codeql

mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00

Author	SHA1	Message	Date
Anders Schack-Mulligen	db7ec4a781	Java: Remove getDefinitionExt reference	2025-02-24 13:50:08 +01:00
$REDMOND\brodes$ REDMOND\brodes	86cab46b8d	Misc. updates to support all JCA cipher operations, including wrap, unwrap and doFinal calls. Corrected pathing for init tracing to detect what mode is being set along a path. Added support for tracing the init operation mode argument to source. Since this involved creating an Operation Mode, changes were also made to make cipher block modes (CBC) more explicit (previously just called mode, but now that term is used for various purposes).	2025-02-21 12:53:35 -05:00
Anders Schack-Mulligen	6932e000c6	Java: Switch BaseSSA to use shared SSA lib.	2025-02-21 08:57:23 +01:00
Anders Schack-Mulligen	1c616d10d4	Merge pull request #18819 from aschackmull/ssa/refactor-phiread3 Ssa: Refactor shared SSA in preparation for eliminating phi-read definitions	2025-02-21 08:56:38 +01:00
$REDMOND\brodes$ REDMOND\brodes	9ac9252f75	Adding a todo	2025-02-20 11:11:41 -05:00
$REDMOND\brodes$ REDMOND\brodes	011ed3fbfd	Simplifying additional flow step logic.	2025-02-20 11:10:24 -05:00
$REDMOND\brodes$ REDMOND\brodes	9ee4a7a7b8	Adding a sketch for a CipherOperation concept to model encryption/decryption operations.	2025-02-20 10:37:40 -05:00
Anders Schack-Mulligen	5379506464	Java: Use firstUse and adjacentUseUse predicates.	2025-02-19 16:17:22 +01:00
$REDMOND\brodes$ REDMOND\brodes	3871c6a33e	Adding support for encryption operation detection.	2025-02-18 16:09:00 -05:00
Nicolas Will	8707e4d9a3	Continue Artifact data-flow WIP	2025-02-18 18:35:49 +01:00
Anders Schack-Mulligen	194afbb7f8	Java: Simplify SSA for variable capture.	2025-02-18 14:01:20 +01:00
Jami	d94dc5aa40	Merge pull request #18504 from jcogs33/jcogs33/java/file-constructor-path-sanitizer Java: `File` constructor path sanitizer	2025-02-18 08:00:32 -05:00
Jami Cogswell	9bb5fe837d	Java: address review comments	2025-02-17 15:47:45 -05:00
github-actions[bot]	ad24f94a77	Post-release preparation for codeql-cli-2.20.5	2025-02-17 17:58:24 +00:00
github-actions[bot]	6f4562f3bd	Release preparation for version 2.20.5	2025-02-17 16:55:54 +00:00
Nicolas Will	df01fa7a9c	Expand model and JCA modeling	2025-02-17 00:16:08 +01:00
Nicolas Will	b777a22d35	Expand model and specialize newtype relations	2025-02-14 23:43:07 +01:00
Jami Cogswell	2bb6a3914b	Java: update tests	2025-02-14 15:16:08 -05:00
Jami Cogswell	c0ebeb9c7b	Java: use AdditionalTaintStep	2025-02-14 13:52:43 -05:00
Nicolas Will	874e3b5e06	Modify model to use newtypes, expand modeling	2025-02-12 17:58:15 +01:00
Jami	2a8cc00284	Merge pull request #18288 from jcogs33/jcogs33/csrf-unprotected-request-type Java: add CSRF query	2025-02-11 15:32:56 -05:00
Nicolas Will	4d44755945	Refactor Model and CBOM print queries	2025-02-11 15:37:15 +01:00
Jonas Jensen	76440120d1	Merge pull request #18737 from jbj/NumericCastTaintedQuery-selectedLocation Java: precise diff-informed NumericCastTainted	2025-02-11 15:33:28 +01:00
