4195 Commits

Author	SHA1	Message	Date
Jami Cogswell	0f39011122	Java: add taint-tracking config for execute to exclude FPs from non-update queries like select	2025-01-30 10:13:50 -05:00
Jami Cogswell	97aaf4c011	Java: handle MyBatis annotations for insert/update/delete	2025-01-30 10:13:48 -05:00
Jami Cogswell	df77d4914f	Java: initial tests	2025-01-30 10:13:45 -05:00
Jami Cogswell	c553e3132e	Java: add CallGraph module for displaying call graph paths	2025-01-30 10:13:41 -05:00
Jami Cogswell	87a8746b22	Java: add a class for methods that update a sql database (found using sql-injection nodes)	2025-01-30 10:13:39 -05:00
Jami Cogswell	43a288070c	Java: add a class for PreparedStatement methods that update a database	2025-01-30 10:13:37 -05:00
Jami Cogswell	b88731df80	Java: move contents of MyBatisMapperXML.qll in src to MyBatis.qll in lib so importable, and fix experimental files broken by the move	2025-01-30 10:13:27 -05:00
Jami Cogswell	8e9f21dc52	Java: add a class for MyBatis Mapper methods that update a database	2025-01-30 10:01:43 -05:00
Jami Cogswell	506d668289	Java: add class for Spring request mapping methods that are not default-protected from CSRF	2025-01-30 10:01:41 -05:00
Michael Nebel	ee5416f0b1	Merge pull request #18299 from michaelnebel/java/deprecateexperimental ... Java: Deprecate experimental queries.	2025-01-29 10:41:25 +01:00
Owen Mansel-Chan	0ccf4cecb8	Fix XSS FPs when content type is safe	2025-01-28 15:32:30 +00:00
erik-krogh	c7fc164680	java: remove the 2 from SafeTransformerFactoryFlow, not that the previous naming conflict has been deleted	2025-01-28 09:13:59 +01:00
erik-krogh	a1afa20d4b	add change-notes	2025-01-27 22:43:13 +01:00
erik-krogh	34f5f61a10	all: use my script to delete outdated deprecations	2025-01-27 22:16:48 +01:00
Michael Nebel	98d6353f12	Java: Address review comments.	2025-01-27 11:21:44 +01:00
Michael Nebel	cc48cec1c7	Java: Deprecate experimental model activation.	2025-01-27 10:22:17 +01:00
Jonas Jensen	773a98a9eb	Merge pull request #18340 from jbj/diff-informed-getASelectedLocation ... Java: make more queries diff-informed with getASelectedLocation	2025-01-22 14:25:33 +01:00
Anders Schack-Mulligen	5bfd22e60a	Merge pull request #18552 from aschackmull/java/xss-regex-perf ... Java: Improve performance of XSS regex.	2025-01-22 11:28:49 +01:00
Owen Mansel-Chan	b4c8390991	Merge pull request #18137 from owen-mc/java/jax-rs-annotation-inheritance ... Java: Update JAX-RS annotation inheritance	2025-01-21 15:26:47 +00:00
Anders Schack-Mulligen	0f96e79264	Java: Improve performance of XSS regex.	2025-01-21 14:41:08 +01:00
Jonas Jensen	eacc600b29	Java: annotate a query as not selecting sources ... This is for performance in diff-informed mode but also for avoiding spurious entries in the code scanning timeline and alert list.	2025-01-21 12:56:06 +01:00
Owen Mansel-Chan	6fa18be0cc	Fix QLDocs	2025-01-20 22:07:01 +00:00
github-actions[bot]	fbb7f0a0c6	Post-release preparation for codeql-cli-2.20.2	2025-01-20 21:11:14 +00:00
