5453 Commits

Author	SHA1	Message	Date
Max Schaefer	d5d0cf5d90	Java: Tag java/non-https-url with CWE-345	2024-07-11 13:37:09 +01:00
am0o0	7a5838f1a2	MethodAccess => MethodCall	2024-07-09 19:43:22 +02:00
am0o0	e87d2fe922	remove redundent imports	2024-07-09 19:41:06 +02:00
github-actions[bot]	ae3aba061b	Post-release preparation for codeql-cli-2.18.0	2024-07-08 13:30:13 +00:00
Angela P Wen	dc20b0d19e	Merge pull request #16921 from github/release-prep/2.18.0 ... Release preparation for version 2.18.0	2024-07-08 13:12:57 +02:00
Chris Smowton	d9573596c7	Merge pull request #16810 from smowton/smowton/feature/java-low-db-quality-query ... Java: add diagnostic query indicating low database quality	2024-07-08 12:06:42 +01:00
github-actions[bot]	b0d6778652	Release preparation for version 2.18.0	2024-07-08 09:10:51 +00:00
Owen Mansel-Chan	de5fc4e609	Add change notes	2024-07-07 00:24:27 +01:00
am0o0	fe1103d997	add stubs, upgrade test to inline test, update test files	2024-07-04 15:25:36 +02:00
Michael Nebel	25b20186af	Merge pull request #16861 from michaelnebel/modelgen/sourcesinklift ... C#/Java: Do not lift source and sink models.	2024-07-02 08:50:31 +02:00
am0o0	a6833945c1	remove additional taint steps and flow states	2024-07-01 16:07:44 +02:00
am0o0	d31711bd89	merge all ne flow sources into one by extending current abstract class	2024-07-01 15:16:44 +02:00
am0o0	f1324a413a	update qlhelp	2024-07-01 15:09:56 +02:00
Arthur Baars	b12b33c8f9	Merge remote-tracking branch 'upstream/main' into 'rc/3.14'	2024-06-28 19:50:35 +02:00
Michael Nebel	e23ff3e499	Java: Sync files and make language specific implementation.	2024-06-27 11:27:08 +02:00
Chris Smowton	80cb908289	Amend message	2024-06-27 09:57:35 +01:00
Chris Smowton	df860d4128	autoformat	2024-06-27 09:57:25 +01:00
Chris Smowton	16a90aa180	autoformat	2024-06-27 09:57:19 +01:00
Chris Smowton	6292cacd74	Add link to build modes docs	2024-06-27 09:57:13 +01:00
Chris Smowton	d43762cae3	Apply suggestions from code review ... Co-authored-by: Sarita Iyer <66540150+saritai@users.noreply.github.com> Co-authored-by: Chad Bentz <1760475+felickz@users.noreply.github.com>	2024-06-27 09:57:07 +01:00
Chris Smowton	f397ab2d72	Java: add diagnostic query indicating low database quality	2024-06-27 09:57:02 +01:00
Ian Lynagh	f9ae44ca5c	Merge pull request #16736 from igfoo/igfoo/debugLoC ... Java/Kotlin: Tag the LoC queries 'debug'	2024-06-25 22:57:36 +01:00
Ian Lynagh	c12adbeeaa	Java/Kotlin: Tag the LoC queries 'debug' ... This brings them into line with LinesOfCode.ql	2024-06-25 15:46:10 +01:00
github-actions[bot]	fd385736e6	Post-release preparation for codeql-cli-2.17.6	2024-06-25 06:39:45 +00:00
github-actions[bot]	e32a587078	Release preparation for version 2.17.6	2024-06-24 14:33:10 +00:00
Michael Nebel	c687dcb094	Java: Sync files and make language specific implementation.	2024-06-24 13:07:39 +02:00
Michael Nebel	9cd16fd9d6	Java: Base the model printing on the shared implementation.	2024-06-24 11:52:50 +02:00
