13261 Commits

Author	SHA1	Message	Date
Henry Mercer	1a370bfbbe	Merge pull request #14443 from github/post-release-prep/codeql-cli-2.15.0 ... Post-release preparation for codeql-cli-2.15.0	2023-10-11 17:39:04 +01:00
github-actions[bot]	ae6af17c74	Post-release preparation for codeql-cli-2.15.0	2023-10-11 14:19:20 +00:00
Jean Helie	6260768e6a	update query message to incoude extensibleType	2023-10-11 14:02:24 +02:00
Jean Helie	c41676a21a	update query message to incoude extensibleType	2023-10-11 14:02:12 +02:00
Eric Bickle	7a4382fb69	Merge branch 'main' into fix/thread-resource-arithmetic	2023-10-10 09:38:16 -07:00
Eric Bickle	80c8259e34	Remove unnecessary AdditionalValueStep check	2023-10-10 09:35:45 -07:00
Michael Nebel	5c44f8bbad	Merge pull request #14370 from michaelnebel/java/enablethreatmodels ... Java: Enable threat models for most Java queries.	2023-10-10 09:25:47 +02:00
Erik Krogh Kristensen	4489e2bf28	Merge pull request #14403 from erik-krogh/dDEps ... All: delete outdated deprecations	2023-10-09 21:04:55 +02:00
Michael Nebel	cf3a62d201	Java: Address review comments.	2023-10-09 13:06:59 +02:00
Anders Schack-Mulligen	4a0ab4a050	Merge pull request #14402 from Marcono1234/marcono1234/MemberRefExpr-getReceiverExpr ... Java: Add predicate `MemberRefExpr::getReceiverExpr`	2023-10-09 13:01:36 +02:00
Anders Schack-Mulligen	8c6a1be070	Merge pull request #14401 from Marcono1234/marcono1234/ClassInstanceExpr-type-argument-doc ... Java: Adjust `ClassInstanceExpr` type argument predicates docs	2023-10-09 13:01:18 +02:00
erik-krogh	a7ab9fd93b	add change-notes	2023-10-09 09:43:06 +02:00
erik-krogh	e3e8f3d7c4	Java: delete various outdated deprecations	2023-10-09 09:14:54 +02:00
erik-krogh	0d992a3d1f	delete old deprecated aliases of various regex libraries	2023-10-09 09:14:54 +02:00
github-actions[bot]	7c332a31a8	Add changed framework coverage reports	2023-10-09 00:16:19 +00:00
erik-krogh	4bc4e0845d	delete the deprecated isBarrierGuard predicate from the shared dataflow library, and its uses	2023-10-07 21:48:49 +02:00
Marcono1234	f3e5045259	Java: Add predicate MemberRefExpr::getReceiverExpr	2023-10-07 14:53:07 +02:00
Marcono1234	2c0dcd3a2d	Java: Adjust ClassInstanceExpr type argument predicates docs ... The type arguments which these predicates have as result are for the type of the created instance. Previously the documentation said "provided to the constructor", which is misleading / incorrect. Type arguments provided to the constructor are specified directly after the `new` keyword: ``` class C { <T> C() { } } new <String> C(); ``` And those are not part of the results of these predicates.	2023-10-07 03:43:58 +02:00
Eric Bickle	4dca396106	Add change notes for ThreadResourceAbuse ArithExpr fix	2023-10-06 14:31:37 -07:00
Eric Bickle	000c1f7ec8	Java: Flow taint through ArithExpr for ThreadResourceAbuse ... Ensure that tainted values flow through arithmetic operations when checking for ThreadResourceAbuse vulnerabilities. For example, multiplying 'number of seconds' by 1000 as an input to Thread.Sleep, which accepts milliseconds, is a common scenario.	2023-10-06 14:24:37 -07:00
Ian Lynagh	d34b85cf03	Kotlin: Remove 1.4 compatibility ... We now only build with >= 1.5	2023-10-06 15:17:32 +01:00
Michael Nebel	dca39348ab	Java: Add change note.	2023-10-06 15:09:16 +02:00
