandauer
6e21f14c09 Java: update extraction query metadata 2023-05-25 14:16:03 +02:00
Stephan Brandauer
7c3bc26c41 Java: make input an actual string, not an integer 2023-05-25 14:15:59 +02:00
Stephan Brandauer
185ad101b3 Java: add application-mode and framework-mode tags to extraction queries 2023-05-25 14:15:50 +02:00
Taus
9b30f9a476 Java: Add negative characteristic for static calls 2023-05-25 14:15:49 +02:00
Taus
6fc16574b3 Java: Add QL support for automodel application mode 2023-05-25 14:15:49 +02:00
erik-krogh
9f5bf8fb22 also fix the first code-block 2023-05-25 13:56:29 +02:00
erik-krogh
765076bcba fix whitespace in the samples in ReDoS.qhelp 2023-05-25 13:28:39 +02:00
Tony Torralba
a276cc3094 Convert all command injection sinks to MaD format 2023-05-25 11:41:32 +02:00
github-actions[bot]
d2e192020b Post-release preparation for codeql-cli-2.13.3 2023-05-24 11:26:12 +00:00
Erik Krogh Kristensen
50cb5ea184 Merge pull request #13164 from erik-krogh/polyQhelp 
ReDoS: add another example to the qhelp in poly-redos, showing how to just limit the length of the input
 2023-05-23 09:25:15 +02:00