Michael Nebel
|
2055d5492c
|
Java: Let RemoteFlowSource and LocalUserInput extends SourceNode and fine grain the LocalUserInput threat models.
|
2023-10-03 09:16:38 +02:00 |
|
Michael Nebel
|
9a112dde66
|
Java: Introduce a class of dataflow nodes for the threat modeling.
|
2023-10-03 09:16:38 +02:00 |
|
Anders Schack-Mulligen
|
efb49fcd3e
|
Merge pull request #14336 from aschackmull/java/switch-rule-stmt-cfg
Java: Fix CFG for case rule statements.
|
2023-09-29 12:02:48 +02:00 |
|
Anders Schack-Mulligen
|
15e1098791
|
Java: Add change note.
|
2023-09-28 14:28:24 +02:00 |
|
Anders Schack-Mulligen
|
94556078f1
|
Java: Add guards logic for SwitchExpr default cases.
|
2023-09-28 14:21:04 +02:00 |
|
Anders Schack-Mulligen
|
917a15647e
|
Java: Fix CFG for rule statements.
|
2023-09-28 14:19:36 +02:00 |
|
Asger F
|
0d96ed8aee
|
Merge pull request #14305 from asgerf/shared/flow-state-inout-barriers
Shared: add in/out barriers with flow state
|
2023-09-28 11:07:23 +02:00 |
|
Anders Schack-Mulligen
|
5feb2f7622
|
Merge pull request #14321 from aschackmull/shared/filesystem
All languages: Use shared FileSystem library and minor regex performance improvement.
|
2023-09-28 10:51:05 +02:00 |
|
Koen Vlaswinkel
|
10231e99ce
|
Merge pull request #14199 from github/koesie10/add-java-model-editor-queries
Java: Add VS Code model editor queries
|
2023-09-28 10:13:13 +02:00 |
|
Anders Schack-Mulligen
|
653844cc46
|
Java: Use shared FileSystem library.
|
2023-09-28 08:58:55 +02:00 |
|
Anders Schack-Mulligen
|
e6d832c7e5
|
Merge pull request #14297 from aschackmull/java/additional-steps-and-nodes
Java: Add support for additional nodes, read steps, and store steps for QL models and model ThreadLocal.initialValue
|
2023-09-26 14:50:37 +02:00 |
|
Anders Schack-Mulligen
|
06cb277eb0
|
Merge pull request #14299 from aschackmull/dataflow/more-defaults
Dataflow: Make use of defaults for language-specific hooks.
|
2023-09-25 11:19:44 +02:00 |
|
Asger F
|
d501856519
|
Update DataFlowImpl.qll copies
|
2023-09-25 10:05:29 +02:00 |
|
Tony Torralba
|
b1cee2f35c
|
Merge pull request #14254 from atorralba/atorralba/arithexpr-improv
Java: Consider AssignOps in ArithExpr
|
2023-09-22 15:22:27 +02:00 |
|
Anders Schack-Mulligen
|
66da997b7b
|
Dataflow: Make use of defaults for language-specific hooks.
|
2023-09-22 14:54:22 +02:00 |
|
Anders Schack-Mulligen
|
b11194e561
|
Java: Add missing qldoc.
|
2023-09-22 13:46:08 +02:00 |
|
Anders Schack-Mulligen
|
8ee1f8ae69
|
Java: Add missing flow step for ThreadLocal.initialValue.
|
2023-09-22 13:33:45 +02:00 |
|
Anders Schack-Mulligen
|
9f905497a5
|
Java: Add support for additional read and store steps and additional nodes.
|
2023-09-21 15:05:30 +02:00 |
|
Anders Schack-Mulligen
|
7e04ac55b7
|
Merge pull request #14268 from aschackmull/java/xmlparsers-typetrack
Java/Dataflow: Add new light-weight data flow api and use it in XmlParsers
|
2023-09-21 13:33:21 +02:00 |
|
Anders Schack-Mulligen
|
13f7daf71e
|
Merge pull request #13982 from aschackmull/dataflow/typeflow-calledge-pruning
Dataflow: Add type-based call-edge pruning.
|
2023-09-21 13:33:08 +02:00 |
|
github-actions[bot]
|
3acf5244b0
|
Post-release preparation for codeql-cli-2.14.6
|
2023-09-20 10:25:10 +00:00 |
|
Anders Schack-Mulligen
|
5c40d553b4
|
Java: Switch XmlParsers lib to lightweight data flow.
