codeql

mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00

Author	SHA1	Message	Date
github-actions[bot]	a6c8cc9551	Release preparation for version 2.16.0	2024-01-08 13:11:26 +00:00
Marcono1234	3edfdc5ceb	Java: Improve Regex flag parsing Fixes: - Flag `d` not being recognized - Syntax for disabling flags (`-`) not being recognized - Non-capturing group with flags erroneously containing `:` as literal	2024-01-06 04:15:09 +01:00
Owen Mansel-Chan	ce3097e9ce	Fix manual models for `String.valueOf(Object)` Add a neutral model for it, but also a summary model for `String.valueOf(CharSequence)`	2024-01-04 11:31:20 +00:00
Owen Mansel-Chan	0076f06ce7	Improve manual models of java.lang.Exception	2024-01-04 11:31:18 +00:00
Owen Mansel-Chan	e415c54c5e	Reorder manual models of java.lang.Throwable	2024-01-04 11:31:16 +00:00
Owen Mansel-Chan	f52ea5c2fd	Improve manual models of java.lang.Throwable	2024-01-04 11:31:14 +00:00
Eric Bickle	4fa5b2ae41	Add change nodes for GSON coverage	2024-01-02 14:17:23 -08:00
Eric Bickle	0cd89bf815	Merge branch 'main' into fix/update-gson-model	2024-01-02 14:05:33 -08:00
Aditya Sharad	bbe3269b8c	Merge pull request #15189 from github/adityasharad/merge/3.12-main Merge `rc/3.12` into `main`	2023-12-22 11:26:37 -08:00
Tony Torralba	8ad787f3b8	Java: Generelize MaybeBrokenCryptoAlgorithmQuery.qll	2023-12-22 10:15:40 +01:00
Ed Minnix	7f9dff2dc7	Fix minor error in Weak Hashing	2023-12-21 22:48:07 -05:00
Aditya Sharad	b1803d0ac2	Merge rc/3.12 into main	2023-12-21 16:40:51 -08:00
Stephan Brandauer	a9d21cef01	Update MaD Declarations after Triage	2023-12-21 15:39:03 +01:00
Tony Torralba	1b9f59efa7	Merge pull request #14646 from github/java/update-mad-decls-after-triage-2023-10-31T15-52-01 Java: Update MaD Declarations after Triage	2023-12-20 15:37:19 +01:00
Tony Torralba	e744d974e8	Merge pull request #14580 from github/java/update-mad-decls-after-triage-2023-10-24T15-42-01 Java: Update MaD Declarations after Triage	2023-12-20 15:01:24 +01:00
Tony Torralba	2df8bcb9dc	Update java/ql/lib/change-notes/2023-10-31-new-models.md Co-authored-by: Jami <57204504+jcogs33@users.noreply.github.com>	2023-12-20 14:59:07 +01:00
Ed Minnix	a93d6dd956	Change note	2023-12-19 10:28:23 -05:00
Ed Minnix	ce130c6ed5	Add replace to MapMutator	2023-12-19 10:23:06 -05:00
Tony Torralba	c8a369d9ef	Update java/ql/lib/ext/jakarta.persistence.model.yml	2023-12-19 14:58:07 +01:00
github-actions[bot]	8f72b0e4f7	Post-release preparation for codeql-cli-2.15.5	2023-12-19 10:32:57 +00:00
github-actions[bot]	19af35b29a	Release preparation for version 2.15.5	2023-12-18 21:22:44 +00:00
Edward Minnix III	56921a6e21	Merge pull request #14040 from egregius313/egregius313/weak-hashing-properties Java: Add support for algorithm names specified in `.properties` files to `java/potentially-weak-cryptographic-algorithm`	2023-12-18 09:38:58 -05:00
Tony Torralba	9446249e94	Merge pull request #15012 from atorralba/atorralba/java/fix-missing-pinning-fp Java: Fix FPs in Missing certificate pinning	2023-12-18 09:37:18 +01:00
