hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
76,612 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.7
Commit Graph

4195 Commits

Author SHA1 Message Date
Owen Mansel-Chan
ef2f01613c Merge pull request #16676 from owen-mc/qldoc-external-flow 
C/C#/Java/Swift: Cover all params in QLDoc of `modelCoverage`
 2024-06-05 16:53:27 +01:00
Chris Smowton
79ae522349 Add change note documenting ECJ improvements 2024-06-05 15:12:33 +01:00
Rakshith Gopalakrishna
65af2556ed fix: remove rsa/ecb/* from getASecureAlgorithmName 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2024-06-04 11:20:05 -07:00
Rakshith Gopala krishna
97f9a882c6 fix: address PR comments 2024-06-04 11:20:05 -07:00
Rakshith Gopala krishna
80bf7cdb52 fix: remove the pkcs1 scheme 2024-06-04 11:20:05 -07:00
Rakshith Gopala krishna
dd223ed704 feat: add rsa/ecb/... variants to the list of secure algorithms 2024-06-04 11:20:05 -07:00
Owen Mansel-Chan
3fb5ad2a0d Cover all params in QLDoc of modelCoverage 2024-06-04 17:06:00 +01:00
Tony Torralba
f16dd8c010 Apply code review suggestions. 2024-06-04 10:35:11 +02:00
Tony Torralba
f84c2a842d Java: Add more File-related sinks for path-injection 2024-06-04 10:35:07 +02:00
Anders Schack-Mulligen
06ce40c687 Merge pull request #16561 from aschackmull/java/typeflow-effectively-private 
Java: Improve dispatch through TypeFlow of effectively private calls.
 2024-05-31 15:11:18 +02:00
Mauro Baluda
bbe888c2b3 Update SpringCsrfProtection.qll 2024-05-30 23:13:08 +02:00
Mauro Baluda
e2479a7ce2 Disable csrf for ServerHttpSecurity 2024-05-30 23:08:57 +02:00
github-actions[bot]
906b65d09c Post-release preparation for codeql-cli-2.17.4 2024-05-28 18:02:25 +00:00
github-actions[bot]
33b4ae8bbb Release preparation for version 2.17.4 2024-05-28 15:44:32 +00:00
Anders Schack-Mulligen
5a259843bb Dataflow: Switch call context to a set representation. 2024-05-27 11:01:52 +02:00
Anders Schack-Mulligen
bc8ca1af86 Dataflow: Introduce NodeRegions for use in isUnreachableInCall. 2024-05-27 11:01:51 +02:00
Anders Schack-Mulligen
5a7174dcbb Merge pull request #16500 from aschackmull/java/static-field-side-effect 
Java: Add support for flow through side-effects on static fields.
 2024-05-24 09:19:31 +02:00
Dave Bartolomeo
f498e05099 Merge branch 'main' into dbartol/v1 2024-05-23 14:37:28 -04:00
Dave Bartolomeo
613ccaac1d Add change note to all v1.0.0 packs 2024-05-23 13:01:22 -04:00
Anders Schack-Mulligen
4905612905 Merge pull request #16573 from aschackmull/java/dispatch-joinorder 
Java: Fix join-order in viableImplInCallContext.
