codeql

mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00

Author	SHA1	Message	Date
Henry Mercer	d196704a2d	Merge pull request #11574 from github/henrymercer/check-query-ids Add a PR check to ensure query IDs are unique	2022-12-08 15:31:26 +00:00
Chris Smowton	85ee4e6ca1	Merge pull request #11578 from retanoj/MybatisSqli Java: Add MyBatis Sql Injection no @Param case	2022-12-08 13:53:44 +00:00
Henry Mercer	3036b15af2	Merge branch 'main' into henrymercer/check-query-ids	2022-12-08 13:05:46 +00:00
Chris Smowton	0d2474bd55	Autoformat	2022-12-08 11:30:53 +00:00
Chris Smowton	49bc524fd0	Merge remote-tracking branch 'origin/rc/3.8' into smowton/admin/merge-rc38-into-main	2022-12-08 11:12:30 +00:00
Jami Cogswell	e9e5f92603	Java: update notModeled for negative numbers	2022-12-07 21:46:52 -05:00
retanoj	0edfc6e01e	greedy matching	2022-12-08 09:23:24 +08:00
Jami Cogswell	aa7e6d7811	Java: add negative numbers	2022-12-07 17:17:35 -05:00
Edward Minnix III	170c9af9e8	Merge pull request #11238 from egregius313/egregius313/webview-setjavascriptenabled Java: Query for detecting enabling Javascript in Android WebSettings	2022-12-07 09:31:58 -05:00
retanoj	9cfeaeb18e	Merge branch 'main' into MybatisSqli	2022-12-07 21:19:08 +08:00
Tony Torralba	cabce5fb36	Merge pull request #11549 from mbaluda/mbaluda/insecure-cookie Java: Support interprocedural setting of cookie security	2022-12-07 12:14:46 +01:00
Jami Cogswell	b82f9b1911	Java: add draft of generated vs manual MaD metrics query	2022-12-06 22:15:19 -05:00
retanoj	8ee418405b	consider blankspace / comma /dot field	2022-12-07 10:06:39 +08:00
Ed Minnix	1c81f8d8d5	Apply suggestion from docs review	2022-12-06 15:32:54 -05:00
retanoj	b0c86d8e51	change string match to regex match	2022-12-06 21:50:09 +08:00
Michael Nebel	8e4190d84a	Merge pull request #11516 from michaelnebel/java/externalflowcleanup Java: Cleanup imports of `ExternalFlow`	2022-12-06 14:26:39 +01:00
retanoj	2bbd37f9ab	change code snippet to `or` condition	2022-12-06 19:27:29 +08:00
retanoj	82d0551215	Merge branch 'main' into MybatisSqli	2022-12-06 17:19:30 +08:00
retanoj	d2140eb4b1	MyBatisAnnotationSqlInjection no @Param case	2022-12-06 17:07:49 +08:00
Henry Mercer	2627632a41	Java: Fix duplicate IDs	2022-12-05 19:06:03 +00:00
Mauro Baluda	7c4b76b08b	Update InsecureCookie.ql	2022-12-05 12:55:53 +01:00
Michael Nebel	a9ba964be4	Java: Update the Java model re-generate script.	2022-12-05 11:39:44 +01:00
Michael Nebel	243b94b54a	Java/C#: Delete old model generator scripts and rename the new ones.	2022-12-05 11:39:44 +01:00
Mauro Baluda	16d7dc0853	Restrict DF configuration	2022-12-05 11:02:19 +01:00
Michael Nebel	4c7cdc6245	Java: Remove unneeded imports of ExternalFlow.qll.	2022-12-05 09:49:38 +01:00
Ed Minnix	7c4bd509a7	Java: add AssetLoader example to WebView file access documentation	2022-12-02 14:43:52 -05:00
Jami	edfcc0cd6d	Merge pull request #11487 from jcogs33/jcogs33/supportedexternalapis-telemetry-query Java/C#: add SupportedExternalApis telemetry query	2022-12-02 13:27:51 -05:00
Mauro Baluda	f3f8f35069	Update InsecureCookie.ql Support interprocedural setting of cookie security	2022-12-02 17:37:23 +01:00
Edward Minnix III	55090ecb65	Java: Typos and minor fixes Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>	2022-12-02 09:17:41 -05:00
Michael Nebel	bb716ddb80	Merge pull request #11499 from michaelnebel/java/kotlinstd Kotlin: Migrate standard library models to data extensions.	2022-12-02 14:44:50 +01:00
Chris Smowton	fef03a0806	Merge pull request #11540 from github/smowton/fix/path-injection-example-syntax-error Java: fix syntax error in path-injection example fix	2022-12-02 11:47:53 +00:00
github-actions[bot]	5e35785fd0	Post-release preparation for codeql-cli-2.11.5	2022-12-02 11:37:44 +00:00
Michael Nebel	fb670325d8	Java/C#: Add query for aiding the conversion of existing negative models.	2022-12-02 12:18:50 +01:00
Michael Nebel	95e65347ca	Merge pull request #11455 from michaelnebel/java/flowtestcaseextensions Java: Update the flow test case generator to produce data extensions.	2022-12-02 12:15:16 +01:00
Chris Smowton	6e98c67869	Java: fix syntax error in path-injection example fix	2022-12-02 10:04:53 +00:00
Michael Nebel	73b171eb2b	Update java/ql/src/utils/flowtestcasegenerator/GenerateFlowTestCase.qll Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>	2022-12-02 09:47:28 +01:00
Michael Nebel	01307e1255	Update java/ql/src/utils/flowtestcasegenerator/FlowTestCase.qll Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>	2022-12-02 09:47:14 +01:00
Michael Nebel	c145678323	Java: Address review comments.	2022-12-02 09:46:39 +01:00
Jami Cogswell	aa633412f4	add change notes	2022-12-01 15:25:45 -05:00
github-actions[bot]	31ab22e3a0	Release preparation for version 2.11.5	2022-12-01 20:05:14 +00:00
Michael Nebel	cd0d09d806	Java: Refactor to avoid using SummaryModelCsv.	2022-12-01 13:07:31 +01:00
Jami Cogswell	22c4d975ad	remove old import	2022-11-30 18:07:45 -05:00
Jami Cogswell	210d8529b6	add query for SupportedExternalApis	2022-11-30 18:07:45 -05:00
Ed Minnix	04829fc38e	Java: SQLInjection example for addJavaScriptInterface query	2022-11-30 13:32:28 -05:00
Ian Lynagh	cd8c40e063	Kotlin: Enable java/non-serializable-field for Kotlin It now ignores compiler-generated classes	2022-11-30 17:58:43 +00:00
Ed Minnix	d35321f40e	Java: change WebView addJavascriptInterface query precision to medium	2022-11-30 11:35:14 -05:00
Ed Minnix	e31521bd14	Java: mention the default negative value for setJavaScriptEnabled	2022-11-30 10:56:17 -05:00
Edward Minnix III	b189e5b365	Java: fix precision in setJavascriptEnabled query Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>	2022-11-30 10:45:31 -05:00
Ed Minnix	5ac1e012ae	Java: Mention AssetLoader in WebView file access query documentation	2022-11-30 10:43:53 -05:00
Ed Minnix	c836c4feb7	Java: Specify default value in WebView file access query	2022-11-30 10:43:05 -05:00

... 24 25 26 27 28 ...

5453 Commits