hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
81,514 Commits 1,671 Branches 157 Tags
codeql-cli-2.22.3
Commit Graph

13529 Commits

Author SHA1 Message Date
Michael Nebel
0a1d2d0bbb Java: Update all test util paths to point to the new location. 2024-12-12 13:21:25 +01:00
Michael Nebel
91cfb30513 Java: Move test utilities to the java query pack. 2024-12-12 13:21:22 +01:00
Owen Mansel-Chan
066db766ef Merge pull request #18153 from owen-mc/java/resttemplate-getforobject 
Java: add SSRF sink model for the third parameter of `RestTemplate.getForObject`
 2024-12-11 16:37:35 +00:00
Jami
538dee81b6 Merge pull request #18214 from jcogs33/jcogs33/java/file-getname-path-sanitizer 
Java: add File.getName as a path injection sanitizer
 2024-12-11 10:18:02 -05:00
Owen Mansel-Chan
1420bce36a Move import statement in SpringWebClient.qll 2024-12-11 14:19:24 +00:00
Anders Schack-Mulligen
066cfa31d2 Merge pull request #18258 from aschackmull/dataflow/simplify-apapprox3 
Dataflow: Simplify references to access paths from prior stage.
 2024-12-11 14:23:31 +01:00
Asger F
889100a243 Java: update test output with provenance 2024-12-11 13:19:47 +01:00
Asger F
afdbf2c3c6 Java: update test to account for key,val 2024-12-11 13:19:36 +01:00
Asger F
736388809d Java: MethodAccess -> MethodCall 2024-12-11 13:19:25 +01:00
Owen Mansel-Chan
aaa4361120 Rearrange member predicates in ControlFlow::Node 
Put all the ones which might need to be overrridden by subclasses
together for ease of reading.
 2024-12-11 10:34:18 +00:00
Owen Mansel-Chan
79f4f78fc2 Make separate classes for control flow node kinds 
This puts all the logic of a particular control flow node kind into one
place and makes it easier to add new kinds.
 2024-12-11 10:34:16 +00:00
Asger F
5aa1242117 Shared: use a call bit when tracking reachability to/from a discriminator 2024-12-11 11:29:14 +01:00
Asger F
0eb543e0a9 Java: add test for spurious flow from path graph deduplication 2024-12-11 11:29:13 +01:00
Cornelius Riemenschneider
f0971684e3 Merge pull request #18257 from github/criemen/bazel-8-00 
Upgrade bazel to 8.0.0.
 2024-12-11 11:14:41 +01:00
Owen Mansel-Chan
5b575113c3 Update test-kotlin2 2024-12-10 15:56:15 +00:00
Owen Mansel-Chan
4978a6eb37 Fix getasuccessor kotlin 
The change in results shows that there are now fewer control flow nodes.
We have removed precisely those with no successor or predecessor.
 2024-12-10 15:26:20 +00:00
Owen Mansel-Chan
5e0c3ab715 Fix kotlin tests 2024-12-10 15:26:19 +00:00
Owen Mansel-Chan
3f5886ef7a Accept another review suggestion 2024-12-10 15:26:17 +00:00
Owen Mansel-Chan
2da9bfb1a6 Finish renaming getCFGNode to getCfgNode 2024-12-10 15:26:16 +00:00
Owen Mansel-Chan
274281f61e Apply all suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2024-12-10 15:26:14 +00:00
Owen Mansel-Chan
d06dfe0ca3 Add change note 2024-12-10 15:26:13 +00:00
Owen Mansel-Chan
0f3dd6d8f1 Java: IPA the CFG 2024-12-10 15:26:11 +00:00
Anders Schack-Mulligen
da179705c3 Java: Accept expected file changes. 2024-12-10 14:52:06 +01:00
Cornelius Riemenschneider
53ca5083a9 Upgrade bazel to 8.0.0. 
Previously, we were using 8.0.0rc1.
In particular, this upgrade means we need to explicitly
import more rules, as they've been moved out of the core bazel repo.
