hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
77,734 Commits 1,671 Branches 157 Tags
codeql-cli-2.21.0
Commit Graph

699 Commits

Author SHA1 Message Date
Tony Torralba
6b58d11eeb Merge pull request #13900 from atorralba/atorralba/java/jaxws-getaremotemethod-improv 
Java: Improve `JaxWsEndpoint::getARemoteMethod`
 2023-08-24 13:37:15 +02:00
Tony Torralba
8c32919381 Merge pull request #13903 from atorralba/atorralba/jaxrs-mad-models 
Java: New models for JAX-RS
 2023-08-24 11:43:13 +02:00
Anders Schack-Mulligen
736c4beb9e Java: Add change note. 2023-08-23 13:26:41 +02:00
Kristen Newbury
5e01e1d464 Java: add sanitizer to command injection query 2023-08-21 12:33:05 -04:00
github-actions[bot]
098dfb4242 Release preparation for version 2.14.3 2023-08-18 14:48:15 +00:00
Ed Minnix
cafd08521e Add change note 2023-08-15 23:46:12 -04:00
Michael Nebel
a95aad51bd Merge pull request #13546 from michaelnebel/java/withoutelement 
Java: Support for With[out]Element for MaD.
 2023-08-15 10:03:03 +02:00
Henry Mercer
1213eba630 Merge branch 'main' into post-release-prep/codeql-cli-2.14.2 2023-08-11 13:54:55 +01:00
Anders Schack-Mulligen
0ca3f3308b Merge pull request #13478 from aschackmull/java/varcapture 
Java: Add proper support for variable capture flow.
 2023-08-08 16:22:56 +02:00
github-actions[bot]
79c90fa36a Release preparation for version 2.14.2 2023-08-07 18:08:52 +00:00
Tony Torralba
fb0102b763 Java: New models for JAX-RS 2023-08-07 11:52:23 +02:00
Tony Torralba
43b9199734 Java: Improved JaxWsEndpoint::getARemoteMethod 2023-08-07 10:21:58 +02:00
Ed Minnix
23e2eb11dd Change note 2023-08-07 00:23:58 -04:00
Michael Nebel
d3eb9c1325 Java: Add release note and address review comments. 2023-08-04 13:36:43 +02:00
Anders Schack-Mulligen
d1a616a70a Java: Add proper support for variable capture flow. 2023-08-03 10:04:02 +02:00
Tony Torralba
41f1315da9 Merge pull request #13772 from atorralba/atorralba/java/inputstream-wrapper-read-step 
Java: Add taint steps for InputStream wrappers
 2023-07-31 11:12:43 +02:00
Tony Torralba
08cba7dc5f Merge pull request #13713 from pwntester/java/struts2_source_taint_inheriting 
[Java] Implement field taint inheritance for Struts2 unmarshalled objects
 2023-07-28 16:46:27 +02:00
Tony Torralba
2dff0ce5b4 Merge pull request #13712 from pwntester/java/new_struts2_models 
[Java] New models for Struts2 framework
 2023-07-28 14:31:25 +02:00
Alvaro Muñoz
97a4230d5d add change note 2023-07-27 10:39:06 +02:00
Chris Smowton
c69a9ea032 Merge pull request #13793 from github/post-release-prep/codeql-cli-2.14.1 
Post-release preparation for codeql-cli-2.14.1
 2023-07-26 17:22:05 +01:00
Ian Lynagh
532552a7ac Merge pull request #13751 from igfoo/igfoo/getCompilationInfo 
Java: Improve the diagnostics consistency query
 2023-07-25 16:54:17 +01:00
Tony Torralba
3a6665b0ed Add change note 2023-07-24 08:49:36 +02:00
Tony Torralba
3d515b18df Merge pull request #13769 from atorralba/atorralba/java/avoid-inputstream-low-confidence-dispatch 
Java: Avoid low-confidence dispatch to InputStream methods
 2023-07-21 10:42:34 +02:00
github-actions[bot]
c936a920b0 Release preparation for version 2.14.1 2023-07-20 16:32:27 +00:00
Geoffrey White
80cb386ffd Java: Change note. 2023-07-20 11:52:04 +01:00
Tony Torralba
238cb26624 Add change note 2023-07-19 15:37:33 +02:00
Anders Schack-Mulligen
e72a0b2f8c Dataflow: Add change notes. 2023-07-19 11:41:15 +02:00
Ian Lynagh
8a0286ec34 Java: Improve the diagnostics consistency query 
Diagnostics can be easier to read if you see them in the order in which
they were generated. By selecting the compilation and indexes, they get
sorted by the testsuite driver.

