codeql

mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00

Author	SHA1	Message	Date
github-actions[bot]	cf71a1525b	Post-release preparation for codeql-cli-2.20.0	2024-12-04 18:36:17 +00:00
github-actions[bot]	96564b7128	Release preparation for version 2.20.0	2024-12-04 16:01:14 +00:00
Henry Mercer	963f084d87	Merge branch 'main' into henrymercer/merge-back-rc-3.16	2024-12-04 13:39:10 +00:00
Anders Schack-Mulligen	03fdceb0fd	Merge pull request #18191 from aschackmull/dataflow/remove-deprecated-lib Dataflow: Delete the old configuration-class based api.	2024-12-04 11:31:46 +01:00
Owen Mansel-Chan	5351f5b69d	Update wording of alert (accepting review suggestion) Co-authored-by: Chris Smowton <smowton@github.com>	2024-12-04 10:31:14 +00:00
Anders Schack-Mulligen	5042753b29	C#/Java: Add change notes.	2024-12-04 10:20:43 +01:00
Owen Mansel-Chan	95116eec51	Update recommendations	2024-12-04 00:42:23 +00:00
Anders Schack-Mulligen	b12a1c078c	Java: Delete deprecated extension points referencing deleted api.	2024-12-03 20:08:44 +01:00
Anders Schack-Mulligen	cca27e4c77	Add change notes for all languages.	2024-12-03 19:42:33 +01:00
Anders Schack-Mulligen	2c0baff76a	Java: Delete deprecated data flow api.	2024-12-03 14:13:03 +01:00
Tom Hvitved	fbeb6f3940	Shared: Move shared logic into `FlowSummaryImpl.qll`	2024-12-03 09:11:11 +01:00
Owen Mansel-Chan	5c99c8cc37	Improve suggestion for ECB	2024-11-29 14:05:07 +00:00
Owen Mansel-Chan	09240e46f2	Refactor: use `concat` instead of hand-written version This changes the order of the algorithms in the regex, but I don't think that makes any difference.	2024-11-29 11:54:29 +00:00
Owen Mansel-Chan	e6409e159f	Give reason why crypto algorithm is insecure	2024-11-29 11:54:27 +00:00
Owen Mansel-Chan	2c061b0d56	Add QLDoc for HostnameSanitizingPrefix	2024-11-29 09:46:44 +00:00
Owen Mansel-Chan	7f8a1ae941	Add change note	2024-11-29 09:46:42 +00:00
Owen Mansel-Chan	7648d397f8	Improve model to remove some false positives	2024-11-29 09:46:41 +00:00
Owen Mansel-Chan	617f4f140e	Make HostnameSanitizingPrefix public	2024-11-29 09:46:39 +00:00
Owen Mansel-Chan	ba3f9d6134	Convert model to QL	2024-11-29 09:46:38 +00:00
Owen Mansel-Chan	b5fbf2e944	Add models for third arg of getForObject No attempt to stop FPs.	2024-11-28 16:51:13 +00:00
Owen Mansel-Chan	65fb895ed5	(Unrelated) Fix typo in class name	2024-11-28 16:51:09 +00:00
Anders Schack-Mulligen	df2e2e503a	Merge pull request #17901 from aschackmull/java/allowlist-sanitizer Java: Add a default taint sanitizer for contains-checks on lists of constants	2024-11-27 11:09:05 +01:00
Anders Schack-Mulligen	5ef496dd1b	Java: Add more qldoc.	2024-11-27 09:07:35 +01:00
Anders Schack-Mulligen	408a38d9fb	Java: Address review comment, include addFirst,addLast.	2024-11-26 13:25:43 +01:00
Anders Schack-Mulligen	5a4b720322	Java: Add change note.	2024-11-26 13:25:42 +01:00
Anders Schack-Mulligen	6f32c4129d	Java: Add a default taint sanitizer for contains-checks on lists of constants.	2024-11-26 13:25:41 +01:00
