hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,246 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.0
Commit Graph

3149 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
f9132c5ff0 Java: Duplicate a bit more code to postpone Java-C# cleanup. 2023-11-08 14:04:34 +01:00
Anders Schack-Mulligen
1f4cd74a1c Java/C++: Move SsaReadPosition to shared qlpack. 2023-11-08 12:11:17 +01:00
Tony Torralba
5442cdb49c Merge pull request #14610 from atorralba/atorralba/java/jms-deserialization 
Java: Add JMS sink to java/unsafe-deserialization
 2023-11-08 09:10:20 +01:00
Anders Schack-Mulligen
45ae4ed362 Merge pull request #14711 from aschackmull/shared/rangeutil-share2 
Java/C++/RangeAnalysis: Move a couple of utility predicates to shared qlpack
 2023-11-08 08:33:12 +01:00
Geoffrey White
b63294764b Merge pull request #14705 from geoffw0/qhelplink 
Fix a dead ReDoS link in docs
 2023-11-07 17:40:19 +00:00
Anders Schack-Mulligen
12cba7909b Java/C++: Move range util guard-controls predicates to shared pack. 2023-11-07 15:14:34 +01:00
Anders Schack-Mulligen
f2ca52d951 Java/C++: Move range util backEdge predicate to shared pack. 2023-11-07 15:14:34 +01:00
Tom Hvitved
af7b295c59 Address review comments 2023-11-07 13:01:19 +01:00
Geoffrey White
e8a466a02c Update dead link. 2023-11-07 09:26:07 +00:00
Anders Schack-Mulligen
f8ab64dff0 Java: Switch to shared modulus analysis. 2023-11-01 16:34:28 +01:00
Anders Schack-Mulligen
a7f3ef1a6c Rangeanalysis: Parameterise shared modulus analysis. 2023-11-01 15:59:24 +01:00
Anders Schack-Mulligen
6d859daf3d Merge pull request #14656 from aschackmull/shared/range-utils 
Rangeanalysis: Share ssaRead predicate
 2023-11-01 15:57:52 +01:00
Anders Schack-Mulligen
048a7c4e42 Rangeanalysis: Rename SsaBound.getAVariable to getVariable. 2023-11-01 11:58:06 +01:00
Anders Schack-Mulligen
48291dd32d Rangeanalysis: Remove superfluous ignoreZeroLowerBound. 2023-11-01 11:51:46 +01:00
Edward Minnix III
1ec1dd368d Merge pull request #13978 from egregius313/egregius313/java/mad/convert-sensitive-api-to-mad 
Java: Convert `SensitiveApi.qll` to use Models-as-Data
 2023-10-31 15:25:42 -04:00
Anders Schack-Mulligen
34b9791e46 Rangeanalysis: Remove superfluous ignoreSsaReadCopy. 2023-10-31 15:32:25 +01:00
Anders Schack-Mulligen
322e6c91be Rangeanalysis: Remove superfluous specificSsaRead. 2023-10-31 15:30:36 +01:00
Anders Schack-Mulligen
8b6c940e76 Rangeanalysis: Remove superfluous ignoreSsaReadAssignment. 2023-10-31 15:28:37 +01:00
Anders Schack-Mulligen
6d6f89e71e Rangeanalysis: Remove superfluous ignoreSsaReadArithmeticExpr. 2023-10-31 15:25:28 +01:00
Anders Schack-Mulligen
a39a94ca8e Rangeanalysis: Switch to shared ssaRead predicate. 2023-10-31 15:23:05 +01:00
Anders Schack-Mulligen
19644a8f07 Rangeanalysis: Implement shared ssaRead predicate 2023-10-31 15:07:11 +01:00
Tony Torralba
45cf50c2af Apply JMS sink only when there isn't an implementation available 2023-10-30 15:56:24 +01:00
Dave Bartolomeo
b18a6d5e0b Merge pull request #14582 from github/dbartol/threat-models-2 
Java: Threat model implementation with priorities.
