hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
80,404 Commits 1,671 Branches 157 Tags
codeql-cli-2.22.1
Commit Graph

13301 Commits

Author SHA1 Message Date
REDMOND\brodes
076f53147d Proof-of-concept query for InsecureOrUnknownNonceAtOperation 2025-03-03 13:53:16 -05:00
github-actions[bot]
58f355ae5a Post-release preparation for codeql-cli-2.20.6 2025-03-03 18:18:15 +00:00
Nicolas Will
627790f98b Clean up consumer and instance interfaces 2025-03-03 19:06:53 +01:00
github-actions[bot]
fa850cccb1 Release preparation for version 2.20.6 2025-03-03 17:13:19 +00:00
Lukas Abfalterer
a3749530d6 The query should only report cases when the method is not empty. 2025-03-03 10:20:46 +01:00
Jami Cogswell
b0b95965f6 Java: add change note 2025-03-02 17:13:37 -05:00
Jami Cogswell
fbf7513f37 Java: handle lock state check stored in variable 2025-03-02 17:01:18 -05:00
Nicolas Will
cf33cf7653 Add input and output nodes and fix cross product 2025-02-28 15:21:46 +01:00
Chris Smowton
79e581f555 Change note 2025-02-28 11:23:10 +00:00
Chris Smowton
1577b40b45 Accept test changes 2025-02-28 11:23:07 +00:00
Chris Smowton
178e90c2f1 Update test expectations for JDK24 upgrade 2025-02-28 11:23:06 +00:00
Nicolas Will
0354afc365 Make ArtifactConsumers instances of some Artifacts 
TODO: refactor the interfaces
 2025-02-27 15:54:38 +01:00
Nicolas Will
04f4683399 Rewrite handling of known unknowns and data-flow 2025-02-27 05:42:02 +01:00
Alex Eyers-Taylor
5e3ccc0cca Java: Simplify interpretOutput 2025-02-26 18:20:46 +00:00
Nicolas Will
f55f27b0d9 Expand handling of generic artifact sources 2025-02-25 18:22:38 +01:00
Anders Schack-Mulligen
994a8eea39 Merge pull request #18857 from aschackmull/ssa/refactor-df-integr 
Ssa: Refactor the data flow integration module
 2025-02-25 15:04:11 +01:00
Anders Schack-Mulligen
2c3b48946d Merge pull request #18824 from aschackmull/java/basessa 
Java: Switch BaseSSA to use shared SSA lib.
 2025-02-25 14:23:46 +01:00
Jonas Jensen
2edc9af1e0 Merge pull request #18848 from jbj/StaticInitializationVector-postprocess 
Java: StaticInitializationVector with postprocess
 2025-02-25 12:44:16 +01:00
Nicolas Will
eb91ecf1fb Add generic artifact data-flow 
The relation between RNG and other artifacts has been added
Nonce has been completed to report its source
 2025-02-25 02:53:13 +01:00
Owen Mansel-Chan
74a249597a Merge pull request #18607 from owen-mc/java/xss-content-type-sanitizer 
Java: Add XSS Sanitizer for `HttpServletResponse.setContentType` with safe values
 2025-02-24 23:39:18 +00:00
Jami Cogswell
c2e859c756 Java: add change note 2025-02-24 18:33:45 -05:00
Jami Cogswell
26e396732a Java: edit qhelp 2025-02-24 18:33:43 -05:00
Jami Cogswell
53cb30dcd0 Java: update metadata, move from CWE-016 to CWE-200 2025-02-24 18:33:41 -05:00
Jami Cogswell
6fe7c7a233 Java: some refactoring 2025-02-24 18:33:29 -05:00
Jami Cogswell
f65a5b9a66 Java: add test for qhelp good example 2025-02-24 18:27:45 -05:00
Jami Cogswell
9e51b014d2 Java: handle example in Spring docs 2025-02-24 18:27:43 -05:00
Jami Cogswell
b2469ff8ba Java: add APIs and tests for more recent Spring versions: authorizeHttpRequests, AuthorizeHttpRequestsConfigurer, securityMatcher(s) 2025-02-24 18:26:02 -05:00