 2024-12-10 12:05:37 +01:00
Jami Cogswell
214da9e9ad Java: add change note 2024-12-06 19:59:40 -05:00
Owen Mansel-Chan
347fd575a2 Refactor to avoid duplicated logic 2024-12-05 11:15:43 +00:00
Owen Mansel-Chan
b20b7c7572 Remove escaped "{" and "}" before counting placeholders 2024-12-05 10:43:13 +00:00
Anders Schack-Mulligen
4bf63fedc9 Merge pull request #18179 from aschackmull/dataflow/accesspath-notypes 
Dataflow: Remove tracked types from Access Paths, track tainted object type, and tweak type pruning.
 2024-12-05 09:58:36 +01:00
Jami Cogswell
121780c55a Java: add File.getName as a path injection sanitizer 2024-12-04 18:57:51 -05:00
github-actions[bot]
cf71a1525b Post-release preparation for codeql-cli-2.20.0 2024-12-04 18:36:17 +00:00
github-actions[bot]
96564b7128 Release preparation for version 2.20.0 2024-12-04 16:01:14 +00:00
Henry Mercer
963f084d87 Merge branch 'main' into henrymercer/merge-back-rc-3.16 2024-12-04 13:39:10 +00:00
Jeroen Ketema
10592bb1c4 Merge pull request #18192 from jketema/inline-rm 
Remove deprecated `InlineExpectationsTest` class-based API
 2024-12-04 11:34:39 +01:00
Anders Schack-Mulligen
03fdceb0fd Merge pull request #18191 from aschackmull/dataflow/remove-deprecated-lib 
Dataflow: Delete the old configuration-class based api.
 2024-12-04 11:31:46 +01:00
Owen Mansel-Chan
5351f5b69d Update wording of alert (accepting review suggestion) 
Co-authored-by: Chris Smowton <smowton@github.com>
 2024-12-04 10:31:14 +00:00
Anders Schack-Mulligen
5042753b29 C#/Java: Add change notes. 2024-12-04 10:20:43 +01:00
Owen Mansel-Chan
95116eec51 Update recommendations 2024-12-04 00:42:23 +00:00
Anders Schack-Mulligen
f38602e9fe Java: Update references to deleted aliases. 2024-12-03 20:08:45 +01:00
Anders Schack-Mulligen
b12a1c078c Java: Delete deprecated extension points referencing deleted api. 2024-12-03 20:08:44 +01:00
Anders Schack-Mulligen
cca27e4c77 Add change notes for all languages. 2024-12-03 19:42:33 +01:00
Jeroen Ketema
89d20fd086 Java: Update expected test results 2024-12-03 19:18:59 +01:00
Anders Schack-Mulligen
2c0baff76a Java: Delete deprecated data flow api. 2024-12-03 14:13:03 +01:00
Anders Schack-Mulligen
9734cff15b Java/C#: Update expected files. 2024-12-03 12:57:44 +01:00
Tom Hvitved
fbeb6f3940 Shared: Move shared logic into FlowSummaryImpl.qll 2024-12-03 09:11:11 +01:00
Owen Mansel-Chan
5c99c8cc37 Improve suggestion for ECB 2024-11-29 14:05:07 +00:00
Owen Mansel-Chan
95d26d96d2 Add change note 2024-11-29 11:54:30 +00:00
Owen Mansel-Chan
09240e46f2 Refactor: use concat instead of hand-written version 
This changes the order of the algorithms in the regex, but I don't think
that makes any difference.
 2024-11-29 11:54:29 +00:00
Owen Mansel-Chan
e6409e159f Give reason why crypto algorithm is insecure 2024-11-29 11:54:27 +00:00
Owen Mansel-Chan
2c061b0d56 Add QLDoc for HostnameSanitizingPrefix 2024-11-29 09:46:44 +00:00
Owen Mansel-Chan
7f8a1ae941 Add change note 2024-11-29 09:46:42 +00:00