hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 03:06:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
79,688 Commits 1,672 Branches 157 Tags
codeql-cli-2.22.0
Commit Graph

4333 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
0addcfa7c5 Dataflow: Fix some perf issues. 2023-03-03 11:45:32 +01:00
erik-krogh
a928f4c9ef add change-notes 2023-03-03 09:23:10 +01:00
erik-krogh
f96d6accbb delete old deprecations 2023-03-03 09:23:02 +01:00
Anders Schack-Mulligen
b34f99f716 Dataflow: Add change notes. 2023-03-02 16:01:29 +01:00
Tony Torralba
59bd1e5ab1 Merge pull request #12228 from github/java/mad-decls-triage-request-2276 
Java: Update MaD sink decls after triage
 2023-03-01 17:08:38 +01:00
Tony Torralba
0439eb640d Add tests 2023-03-01 09:49:28 +01:00
Edward Minnix III
7f607fb46b Merge pull request #12032 from egregius313/egregius313/promote-hardcoded-jwt-credential 
Java: Promote Hardcoded JWT credential query
 2023-02-27 11:33:53 -05:00
Tony Torralba
db6cb1ffe3 Remove dubious model after investigating it 2023-02-27 14:57:56 +01:00
Ed Minnix
4aec708fac Add change note 2023-02-27 12:16:14 +01:00
Ed Minnix
3ff1a97e38 Add byte[] signatures 2023-02-27 12:16:14 +01:00
Ed Minnix
fa6ac063d1 Add com.auth0.jwt.algorithm.Algorithm sinks 
The HMAC* constructors of the com.auth0.jwt.algorithm.Algorithm class
take a secret as a parameter. Therefore, the arguments should be added
to be checked for hardcoded credentials.
 2023-02-27 12:16:14 +01:00
Tony Torralba
4a9f63ea1a Fix toASCIIString casing 2023-02-27 09:32:42 +01:00
Alvaro Muñoz
f393a3c549 Add toExternalForm 2023-02-24 18:50:31 +01:00
Alvaro Muñoz
f1d765aa27 Missing taintstep for java.net.URL.toURI() 2023-02-24 18:45:52 +01:00
intrigus-lgtm
540d3a3a99 Fix grammar 2023-02-22 00:42:50 +01:00
Anders Schack-Mulligen
acf6a77c6b Dataflow: Amend qldoc 2023-02-21 10:20:42 +01:00
Anders Schack-Mulligen
00a273b959 Java: Refactor data flow library. 2023-02-21 10:04:14 +01:00
Stephan Brandauer
7714acea82 delete a model that should pbly be a summary step 2023-02-20 15:44:58 +01:00
Michael Nebel
813ffa440c Java: Consider ai-generated flow summaries to as generated summaries in dataflow. 2023-02-20 12:11:48 +01:00
Michael Nebel
54c0404110 Java: Allow ai-generated as a provenance value. 2023-02-20 11:47:09 +01:00
Stephan Brandauer
cf5a651b1f use provenance ai-generated for triage data and use the read-file MaD label 2023-02-20 11:33:18 +01:00
Stephan Brandauer
8d7031c166 Update Java MaD sink decls after triage 
Triage request: 2276
 2023-02-20 11:33:18 +01:00
Nick Rolfe
cef6765890 Merge pull request #12221 from github/post-release-prep/codeql-cli-2.12.3 
Post-release preparation for codeql-cli-2.12.3
 2023-02-17 17:59:45 +00:00
Nick Rolfe
3e5534f0ba Merge branch 'main' into post-release-prep/codeql-cli-2.12.3 2023-02-17 14:39:26 +00:00
Chris Smowton
6fc5bdd871 Announce JDK20 support 2023-02-17 08:15:33 +00:00
github-actions[bot]
8eb8daa4d4 Post-release preparation for codeql-cli-2.12.3 2023-02-16 17:23:25 +00:00
github-actions[bot]
b0315119c6 Release preparation for version 2.12.3 2023-02-16 11:49:06 +00:00
Chad Bentz
f3124d3239 Merge branch 'main' into main 2023-02-15 18:46:15 -05:00
Chad Bentz
2f1bd93a49 change-notes for this minorAnalysis lib change 2023-02-15 18:40:40 -05:00
Chris Smowton
62d10f91d8 Improve join ordering 2023-02-14 17:21:24 +00:00
Chris Smowton
d5f7ef08b7 Update stats 2023-02-14 17:21:24 +00:00
Chris Smowton
82a2f4349a Resolve a newly-introduced ambiguity 
Also fix a simple redundancy noticed while debugging
 2023-02-14 17:21:24 +00:00
Chris Smowton
f48d87ba55 Add deletions for removed tables 2023-02-14 17:21:24 +00:00
Chris Smowton
3514dd1e4d Java: merge the @class and @interface database types and tables 
This will allow the extractor to emit class(id, ...) when all it knows about a class is its name, due to not having it available on the classpath. Previously it would have had to guess whether it belonged to @class or @interface, possibly introducing an inconsistency.
 2023-02-14 17:21:23 +00:00
Jami
029e1d47fe Merge pull request #12081 from jcogs33/jcogs33/update-some-Files-sinks 
Java: update `createTempDirectory` and `copy` "create-file" sinks
 2023-02-14 10:53:17 -05:00
Anders Schack-Mulligen
0600a2ba96 Merge pull request #12138 from aschackmull/java/gen-file-mark-perf 
Java: Improve performance of GeneratedFileMarker.
 2023-02-14 09:57:09 +01:00
Tony Torralba
935e22d10d Merge pull request #12139 from atorralba/atorralba/java/xxe-local-query 
Java: Add local version of the XXE query
 2023-02-14 09:54:36 +01:00
Chad Bentz
cfe169a4f9 Adding MSSQL to SensitiveAPI 2023-02-13 19:42:28 -05:00
Tony Torralba
1c57aa0456 Fix import locations 2023-02-13 17:13:01 +01:00
Jami Cogswell
1c3d4b98c8 Java: move change note 2023-02-13 09:15:31 -05:00
Anders Schack-Mulligen
e877b161d8 Merge pull request #12124 from hvitved/dataflow/stage1-dispatch 
Data flow: Call context virtual dispatch pruning in stage 1
 2023-02-13 13:13:43 +01:00
Tony Torralba
4fad01a739 Further refactoring 
Avoid having two taint tracking configurations in the same file
 2023-02-13 09:18:05 +01:00
Tony Torralba
f3e0b6e62c PathGraph shouldn't be imported in a QLL library 2023-02-13 09:18:05 +01:00
Tony Torralba
5555b5cd19 Add local version of the XXE query 2023-02-13 09:18:05 +01:00
Tom Hvitved
f7a5a33474 Address review comment 2023-02-13 09:01:15 +01:00
Jami Cogswell
ad8849c6b8 Java: fix typo 2023-02-12 16:33:26 -05:00
Jami Cogswell
c87c3e30c7 Java: update getInvalidModelKind with 'read-file' kind 2023-02-11 17:07:25 -05:00
Anders Schack-Mulligen
770f3c24bb Java: Improve performance of GeneratedFileMarker. 2023-02-09 15:08:32 +01:00
Ian Lynagh
844e372651 Kotlin: Add a changenote for 1.8.20 support 2023-02-08 11:35:23 +00:00
Tom Hvitved
8e8897b08b Data flow: Sync files 2023-02-07 15:15:04 +01:00