github-actions[bot]	a0512a50f2	Release preparation for version 2.20.2	2025-01-20 21:11:12 +00:00
Nick Rolfe	6b5974a372	Java: fix stats for databaseMetadata relation	2025-01-20 17:02:25 +00:00
Nick Rolfe	64f33955b5	Java: add databaseMetadata to dbscheme	2025-01-17 15:18:07 +00:00
Chris Smowton	060161cd5e	Add change note	2025-01-14 14:22:27 +00:00
Owen Mansel-Chan	883301938b	Merge pull request #18161 from owen-mc/java/weak-crypto-algo-more-informative ... Java: Make `java/weak-cryptographic-algorithm` give a reason why the algo is insecure	2025-01-13 23:43:04 +00:00
yoff	599411b440	Merge pull request #17787 from yoff/shared/add-location-to-typetracking-nodes ... shared: Add locations to type tracking nodes	2025-01-13 23:06:09 +01:00
Ian Lynagh	6b182c5ebd	Merge pull request #18396 from igfoo/igfoo/path_transformer ... Kotlin: Add CODEQL_PATH_TRANSFORMER support	2025-01-13 15:11:41 +00:00
Tom Hvitved	303b11ec36	Merge pull request #18298 from hvitved/rust/mad-source-sink ... Rust: Add support for MaD sources and sinks with access paths	2025-01-10 11:49:51 +01:00
yoff	b263132ab2	Merge pull request #17998 from yoff/shared/locations-in-range-analysis	2025-01-09 14:05:54 +01:00
yoff	21e7a0e828	Merge branch 'main' into shared/locations-in-range-analysis	2025-01-08 16:40:59 +01:00
Tom Hvitved	868caf948c	Rename {Source,Sink}Node to {Source,Sink}Element	2025-01-08 15:21:43 +01:00
yoff	aca5a51a78	Merge branch 'main' into shared/add-location-to-typetracking-nodes	2025-01-08 12:47:05 +01:00
github-actions[bot]	fb20f6ca63	Post-release preparation for codeql-cli-2.20.1	2025-01-07 22:07:40 +00:00
github-actions[bot]	88b6f1e79a	Release preparation for version 2.20.1	2025-01-07 20:50:36 +00:00
Dave Bartolomeo	72a53c4b23	Revert "Release preparation for version 2.20.1"	2025-01-07 13:32:23 -05:00
github-actions[bot]	fbf9f2fff8	Release preparation for version 2.20.1	2025-01-07 17:20:13 +00:00
Dave Bartolomeo	22e030584c	Revert "Release preparation for version 2.20.1"	2025-01-07 12:14:27 -05:00
Owen Mansel-Chan	7688f46650	Add change note	2025-01-07 17:08:23 +00:00
Owen Mansel-Chan	5959a736ac	Only recommend GCM, and tighten wording	2025-01-07 16:55:10 +00:00
Owen Mansel-Chan	9cc614ac2d	Allow jax-rs path annotation inheritance	2025-01-07 16:44:12 +00:00
github-actions[bot]	a121c5a5d0	Release preparation for version 2.20.1	2025-01-06 18:20:22 +00:00
Tom Hvitved	1b31c90d26	Implement FlowSummaryImpl stubs	2025-01-06 13:26:51 +01:00
Ian Lynagh	78b277b46f	Java/Kotlin: Add a changenote for CODEQL_PATH_TRANSFORMER support.	2025-01-03 16:02:36 +00:00
Jonas Jensen	2b1c70c33b	Java: Diff-informed PolynomialReDoS.ql ... This and other queries would also benefit from making `RegexFlow` diff-informed. That will come later.	2024-12-20 13:01:09 +01:00
Jonas Jensen	5bebae9abf	Java: Diff-informed ImproperIntentVerification.ql	2024-12-20 13:01:07 +01:00
Jonas Jensen	e799bff744	Java: Diff-informed TaintedPermissionsCheck.ql	2024-12-20 13:01:06 +01:00
Jonas Jensen	011d667f06	Java: Diff-informed PredictableSeed.ql	2024-12-20 13:01:05 +01:00