hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
80,404 Commits 1,671 Branches 157 Tags
codeql-cli-2.22.1
Commit Graph

13301 Commits

Author SHA1 Message Date
Remco Vermeulen
2d991fc387 Updata Java CCR suite 2025-02-18 20:25:22 +00:00
Nicolas Will
8707e4d9a3 Continue Artifact data-flow WIP 2025-02-18 18:35:49 +01:00
Anders Schack-Mulligen
194afbb7f8 Java: Simplify SSA for variable capture. 2025-02-18 14:01:20 +01:00
Jami
d94dc5aa40 Merge pull request #18504 from jcogs33/jcogs33/java/file-constructor-path-sanitizer 
Java: `File` constructor path sanitizer
 2025-02-18 08:00:32 -05:00
Jami Cogswell
9bb5fe837d Java: address review comments 2025-02-17 15:47:45 -05:00
github-actions[bot]
ad24f94a77 Post-release preparation for codeql-cli-2.20.5 2025-02-17 17:58:24 +00:00
github-actions[bot]
6f4562f3bd Release preparation for version 2.20.5 2025-02-17 16:55:54 +00:00
Nicolas Will
df01fa7a9c Expand model and JCA modeling 2025-02-17 00:16:08 +01:00
Nicolas Will
b777a22d35 Expand model and specialize newtype relations 2025-02-14 23:43:07 +01:00
Jami Cogswell
61a184c1d7 Java: update more tests 2025-02-14 16:08:06 -05:00
Jami Cogswell
2bb6a3914b Java: update tests 2025-02-14 15:16:08 -05:00
Jami Cogswell
c0ebeb9c7b Java: use AdditionalTaintStep 2025-02-14 13:52:43 -05:00
Owen Mansel-Chan
dd102c4cea Merge pull request #18645 from fabienpe/main 
Added missing "GOOD" and "BAD" to some examples
 2025-02-13 10:37:39 +00:00
Nicolas Will
874e3b5e06 Modify model to use newtypes, expand modeling 2025-02-12 17:58:15 +01:00
Jami
2a8cc00284 Merge pull request #18288 from jcogs33/jcogs33/csrf-unprotected-request-type 
Java: add CSRF query
 2025-02-11 15:32:56 -05:00
Nicolas Will
4d44755945 Refactor Model and CBOM print queries 2025-02-11 15:37:15 +01:00
Jonas Jensen
76440120d1 Merge pull request #18737 from jbj/NumericCastTaintedQuery-selectedLocation 
Java: precise diff-informed NumericCastTainted
 2025-02-11 15:33:28 +01:00
Jonas Jensen
71c078dbdd Java: precise diff-informed NumericCastTainted 
It was discovered by the upcoming support for exact locations matching
in diff-informed testing that this data-flow configuration did not
correspond exactly to the query.
 2025-02-11 13:49:15 +01:00
Tom Hvitved
e5e88435bc Java: Remove ExitBasicBlock from SsaInput 2025-02-11 10:07:18 +01:00
Tom Hvitved
6fbb1e2571 Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2025-02-11 10:06:50 +01:00
Anders Schack-Mulligen
e955f58eb1 Java: Bugfix for samevar in useReaches. 2025-02-11 10:06:49 +01:00
Anders Schack-Mulligen
ed284353ef Java: Bugfix for qualifier-of-qualifier update in hasExplicitQualifierUpdate. 2025-02-11 10:06:47 +01:00
Anders Schack-Mulligen
284e48cfbe Java: Fixup private 2025-02-11 10:06:45 +01:00
Tom Hvitved
75137a0f4c Java: Adopt shared SSA library 2025-02-11 10:06:43 +01:00
Kristen Newbury
1a12fb3099 Update JCA model, refactor modes 2025-02-10 13:49:32 -05:00
Kristen Newbury
59208bdb85 Update JCA model to use shared lib 2025-02-10 12:22:22 -05:00
Kristen Newbury
6005437001 Update JCA model with flow to call as AESuse and format JCA model 2025-02-10 11:26:48 -05:00
Kristen Newbury
60d931af9f Update progress on JCA 2025-02-07 15:46:13 -05:00
Tom Hvitved
614b3cea66 Merge pull request #18697 from hvitved/rust/telemetry 
Rust: Implement database quality telemetry query
 2025-02-07 17:43:23 +01:00
Ian Lynagh
05180376f2 Java: Update test output 2025-02-06 18:32:46 +00:00
Tom Hvitved
89502d63e5 Rust: Implement database quality telemetry query 2025-02-06 10:46:48 +01:00
Jami Cogswell
d21c8d789b Java: restrict sink to first arg of two-arg constructor call 2025-02-05 21:19:59 -05:00
Kristen Newbury
efcf7eab0c Add broken crypto query 2025-02-05 17:24:25 -05:00
Jami Cogswell
bd47dcc87d Java: check first arg for taint 2025-02-05 16:56:16 -05:00
Jami Cogswell
e8724ab220 Java: sanitize constructor call instead and update test cases 2025-02-05 15:46:10 -05:00
Kristen Newbury
86e51dad8a Improve JCA aes alg model, add test 2025-02-05 13:39:48 -05:00
Jami Cogswell
4a4585a526 Java: move comment 2025-02-05 11:36:58 -05:00
Jami Cogswell
dce89c5419 Java: update qhelp to align with other csrf queries 2025-02-05 10:57:47 -05:00
Jami Cogswell
c6a71cd3fd Java: minor qhelp updates 2025-02-05 10:20:57 -05:00
Remco Vermeulen
9894e9ef9f Add CCR suites 2025-02-05 01:58:34 +00:00
Jami Cogswell
60cc16cc0e Java: change note 2025-02-04 17:51:34 -05:00
Jami Cogswell
59d454771d Java: add FileConstructorSanitizer and tests 2025-02-04 17:51:23 -05:00
Jami Cogswell
0367846333 Java: remove token section from qhelp overview 
discussing tokens is not directly relevant to this query's recommendation and examples
 2025-02-04 13:36:15 -05:00
Jami Cogswell
f438282674 Java: rewrite qhelp overview section; aligns with overview section used by Python and Ruby 2025-02-04 13:21:43 -05:00
Jami Cogswell
283c3b1e44 Java: minor qhelp updates 2025-02-04 12:47:19 -05:00
Kristen Newbury
5f355c7f55 Add first sample JCA encryption model 2025-02-04 11:55:09 -05:00
fabienpe
af073b78d9 Merge branch 'main' into main 2025-02-04 09:50:35 +00:00
fabienpe
9a37682851 Moved comment to previous line if resulting in long line 2025-02-04 09:48:34 +00:00
github-actions[bot]
f1b05a79a4 Post-release preparation for codeql-cli-2.20.4 2025-02-04 09:25:09 +00:00
Jami Cogswell
516df3b4be Java: qhelp wording updates 2025-02-03 14:52:57 -05:00