d.getCompilationInfo(c, f, i) would be a bit more natural as
d = c.getDiagnostic(f, i), but currently we don't import Diagnostic into
the default ('import java') namespace, and I don't think it's worth
changing that for this.
 2023-07-17 15:37:05 +01:00
Tony Torralba
cafc67e3be Merge pull request #13714 from pwntester/java/langs3_improvements 
[Java] Add missing commons lang3 model for ToStringBuilder.reflectionToString
 2023-07-13 14:45:33 +02:00
Stephan Brandauer
4391799b7e Merge pull request #13403 from github/java/update-mad-decls-after-triage-2023-06-08T08-51-47 
Java: Update MaD Declarations after Triage
 2023-07-13 11:15:41 +02:00
Tony Torralba
7204c30025 Update 2023-07-12-apache-commons-lang3-tostringbuilder.md 2023-07-13 09:38:33 +02:00
Ed Minnix
63299688d5 Add change notes for default implementations of isBarrier and isAdditionalFlowStep 2023-07-12 15:21:16 -04:00
Ian Lynagh
fe24cc1900 Merge pull request #13718 from igfoo/igfoo/file_classes 
Kotlin: Improve file class support
 2023-07-12 15:42:16 +01:00
Alvaro Muñoz
0247278bad add change note 2023-07-12 11:03:24 +02:00
Alvaro Muñoz
46e326e106 add change note 2023-07-12 10:59:56 +02:00
Ian Lynagh
cfd29de677 Kotlin: Add Class.isFileClass() 2023-07-11 15:58:41 +01:00
Tony Torralba
b70e21df4f Merge pull request #13702 from atorralba/atorralba/kotlin/apply 
Kotlin: Support apply
 2023-07-10 17:39:57 +02:00
Tony Torralba
0f18c0227b Kotlin: Support apply 2023-07-10 16:15:27 +02:00
github-actions[bot]
6484ee106e Release preparation for version 2.14.0 2023-07-07 08:22:14 +00:00
Dave Bartolomeo
2bb9adfbf1 Merge remote-tracking branch 'origin/main' into dbartol/mergeback-3.10 2023-07-06 10:00:46 -04:00
github-actions[bot]
9d7987f822 Release preparation for version 2.13.5 2023-06-29 09:26:18 +00:00
jorgectf
9d8ae5039a Add models for javax.portlet 2023-06-28 17:53:56 +02:00
Tony Torralba
a7c2a25cac Merge pull request #12879 from atorralba/atorralba/java/command-injection-mad-sinks 
Java: Convert all command injection sinks to MaD format
 2023-06-27 14:06:45 +02:00
Tony Torralba
d07e2862f9 Java: Add URL.toString summary 
This adds coverage for CVE-2023-35149.
 2023-06-22 17:39:30 +02:00
Henry Mercer
5afdaf8fe1 Merge pull request #13525 from github/rc/3.10 
Merge `rc/3.10` back to `main`
 2023-06-21 17:13:36 +01:00
Jami
622cd05b77 Merge branch 'main' into java/update-mad-decls-after-triage-2023-06-08T08-51-47 2023-06-20 21:58:15 -04:00
Tony Torralba
c62689022e Merge pull request #13256 from atorralba/atorralba/java/stapler-models 
Java: Model the Stapler framework
 2023-06-19 15:27:19 +02:00
Tony Torralba
7cbc13db40 Update java/ql/lib/change-notes/2023-06-08-new-models.md 2023-06-15 15:14:12 +02:00
Tony Torralba
37a62d3021 Merge pull request #13227 from atorralba/atorralba/java/jenkins-generated-models 
Java: Add autogenerated models for frameworks related to Jenkins
 2023-06-14 15:59:28 +02:00
Tony Torralba
5e3d9d8136 Java: Model the Stapler framework 2023-06-14 12:34:52 +02:00