hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
81,514 Commits 1,671 Branches 157 Tags
codeql-cli-2.22.3
Commit Graph

13529 Commits

Author SHA1 Message Date
Nora Dimitrijević
1c6ecf1216 [DIFF-INFORMED] Java: UntrustedDataToExternalAPI 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-020/UntrustedDataToExternalAPI.ql#L20
 2025-07-17 18:59:15 +02:00
Nora Dimitrijević
0cf1195678 [DIFF-INFORMED] Java: ConditionalBypass 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-807/ConditionalBypass.ql#L26
 2025-07-17 18:59:14 +02:00
Nora Dimitrijević
0bcdb421ed [DIFF-INFORMED] Java: ArithmeticUncontrolled 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql#L36
 2025-07-17 18:59:11 +02:00
Nora Dimitrijević
54546f6e99 [DIFF-INFORMED] Java: ArithmeticTainted 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql#L35
 2025-07-17 18:59:09 +02:00
Nora Dimitrijević
8353fdd041 [DIFF-INFORMED] Java: (Android)SensitiveCommunication 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-927/SensitiveCommunication.ql#L20
 2025-07-17 18:59:06 +02:00
Nora Dimitrijević
b33058c967 [TEST] Java: SensitiveCommunication: convert to qlref 2025-07-17 18:59:05 +02:00
Nora Dimitrijević
44bb5e7220 [TEST] Java: ConditionalBypass: convert to qlref 2025-07-17 18:59:03 +02:00
Nora Dimitrijević
6134518d60 [TEST] Java: SensitiveLogInfo: convert to qlref 2025-07-17 18:59:01 +02:00
Nora Dimitrijević
94386f0550 [TEST] Java: TrustBoundaryViolations: convert test to qlref 2025-07-17 18:58:59 +02:00
Nora Dimitrijević
49e03b4dfd [TEST] Java: UnsafeCertTrust: convert test to qlref 2025-07-17 18:58:56 +02:00
Nora Dimitrijević
7aced48443 [TEST] Java: LogInjection: convert test to qlref 2025-07-17 18:58:54 +02:00
Nora Dimitrijević
5c2cf79785 [TEST] Java: CWE-020/ExternalAPI: new test based on qhelp 2025-07-17 18:58:52 +02:00
Anders Schack-Mulligen
996de78a66 Java: Prune PathGraph for CsrfUnprotectedRequestType.ql 2025-07-17 15:06:38 +02:00
Anders Schack-Mulligen
1485d7072d Merge pull request #19885 from aschackmull/java/annotated-exit-cfg 
Java: Add AnnotatedExitNodes to the CFG.
 2025-07-17 15:02:24 +02:00
Michael Nebel
2f29459cda Merge pull request #19931 from michaelnebel/ql4ql/qualitytagcheck 
Ql4ql: Quality query tagging.
 2025-07-17 14:53:14 +02:00
Idriss Riouak
36ebe99f2f Merge pull request #19707 from microsoft/lwsimpkins/fix-qhelp-upstream 
fix qhelp files
 2025-07-17 14:51:01 +02:00
Owen Mansel-Chan
af977e9ac7 Merge pull request #20067 from owen-mc/java/unsafe-deserialization-mad-sinks 
Java: allow the definition of `java/unsafe-deserialization` sinks using data extensions
 2025-07-17 13:42:31 +01:00
Owen Mansel-Chan
6629bd8279 No need to deprecate classes when module is deprecated 2025-07-17 11:52:31 +01:00
Owen Mansel-Chan
b361f76643 Delete unused private class 2025-07-17 11:36:06 +01:00
Anders Schack-Mulligen
448cc82ef9 Kotlin: Accept more test changes. 2025-07-17 11:21:27 +02:00
Anders Schack-Mulligen
54775e0958 Java: Adjust Paths.qll 2025-07-17 11:21:26 +02:00
Anders Schack-Mulligen
e7a6259bd7 Java: Accept test changes. 2025-07-17 11:21:26 +02:00
Anders Schack-Mulligen
fbe79e8a52 Java: Add AnnotatedExitNodes to the CFG. 2025-07-17 11:21:26 +02:00
Owen Mansel-Chan
805e31fdb9 Update test expectations 2025-07-16 15:25:45 +01:00
Owen Mansel-Chan
7d4a70cc1d Add change notes 2025-07-16 14:44:24 +01:00
Owen Mansel-Chan
fdd1e3fefe Use MaD models for unsafe deserialization sinks when possible 
Many of the unsafe deserialization sinks have to stay defined in QL
because they have custom logic that cannot be expressed in MaD models.
