hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
79,688 Commits 1,671 Branches 157 Tags
codeql-cli-2.22.0
Commit Graph

4333 Commits

Author SHA1 Message Date
Owen Mansel-Chan
9c82966022 Move detection of Android app to one place 2024-07-05 23:47:56 +01:00
Ian Lynagh
ea16f72c6f Java: Add changenote for dropping $SEMMLE_DIST support 2024-07-03 17:12:04 +01:00
Tom Hvitved
4ae8720930 SSA: Add BasicBlock.{getNode/1,length/0} to the input signature 2024-07-03 11:32:35 +02:00
am0o0
7e5f2e2a48 experimentalSinkModel to sinkModel, remove one path injection sink that already exist before 2024-07-03 08:55:12 +02:00
Arthur Baars
b12b33c8f9 Merge remote-tracking branch 'upstream/main' into 'rc/3.14' 2024-06-28 19:50:35 +02:00
Jami Cogswell
85a1e1a972 Java: update change note date 2024-06-27 22:11:01 -04:00
Chris Smowton
567ba9f9c3 Change note 2024-06-27 09:57:30 +01:00
Jami
901245ae3d Merge branch 'main' into jcogs33/unsafe-url-forward-promotion-resource-and-file-methods 2024-06-26 21:57:07 -04:00
github-actions[bot]
fd385736e6 Post-release preparation for codeql-cli-2.17.6 2024-06-25 06:39:45 +00:00
Owen Mansel-Chan
9e25279cb8 Change category in change note to "majorAnalysis" 2024-06-24 21:23:51 +01:00
Owen Mansel-Chan
059ef42f41 Add change note 2024-06-24 21:23:49 +01:00
Owen Mansel-Chan
91db2b6c9c Make new threat model kind "reverse-dns" 2024-06-24 21:23:46 +01:00
github-actions[bot]
e32a587078 Release preparation for version 2.17.6 2024-06-24 14:33:10 +00:00
Anders Schack-Mulligen
8c23e21073 Dataflow: Cache compatibleTypes. 2024-06-24 13:35:48 +02:00
Michael Nebel
cd9d58fdc8 Merge pull request #16772 from michaelnebel/java/taintedpermissionthreatmodel 
Java: Opt-in `java/tainted-permissions-check` to threat models.
 2024-06-18 10:54:28 +02:00
Michael Nebel
197cdab43d Merge pull request #16752 from michaelnebel/shared/sourcesinkcallables 
C#/Java: Add some (shared) helper classes for Neutrals, Sources and Sink
 2024-06-17 14:58:27 +02:00
Anders Schack-Mulligen
96b6ddefe0 Merge pull request #16751 from aschackmull/java/sndlevelscope-fix 
Java: Calculate 2nd level scopes for implicit instance accesses.
 2024-06-17 13:10:46 +02:00
Michael Nebel
833b4f90bf Java: Make source and sink callable adapters. 2024-06-17 12:53:08 +02:00
Anders Schack-Mulligen
b8b95fd81d Java: Add change note. 2024-06-17 11:46:54 +02:00
Michael Nebel
327dab69d0 Java: Opt-in the tainted permissions check query to threat models. 2024-06-17 11:02:08 +02:00
Owen Mansel-Chan
6cfd9458b0 Add change note 2024-06-14 14:05:25 +01:00
Owen Mansel-Chan
7a13c31021 Exclude loopback address from reverse DNS source 2024-06-14 14:05:01 +01:00
Paolo Tranquilli
f9db7864e1 Change note: reword 2024-06-13 18:04:23 +02:00
Paolo Tranquilli
0198806658 Merge branch 'main' into redsun82/kotlin 2024-06-13 16:29:13 +02:00
Anders Schack-Mulligen
b47831af14 Java: Calculate 2nd level scopes for implicit instance accesses. 2024-06-13 13:57:18 +02:00
Paolo Tranquilli
11c37734c3 Kotlin: add change note for having fixed kotlin QL tests in release 2024-06-13 09:49:39 +02:00
Mathias Vorreiter Pedersen
67b327a0f7 Merge pull request #16725 from MathiasVP/rc-3.14-mergeback 
Mergeback from `rc/3.14`
 2024-06-11 17:37:40 +01:00
Mathias Vorreiter Pedersen
3351b9547d Merge branch 'rc/3.14' into rc-3.14-mergeback 2024-06-11 16:21:08 +01:00
Mauro Baluda
29e3816412 Apply suggestions from code review 
Address reviewiew comments

Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2024-06-11 12:05:14 +02:00
Mauro Baluda
e9dba59f11 Merge branch 'main' into main 2024-06-10 19:57:00 +02:00
github-actions[bot]
8a25081a0e Post-release preparation for codeql-cli-2.17.5 2024-06-10 15:33:08 +00:00
Tony Torralba
7336dd1ae5 Merge pull request #16482 from grakshith/rakshith/tune-java-crypto 
Java: Add RSA/ECB/OEAP ciphers to the list of secure algorithms
 2024-06-10 17:27:35 +02:00
github-actions[bot]
877bfa2468 Release preparation for version 2.17.5 2024-06-10 13:40:39 +00:00
Mauro Baluda
1d44f45be2 Update org.apache.commons.io.model.yml 2024-06-10 12:03:57 +02:00
Mauro Baluda
71505f4003 Added more org.apache.commons.io.FileUtils-related sinks to the path injection query. 2024-06-10 11:29:51 +02:00
am0o0
412472e9a4 add zip4j 2024-06-08 01:14:04 +02:00
am0o0
ceea475c45 add new s3 and spring IO path injection sinks 2024-06-08 01:04:20 +02:00
Anders Schack-Mulligen
4ec4da4c8c Dataflow/Java: Add support for pretty-printed provenace in tests. Convert one test. 2024-06-07 11:45:13 +02:00
Owen Mansel-Chan
ef2f01613c Merge pull request #16676 from owen-mc/qldoc-external-flow 
C/C#/Java/Swift: Cover all params in QLDoc of `modelCoverage`
 2024-06-05 16:53:27 +01:00
Chris Smowton
79ae522349 Add change note documenting ECJ improvements 2024-06-05 15:12:33 +01:00
Rakshith Gopalakrishna
65af2556ed fix: remove rsa/ecb/* from getASecureAlgorithmName 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2024-06-04 11:20:05 -07:00
Rakshith Gopala krishna
97f9a882c6 fix: address PR comments 2024-06-04 11:20:05 -07:00
Rakshith Gopala krishna
80bf7cdb52 fix: remove the pkcs1 scheme 2024-06-04 11:20:05 -07:00
Rakshith Gopala krishna
dd223ed704 feat: add rsa/ecb/... variants to the list of secure algorithms 2024-06-04 11:20:05 -07:00
Owen Mansel-Chan
3fb5ad2a0d Cover all params in QLDoc of modelCoverage 2024-06-04 17:06:00 +01:00
Tony Torralba
f16dd8c010 Apply code review suggestions. 2024-06-04 10:35:11 +02:00
Tony Torralba
f84c2a842d Java: Add more File-related sinks for path-injection 2024-06-04 10:35:07 +02:00
Anders Schack-Mulligen
06ce40c687 Merge pull request #16561 from aschackmull/java/typeflow-effectively-private 
Java: Improve dispatch through TypeFlow of effectively private calls.
 2024-05-31 15:11:18 +02:00
Mauro Baluda
bbe888c2b3 Update SpringCsrfProtection.qll 2024-05-30 23:13:08 +02:00
Mauro Baluda
e2479a7ce2 Disable csrf for ServerHttpSecurity 2024-05-30 23:08:57 +02:00