|
2023-09-20 10:21:53 +02:00 |
|
github-actions[bot]
|
0a3670727f
|
Release preparation for version 2.14.6
|
2023-09-19 11:40:30 +00:00 |
|
Tony Torralba
|
1e95a5a38a
|
Java: Consider AssignOps in ArithExpr
|
2023-09-19 12:15:59 +02:00 |
|
yoff
|
4a37c2fc3a
|
Merge pull request #13778 from geoffw0/javaparsemode
Java: Understand multiple parse mode flags specified in a regular expression string
|
2023-09-18 14:22:59 +02:00 |
|
Tony Torralba
|
b08e410f45
|
Merge pull request #14029 from atorralba/atorralba/apache-cxf-models
Java: Add new Apache CXF models
|
2023-09-18 10:54:05 +02:00 |
|
Chris Smowton
|
e62fcf9a45
|
Fix formatting mistake
|
2023-09-15 12:37:34 +01:00 |
|
Chris Smowton
|
a1a7640427
|
Give ErrorExpr default control flow
This prevents a CFG dead-end because of one ErrorExpr
|
2023-09-14 17:42:00 +01:00 |
|
Chris Smowton
|
b1e128b5c1
|
Pretty-print a ClassInstanceExpr without a bound constructor nicely
|
2023-09-14 17:42:00 +01:00 |
|
Chris Smowton
|
c0f8973749
|
Add test for extracting a Java AST with an error expression
Also note that ErrorExpr can occur outside upgrade/downgrade scripts
|
2023-09-14 17:42:00 +01:00 |
|
Geoffrey White
|
1c81bd52e6
|
Java: Change note.
|
2023-09-13 17:51:26 +01:00 |
|
Geoffrey White
|
8c3e778be6
|
Java: Port regex mode flag character fix from Python.
|
2023-09-13 17:50:52 +01:00 |
|
Anders Schack-Mulligen
|
c8094d34a7
|
Dataflow: Add type-based call-edge pruning.
|
2023-09-13 15:43:45 +02:00 |
|
Anders Schack-Mulligen
|
300425540a
|
Java: Minor improvement to TypeFlow for super accesses.
|
2023-09-13 15:43:45 +02:00 |
|
Anders Schack-Mulligen
|
a7b677ba40
|
Java: Bugfix for SuperAccess.isOwnInstanceAccess().
|
2023-09-13 15:43:45 +02:00 |
|
Anders Schack-Mulligen
|
110a4c81e3
|
Java: Minor perf fix.
|
2023-09-13 15:43:45 +02:00 |
|
Koen Vlaswinkel
|
7db082f3fd
|
Java: Add VS Code model editor queries
|
2023-09-13 13:04:26 +02:00 |
|
Ian Lynagh
|
2b9a425468
|
Kotlin: Support 1.9.20
|
2023-09-12 18:28:33 +01:00 |
|
github-actions[bot]
|
d699880c86
|
Post-release preparation for codeql-cli-2.14.4
|
2023-09-08 21:17:52 +00:00 |
|
github-actions[bot]
|
abf2b12b1c
|
Release preparation for version 2.14.4
|
2023-09-05 16:56:14 +00:00 |
|
Tom Hvitved
|
73370e7282
|
Merge pull request #14100 from hvitved/dataflow/consistency-pack
Data flow: Add consistency checks to shared ql pack
|
2023-08-31 11:47:40 +02:00 |
|
Asger F
|
2d5c40db31
|
Merge pull request #14048 from asgerf/shared/variable-capture-write-source-node
Variable capture: allow arbitrary data-flow nodes to be the source of a write
|
2023-08-31 10:20:48 +02:00 |
|
Tom Hvitved
|
fefe64bf0c
|
Java: Use data flow consistency checks from shared pack
|
2023-08-30 15:29:41 +02:00 |
|
Anders Starcke Henriksen
|
361ae1747e
|
Merge branch 'main' into starcke/automodel-pack
|
2023-08-30 09:25:28 +02:00 |
|
Dave Bartolomeo
|
3343b78015
|
Merge pull request #14074 from github/post-release-prep/codeql-cli-2.14.3
Post-release preparation for codeql-cli-2.14.3
|
2023-08-28 13:34:10 -04:00 |
|
github-actions[bot]
|
3eba77421a
|
Post-release preparation for codeql-cli-2.14.3
|
2023-08-28 15:53:49 +00:00 |
|
Asger F
|
d4cfa8c2b8
|
Java: autoformatting changes
|
2023-08-28 15:35:06 +02:00 |
|
Asger F
|
d2fe4d235a
|
Java: Inline VariableWrite.getSource()
|
2023-08-28 15:34:48 +02:00 |
|
Tony Torralba
|
6573b1f772
|
Merge pull request #14056 from atorralba/atorralba/java/jenkins-stapler-regenerate
Java: Re-generate Jenkins and Stapler models
|
2023-08-25 13:15:21 +02:00 |
|
Tony Torralba
|
5367fb99d9
|
Manually update a couple of models affected by the nested name change
|
2023-08-25 11:25:40 +02:00 |
|