Michael Nebel	94d12edfdb	Merge pull request #16759 from michaelnebel/modelgen/sourcesinkmodelgen ... C#/Java: Introduce source and sink model generation sanitisers.	2024-06-24 11:47:11 +02:00
Jonathan Leitschuh	472cca9221	Align Java CommandInjectionRuntimeExec.ql Severity ... Align severity with other command injection vulnerabilities: - 4a448f445e/cpp/ql/src/Security/CWE/CWE-078/ExecTainted.ql (L8) - 4a448f445e/go/ql/src/Security/CWE-078/CommandInjection.ql (L7) - 4a448f445e/swift/ql/src/queries/Security/CWE-078/CommandInjection.ql (L7) - 4a448f445e/javascript/ql/src/Security/CWE-078/CommandInjection.ql (L7)	2024-06-21 10:29:27 -04:00
Michael Nebel	ed3f1e40db	Java: Sync changes and make dummy language specific implementation.	2024-06-19 14:10:54 +02:00
Michael Nebel	cd9d58fdc8	Merge pull request #16772 from michaelnebel/java/taintedpermissionthreatmodel ... Java: Opt-in `java/tainted-permissions-check` to threat models.	2024-06-18 10:54:28 +02:00
Michael Nebel	5686efd25c	Update java/ql/src/change-notes/2024-06-17-tainted-permissions-check.md ... Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>	2024-06-17 16:47:22 +02:00
Michael Nebel	833b4f90bf	Java: Make source and sink callable adapters.	2024-06-17 12:53:08 +02:00
Michael Nebel	c3862660e4	Java: Add change note.	2024-06-17 11:07:29 +02:00
Michael Nebel	a29446a566	C#/Java: Address review comments.	2024-06-14 10:46:19 +02:00
Michael Nebel	e247d5b316	Java: Sync files and make dummy language specific implementation.	2024-06-13 10:55:17 +02:00
Mathias Vorreiter Pedersen	67b327a0f7	Merge pull request #16725 from MathiasVP/rc-3.14-mergeback ... Mergeback from `rc/3.14`	2024-06-11 17:37:40 +01:00
Mathias Vorreiter Pedersen	3351b9547d	Merge branch 'rc/3.14' into rc-3.14-mergeback	2024-06-11 16:21:08 +01:00
Mauro Baluda	e9dba59f11	Merge branch 'main' into main	2024-06-10 19:57:00 +02:00
github-actions[bot]	8a25081a0e	Post-release preparation for codeql-cli-2.17.5	2024-06-10 15:33:08 +00:00
github-actions[bot]	877bfa2468	Release preparation for version 2.17.5	2024-06-10 13:40:39 +00:00
Mauro Baluda	71505f4003	Added more org.apache.commons.io.FileUtils-related sinks to the path injection query.	2024-06-10 11:29:51 +02:00
Rakshith Gopalakrishna	798a736d16	fix: update changelog ... Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>	2024-06-04 11:20:05 -07:00
Rakshith Gopala krishna	0f63f0dda2	docs: add changenote	2024-06-04 11:20:05 -07:00
Tony Torralba	f16dd8c010	Apply code review suggestions.	2024-06-04 10:35:11 +02:00
Tony Torralba	f84c2a842d	Java: Add more File-related sinks for path-injection	2024-06-04 10:35:07 +02:00
Mauro Baluda	48fc44baff	Add release notes	2024-05-30 23:21:12 +02:00
github-actions[bot]	906b65d09c	Post-release preparation for codeql-cli-2.17.4	2024-05-28 18:02:25 +00:00
github-actions[bot]	33b4ae8bbb	Release preparation for version 2.17.4	2024-05-28 15:44:32 +00:00
Michael Nebel	78d4745722	Merge pull request #16578 from michaelnebel/java/dontliftneutral ... Java: Do not lift neutrals in Model generation.	2024-05-24 09:19:20 +02:00