hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 02:13:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
81,788 Commits 1,671 Branches 157 Tags
codeql-cli-2.22.4
Commit Graph

5752 Commits

Author SHA1 Message Date
erik-krogh
710b309142 apply suggestions from doc review 2023-05-21 22:18:48 +02:00
erik-krogh
10bf17c33e Merge branch 'main' into polyQhelp 2023-05-21 22:17:06 +02:00
Tony Torralba
b58eb3a92c Java: Add TemplateEngine.createTemplate as a groovy injection sink 2023-05-19 17:45:47 +02:00
Tony Torralba
1b06bf132c Merge pull request #12932 from atorralba/atorralba/java/promote-xxe-experimental-sinks 
Java: Promote experimental XXE sinks
 2023-05-17 17:39:31 +02:00
Stephan Brandauer
a5ef738bb0 add extra parameters in query-messages 2023-05-17 08:37:18 +00:00
erik-krogh
480e71fd69 avoid contractions 2023-05-17 08:42:45 +02:00
Stephan Brandauer
2cd8a879a5 use asParameter().getName() instead of toString() 
Co-authored-by: Taus <tausbn@github.com>
 2023-05-16 17:28:02 +02:00
Stephan Brandauer
9845887452 automodel java fix: export method name as 'name' metadata parameter; export parameter name as 'parameterName' parameter 2023-05-16 15:07:14 +00:00
Tony Torralba
770099f210 Merge branch 'main' into atorralba/java/promote-xxe-experimental-sinks 2023-05-16 09:49:34 +02:00
Tony Torralba
7d79d87d48 Add XPath.evaluate as XXE sink 2023-05-15 17:39:35 +02:00
erik-krogh
83ca1495e0 trim the whitespace in the poly-redos examples 2023-05-15 16:47:24 +02:00
erik-krogh
d989359656 add another example to the qhelp in poly-redos, showing how to just limit the length of the input 2023-05-15 16:47:02 +02:00
Kasper Svendsen
d40cd0f275 Java: Make implicit this receivers explicit 2023-05-12 12:47:21 +02:00
Stephan Brandauer
510febf46d Merge pull request #12830 from github/kaeluka/parameter-candidate-extraction 
Java: Automodel Framework Mode Extraction Queries
 2023-05-11 18:00:55 +02:00
Stephan Brandauer
c31ad01579 squash ql-for-ql warnings 2023-05-11 16:18:52 +02:00
Tony Torralba
c17b0e809f Apply suggestions from code review 2023-05-11 14:53:56 +02:00
Anders Schack-Mulligen
587ee53917 Java: Fix ExternalApi.jarContainer(). 2023-05-11 14:09:27 +02:00
Stephan Brandauer
e15610cfcd use ascii dash 2023-05-11 11:32:05 +02:00
Stephan Brandauer
f3d096cf37 update DollarAtString class to use hasLocationInfo instead of getURL 2023-05-10 15:02:22 +02:00
Stephan Brandauer
79f2beca2a ql-for-ql 2023-05-10 14:04:29 +02:00
Stephan Brandauer
cd388264d3 use new DollarAtString class to return metadata using notation 2023-05-10 13:44:50 +02:00
Stephan Brandauer
6be11d93bd document FrameworkCandidatesImpl 2023-05-10 12:03:32 +02:00
Stephan Brandauer
d2d884b007 special case for Argument[this] 2023-05-10 11:53:40 +02:00
Stephan Brandauer
7ae6a992b6 fix code compilation error after main branch breaking change 2023-05-10 11:29:49 +02:00
Stephan Brandauer
9ed3c248ad Merge branch 'main' into kaeluka/parameter-candidate-extraction 2023-05-10 11:26:49 +02:00
Stephan Brandauer
1e5c9e8a58 simplify by using hasQualifiedName 2023-05-10 10:49:27 +02:00
Stephan Brandauer
f43edb8046 rename query files to make framework mode explicit 2023-05-10 10:30:58 +02:00
Stephan Brandauer
170e895593 use newtype for related location type 2023-05-10 10:28:14 +02:00
Stephan Brandauer
5dab1b2a3b leftover renaming label->kind 2023-05-10 10:01:39 +02:00
Stephan Brandauer
1f60fd6d58 use specialized getAParameter predicate, instead of getParameter(_) 2023-05-10 10:01:04 +02:00
Stephan Brandauer
91ae61b744 more documentation 2023-05-10 09:42:22 +02:00
Stephan Brandauer
46741c6e42 rename kind -> label 2023-05-10 09:34:13 +02:00
Stephan Brandauer
85f519b7b4 documentation updates from review comments 2023-05-10 09:33:37 +02:00
Stephan Brandauer
94cb82e553 remove TestFileCharacteristic as it's redundant 2023-05-10 09:06:11 +02:00
Stephan Brandauer
d7aca9e909 use comma separator in concatenation 2023-05-10 08:57:27 +02:00
Kasper Svendsen
0de6e4138f Merge pull request #13037 from kaspersv/kaspersv/java-enable-implicit-this-warnings 
Java: Enable implicit this receiver warnings
 2023-05-09 10:24:31 +02:00
Kasper Svendsen
b0714904c0 Java: Enable implicit this receiver warnings 2023-05-09 08:25:40 +02:00
Michael Nebel
8435c31213 C#/Java: Update model converter queries to handle kind information. 2023-05-08 16:19:00 +02:00
Michael Nebel
d103a57141 Java: Adjust the model generator to produce kinds. 2023-05-08 16:18:59 +02:00
Edward Minnix III
2d5b35067e Merge pull request #12721 from egregius313/egregius313/java/move-configurations-to-libraries 
Java: Move more dataflow configurations to `*Query.qll` files
 2023-05-04 20:14:22 -04:00
Jami
3c74c8bbe0 Merge pull request #13019 from jcogs33/jcogs33/url-open-stream-updates 
Java: switch `url-open-stream` sink models to `experimentalSinkModel`
 2023-05-04 15:07:44 -04:00
Stephan Brandauer
62ab91c14a fix ql-for-ql warning 2023-05-04 17:48:50 +02:00
Stephan Brandauer
27703c777a pull subtypes-logic out into helper predicate, and document it 2023-05-04 17:45:17 +02:00
Stephan Brandauer
0e5591ff86 move getCallable to signature module implementation, and document it 2023-05-04 17:35:46 +02:00
Stephan Brandauer
a616a786f0 formatting 2023-05-04 17:27:27 +02:00
Stephan Brandauer
36aabc077e Update java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll 
Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>
 2023-05-04 16:50:37 +02:00
Ed Minnix
5f3c8fef3f Privacy markers and fixed imports 2023-05-04 10:25:17 -04:00
Ed Minnix
74fc6382a6 Add improper validation of array size query libraries 2023-05-04 10:25:17 -04:00
Ed Minnix
c319ee4c0d Add TempDirLocalInformationDisclosureQuery 2023-05-04 10:25:16 -04:00
Ed Minnix
b087cf9a0a Add Arithmetic query libraries 2023-05-04 10:25:16 -04:00