hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
79,688 Commits 1,671 Branches 157 Tags
codeql-cli-2.22.0
Commit Graph

13266 Commits

Author SHA1 Message Date
Jonas Jensen
11a0a9f8af Java: StaticInitializationVector with postprocess 
Use the new `postprocess` feature for the test of
`StaticInitializationVector.ql`. This makes it easier to modify and test
this query for diff-informed operation.
 2025-02-24 13:33:02 +01:00
REDMOND\brodes
86cab46b8d Misc. updates to support all JCA cipher operations, including wrap, unwrap and doFinal calls. Corrected pathing for init tracing to detect what mode is being set along a path. Added support for tracing the init operation mode argument to source. Since this involved creating an Operation Mode, changes were also made to make cipher block modes (CBC) more explicit (previously just called mode, but now that term is used for various purposes). 2025-02-21 12:53:35 -05:00
Chris Smowton
32e4c741cc Merge pull request #18554 from smowton/smowton/admin/test-gbk-xml-extraction 
Java: Add tests for XML and Java extraction with GBK charset
 2025-02-21 17:27:32 +00:00
Anders Schack-Mulligen
6932e000c6 Java: Switch BaseSSA to use shared SSA lib. 2025-02-21 08:57:23 +01:00
Anders Schack-Mulligen
1c616d10d4 Merge pull request #18819 from aschackmull/ssa/refactor-phiread3 
Ssa: Refactor shared SSA in preparation for eliminating phi-read definitions
 2025-02-21 08:56:38 +01:00
REDMOND\brodes
9ac9252f75 Adding a todo 2025-02-20 11:11:41 -05:00
REDMOND\brodes
011ed3fbfd Simplifying additional flow step logic. 2025-02-20 11:10:24 -05:00
REDMOND\brodes
9ee4a7a7b8 Adding a sketch for a CipherOperation concept to model encryption/decryption operations. 2025-02-20 10:37:40 -05:00
Chris Smowton
9162ce7d73 Add test for extraction of a Java file with a non-UTF-8 charset 2025-02-20 12:31:36 +00:00
Chris Smowton
be6162edc0 Add test for XML extraction with GBK charset 2025-02-20 12:31:36 +00:00
Jami
485ee5c5ed Merge pull request #18692 from jcogs33/jcogs33/spring-csrf-qhelp-update 
Java: update `java/spring-disabled-csrf-protection` QHelp
 2025-02-19 11:39:11 -05:00
Anders Schack-Mulligen
291ea6f6eb Java: Move SSA data flow test and extend it to cover phi-read input edges. 2025-02-19 16:17:22 +01:00
Anders Schack-Mulligen
5379506464 Java: Use firstUse and adjacentUseUse predicates. 2025-02-19 16:17:22 +01:00
github-actions[bot]
ce234bb2c6 Add changed framework coverage reports 2025-02-19 14:09:10 +00:00
REDMOND\brodes
3871c6a33e Adding support for encryption operation detection. 2025-02-18 16:09:00 -05:00
Remco Vermeulen
2d991fc387 Updata Java CCR suite 2025-02-18 20:25:22 +00:00
Nicolas Will
8707e4d9a3 Continue Artifact data-flow WIP 2025-02-18 18:35:49 +01:00
Anders Schack-Mulligen
194afbb7f8 Java: Simplify SSA for variable capture. 2025-02-18 14:01:20 +01:00
Jami
d94dc5aa40 Merge pull request #18504 from jcogs33/jcogs33/java/file-constructor-path-sanitizer 
Java: `File` constructor path sanitizer
 2025-02-18 08:00:32 -05:00
Jami Cogswell
9bb5fe837d Java: address review comments 2025-02-17 15:47:45 -05:00
github-actions[bot]
ad24f94a77 Post-release preparation for codeql-cli-2.20.5 2025-02-17 17:58:24 +00:00