Michael Nebel	fb10af9042	Jave: Remove the local threat model from the default configuration.	2023-10-06 14:58:48 +02:00
Cornelius Riemenschneider	d3a1dbc0c7	Merge pull request #14381 from github/criemen/add-bazel-dbschemes ... Add skeleton bazel files for accessing the dbschemes.	2023-10-05 16:53:45 +02:00
Michael Nebel	96f93cefba	UNDO AGAIN: Add local threat models.	2023-10-05 16:16:00 +02:00
Ian Lynagh	e124a70380	Merge pull request #14378 from igfoo/igfoo/compr ... Kotlin: Some compression simplification	2023-10-05 13:16:00 +01:00
Ian Lynagh	0cf309b64e	Merge pull request #14369 from igfoo/igfoo/remove_unused ... Kotlin: Remove some unused code	2023-10-05 13:15:20 +01:00
Chris Smowton	399fab0c6c	Merge pull request #14322 from smowton/smowton/admin/add-buildless-diagnostic-expectations ... Add Java buildless diagnostic expectations	2023-10-05 09:02:02 +01:00
Cornelius Riemenschneider	96edc1d349	Add skeleton bazel files for accessing the dbschemes.	2023-10-05 09:00:38 +02:00
Ian Lynagh	4d3863461e	Kotlin: Determine our compression method later ... This way, we already have a logger at the point that we want to log a warning.	2023-10-04 18:32:12 +01:00
Ian Lynagh	cc63bb55c2	Kotlin: Change how we handle not supporting Brotli ... This removes the potential for impossible cases.	2023-10-04 18:32:11 +01:00
Edward Minnix III	8e653d01a8	Merge pull request #14127 from egregius313/egregius313/java/mad/localuserinput ... Java: Convert implementations of `LocalUserInput` to Models-as-Data	2023-10-04 12:55:44 -04:00
Ed Minnix	e2a14c7616	Add note about results to change note	2023-10-04 11:08:40 -04:00
github-actions[bot]	9fe993bec3	Release preparation for version 2.15.0	2023-10-04 14:15:27 +00:00
Michael Nebel	40e63a63e2	Java: Re-factor most queries and tests to use threat models.	2023-10-04 14:01:58 +02:00
Ian Lynagh	ec3f08037c	Kotlin: Remove some unused code	2023-10-04 11:15:47 +01:00
Michael Nebel	f0fb065446	Java: Opt-in the SQL injection query to use threat model flow sources.	2023-10-04 10:51:07 +02:00
Michael Nebel	5fd6dc3b87	Java: Opt-in the XSS query to use threat model flow sources.	2023-10-04 10:48:09 +02:00
Ed Minnix	581d410304	Add change note	2023-10-03 22:29:00 -04:00
Edward Minnix III	a1d3667f1c	Refactor Hudson file methods to MaD	2023-10-03 22:28:59 -04:00
Edward Minnix III	3a75c0fde7	Refactor DatabaseInput to MaD	2023-10-03 22:28:59 -04:00
Edward Minnix III	655470f3da	Refactor EnvInput to MaD	2023-10-03 22:28:47 -04:00
Henry Mercer	da92da2204	Bump minor versions of packs we regularly release	2023-10-03 16:31:23 +01:00
Henry Mercer	f3847b3f51	Merge branch 'main' into henrymercer/rc-3.11-mergeback	2023-10-03 16:30:23 +01:00
Michael Nebel	8224f172b2	Merge pull request #14257 from michaelnebel/java/threatmodelsources ... Java: Introduce a class of dataflow nodes for the threat modeling.	2023-10-03 16:10:49 +02:00
Ian Lynagh	c365f459fd	Merge pull request #14355 from igfoo/igfoo/lang-vers ... Kotlin: Specify language version when compiling for old compilers	2023-10-03 11:33:23 +01:00
Michael Nebel	fcbd301de8	Java: Address review comments.	2023-10-03 10:36:45 +02:00
Michael Nebel	5b949b19f7	Java: Cleanup threat model taxanomy to align with the EDR.	2023-10-03 09:16:39 +02:00
Michael Nebel	5c700afa27	Java: Add some threat model dataflow tests.	2023-10-03 09:16:39 +02:00
Michael Nebel	537965c0e8	Java: Add some testfiles.	2023-10-03 09:16:39 +02:00