codeql

mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00

Author	SHA1	Message	Date
Alvaro Muñoz	c3a2ae2943	Account for public fields/setters	2023-07-28 12:12:07 +02:00
Tony Torralba	c239a4399c	Changed Struts2ActionSupportClassFieldReadSource to be a FieldValueNode instead of a field read	2023-07-27 10:39:06 +02:00
Alvaro Muñoz	97a4230d5d	add change note	2023-07-27 10:39:06 +02:00
Alvaro Muñoz	f3fc56294e	implement field taint inheritance for Struts2 unmarshalled objects	2023-07-27 10:39:06 +02:00
Tony Torralba	9d6bc76dc0	Merge pull request #13817 from atorralba/atorralba/java/non-static-fieldvaluenode-step Java: Allow flow out of FieldValueNodes for non-static fields	2023-07-27 09:14:04 +02:00
Owen Mansel-Chan	9b2b58a823	Sync files	2023-07-26 21:48:10 +01:00
Chris Smowton	c69a9ea032	Merge pull request #13793 from github/post-release-prep/codeql-cli-2.14.1 Post-release preparation for codeql-cli-2.14.1	2023-07-26 17:22:05 +01:00
Tony Torralba	8685242c16	Add tests	2023-07-26 14:13:43 +02:00
Stephan Brandauer	24cdc962c2	Merge pull request #13818 from github/kaeluka/fix-erroneous-endpoints-that-are-sinks-and-summary-neutrals Java: Automodel Fix, Prevent Some Erroneous Endpoints	2023-07-26 12:45:29 +02:00
Tony Torralba	602eb43109	Update partial flow test expectations	2023-07-26 09:32:13 +02:00
Ian Lynagh	532552a7ac	Merge pull request #13751 from igfoo/igfoo/getCompilationInfo Java: Improve the diagnostics consistency query	2023-07-25 16:54:17 +01:00
Stephan Brandauer	08f5774d13	Java: Automodel extraction fix for application mode	2023-07-25 17:11:07 +02:00
Stephan Brandauer	698b8d3c5c	Java: Automodel extraction fix; previously, we treated endpoints that were marked as sinks, as well as summary-neutrals as 'erroneous'	2023-07-25 16:52:27 +02:00
Tony Torralba	b8b38e4bbe	Java: Allow flow out of FieldValueNodes for non-static fields	2023-07-25 15:37:41 +02:00
Tony Torralba	c9fc5a54c7	Remove generated sinks and sources	2023-07-25 14:42:32 +02:00
Stephan Brandauer	2582b084f6	Merge pull request #13747 from github/tausbn/exclude-qualifier-argument-for-existing-models Java: Exclude qualifier argument for existing models	2023-07-24 16:26:33 +02:00
Stephan Brandauer	13027a1094	Java: review suggestions from @atorralba	2023-07-24 14:09:10 +02:00
Stephan Brandauer	2f2f507a5d	Java: drive-by change: remove obsolete custom queries from application mode characteristics	2023-07-24 13:55:53 +02:00
Tony Torralba	6c0d47f122	Update java/ql/lib/semmle/code/java/frameworks/InputStream.qll Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2023-07-24 08:49:37 +02:00
Tony Torralba	4e7438ac5c	Make sure that InputStreamWrapperCapturedLocalStep is indeed local	2023-07-24 08:49:37 +02:00
Tony Torralba	d3b3af8ae6	Re-adds jump step Note that this causes FP flow in the call context test cases	2023-07-24 08:49:37 +02:00
Tony Torralba	36ff54b48b	Convert jump step into local step Note that this has FNs in the test cases where the source is used locally in the nested classes' methods	2023-07-24 08:49:37 +02:00
Tony Torralba	cc5a404149	Add more test cases	2023-07-24 08:49:36 +02:00
