codeql

mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00

Author	SHA1	Message	Date
Anders Schack-Mulligen	efb49fcd3e	Merge pull request #14336 from aschackmull/java/switch-rule-stmt-cfg Java: Fix CFG for case rule statements.	2023-09-29 12:02:48 +02:00
Anders Schack-Mulligen	94556078f1	Java: Add guards logic for SwitchExpr default cases.	2023-09-28 14:21:04 +02:00
Anders Schack-Mulligen	917a15647e	Java: Fix CFG for rule statements.	2023-09-28 14:19:36 +02:00
Asger F	0d96ed8aee	Merge pull request #14305 from asgerf/shared/flow-state-inout-barriers Shared: add in/out barriers with flow state	2023-09-28 11:07:23 +02:00
Anders Schack-Mulligen	5feb2f7622	Merge pull request #14321 from aschackmull/shared/filesystem All languages: Use shared FileSystem library and minor regex performance improvement.	2023-09-28 10:51:05 +02:00
Koen Vlaswinkel	10231e99ce	Merge pull request #14199 from github/koesie10/add-java-model-editor-queries Java: Add VS Code model editor queries	2023-09-28 10:13:13 +02:00
Anders Schack-Mulligen	653844cc46	Java: Use shared FileSystem library.	2023-09-28 08:58:55 +02:00
Anders Schack-Mulligen	e6d832c7e5	Merge pull request #14297 from aschackmull/java/additional-steps-and-nodes Java: Add support for additional nodes, read steps, and store steps for QL models and model ThreadLocal.initialValue	2023-09-26 14:50:37 +02:00
Anders Schack-Mulligen	06cb277eb0	Merge pull request #14299 from aschackmull/dataflow/more-defaults Dataflow: Make use of defaults for language-specific hooks.	2023-09-25 11:19:44 +02:00
Asger F	d501856519	Update DataFlowImpl.qll copies	2023-09-25 10:05:29 +02:00
Tony Torralba	b1cee2f35c	Merge pull request #14254 from atorralba/atorralba/arithexpr-improv Java: Consider AssignOps in ArithExpr	2023-09-22 15:22:27 +02:00
Anders Schack-Mulligen	66da997b7b	Dataflow: Make use of defaults for language-specific hooks.	2023-09-22 14:54:22 +02:00
Anders Schack-Mulligen	b11194e561	Java: Add missing qldoc.	2023-09-22 13:46:08 +02:00
Anders Schack-Mulligen	8ee1f8ae69	Java: Add missing flow step for ThreadLocal.initialValue.	2023-09-22 13:33:45 +02:00
Anders Schack-Mulligen	9f905497a5	Java: Add support for additional read and store steps and additional nodes.	2023-09-21 15:05:30 +02:00
Anders Schack-Mulligen	7e04ac55b7	Merge pull request #14268 from aschackmull/java/xmlparsers-typetrack Java/Dataflow: Add new light-weight data flow api and use it in XmlParsers	2023-09-21 13:33:21 +02:00
Anders Schack-Mulligen	13f7daf71e	Merge pull request #13982 from aschackmull/dataflow/typeflow-calledge-pruning Dataflow: Add type-based call-edge pruning.	2023-09-21 13:33:08 +02:00
Anders Schack-Mulligen	5c40d553b4	Java: Switch XmlParsers lib to lightweight data flow.	2023-09-20 10:21:53 +02:00
Tony Torralba	1e95a5a38a	Java: Consider AssignOps in ArithExpr	2023-09-19 12:15:59 +02:00
yoff	4a37c2fc3a	Merge pull request #13778 from geoffw0/javaparsemode Java: Understand multiple parse mode flags specified in a regular expression string	2023-09-18 14:22:59 +02:00
Chris Smowton	e62fcf9a45	Fix formatting mistake	2023-09-15 12:37:34 +01:00
Chris Smowton	a1a7640427	Give ErrorExpr default control flow This prevents a CFG dead-end because of one ErrorExpr	2023-09-14 17:42:00 +01:00
Chris Smowton	b1e128b5c1	Pretty-print a ClassInstanceExpr without a bound constructor nicely	2023-09-14 17:42:00 +01:00
Chris Smowton	c0f8973749	Add test for extracting a Java AST with an error expression Also note that ErrorExpr can occur outside upgrade/downgrade scripts	2023-09-14 17:42:00 +01:00
