hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,246 Commits 1,672 Branches 157 Tags
codeql-cli-2.23.0
Commit Graph

3149 Commits

Author SHA1 Message Date
Tony Torralba
59bd1e5ab1 Merge pull request #12228 from github/java/mad-decls-triage-request-2276 
Java: Update MaD sink decls after triage
 2023-03-01 17:08:38 +01:00
Ed Minnix
3ff1a97e38 Add byte[] signatures 2023-02-27 12:16:14 +01:00
Ed Minnix
fa6ac063d1 Add com.auth0.jwt.algorithm.Algorithm sinks 
The HMAC* constructors of the com.auth0.jwt.algorithm.Algorithm class
take a secret as a parameter. Therefore, the arguments should be added
to be checked for hardcoded credentials.
 2023-02-27 12:16:14 +01:00
intrigus-lgtm
540d3a3a99 Fix grammar 2023-02-22 00:42:50 +01:00
Anders Schack-Mulligen
acf6a77c6b Dataflow: Amend qldoc 2023-02-21 10:20:42 +01:00
Anders Schack-Mulligen
00a273b959 Java: Refactor data flow library. 2023-02-21 10:04:14 +01:00
Michael Nebel
813ffa440c Java: Consider ai-generated flow summaries to as generated summaries in dataflow. 2023-02-20 12:11:48 +01:00
Michael Nebel
54c0404110 Java: Allow ai-generated as a provenance value. 2023-02-20 11:47:09 +01:00
Chad Bentz
f3124d3239 Merge branch 'main' into main 2023-02-15 18:46:15 -05:00
Chris Smowton
62d10f91d8 Improve join ordering 2023-02-14 17:21:24 +00:00
Chris Smowton
82a2f4349a Resolve a newly-introduced ambiguity 
Also fix a simple redundancy noticed while debugging
 2023-02-14 17:21:24 +00:00
Chris Smowton
3514dd1e4d Java: merge the @class and @interface database types and tables 
This will allow the extractor to emit class(id, ...) when all it knows about a class is its name, due to not having it available on the classpath. Previously it would have had to guess whether it belonged to @class or @interface, possibly introducing an inconsistency.
 2023-02-14 17:21:23 +00:00
Jami
029e1d47fe Merge pull request #12081 from jcogs33/jcogs33/update-some-Files-sinks 
Java: update `createTempDirectory` and `copy` "create-file" sinks
 2023-02-14 10:53:17 -05:00
Anders Schack-Mulligen
0600a2ba96 Merge pull request #12138 from aschackmull/java/gen-file-mark-perf 
Java: Improve performance of GeneratedFileMarker.
 2023-02-14 09:57:09 +01:00
Tony Torralba
935e22d10d Merge pull request #12139 from atorralba/atorralba/java/xxe-local-query 
Java: Add local version of the XXE query
 2023-02-14 09:54:36 +01:00
Chad Bentz
cfe169a4f9 Adding MSSQL to SensitiveAPI 2023-02-13 19:42:28 -05:00
Tony Torralba
1c57aa0456 Fix import locations 2023-02-13 17:13:01 +01:00
Anders Schack-Mulligen
e877b161d8 Merge pull request #12124 from hvitved/dataflow/stage1-dispatch 
Data flow: Call context virtual dispatch pruning in stage 1
 2023-02-13 13:13:43 +01:00
Tony Torralba
4fad01a739 Further refactoring 
Avoid having two taint tracking configurations in the same file
 2023-02-13 09:18:05 +01:00
Tony Torralba
f3e0b6e62c PathGraph shouldn't be imported in a QLL library 2023-02-13 09:18:05 +01:00
Tony Torralba
5555b5cd19 Add local version of the XXE query 2023-02-13 09:18:05 +01:00
Tom Hvitved
f7a5a33474 Address review comment 2023-02-13 09:01:15 +01:00
Jami Cogswell
c87c3e30c7 Java: update getInvalidModelKind with 'read-file' kind 2023-02-11 17:07:25 -05:00
Anders Schack-Mulligen
770f3c24bb Java: Improve performance of GeneratedFileMarker. 2023-02-09 15:08:32 +01:00
Tom Hvitved
8e8897b08b Data flow: Sync files 2023-02-07 15:15:04 +01:00
Anders Schack-Mulligen
3c580896dc Merge pull request #11712 from aschackmull/java/constant-guards 
Java: Apply deadcode guard to data flow nodes.
