codeql

mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00

Author	SHA1	Message	Date
Anders Schack-Mulligen	a7b677ba40	Java: Bugfix for SuperAccess.isOwnInstanceAccess().	2023-09-13 15:43:45 +02:00
Anders Schack-Mulligen	110a4c81e3	Java: Minor perf fix.	2023-09-13 15:43:45 +02:00
Koen Vlaswinkel	7db082f3fd	Java: Add VS Code model editor queries	2023-09-13 13:04:26 +02:00
Ian Lynagh	2b9a425468	Kotlin: Support 1.9.20	2023-09-12 18:28:33 +01:00
github-actions[bot]	d699880c86	Post-release preparation for codeql-cli-2.14.4	2023-09-08 21:17:52 +00:00
github-actions[bot]	abf2b12b1c	Release preparation for version 2.14.4	2023-09-05 16:56:14 +00:00
Tom Hvitved	73370e7282	Merge pull request #14100 from hvitved/dataflow/consistency-pack Data flow: Add consistency checks to shared ql pack	2023-08-31 11:47:40 +02:00
Asger F	2d5c40db31	Merge pull request #14048 from asgerf/shared/variable-capture-write-source-node Variable capture: allow arbitrary data-flow nodes to be the source of a write	2023-08-31 10:20:48 +02:00
Tom Hvitved	fefe64bf0c	Java: Use data flow consistency checks from shared pack	2023-08-30 15:29:41 +02:00
Anders Starcke Henriksen	361ae1747e	Merge branch 'main' into starcke/automodel-pack	2023-08-30 09:25:28 +02:00
Dave Bartolomeo	3343b78015	Merge pull request #14074 from github/post-release-prep/codeql-cli-2.14.3 Post-release preparation for codeql-cli-2.14.3	2023-08-28 13:34:10 -04:00
github-actions[bot]	3eba77421a	Post-release preparation for codeql-cli-2.14.3	2023-08-28 15:53:49 +00:00
Asger F	d4cfa8c2b8	Java: autoformatting changes	2023-08-28 15:35:06 +02:00
Asger F	d2fe4d235a	Java: Inline VariableWrite.getSource()	2023-08-28 15:34:48 +02:00
Tony Torralba	6573b1f772	Merge pull request #14056 from atorralba/atorralba/java/jenkins-stapler-regenerate Java: Re-generate Jenkins and Stapler models	2023-08-25 13:15:21 +02:00
Tony Torralba	5367fb99d9	Manually update a couple of models affected by the nested name change	2023-08-25 11:25:40 +02:00
Tony Torralba	25ac87279e	Add change note	2023-08-25 11:17:54 +02:00
Tony Torralba	2448bc8ce2	Java: Add new Apache CXF models	2023-08-25 11:17:51 +02:00
Tony Torralba	2ed01d06b4	Java: Re-generate Jenkins and Stapler models Re-generated the Jenkins and Stapler models to pick up the changes from github/codeql#14032	2023-08-25 10:01:28 +02:00
Ian Lynagh	5dff1852e1	Kotlin: We now support 1.9.10	2023-08-24 17:36:45 +01:00
Asger F	f17518ace2	Java: update to reflect changes in VariableCapture.qll	2023-08-24 14:06:44 +02:00
Anders Schack-Mulligen	7af1e96943	Merge pull request #14032 from aschackmull/java/mad-nestednames Java: Use nested names in MaD signatures.	2023-08-24 13:53:55 +02:00
Tony Torralba	6b58d11eeb	Merge pull request #13900 from atorralba/atorralba/java/jaxws-getaremotemethod-improv Java: Improve `JaxWsEndpoint::getARemoteMethod`	2023-08-24 13:37:15 +02:00
Tony Torralba	8c32919381	Merge pull request #13903 from atorralba/atorralba/jaxrs-mad-models Java: New models for JAX-RS	2023-08-24 11:43:13 +02:00
