5752 Commits

Author	SHA1	Message	Date
Owen Mansel-Chan	279605b486	Merge pull request #15786 from owen-mc/java/sensitive-logging-query-exclude-null-in-variable-name ... Java: sensitive logging query exclude null in variable name	2024-03-04 12:14:42 +00:00
Owen Mansel-Chan	037c76d840	Update change note ... Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>	2024-03-04 07:49:18 +00:00
Owen Mansel-Chan	7a96b11a0a	Add change note	2024-03-03 21:41:05 +00:00
Chris Smowton	0bb6a64e81	Java: extractor information: tolerate fractional percentages	2024-03-01 16:49:29 +00:00
Florin Coada	1719fd8acb	Merge pull request #15769 from github/coadaflorin/changelog-2.16.3-updates ... Match changelog updates with public unified changelog	2024-03-01 10:57:02 +00:00
Florin Coada	a8816a6d1c	Update java/ql/src/change-notes/released/0.8.9.md ... Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>	2024-03-01 09:18:22 +00:00
Florin Coada	d54e3d73ab	Update java/ql/src/CHANGELOG.md ... Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>	2024-03-01 09:18:14 +00:00
Chris Smowton	903e4f59f0	Exclude error types from contradictory-type-check query	2024-02-29 14:59:46 +00:00
Chris Smowton	ffa998eb4a	Autoformat	2024-02-29 14:59:45 +00:00
Chris Smowton	5d55265910	Add telemetry for untyped expressions and missing call targets	2024-02-29 14:59:45 +00:00
Florin Coada	8d1965db59	match changelog to unified changelog	2024-02-29 14:33:14 +00:00
Florin Coada	cfdf163b40	Update changelog to match unified changelog	2024-02-29 14:32:57 +00:00
Joe Farebrother	2ebb80b632	Merge pull request #15548 from joefarebrother/android-local-auth-keys ... Java: Add query for insecurely generated keys for local authentication.	2024-02-22 14:04:17 +00:00
Felicity Chapman	4810657515	Remove period from 'name' ... This is an error for the Docs content linter and does not match the style guide for query help.	2024-02-22 10:50:45 +00:00
Joe Farebrother	ef124695a5	Apply suggestions from documentation review ... Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com>	2024-02-22 10:11:49 +00:00
github-actions[bot]	37f8fa3413	Post-release preparation for codeql-cli-2.16.3	2024-02-20 16:50:47 +00:00
github-actions[bot]	6d061fbc35	Release preparation for version 2.16.3	2024-02-20 14:26:23 +00:00
Joe Farebrother	9ad05fe51c	Address reveiws - Add BAD example to doc, add doc example to tests and fix typo.	2024-02-16 12:00:51 +00:00
Tony Torralba	90a9d82b9d	Java: Expand ExactPathSanitizer to work on the argument of 'equals' too	2024-02-15 10:00:24 +01:00
Jonathan Leitschuh	50056d603e	Fix typo in NettyRequestSplitting.java	2024-02-14 14:03:33 -05:00
Tony Torralba	b6385f7938	Merge pull request #15533 from JLLeitschuh/patch-5 ... Reduce severity of `java/relative-path-command`	2024-02-12 15:04:05 +01:00
Joe Farebrother	3a4a841844	Add change note + update severity	2024-02-12 14:01:27 +00:00
Joe Farebrother	16a7d68780	Add documentation	2024-02-12 13:58:01 +00:00
Joe Farebrother	2eb93b7a3b	Add unit tests	2024-02-12 13:49:45 +00:00
Joe Farebrother	c79a3eb6ae	Add query for insecure key generation	2024-02-12 13:49:44 +00:00
Joe Farebrother	75a2b9415c	Merge pull request #15481 from joefarebrother/android-local-auth ... Java: Add query for insecure local authentication	2024-02-12 13:48:53 +00:00
Joe Farebrother	d3fea4044e	Apply suggestions from documentation review ... Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>	2024-02-12 10:27:56 +00:00
Tony Torralba	cf7091ae5f	Merge branch 'main' into atorralba/java/open-redirect-sanitizer	2024-02-12 10:31:52 +01:00
Tony Torralba	e6623ebe4c	Add change note	2024-02-12 10:10:42 +01:00
Joe Farebrother	16aed18821	Address reviews - Elaborate on docs and update severity	2024-02-09 13:53:36 +00:00
Anders Schack-Mulligen	b7d4a6926f	Dataflow: Add empty provenance column to PathGraph.	2024-02-09 11:27:30 +01:00
Joe Farebrother	f4b6a85a48	Fix typo in qldoc	2024-02-09 10:09:24 +00:00
Tony Torralba	4c0d535cc2	Merge pull request #12886 from atorralba/atorralba/java/path-injection-mad-sinks ... Java: Refactor path injection sinks	2024-02-09 10:48:49 +01:00
Tony Torralba	34f74869c8	Java: Add extension point and default sanitizer to Open Redirect query	2024-02-09 09:11:07 +01:00
Dave Bartolomeo	92bd550c55	Merge pull request #15531 from github/post-release-prep/codeql-cli-2.16.2 ... Post-release preparation for codeql-cli-2.16.2	2024-02-08 05:58:17 -08:00
Jonathan Leitschuh	1484a169d7	Reduce severity of java/relative-path-command ... Significantly reduces the severity of `java/relative-path-command` from 9.8 to 5.4 https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N	2024-02-06 15:43:19 -05:00
github-actions[bot]	b5139078d0	Post-release preparation for codeql-cli-2.16.2	2024-02-06 19:22:35 +00:00
Erik Krogh Kristensen	879d882fa4	Java: fix typo in JndiInjection.qhelp	2024-02-06 15:17:30 +01:00
github-actions[bot]	c1b35fbf47	Release preparation for version 2.16.2	2024-02-05 17:58:57 +00:00
Joe Farebrother	596f48ca95	Add change note	2024-02-02 17:35:07 +00:00
Joe Farebrother	5022adba56	Fixes to qhelp example	2024-02-02 17:26:00 +00:00
Joe Farebrother	3878192810	Apply suggestions from documentation review ... Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>	2024-02-02 17:21:23 +00:00
Joe Farebrother	2a00375bb7	Add documentation	2024-02-02 14:34:43 +00:00
Joe Farebrother	9098428c2a	Add security severity	2024-02-01 14:28:14 +00:00
Joe Farebrother	8bd79908a6	Implement local auth query	2024-01-30 16:49:55 +00:00
Joe Farebrother	3abd67064d	Add change note	2024-01-29 16:33:07 +00:00
Joe Farebrother	8d201626e1	Add documentation	2024-01-29 16:25:38 +00:00
Joe Farebrother	6081f18089	Add unit tests + make some fixes	2024-01-29 16:25:37 +00:00
Joe Farebrother	5dd0addfc2	Add sensitive text flow query	2024-01-29 16:25:36 +00:00
Joe Farebrother	031bd8bd0c	Merge pull request #15281 from joefarebrother/android-sensitive-ui-notif ... Java: Add query for exposure of sensitive information to android notifiactions	2024-01-26 16:42:55 +00:00