hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
77,734 Commits 1,671 Branches 157 Tags
codeql-cli-2.21.0
Commit Graph

4237 Commits

Author SHA1 Message Date
Ed Minnix
f7c07d55ed Credential-other sinks 2023-10-25 14:31:53 -04:00
Ed Minnix
49218cdbfb Credential-username models 2023-10-25 14:31:53 -04:00
Ed Minnix
18661eee77 Crypto-parameter models 2023-10-25 14:31:53 -04:00
Ed Minnix
66486b08dc Password models 2023-10-25 14:31:53 -04:00
Ed Minnix
4aec302fb7 Create new sink kinds 2023-10-25 14:31:53 -04:00
Anders Schack-Mulligen
283d6efdf8 Rangeanalysis/Java/C++: Address some ql4ql findings. 2023-10-25 14:06:35 +02:00
Jami
53d92d58fc Merge pull request #14581 from jcogs33/jcogs33/add-internal-to-model-exclusions 
Java: exclude internal packages globally from MaD models
 2023-10-25 08:04:03 -04:00
Anders Schack-Mulligen
2592c94c54 Java: Replace range analysis with shared version. 2023-10-25 11:29:55 +02:00
Anders Schack-Mulligen
36082808d3 Java: Implement shared range analysis signatures. 2023-10-25 11:29:55 +02:00
Marcono1234
bf20b8e5a5 Kotlin: Mention Literal::getLiteral() difference from source code 
It appears the Kotlin extractor does not have access to the actual
string representation in the source code, and for most literal types
uses simply the represented value also as `getLiteral` result, see
https://github.com/github/codeql/blob/codeql-cli/v2.15.1/java/kotlin-extractor/src/main/kotlin/KotlinFileExtractor.kt#L4443
 2023-10-25 02:04:54 +02:00
Dave Bartolomeo
5fd56ce866 Alternate threat model implementation 2023-10-24 13:12:37 -04:00
Jami Cogswell
121fd0896b Java: exclude internal packages in general from models 2023-10-24 12:49:49 -04:00
Tony Torralba
9f7a8aa18c Update MaD Declarations after Triage 2023-10-24 17:42:03 +02:00
Chris Smowton
30610c9a3f Temporarily de-deprecate SuperMethodAccess to accommodate private tests 2023-10-24 16:05:52 +01:00
Chris Smowton
4205f1bd03 Temporarily un-deprecate MethodAccess to decouple from private tests 2023-10-24 14:03:26 +01:00
Chris Smowton
06238dd5f6 Improve reflective class names 2023-10-24 13:29:32 +01:00
Chris Smowton
011666b48c Fix description and improve predicate name of VarWrite. 2023-10-24 12:59:57 +01:00
Chris Smowton
ede17585a6 Amend NewClassExpr description 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2023-10-24 12:51:42 +01:00
Chris Smowton
e3edea2a5f Apply simple suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2023-10-24 12:51:03 +01:00
Chris Smowton
efb63aada3 Add change note 2023-10-24 11:45:41 +01:00
Chris Smowton
3627eb2bcf Add missing qldoc 2023-10-24 11:15:08 +01:00
Chris Smowton
e8c9708282 Autoformat 2023-10-24 11:06:19 +01:00
Chris Smowton
09e83d1173 Fix isEnclosingMethodAccess wrapper 2023-10-24 11:03:57 +01:00
Chris Smowton
ac38d4c9c6 Mass rename L/RValue -> VarWrite/Read 2023-10-24 10:58:29 +01:00
Chris Smowton
59a49eef0b Add aliases for public, importable renamed classes and predicates. 
Also rename and aliases a couple of uses of Access noted along the way.
 2023-10-24 10:54:35 +01:00
Chris Smowton
f552a15aae Mass-rename MethodAccess -> MethodCall 2023-10-24 10:30:26 +01:00
Chris Smowton
a10731c591 Java: introduce more-intuitive names for ClassInstanceExpr, L/RValue and MethodAccess. 2023-10-24 09:38:49 +01:00
Tony Torralba
cd10dc8a27 Java: Added up to date models for Spring's ResponseEntity 2023-10-23 16:06:11 +02:00
Dave Bartolomeo
910b2a98f1 Merge remote-tracking branch 'origin/main' into dbartol/threat-models 2023-10-19 17:07:38 -04:00
Dave Bartolomeo
bd7de83aab Use extension packs for threat models 2023-10-19 17:07:26 -04:00
Dave Bartolomeo
712f7758cf Merge branch 'main' into post-release-prep/codeql-cli-2.15.1 2023-10-19 12:14:07 -04:00
Tony Torralba
da44b13fd4 Merge pull request #14515 from atorralba/atorralba/java/spring-csrf-improv 
Java: Improve java/spring-disabled-csrf-protection
 2023-10-18 17:49:10 +02:00
github-actions[bot]
8dcd8b9e5b Post-release preparation for codeql-cli-2.15.1 2023-10-17 20:24:00 +00:00
Edward Minnix III
15afc3ed64 Merge pull request #14491 from egregius313/egregius313/java/mad/convert-iv 
Java: Refactor `java/static-initialization-vector` to use Models as Data
 2023-10-17 13:15:45 -04:00
Ed Minnix
8ed5bfb27d Remove reference to DataFlow2 2023-10-17 10:59:36 -04:00
Stephan Brandauer
9d719aa44e Merge pull request #13444 from github/java/update-mad-decls-after-triage-2023-06-13T14-50-57 
Java: Update MaD Declarations after Triage
 2023-10-17 13:54:10 +02:00
Tony Torralba
96d6e8e3f2 Update change note 2023-10-17 11:57:53 +02:00
Tony Torralba
3cd06b0026 More review suggestions 2023-10-17 11:54:32 +02:00
Tony Torralba
62a9ffd277 Apply suggestions from code review 2023-10-17 11:51:55 +02:00
github-actions[bot]
3b3c036626 Release preparation for version 2.15.1 2023-10-16 17:49:39 +00:00
Edward Minnix III
21bea38ec8 Merge pull request #14472 from egregius313/egregius313/sync-local-and-remote-queries 
Java: Synchronize `*Local` versions of queries with their remote counterpart
 2023-10-16 10:31:40 -04:00
Ed Minnix
c65d407937 Remove old DataFlow2 import 2023-10-16 10:30:00 -04:00
Tony Torralba
d08ee76b16 Java: Improve java/spring-disabled-csrf-protection 2023-10-16 16:01:14 +02:00
Ed Minnix
3356261031 Static IV refactor to MaD 2023-10-13 12:50:49 -04:00
Tony Torralba
0cea3f8531 Remove library annotations 2023-10-13 12:46:56 +02:00
Ed Minnix
31c04b50f7 Change note 2023-10-12 09:58:09 -04:00
Ed Minnix
4eeaf84133 Sync NumericCastTaintedQuery 2023-10-12 09:58:08 -04:00
Ed Minnix
ec84f072eb Sync ArithmeticTaintedLocalQuery 2023-10-12 09:58:08 -04:00
Ed Minnix
da933fb77a Sync ExternallyControlledFormatStringLocalQuery 2023-10-12 09:58:08 -04:00
Ed Minnix
f1886320e5 Sync ImproperValidationOfArrayIndexLocalQuery 2023-10-12 09:58:08 -04:00