Jonas Jensen	71c078dbdd	Java: precise diff-informed NumericCastTainted It was discovered by the upcoming support for exact locations matching in diff-informed testing that this data-flow configuration did not correspond exactly to the query.	2025-02-11 13:49:15 +01:00
Tom Hvitved	e5e88435bc	Java: Remove `ExitBasicBlock` from `SsaInput`	2025-02-11 10:07:18 +01:00
Tom Hvitved	6fbb1e2571	Apply suggestions from code review Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2025-02-11 10:06:50 +01:00
Anders Schack-Mulligen	e955f58eb1	Java: Bugfix for samevar in useReaches.	2025-02-11 10:06:49 +01:00
Anders Schack-Mulligen	ed284353ef	Java: Bugfix for qualifier-of-qualifier update in hasExplicitQualifierUpdate.	2025-02-11 10:06:47 +01:00
Anders Schack-Mulligen	284e48cfbe	Java: Fixup private	2025-02-11 10:06:45 +01:00
Tom Hvitved	75137a0f4c	Java: Adopt shared SSA library	2025-02-11 10:06:43 +01:00
Kristen Newbury	1a12fb3099	Update JCA model, refactor modes	2025-02-10 13:49:32 -05:00
Kristen Newbury	59208bdb85	Update JCA model to use shared lib	2025-02-10 12:22:22 -05:00
Kristen Newbury	6005437001	Update JCA model with flow to call as AESuse and format JCA model	2025-02-10 11:26:48 -05:00
Kristen Newbury	60d931af9f	Update progress on JCA	2025-02-07 15:46:13 -05:00
Jami Cogswell	d21c8d789b	Java: restrict sink to first arg of two-arg constructor call	2025-02-05 21:19:59 -05:00
Kristen Newbury	efcf7eab0c	Add broken crypto query	2025-02-05 17:24:25 -05:00
Jami Cogswell	bd47dcc87d	Java: check first arg for taint	2025-02-05 16:56:16 -05:00
Jami Cogswell	e8724ab220	Java: sanitize constructor call instead and update test cases	2025-02-05 15:46:10 -05:00
Kristen Newbury	86e51dad8a	Improve JCA aes alg model, add test	2025-02-05 13:39:48 -05:00
Jami Cogswell	4a4585a526	Java: move comment	2025-02-05 11:36:58 -05:00
Jami Cogswell	60cc16cc0e	Java: change note	2025-02-04 17:51:34 -05:00
Jami Cogswell	59d454771d	Java: add FileConstructorSanitizer and tests	2025-02-04 17:51:23 -05:00
Kristen Newbury	5f355c7f55	Add first sample JCA encryption model	2025-02-04 11:55:09 -05:00
github-actions[bot]	f1b05a79a4	Post-release preparation for codeql-cli-2.20.4	2025-02-04 09:25:09 +00:00
Arthur Baars	dd34690c17	Merge branch 'codeql-cli-2.20.4' into release-prep/2.20.4	2025-02-03 18:37:16 +01:00
github-actions[bot]	573e53e454	Release preparation for version 2.20.4	2025-02-03 15:19:35 +00:00
Jonas Jensen	0584aee72a	Merge pull request #18636 from jbj/diff-informed-java-location-fixups Java: make diff-informed queries exact	2025-02-03 15:22:43 +01:00
Jonas Jensen	7ad6f13bf5	Java: adjust CommandLineQuery locations It turns out these locations need to be precise.	2025-01-31 11:37:16 +01:00
Jami Cogswell	530103e2d9	Java: narrow query remove PUT and DELETE from StaplerCsrfUnprotectedMethod remove OPTIONS and TRACE from SpringCsrfUnprotectedMethod	2025-01-30 10:14:31 -05:00
Jami Cogswell	f3721ebccf	Java: refactor unprotectedDatabaseUpdate	2025-01-30 10:14:26 -05:00

1 2 3 4 5 ...

4304 Commits