hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
77,734 Commits 1,672 Branches 157 Tags
codeql-cli-2.21.0
Commit Graph

11657 Commits

Author SHA1 Message Date
Owen Mansel-Chan
3f5886ef7a Accept another review suggestion 2024-12-10 15:26:17 +00:00
Owen Mansel-Chan
2da9bfb1a6 Finish renaming getCFGNode to getCfgNode 2024-12-10 15:26:16 +00:00
Owen Mansel-Chan
274281f61e Apply all suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2024-12-10 15:26:14 +00:00
Owen Mansel-Chan
d06dfe0ca3 Add change note 2024-12-10 15:26:13 +00:00
Owen Mansel-Chan
0f3dd6d8f1 Java: IPA the CFG 2024-12-10 15:26:11 +00:00
Anders Schack-Mulligen
da179705c3 Java: Accept expected file changes. 2024-12-10 14:52:06 +01:00
Jami Cogswell
214da9e9ad Java: add change note 2024-12-06 19:59:40 -05:00
Owen Mansel-Chan
347fd575a2 Refactor to avoid duplicated logic 2024-12-05 11:15:43 +00:00
Owen Mansel-Chan
b20b7c7572 Remove escaped "{" and "}" before counting placeholders 2024-12-05 10:43:13 +00:00
Anders Schack-Mulligen
4bf63fedc9 Merge pull request #18179 from aschackmull/dataflow/accesspath-notypes 
Dataflow: Remove tracked types from Access Paths, track tainted object type, and tweak type pruning.
 2024-12-05 09:58:36 +01:00
Jami Cogswell
121780c55a Java: add File.getName as a path injection sanitizer 2024-12-04 18:57:51 -05:00
github-actions[bot]
cf71a1525b Post-release preparation for codeql-cli-2.20.0 2024-12-04 18:36:17 +00:00
github-actions[bot]
96564b7128 Release preparation for version 2.20.0 2024-12-04 16:01:14 +00:00
Henry Mercer
963f084d87 Merge branch 'main' into henrymercer/merge-back-rc-3.16 2024-12-04 13:39:10 +00:00
Jeroen Ketema
10592bb1c4 Merge pull request #18192 from jketema/inline-rm 
Remove deprecated `InlineExpectationsTest` class-based API
 2024-12-04 11:34:39 +01:00
Anders Schack-Mulligen
03fdceb0fd Merge pull request #18191 from aschackmull/dataflow/remove-deprecated-lib 
Dataflow: Delete the old configuration-class based api.
 2024-12-04 11:31:46 +01:00
Owen Mansel-Chan
5351f5b69d Update wording of alert (accepting review suggestion) 
Co-authored-by: Chris Smowton <smowton@github.com>
 2024-12-04 10:31:14 +00:00
Anders Schack-Mulligen
5042753b29 C#/Java: Add change notes. 2024-12-04 10:20:43 +01:00
Owen Mansel-Chan
95116eec51 Update recommendations 2024-12-04 00:42:23 +00:00
Anders Schack-Mulligen
f38602e9fe Java: Update references to deleted aliases. 2024-12-03 20:08:45 +01:00
Anders Schack-Mulligen
b12a1c078c Java: Delete deprecated extension points referencing deleted api. 2024-12-03 20:08:44 +01:00
Anders Schack-Mulligen
cca27e4c77 Add change notes for all languages. 2024-12-03 19:42:33 +01:00
Jeroen Ketema
89d20fd086 Java: Update expected test results 2024-12-03 19:18:59 +01:00
Anders Schack-Mulligen
2c0baff76a Java: Delete deprecated data flow api. 2024-12-03 14:13:03 +01:00
Anders Schack-Mulligen
9734cff15b Java/C#: Update expected files. 2024-12-03 12:57:44 +01:00
Tom Hvitved
fbeb6f3940 Shared: Move shared logic into FlowSummaryImpl.qll 2024-12-03 09:11:11 +01:00
Owen Mansel-Chan
5c99c8cc37 Improve suggestion for ECB 2024-11-29 14:05:07 +00:00
Owen Mansel-Chan
95d26d96d2 Add change note 2024-11-29 11:54:30 +00:00
Owen Mansel-Chan
09240e46f2 Refactor: use concat instead of hand-written version 
This changes the order of the algorithms in the regex, but I don't think
that makes any difference.
 2024-11-29 11:54:29 +00:00
Owen Mansel-Chan
e6409e159f Give reason why crypto algorithm is insecure 2024-11-29 11:54:27 +00:00
Owen Mansel-Chan
2c061b0d56 Add QLDoc for HostnameSanitizingPrefix 2024-11-29 09:46:44 +00:00
Owen Mansel-Chan
7f8a1ae941 Add change note 2024-11-29 09:46:42 +00:00
Owen Mansel-Chan
7648d397f8 Improve model to remove some false positives 2024-11-29 09:46:41 +00:00
Owen Mansel-Chan
617f4f140e Make HostnameSanitizingPrefix public 2024-11-29 09:46:39 +00:00
Owen Mansel-Chan
ba3f9d6134 Convert model to QL 2024-11-29 09:46:38 +00:00
Owen Mansel-Chan
b5fbf2e944 Add models for third arg of getForObject 
No attempt to stop FPs.
 2024-11-28 16:51:13 +00:00
Owen Mansel-Chan
65fb895ed5 (Unrelated) Fix typo in class name 2024-11-28 16:51:09 +00:00
Anders Schack-Mulligen
df2e2e503a Merge pull request #17901 from aschackmull/java/allowlist-sanitizer 
Java: Add a default taint sanitizer for contains-checks on lists of constants
 2024-11-27 11:09:05 +01:00
Anders Schack-Mulligen
5ef496dd1b Java: Add more qldoc. 2024-11-27 09:07:35 +01:00
Anders Schack-Mulligen
85778f7fea Java: Fix semantic merge conflict in expected file. 2024-11-27 08:53:41 +01:00
Jami
36acfeb305 Merge pull request #18087 from jcogs33/jcogs33/java-sha2 
Java: add SHA-384 to list of secure crypto algorithms
 2024-11-26 08:51:58 -05:00
yoff
6d6f269e6c Merge pull request #17997 from yoff/java/inline-range-tests 2024-11-26 14:48:07 +01:00
Anders Schack-Mulligen
a6fc41ec4b Java: Accept consistency failure. 2024-11-26 13:25:44 +01:00
Anders Schack-Mulligen
38eb3e4952 Java: Adjust expected output. 2024-11-26 13:25:44 +01:00
Anders Schack-Mulligen
2ff2d25784 Java: Cherry-pick test from https://github.com/github/codeql/pull/17051 2024-11-26 13:25:43 +01:00
Anders Schack-Mulligen
408a38d9fb Java: Address review comment, include addFirst,addLast. 2024-11-26 13:25:43 +01:00
Anders Schack-Mulligen
0d45f0efb2 Java: Accept consistency check result. 2024-11-26 13:25:43 +01:00
Anders Schack-Mulligen
2b1caa8a35 Java: Add test. 2024-11-26 13:25:42 +01:00
Anders Schack-Mulligen
5a4b720322 Java: Add change note. 2024-11-26 13:25:42 +01:00
Anders Schack-Mulligen
6f32c4129d Java: Add a default taint sanitizer for contains-checks on lists of constants. 2024-11-26 13:25:41 +01:00