hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
81,307 Commits 1,671 Branches 157 Tags
codeql-cli-2.22.2
Commit Graph

13513 Commits

Author SHA1 Message Date
Jami Cogswell
c6a71cd3fd Java: minor qhelp updates 2025-02-05 10:20:57 -05:00
Remco Vermeulen
9894e9ef9f Add CCR suites 2025-02-05 01:58:34 +00:00
Jami Cogswell
60cc16cc0e Java: change note 2025-02-04 17:51:34 -05:00
Jami Cogswell
59d454771d Java: add FileConstructorSanitizer and tests 2025-02-04 17:51:23 -05:00
Jami Cogswell
0367846333 Java: remove token section from qhelp overview 
discussing tokens is not directly relevant to this query's recommendation and examples
 2025-02-04 13:36:15 -05:00
Jami Cogswell
f438282674 Java: rewrite qhelp overview section; aligns with overview section used by Python and Ruby 2025-02-04 13:21:43 -05:00
Jami Cogswell
283c3b1e44 Java: minor qhelp updates 2025-02-04 12:47:19 -05:00
Kristen Newbury
5f355c7f55 Add first sample JCA encryption model 2025-02-04 11:55:09 -05:00
fabienpe
af073b78d9 Merge branch 'main' into main 2025-02-04 09:50:35 +00:00
fabienpe
9a37682851 Moved comment to previous line if resulting in long line 2025-02-04 09:48:34 +00:00
github-actions[bot]
f1b05a79a4 Post-release preparation for codeql-cli-2.20.4 2025-02-04 09:25:09 +00:00
Jami Cogswell
516df3b4be Java: qhelp wording updates 2025-02-03 14:52:57 -05:00
Arthur Baars
dd34690c17 Merge branch 'codeql-cli-2.20.4' into release-prep/2.20.4 2025-02-03 18:37:16 +01:00
github-actions[bot]
573e53e454 Release preparation for version 2.20.4 2025-02-03 15:19:35 +00:00
Jonas Jensen
0584aee72a Merge pull request #18636 from jbj/diff-informed-java-location-fixups 
Java: make diff-informed queries exact
 2025-02-03 15:22:43 +01:00
fabienpe
a9f107ce06 Added missing "GOOD" and "BAD" to some examples 2025-01-31 15:47:25 +00:00
Jonas Jensen
7ad6f13bf5 Java: adjust CommandLineQuery locations 
It turns out these locations need to be precise.
 2025-01-31 11:37:16 +01:00
Jami Cogswell
0071e1acc2 Java: resolve merge conflict 
remove import no longer needed since contents of MyBatisMapperXML.qll have been moved to MyBatis.qll
 2025-01-30 10:19:21 -05:00
Jami Cogswell
577152e20f Java: minor qhelp update 2025-01-30 10:14:33 -05:00
Jami Cogswell
530103e2d9 Java: narrow query 
remove PUT and DELETE from StaplerCsrfUnprotectedMethod

remove OPTIONS and TRACE from SpringCsrfUnprotectedMethod
 2025-01-30 10:14:31 -05:00
Jami Cogswell
ead224c7b2 Java: expand qhelp, include Stapler examples 2025-01-30 10:14:29 -05:00
Jami Cogswell
096f6f88b2 Java: precision to medium 2025-01-30 10:14:27 -05:00
Jami Cogswell
f3721ebccf Java: refactor unprotectedDatabaseUpdate 2025-01-30 10:14:26 -05:00
Jami Cogswell
530a77e5a0 Java: refactor into canTargetDatabaseUpdateMethod 2025-01-30 10:14:24 -05:00
Jami Cogswell
8173fd01b8 Java: use two negations 2025-01-30 10:14:22 -05:00
Jami Cogswell
0462425191 Java: rename getMethod to getMethodValue 2025-01-30 10:14:20 -05:00
Jami Cogswell
20e8eb4323 Java: some clean-up and refactoring 2025-01-30 10:14:18 -05:00
Jami Cogswell
d4114f66c2 Java: more name-based heuristic tests to test regex 2025-01-30 10:14:16 -05:00
Jami Cogswell
0ab37684e1 Java: more database update tests and stubs 2025-01-30 10:14:14 -05:00
Jami Cogswell
3bf6dc24c1 Java: Stapler tests and stubs 2025-01-30 10:14:11 -05:00
Jami Cogswell
26b7c1a572 Java: qldocs for CallGraph module 2025-01-30 10:14:09 -05:00
Jami Cogswell
27aa9c97a4 Java: add change note 2025-01-30 10:14:07 -05:00
Jami Cogswell
fa27689719 Java: update InlineExpectationsTest import for new location 2025-01-30 10:14:05 -05:00
Jami Cogswell
48d55ec518 Java: performance fix 2025-01-30 10:14:03 -05:00
Jami Cogswell
ede9e78645 Java: remove exists variable in test 2025-01-30 10:14:01 -05:00
Jami Cogswell
48d1fe062b Java: remove exists variable 2025-01-30 10:13:59 -05:00
Jami Cogswell
c9ad15cc83 Java: update .expected file contents 2025-01-30 10:13:57 -05:00
Jami Cogswell
39ccde0c9d Java: add name-based heuristic 2025-01-30 10:13:54 -05:00
Jami Cogswell
286c655264 Java: add class for Stapler web methods that are not default-protected from CSRF 2025-01-30 10:13:52 -05:00
Jami Cogswell
0f39011122 Java: add taint-tracking config for execute to exclude FPs from non-update queries like select 2025-01-30 10:13:50 -05:00
Jami Cogswell
97aaf4c011 Java: handle MyBatis annotations for insert/update/delete 2025-01-30 10:13:48 -05:00
Jami Cogswell
df77d4914f Java: initial tests 2025-01-30 10:13:45 -05:00
Jami Cogswell
178b032453 Java: add query 2025-01-30 10:13:43 -05:00
Jami Cogswell
c553e3132e Java: add CallGraph module for displaying call graph paths 2025-01-30 10:13:41 -05:00
Jami Cogswell
87a8746b22 Java: add a class for methods that update a sql database (found using sql-injection nodes) 2025-01-30 10:13:39 -05:00
Jami Cogswell
43a288070c Java: add a class for PreparedStatement methods that update a database 2025-01-30 10:13:37 -05:00
Jami Cogswell
b88731df80 Java: move contents of MyBatisMapperXML.qll in src to MyBatis.qll in lib so importable, and fix experimental files broken by the move 2025-01-30 10:13:27 -05:00
Jami Cogswell
8e9f21dc52 Java: add a class for MyBatis Mapper methods that update a database 2025-01-30 10:01:43 -05:00
Jami Cogswell
506d668289 Java: add class for Spring request mapping methods that are not default-protected from CSRF 2025-01-30 10:01:41 -05:00
Jami Cogswell
0c6925399d Java: add qhelp 2025-01-30 10:01:39 -05:00