hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,579 Commits 1,671 Branches 157 Tags
codeql-cli-2.21.2
Commit Graph

13125 Commits

Author SHA1 Message Date
github-actions[bot]
cc7b724123 Release preparation for version 2.19.3 2024-11-04 16:37:28 +00:00
Tom Hvitved
95e9d013cc Update expected test output 2024-11-04 12:07:06 +01:00
Jami Cogswell
459d16824e Java: weak crypto: do not report weak hash algorithms 2024-11-03 18:22:06 -05:00
Chris Smowton
81ff394533 Be explicit about Kotlin database type 2024-11-01 19:02:28 +00:00
Chris Smowton
5d3f723df9 Kotlin extractor: use special <nulltype> for null literals 
This matches the Java extractor's treatment of these literals, and so enables dataflow type-tracking to avoid special-casing Kotlin. Natively, Kotlin would regard this as kotlin.Nothing?, the type that can only contain null (kotlin.Nothing without a ? can take nothing at all), which gets Java-ified as java.lang.Void, and this will continue to be used when a null type has to be "boxed", as in representing substituted generic constraints with no possible type.
 2024-11-01 16:14:10 +00:00
Tom Hvitved
2b37c6cd32 Merge pull request #17548 from hvitved/shared/inline-test-post-process 
Shared: Post-processing query for inline test expectations
 2024-10-31 11:40:11 +01:00
Anders Schack-Mulligen
b556590ef8 Merge pull request #17663 from aschackmull/dataflow/speculative-flow 
Dataflow: Add support for speculative taint flow.
 2024-10-31 08:12:43 +01:00
Anders Schack-Mulligen
9b493c1e1b Java: Fix bug related to null inference for pattern initializer. 2024-10-30 15:05:36 +01:00
Tom Hvitved
e2b614d18a Java: Post-processing query for inline test expectations 2024-10-29 13:35:32 +01:00
Tom Hvitved
b111194fbc Shared: Simplify PrettyPrintModels.ql 2024-10-29 13:35:28 +01:00
Ian Lynagh
251a8a34ed Java: Add up/downgrade scripts 2024-10-29 11:32:22 +00:00
Ian Lynagh
6be2e98796 Java/Kotlin: Remove the erasure relation 
It's no longer used
 2024-10-29 11:32:20 +00:00
Ian Lynagh
8ab52dba83 Kotlin: Don't write the erasure relation 
It's no longer used
 2024-10-29 11:32:18 +00:00
Ian Lynagh
6c9739023d Java: Remove redundant getErasure overrides 
The root definition covers these cases already
 2024-10-29 11:32:16 +00:00
Anders Schack-Mulligen
fba4d09e65 TypeFlow: Simplify interface. 2024-10-28 15:09:09 +01:00
Anders Schack-Mulligen
3939eff260 TypeFlow: Rename step to uniqStep. 2024-10-28 15:00:05 +01:00
Chris Smowton
fa4cc83753 Merge pull request #17837 from smowton/smowton/admin/trim-java-web-jsp-test 
Java: Trim JSP test
 2024-10-25 17:23:51 +01:00
Tom Hvitved
7c4d5981dd Shared: Add missing spaces in inline test expectation output 2024-10-25 13:23:03 +02:00
Chris Smowton
4e879e64fc Trim JSP test 
This was only ever testing that Java files relating to the JSPs in question appear in the database, so there's no need for a particularly wide selection.
 2024-10-24 14:19:16 +01:00
github-actions[bot]
1e26db64fb Add changed framework coverage reports 2024-10-24 00:20:48 +00:00
Michael Nebel
caa08046b6 Java: Update expected test output. 2024-10-23 09:29:29 +02:00
Michael Nebel
3d70f91b9f Java: Add manual models for various mapToObj methods. 2024-10-23 09:29:15 +02:00
Michael Nebel
197642c914 Merge pull request #17547 from michaelnebel/java/jdk17update 
Java: Update Java JDK 17 models.
