hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
79,000 Commits 1,672 Branches 157 Tags
codeql-cli-2.21.3
Commit Graph

4304 Commits

Author SHA1 Message Date
Owen Mansel-Chan
e0f7437d40 Sync dataflow library 2023-06-14 14:29:56 +01:00
Tony Torralba
7c4cdbf0d6 Remove badly generated models 2023-06-14 14:20:16 +02:00
Jami
35591113c2 Merge branch 'main' into jcogs33/shared-sink-kind-validation 2023-06-14 08:06:34 -04:00
Michael Nebel
afec9b05e9 Merge pull request #13147 from michaelnebel/csharp/entityframeworkrefactor 
C#: Use synthetic global in the EntityFramework code instead of jump steps.
 2023-06-14 13:47:56 +02:00
Tony Torralba
5e3d9d8136 Java: Model the Stapler framework 2023-06-14 12:34:52 +02:00
Tony Torralba
182513a981 Merge pull request #13235 from atorralba/atorralba/java/hudson-models 
Java: Add Hudson models
 2023-06-14 12:33:18 +02:00
Taus
e5b17af9b5 Java: Fix bad tool output 2023-06-14 12:16:44 +02:00
Tony Torralba
8bafc22add Replace open-url sink kinds with request-forgery 2023-06-14 09:59:59 +02:00
Tony Torralba
73d2ab7d66 Add change note 2023-06-14 09:58:30 +02:00
Tony Torralba
686c35e210 Add autogenerated models 2023-06-14 09:58:30 +02:00
Taus
b860b21ced Update MaD Declarations after Triage 2023-06-13 16:50:58 +02:00
Anders Schack-Mulligen
2d616d494e C#/Ruby: Add fields as per review comments. 2023-06-13 11:26:30 +02:00
Tony Torralba
ffe67689ec Merge branch 'main' into atorralba/java/command-injection-mad-sinks 2023-06-13 09:27:33 +02:00
Tony Torralba
29d4b6fadc Re-add public classes that shouldn't be removed yet 2023-06-13 09:24:27 +02:00
Tony Torralba
2fd2c434f2 Apply suggestions from code review 
Co-authored-by: Jami <57204504+jcogs33@users.noreply.github.com>
 2023-06-13 09:24:15 +02:00
Jami Cogswell
9abe3e3da4 Shared: use a module as input to 'KindValidation' 2023-06-09 14:35:37 -04:00
Anders Schack-Mulligen
97b2bdaa9f Java: Fix types of summary parameter nodes. 2023-06-09 15:39:28 +02:00
Anders Schack-Mulligen
254d60c826 Dataflow: Refactor FlowSummaryImpl to synthesize nodes independently from DataFlow::Node. 2023-06-09 15:27:17 +02:00
Anders Schack-Mulligen
59636c43ca Dataflow: Rename two private predicates. 2023-06-09 15:27:17 +02:00
Stephan Brandauer
1ae2fee309 Java: Update java/ql/lib/ext/okhttp3.model.yml 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2023-06-09 13:48:16 +02:00
Stephan Brandauer
44785b72ce Java: Update java/ql/lib/ext/okhttp3.model.yml 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2023-06-09 13:46:09 +02:00
Anders Schack-Mulligen
1b7bbf6320 Merge pull request #13083 from aschackmull/dataflow/typestrengthen 
Dataflow: Strengthen tracked types.
 2023-06-09 13:23:30 +02:00
Anders Schack-Mulligen
44b09507ab Merge pull request #13408 from aschackmull/java/loginjection-perf 
Java: Add more negation context to reduce string ops and improve perf.