 2024-05-23 14:48:25 +02:00
Anders Schack-Mulligen
1bc3f6b0e7 Java: Add change note. 2024-05-23 13:03:06 +02:00
Anders Schack-Mulligen
bf3dbc24de Java: Add support for flow through side-effects on static fields. 2024-05-23 12:57:57 +02:00
Anders Schack-Mulligen
4b3e35ed52 Java: Fix join-order in viableImplInCallContext. 2024-05-23 12:49:57 +02:00
Anders Schack-Mulligen
b519f13600 Java: Add change note. 2024-05-23 10:50:16 +02:00
Anders Schack-Mulligen
527dafa346 Java: Improve dispatch through TypeFlow of effectively private calls. 2024-05-23 10:50:16 +02:00
Anders Schack-Mulligen
f353065d26 Java: Allow overloading for exact model matches. 2024-05-23 10:50:01 +02:00
Anders Schack-Mulligen
0f864081cb Java: Remove source dispatch when there's an exact match from a manual model. 2024-05-23 10:50:00 +02:00
Dave Bartolomeo
ffe4c8c87b Update all pack versions to 1.0.0 2024-05-22 13:39:08 -04:00
Anders Schack-Mulligen
de5c69d0a1 Merge pull request #16551 from aschackmull/java/model-fixes 
Java: Revise some jdk time-related models
 2024-05-22 14:05:23 +02:00
Anders Schack-Mulligen
ba97c3623a Java: Change most java.time.* df-generated taint models to neutrals. 2024-05-22 10:29:54 +02:00
Anders Schack-Mulligen
54f2316d00 Java: Add a neutral model. 2024-05-22 10:29:49 +02:00
Anders Schack-Mulligen
d82acf5866 Java: Add simple type sanitization to java/zipslip. 2024-05-22 10:23:30 +02:00
Owen Mansel-Chan
a8201a19ae Merge pull request #16506 from github/smowton/admin/gradle-version-detection-change-note 
Java: Add change note for Gradle JDK version detection
 2024-05-16 17:11:03 +01:00
Michael Nebel
b1329fd806 Merge pull request #16362 from michaelnebel/java/removelocalqueries 
Java: Remove local query variants.
 2024-05-16 14:34:04 +02:00
Chris Smowton
e8d064e291 Java: Add change note for Gradle JDK version detection 2024-05-16 09:15:47 +01:00
github-actions[bot]
32e8b5c667 Post-release preparation for codeql-cli-2.17.3 2024-05-14 21:14:08 +00:00
github-actions[bot]
100166fa53 Release preparation for version 2.17.3 2024-05-14 19:23:18 +00:00
Chuan-kai Lin
99335e5f29 Merge pull request #16421 from github/cklin/java-entities-reorder 
Java: Use entities in reorder directives
 2024-05-14 06:03:52 -07:00
Anders Schack-Mulligen
76e740bc1d Java: Clean up some instances of getQualifiedName. 2024-05-13 13:06:44 +02:00
Ian Lynagh
4d54c09a6f Java: Add changenote for dropping support for some old variables 2024-05-09 15:59:47 +01:00
Chuan-kai Lin
30b5d5092d Java: Use entities in reorder directives 2024-05-03 11:16:31 -07:00
Michael Nebel
95ff5bae65 Merge pull request #16297 from michaelnebel/java/improveapitelemetry 
Java: Identify more APIs as supported in the telemetry queries.
 2024-05-03 12:34:19 +02:00
Michael Nebel
c07bf65eb6 Update java/ql/lib/semmle/code/java/dataflow/FlowSources.qll 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2024-05-03 11:13:05 +02:00
Michael Nebel
8def1c2c13 Java: Address review comments and some other code quality improvements. 2024-05-03 11:11:52 +02:00
Owen Mansel-Chan
83249cd9c2 Fix grammar in comment 2024-05-02 09:59:48 +01:00
Owen Mansel-Chan
16dcc0969b Standardise comment explaining why extensible predicates must be defined 2024-05-01 22:00:01 +01:00
Owen Mansel-Chan
09e59ccf44 Name files with empty definitions of MaD extensible predicates to erowdmpty.model.yml 2024-05-01 21:39:38 +01:00
Michael Nebel
58bbfe694f Java: Deprecate the content of ExecTaintedLocalQuery as this is unused. 2024-05-01 13:07:21 +02:00
Michael Nebel
d9c7401ea2 Java: Deprecate the local content of UrlRedirectLocalQuery and remove the local query variant. 2024-05-01 13:07:21 +02:00
Michael Nebel
ed7538d0b9 Java: Deprecate the local content of TaintedPathQuery and remove the local query variant. 2024-05-01 13:07:21 +02:00