Geoffrey White	8c3e778be6	Java: Port regex mode flag character fix from Python.	2023-09-13 17:50:52 +01:00
Anders Schack-Mulligen	c8094d34a7	Dataflow: Add type-based call-edge pruning.	2023-09-13 15:43:45 +02:00
Anders Schack-Mulligen	300425540a	Java: Minor improvement to TypeFlow for super accesses.	2023-09-13 15:43:45 +02:00
Anders Schack-Mulligen	a7b677ba40	Java: Bugfix for SuperAccess.isOwnInstanceAccess().	2023-09-13 15:43:45 +02:00
Anders Schack-Mulligen	110a4c81e3	Java: Minor perf fix.	2023-09-13 15:43:45 +02:00
Koen Vlaswinkel	7db082f3fd	Java: Add VS Code model editor queries	2023-09-13 13:04:26 +02:00
Tom Hvitved	73370e7282	Merge pull request #14100 from hvitved/dataflow/consistency-pack Data flow: Add consistency checks to shared ql pack	2023-08-31 11:47:40 +02:00
Asger F	2d5c40db31	Merge pull request #14048 from asgerf/shared/variable-capture-write-source-node Variable capture: allow arbitrary data-flow nodes to be the source of a write	2023-08-31 10:20:48 +02:00
Tom Hvitved	fefe64bf0c	Java: Use data flow consistency checks from shared pack	2023-08-30 15:29:41 +02:00
Anders Starcke Henriksen	361ae1747e	Merge branch 'main' into starcke/automodel-pack	2023-08-30 09:25:28 +02:00
Asger F	d4cfa8c2b8	Java: autoformatting changes	2023-08-28 15:35:06 +02:00
Asger F	d2fe4d235a	Java: Inline VariableWrite.getSource()	2023-08-28 15:34:48 +02:00
Asger F	f17518ace2	Java: update to reflect changes in VariableCapture.qll	2023-08-24 14:06:44 +02:00
Anders Schack-Mulligen	7af1e96943	Merge pull request #14032 from aschackmull/java/mad-nestednames Java: Use nested names in MaD signatures.	2023-08-24 13:53:55 +02:00
Tony Torralba	6b58d11eeb	Merge pull request #13900 from atorralba/atorralba/java/jaxws-getaremotemethod-improv Java: Improve `JaxWsEndpoint::getARemoteMethod`	2023-08-24 13:37:15 +02:00
Tony Torralba	3f9701cea7	Two fixes: * Consider that the @WebService annotation (et al) can be in a supertype or interface * getARemoteMethod should only return public methods, since protected, package-private, and private methods are not exposed	2023-08-24 11:35:52 +02:00
Tony Torralba	0f3918af16	Merge pull request #13773 from atorralba/atorralba/java/mdht-xxe-sink Java: Add XXE sinks for MDHT	2023-08-23 13:49:49 +02:00
Anders Schack-Mulligen	4b0a1cf74b	Java: Remove old interpretation.	2023-08-23 13:19:16 +02:00
Anders Schack-Mulligen	410c09270f	Java: Use nested names in MaD signatures.	2023-08-23 13:17:52 +02:00
Anders Schack-Mulligen	bdc5f9cdea	Merge pull request #14012 from knewbury01/knewbury01/add-sanitizer-command-query Java: add sanitizer to command injection query	2023-08-22 08:40:49 +02:00
Michael Nebel	ce6fd8ac5f	Merge pull request #13432 from michaelnebel/updateissupported Java/C#: Update telemetry queries to report callables with sink/source neutrals as being supported.	2023-08-22 08:39:38 +02:00
Kristen Newbury	5e01e1d464	Java: add sanitizer to command injection query	2023-08-21 12:33:05 -04:00
Jeroen Ketema	2d0f73d7c2	Merge pull request #13881 from jketema/shared-taint-tracking Introduce shared taint tracking library	2023-08-21 12:45:49 +02:00
Jeroen Ketema	a2bb7dee18	Java: Delete copy of shared taint tracking library	2023-08-21 10:32:28 +02:00
Michael Nebel	106ba11e10	Address review comments.	2023-08-21 09:59:02 +02:00
Michael Nebel	d66fe08661	Add QLDoc for the getKind predicate.	2023-08-21 09:59:02 +02:00

... 15 16 17 18 19 ...

3149 Commits