 2023-06-09 08:44:27 +02:00
Anders Schack-Mulligen
68f1e40370 Java/C#: Add change notes. 2023-06-09 08:37:36 +02:00
Anders Schack-Mulligen
d230509905 Dataflow: Address review comments. 2023-06-09 08:37:36 +02:00
Anders Schack-Mulligen
4399138c82 Dataflow: Fix QL4QL alert. 2023-06-09 08:37:36 +02:00
Anders Schack-Mulligen
8a584b78ac Dataflow: Enable type strengthening in partial flow. 2023-06-09 08:37:36 +02:00
Anders Schack-Mulligen
441ccef6c4 Dataflow: Bugfix, use arg type rather than strengthened param type. 2023-06-09 08:37:36 +02:00
Anders Schack-Mulligen
a0a9d30286 Java: Fix qltests. 2023-06-09 08:37:35 +02:00
Anders Schack-Mulligen
4633abe19e Java: Autoformat 2023-06-09 08:37:35 +02:00
Anders Schack-Mulligen
ad461a87b4 Dataflow: Strengthen tracked types. 2023-06-09 08:37:35 +02:00
Anders Schack-Mulligen
1d87f0793b Dataflow: Minor refactor. 2023-06-09 08:37:35 +02:00
Jami Cogswell
da58b2afc8 Shared: move shared file to 'shared' folder and add parameterized module for 'getInvalidModelKind' 2023-06-08 20:05:27 -04:00
Jeroen Ketema
bff11c3d23 Apply suggestions from code review 2023-06-08 22:33:50 +02:00
github-actions[bot]
e4be303a23 Release preparation for version 2.13.4 2023-06-08 19:57:37 +00:00
Tony Torralba
abb775c616 Merge pull request #13409 from atorralba/atorralba/java/fix-gson-models 
Java: Fix more problems in the Gson models
 2023-06-08 17:36:40 +02:00
Tony Torralba
0e242cba7e Update java/ql/lib/ext/retrofit2.model.yml 2023-06-08 14:59:10 +02:00
Tony Torralba
4608481d7b Java: Fix more problems in the Gson models 
Found during type strengthening work by @aschackmull
 2023-06-08 14:53:09 +02:00
Anders Schack-Mulligen
5a2ac1b5ca Java: Add more negation context to reduce string ops and improve perf. 2023-06-08 14:04:57 +02:00
Anders Schack-Mulligen
dabb4dd643 Java: Improve join-order for FunctionalInterface. 2023-06-08 13:02:54 +02:00
Stephan Brandauer
8f697ac1ee Java: fix broken MaD export format 2023-06-08 12:02:50 +02:00
Stephan Brandauer
c6f10519fa Merge branch 'main' into java/update-mad-decls-after-triage-2023-06-08T08-51-47 2023-06-08 12:00:07 +02:00
Anders Schack-Mulligen
cc45db7c76 Merge pull request #13394 from atorralba/atorralba/java/fix-gson-jsonarray-models 
Java: Fix Gson's JsonArray.add models
 2023-06-08 11:05:40 +02:00
Stephan Brandauer
bda938c544 Update MaD Declarations after Triage 2023-06-08 10:51:48 +02:00
Tony Torralba
c0135673fa Fix JsonArray.addAll model 
Properly test JsonArray.add(String) and JsonArray.addAll(JsonArray) as well
 2023-06-07 16:18:32 +02:00
Tony Torralba
6d7234f8ed Merge pull request #13225 from atorralba/atorralba/java/path-injection-mad-sinks-2 
Java: Migrate path injection sinks to models-as-data (simplified)
 2023-06-07 14:27:36 +02:00
Tony Torralba
35b4c438ff Fix Gson's JsonArray.add models 
When the type of the argument isn't JsonElement, the summary must be taint flow instead of value flow
 2023-06-07 14:12:20 +02:00
Erik Krogh Kristensen
6ba7f9a238 Merge pull request #13352 from erik-krogh/once-again-deps-not-py-cpp 
delete old deprecations
 2023-06-07 13:00:57 +02:00
Tony Torralba
46b30453e3 Merge pull request #13386 from github/java/update-mad-decls-after-triage-2023-06-06T14-38-29 
Java: Update MaD Declarations after Triage
 2023-06-07 12:33:26 +02:00
Tony Torralba
27763d6bbe Improve ZipSlip exclusion to take varargs into account 2023-06-07 09:25:56 +02:00