 2025-07-16 14:42:07 +01:00
Owen Mansel-Chan
9ef22fff8e Update SnakeYaml reference to note that it is outdated 2025-07-15 15:27:01 +01:00
Kasper Svendsen
10a678dcbd Java lib qlpack: Enable overlay compilation 2025-07-15 16:23:40 +02:00
Kasper Svendsen
9c3e275e66 Merge pull request #20011 from kaspersv/kaspersv/discard-xml 
Overlay: Add XML and Java property discarding
 2025-07-15 16:13:38 +02:00
Kasper Svendsen
f84a3084f0 Address review comment about ignored QL variable 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2025-07-15 15:34:08 +02:00
Anders Schack-Mulligen
9e87095bed Java: Restrict results to source literals. 2025-07-15 14:54:02 +02:00
Nick Rolfe
16e9e8e836 Merge pull request #20049 from github/nickrolfe/java-deleted-files 
Java: use `overlayChangedFiles` in discard prediactes
 2025-07-15 07:42:54 -04:00
Nick Rolfe
c199d0cbbe Java: use overlayChangedFiles in discard prediactes 2025-07-15 10:10:32 +01:00
Paolo Tranquilli
31d0897f74 Kotlin: disable bazel cache in plugin test 2025-07-14 15:30:11 +02:00
Paolo Tranquilli
77cab9d068 Kotlin: tweak plugin test 
Put less emphasis on plugin build isolation, to get a better DevEx out
of it. The crux of the test is the database extraction part, not the
plugin build.
 2025-07-14 13:52:22 +02:00
Ian Lynagh
86ebf3d9f6 Merge pull request #20034 from github/igfoo/fix_regex_in_dbscheme_parser 
Kotlin: Update regex patterns to use raw string notation
 2025-07-14 10:43:45 +01:00
Ian Lynagh
a6701ced8d Kotlin: Update regex patterns to use raw string notation 
Fixes warnings like
SyntaxWarning: invalid escape sequence '\S'
 2025-07-13 23:42:50 +01:00
Owen Mansel-Chan
03e8865933 Merge pull request #20025 from owen-mc/java/unsafe-deserialization 
Java: add extra sink for `java/unsafe-deserialization`
 2025-07-11 23:59:22 +01:00
Owen Mansel-Chan
7764fbb664 Change note 2025-07-11 11:05:48 +01:00
Owen Mansel-Chan
8e4bd1a102 Add sink for ObjectInput.readObject to make test pass 2025-07-11 11:05:38 +01:00
Owen Mansel-Chan
34fae324a0 Add test for ObjectInput.readObject 2025-07-11 11:03:47 +01:00
Jonas Jensen
76544f2966 Merge pull request #19943 from asgerf/approximate-related-location 
Support approximate related locations
 2025-07-11 10:16:24 +02:00
Owen Mansel-Chan
006d77ffdd Refactor QL to make type check more concise 2025-07-11 06:13:01 +01:00
Owen Mansel-Chan
c39e5a7d97 Update qhelp: SnakeYaml is safe from version 2.0 2025-07-10 16:54:00 +01:00
Tamás Vajk
1351f57d2b Merge pull request #19998 from tamasvajk/quality/label-in-switch 
Java: Add query to detect non-case labels in switch statements
 2025-07-10 14:13:38 +02:00
Kasper Svendsen
0739c03d03 Overlay: Add discarding of base XML locatables for Java 2025-07-10 12:31:16 +02:00
Kasper Svendsen
d7094a96b5 Overlay: Add discarding of all Java base properties 2025-07-10 12:31:15 +02:00
Tamas Vajk
5edb60ea04 Improve query documentation 2025-07-10 09:43:15 +02:00
Jonas Jensen
5a1246a586 Merge remote-tracking branch 'upstream/main' into approximate-related-location 2025-07-09 10:10:20 +02:00
Tamas Vajk
5f7d746266 Java: Add query to detect non-case labels in switch statements 2025-07-08 14:53:39 +02:00