Tony Torralba	226103b246	Add local class test	2023-07-24 08:49:36 +02:00
Tony Torralba	f054f73836	Apply suggestions from code review Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2023-07-24 08:49:36 +02:00
Tony Torralba	1de68457ae	Move steps to InputStream.qll	2023-07-24 08:49:36 +02:00
Tony Torralba	0156fcc381	Apply suggestions from code review Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2023-07-24 08:49:36 +02:00
Tony Torralba	3a6665b0ed	Add change note	2023-07-24 08:49:36 +02:00
Tony Torralba	5330ce12cc	Use new TypeInputStream	2023-07-24 08:49:34 +02:00
Tony Torralba	00e0e5a61a	Java: Add taint step for InputStream wrappers	2023-07-24 08:48:04 +02:00
github-actions[bot]	419bbbc9ac	Add changed framework coverage reports	2023-07-24 00:17:53 +00:00
github-actions[bot]	f91b7a9342	Post-release preparation for codeql-cli-2.14.1	2023-07-21 16:16:25 +00:00
Stephan Brandauer	79da723878	Java: only assume that _manual_ MaD sinks have been fully modeled	2023-07-21 10:43:07 +02:00
Tony Torralba	3d515b18df	Merge pull request #13769 from atorralba/atorralba/java/avoid-inputstream-low-confidence-dispatch Java: Avoid low-confidence dispatch to InputStream methods	2023-07-21 10:42:34 +02:00
github-actions[bot]	c936a920b0	Release preparation for version 2.14.1	2023-07-20 16:32:27 +00:00
Geoffrey White	45a9d5bc7d	Java: QLDoc.	2023-07-20 11:53:52 +01:00
Geoffrey White	80cb386ffd	Java: Change note.	2023-07-20 11:52:04 +01:00
Geoffrey White	369f88beda	Java: Fix for multiple parse mode flags.	2023-07-20 11:49:54 +01:00
Geoffrey White	32c10885d4	Java: Add test case.	2023-07-20 11:43:11 +01:00
Tony Torralba	238cb26624	Add change note	2023-07-19 15:37:33 +02:00
Tony Torralba	29543f5726	Change InputStream.read from neutral to summary	2023-07-19 14:44:18 +02:00
Anders Schack-Mulligen	a9c76d4175	Merge pull request #13717 from aschackmull/dataflow/neverskipadditionalsteps Dataflow: Add support for not skipping configuration-specific nodes in big-step	2023-07-19 14:06:54 +02:00
Stephan Brandauer	5575fc65aa	Merge pull request #13636 from github/tausbn/add-sink-alert-metrics-query Java: Add metric queries for counting sinks coming from models	2023-07-19 13:12:32 +02:00
Anders Schack-Mulligen	e72a0b2f8c	Dataflow: Add change notes.	2023-07-19 11:41:15 +02:00
Anders Schack-Mulligen	ae24d68b5d	C/C++/C#/Java/Python/Ruby/Swift: Adjust expected output.	2023-07-19 11:41:15 +02:00
Anders Schack-Mulligen	95d17045c9	Dataflow: Sync.	2023-07-19 11:41:15 +02:00
Anders Schack-Mulligen	fd83b6afdb	Dataflow: Add support for not skipping configuration-specific nodes in big-step.	2023-07-19 11:41:15 +02:00
Tony Torralba	2dbbcc2413	Java: Avoid low-confidence dispatch to InputStream methods Also adds a neutral model for `InputStream.read`, which offers a high-confidence alternative for this method.	2023-07-19 11:30:53 +02:00
Paul Hodgkinson	c7084b6d8e	Merge branch 'main' into java/experimental/command-injection	2023-07-18 11:38:44 +01:00
Anders Schack-Mulligen	e72366194b	Merge pull request #13754 from aschackmull/java/remotesource-inbarrier Java: Exclude source-to-source flow in 5 queries.	2023-07-18 10:33:44 +02:00

... 54 55 56 57 58 ...

12870 Commits