 2023-10-27 09:33:53 -04:00
Anders Schack-Mulligen
9769953669 Java: Split the different layers of virtual dispatch into separate cached stages. 2023-10-27 09:40:20 +02:00
Dave Bartolomeo
d2afb20f3f Merge remote-tracking branch 'origin/main' into dbartol/threat-models-2 2023-10-26 14:05:40 -04:00
Mathias Vorreiter Pedersen
30ecb4b0c8 Merge pull request #14588 from aschackmull/shared/rangeanalysis 
C++/Java: Share core range analysis
 2023-10-26 16:32:46 +01:00
Tony Torralba
7af3d239ab Java: Add JMS sink to java/unsafe-deserialization 2023-10-26 16:46:19 +02:00
Chris Smowton
8198898d73 Merge pull request #14583 from smowton/smowton/admin/really-deprecate-old-java-names 
Java: Deprecate MethodAccess and SuperMethodAccess
 2023-10-26 10:25:05 +01:00
Anders Schack-Mulligen
ec58b209e3 Merge pull request #14584 from Marcono1234/kotlin-Literal-getLiteral 
Kotlin: Mention `Literal::getLiteral()` difference from source code
 2023-10-26 10:03:57 +02:00
Chris Smowton
29d57d82b7 Deprecate MethodAccess and SuperMethodAccess 2023-10-25 22:26:38 +01:00
Ed Minnix
9d90c24006 Refactor to using MethodCall instead of MethodAccess 2023-10-25 14:31:56 -04:00
Edward Minnix III
2a91743477 Re-add IvParameterSpec constructor to otherApiCallableCredentialParam 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2023-10-25 14:31:55 -04:00
Ed Minnix
a28f19c857 Remove initialization vectors from SensitiveApi 2023-10-25 14:31:55 -04:00
Ed Minnix
c689065f83 Experiment: Remove IVs from credentials 2023-10-25 14:31:55 -04:00
Ed Minnix
9c15cf18e8 Refactor deprecated predicates to use new classes 
Modified the predicates in `SensitiveApi` to rely on the new classes
which are using models as data. This allows us to remove the old
predicates containing the pre-MaD versions of the models.
 2023-10-25 14:31:55 -04:00
Ed Minnix
3b0b5e403c Replace crypto-parameter with credentials-key 2023-10-25 14:31:55 -04:00
Ed Minnix
31b069041f Initialization vector models 2023-10-25 14:31:54 -04:00
Edward Minnix III
72a1289eba Rename class to CredentialsSinkNode to better align with naming convention 
Co-authored-by: Jami <57204504+jcogs33@users.noreply.github.com>
 2023-10-25 14:31:54 -04:00
Ed Minnix
a85df81b67 Rename sink kind to "credentials-username" to match naming convention 2023-10-25 14:31:54 -04:00
Ed Minnix
0612b3795a Rename sink kind to "credentials-password" to match naming convention 2023-10-25 14:31:54 -04:00
Ed Minnix
3ee0fa9bc4 Add deprecation messages 2023-10-25 14:31:54 -04:00
Edward Minnix III
2f53adf2c2 Fix typo 
Co-authored-by: Jami <57204504+jcogs33@users.noreply.github.com>
 2023-10-25 14:31:54 -04:00
Ed Minnix
ee6cb96d07 Add a superclass for credential nodes 2023-10-25 14:31:53 -04:00
Ed Minnix
4f8908106b Refactor HardcodedCredentials to use new SensitiveApi api 2023-10-25 14:31:53 -04:00
Ed Minnix
4aec302fb7 Create new sink kinds 2023-10-25 14:31:53 -04:00
Anders Schack-Mulligen
283d6efdf8 Rangeanalysis/Java/C++: Address some ql4ql findings. 2023-10-25 14:06:35 +02:00
Jami
53d92d58fc Merge pull request #14581 from jcogs33/jcogs33/add-internal-to-model-exclusions 
Java: exclude internal packages globally from MaD models
 2023-10-25 08:04:03 -04:00
Anders Schack-Mulligen
2592c94c54 Java: Replace range analysis with shared version. 2023-10-25 11:29:55 +02:00
Anders Schack-Mulligen
36082808d3 Java: Implement shared range analysis signatures. 2023-10-25 11:29:55 +02:00
Marcono1234
bf20b8e5a5 Kotlin: Mention Literal::getLiteral() difference from source code 
It appears the Kotlin extractor does not have access to the actual
string representation in the source code, and for most literal types
uses simply the represented value also as `getLiteral` result, see
https://github.com/github/codeql/blob/codeql-cli/v2.15.1/java/kotlin-extractor/src/main/kotlin/KotlinFileExtractor.kt#L4443
 2023-10-25 02:04:54 +02:00