 2024-10-23 09:07:02 +02:00
Michael Nebel
dec2c61e5d Java: Update LdapInjection expected test output. 2024-10-21 15:19:46 +02:00
Michael Nebel
d59df1f938 Java: Re-generate JDK 17 models. 2024-10-21 15:19:45 +02:00
Michael Nebel
23d285c698 Java: Update model generator expected output. 2024-10-21 15:19:44 +02:00
Michael Nebel
786d04e939 Java: Add the clone method to the model generation exclusions. 2024-10-21 15:19:43 +02:00
Michael Nebel
7919dcfb12 Java: Add modelgenerator clone example. 2024-10-21 15:19:42 +02:00
Michael Nebel
e2ada2536b Java: Update java.net expected output. 2024-10-21 15:19:41 +02:00
Michael Nebel
97f0037a7b Java: Manually model InetSocketAddress as the model generator doesn't correctly taint the hostname. 2024-10-21 15:19:40 +02:00
Michael Nebel
0a931aa69f Java: Add change note. 2024-10-21 15:19:38 +02:00
Michael Nebel
9a44eec04c Java: Add manual models for FileReader (they would also have disappeared if models were re-generated without using mixed mode). 2024-10-21 15:19:37 +02:00
Michael Nebel
b356c3cd48 Java: Manually model ZipFile (due to CWE-522 compression bombs test failure). 2024-10-21 15:19:36 +02:00
Michael Nebel
f537e04532 Java: Update LdapInjection expected test output. 2024-10-21 15:19:35 +02:00
Michael Nebel
f7b38a8955 Java: Add some less precise models for BasicAttributes to get the models to work with search sink and re-generate SDK models. 2024-10-21 15:19:34 +02:00
Michael Nebel
e94cacd449 Java: Update test expected output where the query results are not affected. 2024-10-21 15:19:33 +02:00
Michael Nebel
24d1e9927b Java: Update expected test output for the model editor tests. 2024-10-21 15:19:32 +02:00
Michael Nebel
ea14547643 Java: Update TopJdkApisTest expected output. 2024-10-21 15:19:31 +02:00
Michael Nebel
cbd9cc6dae Java: Update request forgery expected output. 2024-10-21 15:19:30 +02:00
Michael Nebel
3b6f39931b Java: Re-add generated (mixed) summaries and neutrals for the Java SDK 17. 2024-10-21 15:19:28 +02:00
Michael Nebel
f50734f0ee Java: Delete all generated Java JDK models. 2024-10-21 15:19:27 +02:00
Chris Smowton
5ba37bd7a3 Rename change note 2024-10-21 09:36:07 +01:00
Chris Smowton
241f951db1 Add change-note for Java buildless packaging its required Maven plugin 2024-10-18 17:43:18 +01:00
Chris Smowton
74ef91649b Merge pull request #17780 from smowton/smowton/admin/add-buildless-maven-packaging-test 
Java buildless: add tests checking usage of a local copy of the Maven dependency graph plugin
 2024-10-18 17:38:59 +01:00
Jami Cogswell
335c59792c Java: remove unnecessary anchor and update page name 2024-10-18 09:26:56 -04:00
Jami Cogswell
88b7a9fcb5 Java: update qhelp link 2024-10-17 16:38:53 -04:00
Chris Smowton
8b0bd8c8ad Adjust test expectations 2024-10-17 20:42:41 +01:00
Chris Smowton
13f19481db Add tests checking Maven retrieves the depgraph plugin from our shipped repo, and produces the expected settings.xml file in the process 2024-10-17 20:42:40 +01:00
Rasmus Lerchedahl Petersen
22d621c625 shared: add locations to typetracking nodes 2024-10-16 15:16:18 +02:00
Anders Schack-Mulligen
c20f12fa6c Add qldoc. 2024-10-16 14:35:23 +02:00