Tony Torralba	3f9701cea7	Two fixes: * Consider that the @WebService annotation (et al) can be in a supertype or interface * getARemoteMethod should only return public methods, since protected, package-private, and private methods are not exposed	2023-08-24 11:35:52 +02:00
Tony Torralba	0f3918af16	Merge pull request #13773 from atorralba/atorralba/java/mdht-xxe-sink Java: Add XXE sinks for MDHT	2023-08-23 13:49:49 +02:00
Anders Schack-Mulligen	736c4beb9e	Java: Add change note.	2023-08-23 13:26:41 +02:00
Anders Schack-Mulligen	6c02e30f56	Java: Update models.	2023-08-23 13:24:55 +02:00
Anders Schack-Mulligen	4b0a1cf74b	Java: Remove old interpretation.	2023-08-23 13:19:16 +02:00
Anders Schack-Mulligen	410c09270f	Java: Use nested names in MaD signatures.	2023-08-23 13:17:52 +02:00
Anders Schack-Mulligen	bdc5f9cdea	Merge pull request #14012 from knewbury01/knewbury01/add-sanitizer-command-query Java: add sanitizer to command injection query	2023-08-22 08:40:49 +02:00
Michael Nebel	ce6fd8ac5f	Merge pull request #13432 from michaelnebel/updateissupported Java/C#: Update telemetry queries to report callables with sink/source neutrals as being supported.	2023-08-22 08:39:38 +02:00
Kristen Newbury	5e01e1d464	Java: add sanitizer to command injection query	2023-08-21 12:33:05 -04:00
Jeroen Ketema	2d0f73d7c2	Merge pull request #13881 from jketema/shared-taint-tracking Introduce shared taint tracking library	2023-08-21 12:45:49 +02:00
Jeroen Ketema	a2bb7dee18	Java: Delete copy of shared taint tracking library	2023-08-21 10:32:28 +02:00
Michael Nebel	106ba11e10	Address review comments.	2023-08-21 09:59:02 +02:00
Michael Nebel	d66fe08661	Add QLDoc for the getKind predicate.	2023-08-21 09:59:02 +02:00
Michael Nebel	5623ccf4a0	Java: Re-factor NeutralCallable to include all neutrals and introduce NeutralSummaryCallable.	2023-08-21 09:59:00 +02:00
github-actions[bot]	098dfb4242	Release preparation for version 2.14.3	2023-08-18 14:48:15 +00:00
Edward Minnix III	d109637e2d	Merge pull request #13413 from egregius313/egregius313/trust-boundary Java: Trust Boundary Violation Query	2023-08-18 10:33:32 -04:00
Erik Krogh Kristensen	08ef31d452	Merge pull request #13916 from erik-krogh/limit-java-field-reg Java: limit field flow when tracking regex strings	2023-08-18 12:14:31 +02:00
Stephan Brandauer	480e3bf506	Java: update model exclusions logic to cope with new automodel test location	2023-08-18 10:28:51 +02:00
Ed Minnix	655a98452a	Remove `escapeHTML` models	2023-08-17 13:05:37 -04:00
Ed Minnix	d468ea9e90	Add default sanitizers	2023-08-17 13:05:37 -04:00
Ed Minnix	a36c12ff1f	Add trust-boundary-violation sink kind	2023-08-17 13:05:37 -04:00
Ed Minnix	60642c52aa	Use non-extending subtype	2023-08-17 13:05:37 -04:00
Ed Minnix	e22a67e7fe	Remove unnecessary methods	2023-08-17 13:05:37 -04:00
Ed Minnix	a3a4c31911	Replace servlet source node with RemoteFlowSource	2023-08-17 13:05:37 -04:00
Ed Minnix	172b8a6967	Documentation fixes	2023-08-17 13:05:37 -04:00
Ed Minnix	b567ec875a	Documentation	2023-08-17 13:05:37 -04:00

... 21 22 23 24 25 ...

4170 Commits