github-actions[bot]
6f4562f3bd Release preparation for version 2.20.5 2025-02-17 16:55:54 +00:00
Nicolas Will
df01fa7a9c Expand model and JCA modeling 2025-02-17 00:16:08 +01:00
Nicolas Will
b777a22d35 Expand model and specialize newtype relations 2025-02-14 23:43:07 +01:00
Jami Cogswell
61a184c1d7 Java: update more tests 2025-02-14 16:08:06 -05:00
Jami Cogswell
2bb6a3914b Java: update tests 2025-02-14 15:16:08 -05:00
Jami Cogswell
c0ebeb9c7b Java: use AdditionalTaintStep 2025-02-14 13:52:43 -05:00
Owen Mansel-Chan
dd102c4cea Merge pull request #18645 from fabienpe/main 
Added missing "GOOD" and "BAD" to some examples
 2025-02-13 10:37:39 +00:00
Nicolas Will
874e3b5e06 Modify model to use newtypes, expand modeling 2025-02-12 17:58:15 +01:00
Jami
2a8cc00284 Merge pull request #18288 from jcogs33/jcogs33/csrf-unprotected-request-type 
Java: add CSRF query
 2025-02-11 15:32:56 -05:00
Nicolas Will
4d44755945 Refactor Model and CBOM print queries 2025-02-11 15:37:15 +01:00
Jonas Jensen
76440120d1 Merge pull request #18737 from jbj/NumericCastTaintedQuery-selectedLocation 
Java: precise diff-informed NumericCastTainted
 2025-02-11 15:33:28 +01:00
Jonas Jensen
71c078dbdd Java: precise diff-informed NumericCastTainted 
It was discovered by the upcoming support for exact locations matching
in diff-informed testing that this data-flow configuration did not
correspond exactly to the query.
 2025-02-11 13:49:15 +01:00
Tom Hvitved
e5e88435bc Java: Remove ExitBasicBlock from SsaInput 2025-02-11 10:07:18 +01:00
Tom Hvitved
6fbb1e2571 Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2025-02-11 10:06:50 +01:00
Anders Schack-Mulligen
e955f58eb1 Java: Bugfix for samevar in useReaches. 2025-02-11 10:06:49 +01:00
Anders Schack-Mulligen
ed284353ef Java: Bugfix for qualifier-of-qualifier update in hasExplicitQualifierUpdate. 2025-02-11 10:06:47 +01:00
Anders Schack-Mulligen
284e48cfbe Java: Fixup private 2025-02-11 10:06:45 +01:00
Tom Hvitved
75137a0f4c Java: Adopt shared SSA library 2025-02-11 10:06:43 +01:00
Kristen Newbury
1a12fb3099 Update JCA model, refactor modes 2025-02-10 13:49:32 -05:00
Kristen Newbury
59208bdb85 Update JCA model to use shared lib 2025-02-10 12:22:22 -05:00
Kristen Newbury
6005437001 Update JCA model with flow to call as AESuse and format JCA model 2025-02-10 11:26:48 -05:00
Kristen Newbury
60d931af9f Update progress on JCA 2025-02-07 15:46:13 -05:00
Tom Hvitved
614b3cea66 Merge pull request #18697 from hvitved/rust/telemetry 
Rust: Implement database quality telemetry query
 2025-02-07 17:43:23 +01:00
Ian Lynagh
05180376f2 Java: Update test output 2025-02-06 18:32:46 +00:00
Tom Hvitved
89502d63e5 Rust: Implement database quality telemetry query 2025-02-06 10:46:48 +01:00
Jami Cogswell
d21c8d789b Java: restrict sink to first arg of two-arg constructor call 2025-02-05 21:19:59 -05:00
Kristen Newbury
efcf7eab0c Add broken crypto query 2025-02-05 17:24:25 -05:00
Jami Cogswell
bd47dcc87d Java: check first arg for taint 2025-02-05 16:56:16 -05:00
Jami Cogswell
e8724ab220 Java: sanitize constructor call instead and update test cases 2025-02-05 15:46:10 -05:00