Jami Cogswell
8dfb920e05 Java: refactor QL, move code to libraries 2025-02-24 18:24:48 -05:00
Jami Cogswell
8064e8f1f9 Java: convert tests to inline expectations 2025-02-24 18:24:26 -05:00
Jami Cogswell
5e5bc2afe9 Java: remove experimental files 2025-02-24 18:24:19 -05:00
Jami Cogswell
089a491d5a Java: fix tests; update for non-experimental directory 2025-02-24 18:24:17 -05:00
Jami Cogswell
978834bd9c Java: remove deprecations 2025-02-24 18:24:14 -05:00
Jami Cogswell
2ce5920c5e Java: copy out of experimental 2025-02-24 18:24:12 -05:00
Nicolas Will
2b0b927b0b Add Nonce association to Operation, update graph 2025-02-24 17:37:41 +01:00
Anders Schack-Mulligen
db7ec4a781 Java: Remove getDefinitionExt reference 2025-02-24 13:50:08 +01:00
Jonas Jensen
11a0a9f8af Java: StaticInitializationVector with postprocess 
Use the new `postprocess` feature for the test of
`StaticInitializationVector.ql`. This makes it easier to modify and test
this query for diff-informed operation.
 2025-02-24 13:33:02 +01:00
REDMOND\brodes
86cab46b8d Misc. updates to support all JCA cipher operations, including wrap, unwrap and doFinal calls. Corrected pathing for init tracing to detect what mode is being set along a path. Added support for tracing the init operation mode argument to source. Since this involved creating an Operation Mode, changes were also made to make cipher block modes (CBC) more explicit (previously just called mode, but now that term is used for various purposes). 2025-02-21 12:53:35 -05:00
Chris Smowton
32e4c741cc Merge pull request #18554 from smowton/smowton/admin/test-gbk-xml-extraction 
Java: Add tests for XML and Java extraction with GBK charset
 2025-02-21 17:27:32 +00:00
Anders Schack-Mulligen
6932e000c6 Java: Switch BaseSSA to use shared SSA lib. 2025-02-21 08:57:23 +01:00
Anders Schack-Mulligen
1c616d10d4 Merge pull request #18819 from aschackmull/ssa/refactor-phiread3 
Ssa: Refactor shared SSA in preparation for eliminating phi-read definitions
 2025-02-21 08:56:38 +01:00
REDMOND\brodes
9ac9252f75 Adding a todo 2025-02-20 11:11:41 -05:00
REDMOND\brodes
011ed3fbfd Simplifying additional flow step logic. 2025-02-20 11:10:24 -05:00
REDMOND\brodes
9ee4a7a7b8 Adding a sketch for a CipherOperation concept to model encryption/decryption operations. 2025-02-20 10:37:40 -05:00
Chris Smowton
9162ce7d73 Add test for extraction of a Java file with a non-UTF-8 charset 2025-02-20 12:31:36 +00:00
Chris Smowton
be6162edc0 Add test for XML extraction with GBK charset 2025-02-20 12:31:36 +00:00
Jami
485ee5c5ed Merge pull request #18692 from jcogs33/jcogs33/spring-csrf-qhelp-update 
Java: update `java/spring-disabled-csrf-protection` QHelp
 2025-02-19 11:39:11 -05:00
Anders Schack-Mulligen
291ea6f6eb Java: Move SSA data flow test and extend it to cover phi-read input edges. 2025-02-19 16:17:22 +01:00
Anders Schack-Mulligen
5379506464 Java: Use firstUse and adjacentUseUse predicates. 2025-02-19 16:17:22 +01:00
github-actions[bot]
ce234bb2c6 Add changed framework coverage reports 2025-02-19 14:09:10 +00:00
REDMOND\brodes
3871c6a33e Adding support for encryption operation detection. 2025-02-18 16:09:00 -05:00