 2023-02-07 09:14:20 +01:00
Mathias Vorreiter Pedersen
00fe448e3a Merge pull request #12072 from aschackmull/dataflow/stage3-perf 
Dataflow: Fix join in `fwdFlowRead` (take 2)
 2023-02-06 10:43:11 +00:00
Jami
b6805c6913 Merge pull request #11863 from jcogs33/jcogs33/update-paramsString 
Java: update paramsString
 2023-02-03 15:47:38 -05:00
Anders Schack-Mulligen
a1aeb995e6 Java: Apply deadcode guard to data flow nodes. 2023-02-03 16:16:39 +01:00
Anders Schack-Mulligen
e8dbd65d77 Java: Refactor compile-time constant calculation and apply to ConstantIntegerExpr. 2023-02-03 16:16:27 +01:00
Anders Schack-Mulligen
67d4ed53b9 Dataflow: Sync. 2023-02-02 16:33:00 +01:00
Anders Schack-Mulligen
8cb233df1a Dataflow: A proper perf fix for the stage-dependent fanout direction of the Content-to-Ap relation. 2023-02-02 16:31:07 +01:00
Joe Farebrother
97b2e852c9 Merge pull request #11713 from joefarebrother/sensitive-result-receiver 
Java: Add query for leaking sensitive data through a ResultReceiver
 2023-02-01 16:34:17 +00:00
Mathias Vorreiter Pedersen
95b15825f9 DataFlow: Sync identical files. 2023-01-27 16:24:31 +00:00
Alex Ford
55550e7980 Merge pull request #11941 from alexrford/summary-component-tostring-syntheticglobal 
Add missing toString case for synthetic globals
 2023-01-23 10:00:00 +00:00
Alex Ford
e4df1f5a6f Ruby: add missing toString case for synthetic globals 2023-01-20 13:31:43 +00:00
Michael Nebel
dc223cb82e Sync files and make corresponding changes for other languages. 2023-01-19 15:14:06 +01:00
Rasmus Wriedt Larsen
e0ccb9306a Merge pull request #11908 from RasmusWL/dataflow-consistency-more-excludes 
DataFlow: Add `uniqueParameterNodePositionExclude`
 2023-01-18 10:44:51 +01:00
Edward Minnix III
4c018759c8 Merge pull request #11283 from egregius313/egregius313/webview-setAllowContentAccess 
Java: Android WebView Content Access Query
 2023-01-17 11:02:47 -05:00
Jami
babdee36aa Merge pull request #11779 from jcogs33/jcogs33/model-more-top-jdk-apis 
Java: model top JDK APIs
 2023-01-17 10:20:32 -05:00
Rasmus Wriedt Larsen
a0b1c2ea79 DataFlow: Add uniqueParameterNodePositionExclude 2023-01-17 14:05:22 +01:00
Rasmus Wriedt Larsen
2b0a5fd5d1 DataFlow: Add uniqueParameterNodeAtPositionExclude 2023-01-17 14:05:17 +01:00
Jami Cogswell
ffb267937a Java: add endsWith additionalTaintStep to ConditionalBypassFlowConfig 2023-01-12 16:24:05 -05:00
Michael Nebel
5c466f3319 Java: Sync files and update other relavant files related to the new naming of shift. 2023-01-12 19:06:29 +01:00
Jami
c725c447ac Merge branch 'main' into jcogs33/update-paramsString 2023-01-12 08:24:57 -05:00
Joe Farebrother
a88759283a Fix typo in qldoc 2023-01-12 11:44:39 +00:00
Joe Farebrother
8449dabefe Add qldoc 2023-01-12 11:44:39 +00:00
Joe Farebrother
de565f9ccc Add test and fix a bug 2023-01-12 11:44:39 +00:00
Joe Farebrother
b96edb9c64 Add Sensitive Result Receiver query 2023-01-12 11:44:39 +00:00
Michael Nebel
7e4f7a0c17 C#: Address review comments and sync files. 2023-01-11 16:29:24 +01:00