Eric Bickle	95ce7c9ba4	Merge branch 'main' into fix/update-gson-model	2023-12-15 10:15:53 -08:00
Ed Minnix	09a0730491	QLdoc fix	2023-12-15 11:13:09 -05:00
Ed Minnix	02581a3850	Move class for getProperty method call to Properties.qll	2023-12-15 11:09:08 -05:00
Ed Minnix	1c3993e632	QLDocs	2023-12-15 11:09:07 -05:00
Ed Minnix	83c6ece405	Move weak hashing into MaybeBrokenCryptoAlgorithm	2023-12-15 11:09:07 -05:00
Ed Minnix	fbc2a33597	Replace MethodAccess with MethodCall	2023-12-15 11:09:07 -05:00
Ed Minnix	25fa8d5ae7	Move some logic to class	2023-12-15 11:09:07 -05:00
Ed Minnix	93cf5b8eb9	Weak Hashing Property initial query	2023-12-15 11:09:07 -05:00
Anders Schack-Mulligen	337e5e458c	Update java/ql/lib/semmle/code/java/security/InsufficientKeySize.qll Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>	2023-12-15 08:48:50 +01:00
Anders Schack-Mulligen	7623432c76	Java: Remove/deprecate FlowStateString-based extension points.	2023-12-14 15:15:58 +01:00
Anders Schack-Mulligen	a1068ce2f9	Dataflow: deprecate references	2023-12-14 15:05:33 +01:00
Tom Hvitved	c8b4a215bc	Merge pull request #14573 from hvitved/flow-summary-impl-param Move `FlowSummaryImpl.qll` to `dataflow` pack	2023-12-14 12:24:15 +01:00
Tom Hvitved	098afb935b	Address more review comments	2023-12-14 09:48:45 +01:00
Jeroen Ketema	99e65df6ce	Merge remote-tracking branch 'upstream/rc/3.12' into mb12	2023-12-13 15:43:39 +01:00
Tony Torralba	d955dce72a	Improve source of randomness detection Also sanitize flow out of sinks to avoid overlapping paths	2023-12-13 11:15:27 +01:00
Tony Torralba	fc45621ab1	Add pac4j JWT cryptographic key sinks	2023-12-13 11:15:27 +01:00
Tony Torralba	3a5d711711	Add cookie sinks	2023-12-13 11:15:27 +01:00
Tony Torralba	435d1f97a3	Add sink for OpenSAML's RequestType.setID	2023-12-13 11:15:27 +01:00
Tony Torralba	bd8f35bef7	Java: Fix FPs in Missing certificate pinning Local URIs should never require pinning	2023-12-12 18:02:12 +01:00
Tony Torralba	27be5ba14b	Merge pull request #15073 from atorralba/atorralba/java/remove-invalid-ognl-sinks Java: Remove invalid OGNL sinks	2023-12-12 16:52:31 +01:00
Tony Torralba	fad53a25c0	Update java/ql/lib/ext/struts2.model.yml Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2023-12-12 14:58:47 +01:00
Tony Torralba	103110f9c2	Java: Remove invalid OGNL sinks Fixes #15053	2023-12-12 13:39:51 +01:00
Ed Minnix	1271cd3348	Remove unnecessary crypto sinks	2023-12-11 11:18:40 -05:00
Ed Minnix	3ca039bc8f	Rename to InsecureRandomness	2023-12-11 11:18:40 -05:00
Ed Minnix	6e70e6c85a	Use pre-exisiting type for SecureRandom	2023-12-11 11:18:39 -05:00
Ed Minnix	bbf99375c7	Alter cookie sinks to instead focus on creation of a cookie	2023-12-11 11:18:39 -05:00
Ed Minnix	b9d2a26e6e	Move ESAPI models into the Weak Randomness query These models don't need to apply to all queries. So instead they are better suited to be within the weak randomness query itself.	2023-12-11 11:18:39 -05:00

... 15 16 17 18 19 ...

4256 Commits