hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,579 Commits 1,671 Branches 157 Tags
codeql-cli-2.21.2
Commit Graph

572 Commits

Author SHA1 Message Date
Chris Smowton
77e4d9e692 Fix stray references to the javax package name 
Co-authored-by: Jami <57204504+jcogs33@users.noreply.github.com>
 2025-04-02 10:03:49 +01:00
Chris Smowton
50119ae481 Update docs 2025-04-01 16:20:06 +01:00
Chris Smowton
a5a6fd37df Enable recognising jakarta.persistence in dead-code queries 2025-04-01 16:19:42 +01:00
Chris Smowton
fb6296a564 Persistence models: recognise jakarta.persistence 2025-04-01 16:07:40 +01:00
Jami
ea9b0462bf Merge pull request #18793 from jcogs33/jcogs33/java/spring-boot-actuators-promo 
Java: Promote Spring Boot Actuators query from experimental
 2025-03-11 14:42:14 -04:00
Jami Cogswell
746f022cfa Java: add 'Spring' prefix to public class names 2025-03-04 10:34:16 -05:00
Owen Mansel-Chan
74a249597a Merge pull request #18607 from owen-mc/java/xss-content-type-sanitizer 
Java: Add XSS Sanitizer for `HttpServletResponse.setContentType` with safe values
 2025-02-24 23:39:18 +00:00
Jami Cogswell
6fe7c7a233 Java: some refactoring 2025-02-24 18:33:29 -05:00
Jami Cogswell
b2469ff8ba Java: add APIs and tests for more recent Spring versions: authorizeHttpRequests, AuthorizeHttpRequestsConfigurer, securityMatcher(s) 2025-02-24 18:26:02 -05:00
Jami Cogswell
8dfb920e05 Java: refactor QL, move code to libraries 2025-02-24 18:24:48 -05:00
Jami Cogswell
0462425191 Java: rename getMethod to getMethodValue 2025-01-30 10:14:20 -05:00
Jami Cogswell
20e8eb4323 Java: some clean-up and refactoring 2025-01-30 10:14:18 -05:00
Jami Cogswell
286c655264 Java: add class for Stapler web methods that are not default-protected from CSRF 2025-01-30 10:13:52 -05:00
Jami Cogswell
43a288070c Java: add a class for PreparedStatement methods that update a database 2025-01-30 10:13:37 -05:00
Jami Cogswell
b88731df80 Java: move contents of MyBatisMapperXML.qll in src to MyBatis.qll in lib so importable, and fix experimental files broken by the move 2025-01-30 10:13:27 -05:00
Owen Mansel-Chan
0ccf4cecb8 Fix XSS FPs when content type is safe 2025-01-28 15:32:30 +00:00
erik-krogh
34f5f61a10 all: use my script to delete outdated deprecations 2025-01-27 22:16:48 +01:00
Anders Schack-Mulligen
5bfd22e60a Merge pull request #18552 from aschackmull/java/xss-regex-perf 
Java: Improve performance of XSS regex.
 2025-01-22 11:28:49 +01:00
Anders Schack-Mulligen
0f96e79264 Java: Improve performance of XSS regex. 2025-01-21 14:41:08 +01:00
Owen Mansel-Chan
6fa18be0cc Fix QLDocs 2025-01-20 22:07:01 +00:00
Owen Mansel-Chan
9cc614ac2d Allow jax-rs path annotation inheritance 2025-01-07 16:44:12 +00:00
Owen Mansel-Chan
066db766ef Merge pull request #18153 from owen-mc/java/resttemplate-getforobject 
Java: add SSRF sink model for the third parameter of `RestTemplate.getForObject`
 2024-12-11 16:37:35 +00:00
Owen Mansel-Chan
1420bce36a Move import statement in SpringWebClient.qll 2024-12-11 14:19:24 +00:00
Owen Mansel-Chan
0f3dd6d8f1 Java: IPA the CFG 2024-12-10 15:26:11 +00:00
Owen Mansel-Chan
347fd575a2 Refactor to avoid duplicated logic 2024-12-05 11:15:43 +00:00
Owen Mansel-Chan
b20b7c7572 Remove escaped "{" and "}" before counting placeholders 2024-12-05 10:43:13 +00:00
Anders Schack-Mulligen
b12a1c078c Java: Delete deprecated extension points referencing deleted api. 2024-12-03 20:08:44 +01:00
Owen Mansel-Chan
7648d397f8 Improve model to remove some false positives 2024-11-29 09:46:41 +00:00
Owen Mansel-Chan
ba3f9d6134 Convert model to QL 2024-11-29 09:46:38 +00:00
Tom Hvitved
2832318711 Java: Account for top-level res folders in AndroidLayoutXmlFile 2024-10-04 08:35:28 +02:00
erik-krogh
0fdd06fff5 use my script to delete outdated deprecations 2024-09-03 20:30:58 +02:00
Jami Cogswell
4790656b79 Java: add TaintInheritingContent for URL synthetic fields 2024-07-20 23:03:32 -04:00
Owen Mansel-Chan
e2356d9820 Merge pull request #16914 from owen-mc/java/android-app-detection 
Java: Improve Android app detection
 2024-07-16 21:52:43 +01:00
Anders Schack-Mulligen
938f46b888 Java: Remove superfluous clone models. 2024-07-16 11:11:53 +02:00
Owen Mansel-Chan
b7a5252cb0 Refactor inAndroidApplication 2024-07-13 07:35:02 +01:00
Owen Mansel-Chan
5347770608 Update Android app detection 2024-07-07 00:24:25 +01:00
Owen Mansel-Chan
9c82966022 Move detection of Android app to one place 2024-07-05 23:47:56 +01:00
Anders Schack-Mulligen
76e740bc1d Java: Clean up some instances of getQualifiedName. 2024-05-13 13:06:44 +02:00
Tom Hvitved
1dc13cc169 Merge pull request #15923 from hvitved/shared-xml-impl 
Properly shared `XML.qll` implementation
 2024-04-03 11:39:50 +02:00
Tom Hvitved
a6c147134a Java: Switch to shared XML.qll implementation 2024-03-19 13:15:45 +01:00
Jami Cogswell
052452b186 Java: create UrlDecodeMethod 2024-03-13 16:28:44 -04:00
Joe Farebrother
9130603334 Address reviews - use SimpleTypeSanitizer and alter qldoc style 2024-01-31 11:31:25 +00:00
Joe Farebrother
94075ef148 Fix FPs - consider flow through fields when determining whether a view is masked, and find more instances of findViewById. 2024-01-29 16:25:38 +00:00
Joe Farebrother
aa78050933 Implement checks for elements hidden by their xml attributes 2024-01-29 16:25:38 +00:00
Joe Farebrother
1b13597d72 Implement checks for calls that may safely mask information 2024-01-29 16:25:37 +00:00
erik-krogh
8be7eadace delete outdated deprecations 2024-01-22 09:11:35 +01:00
Tony Torralba
7e6f2d1fc5 Merge pull request #14681 from atorralba/atorralba/java/weak-randomness-cve-coverage 
Java: Add more sinks to the Insecure Randomness query
 2024-01-08 15:33:03 +01:00
Ed Minnix
09a0730491 QLdoc fix 2023-12-15 11:13:09 -05:00
Ed Minnix
02581a3850 Move class for getProperty method call to Properties.qll 2023-12-15 11:09:08 -05:00
Tom Hvitved
c8b4a215bc Merge pull request #14573 from hvitved/flow-summary-impl-param 
Move `FlowSummaryImpl.qll` to `dataflow` pack
 2023-12-14 12:24:15 +01:00