Anders Schack-Mulligen	7f86f8cac7	Java: Prepare TypeFlow for separate instantiation of universal flow.	2024-11-26 13:25:41 +01:00
Jami Cogswell	05b6700607	Java: add SHA384 to list of secure algorithms	2024-11-25 09:27:53 -05:00
Arthur Baars	c2b342f1a0	Merge pull request #18084 from github/aibaars/java-sha3 Java: add SHA3 family to list of secure crypto algorithms	2024-11-25 15:07:43 +01:00
Arthur Baars	5eb91fd516	Drop SHA3-224 Drop the 224bits variant as it looks like SHA3-224 may be deprecated soon based on NIST's most recent draft revision of Transitioning the Use of Cryptographic Algorithms and Key Lengths	2024-11-25 11:25:45 +01:00
Jami	f0045692a7	Merge pull request #17869 from jcogs33/jcogs33/improve-weak-crypto Java: Improve weak crypto query	2024-11-24 12:04:00 -05:00
Arthur Baars	c6eaed343d	Java: add SHA3 family to list of secure crypto algorithms	2024-11-22 19:03:00 +01:00
Alexander Eyers-Taylor	c0474c4e45	Revert "Revert "Post-release preparation for codeql-cli-2.19.4""	2024-11-21 15:37:52 +00:00
Alexander Eyers-Taylor	4effe9e364	Revert "Post-release preparation for codeql-cli-2.19.4"	2024-11-21 14:43:15 +00:00
github-actions[bot]	3909df75dc	Post-release preparation for codeql-cli-2.19.4	2024-11-19 17:54:03 +00:00
github-actions[bot]	9783a11565	Release preparation for version 2.19.4	2024-11-19 16:21:37 +00:00
Rasmus Lerchedahl Petersen	cd5509a0f9	Java: locations for range analysis	2024-11-15 13:11:25 +01:00
Owen Mansel-Chan	ba239a1be0	Add change note	2024-11-14 15:02:21 +00:00
Owen Mansel-Chan	bf0fba6c49	Refactor UnreachableBasicBlock to make it clearer	2024-11-14 14:53:12 +00:00
Owen Mansel-Chan	efb34aea45	Fix bug in UnreachableBlocks	2024-11-14 14:50:25 +00:00
Anders Schack-Mulligen	d7fbf68a59	Merge pull request #17597 from aschackmull/java/chararraywriter-tostring Java: Add model for CharArrayWriter.toString().	2024-11-12 12:55:44 +01:00
Michael Nebel	404ca27aec	Java: Move non-experimental models out of the experimental folder.	2024-11-11 10:08:45 +01:00
Anders Schack-Mulligen	5602570e18	Kotlin: Support NotNullExpr in TypeFlow.	2024-11-07 15:25:23 +01:00
Anders Schack-Mulligen	4df4a1e6c6	Merge pull request #17863 from aschackmull/shared/universal-flow Shared: Add a Universal Flow library and refactor TypeFlow to use it.	2024-11-06 13:46:13 +01:00
github-actions[bot]	f107d16b4e	Post-release preparation for codeql-cli-2.19.3	2024-11-04 17:20:08 +00:00
github-actions[bot]	cc7b724123	Release preparation for version 2.19.3	2024-11-04 16:37:28 +00:00
Jami Cogswell	459d16824e	Java: weak crypto: do not report weak hash algorithms	2024-11-03 18:22:06 -05:00
Anders Schack-Mulligen	b556590ef8	Merge pull request #17663 from aschackmull/dataflow/speculative-flow Dataflow: Add support for speculative taint flow.	2024-10-31 08:12:43 +01:00
Anders Schack-Mulligen	9b493c1e1b	Java: Fix bug related to null inference for pattern initializer.	2024-10-30 15:05:36 +01:00
Ian Lynagh	251a8a34ed	Java: Add up/downgrade scripts	2024-10-29 11:32:22 +00:00

1 2 3 4 5 ...

4170 Commits