hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,246 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.0
Commit Graph

4485 Commits

Author SHA1 Message Date
Owen Mansel-Chan
0ccf4cecb8 Fix XSS FPs when content type is safe 2025-01-28 15:32:30 +00:00
erik-krogh
c7fc164680 java: remove the 2 from SafeTransformerFactoryFlow, not that the previous naming conflict has been deleted 2025-01-28 09:13:59 +01:00
erik-krogh
a1afa20d4b add change-notes 2025-01-27 22:43:13 +01:00
erik-krogh
34f5f61a10 all: use my script to delete outdated deprecations 2025-01-27 22:16:48 +01:00
Michael Nebel
98d6353f12 Java: Address review comments. 2025-01-27 11:21:44 +01:00
Michael Nebel
cc48cec1c7 Java: Deprecate experimental model activation. 2025-01-27 10:22:17 +01:00
Jonas Jensen
773a98a9eb Merge pull request #18340 from jbj/diff-informed-getASelectedLocation 
Java: make more queries diff-informed with getASelectedLocation
 2025-01-22 14:25:33 +01:00
Anders Schack-Mulligen
5bfd22e60a Merge pull request #18552 from aschackmull/java/xss-regex-perf 
Java: Improve performance of XSS regex.
 2025-01-22 11:28:49 +01:00
Owen Mansel-Chan
b4c8390991 Merge pull request #18137 from owen-mc/java/jax-rs-annotation-inheritance 
Java: Update JAX-RS annotation inheritance
 2025-01-21 15:26:47 +00:00
Anders Schack-Mulligen
0f96e79264 Java: Improve performance of XSS regex. 2025-01-21 14:41:08 +01:00
Jonas Jensen
eacc600b29 Java: annotate a query as not selecting sources 
This is for performance in diff-informed mode but also for avoiding
spurious entries in the code scanning timeline and alert list.
 2025-01-21 12:56:06 +01:00
Owen Mansel-Chan
6fa18be0cc Fix QLDocs 2025-01-20 22:07:01 +00:00
github-actions[bot]
fbb7f0a0c6 Post-release preparation for codeql-cli-2.20.2 2025-01-20 21:11:14 +00:00
github-actions[bot]
a0512a50f2 Release preparation for version 2.20.2 2025-01-20 21:11:12 +00:00
Nick Rolfe
6b5974a372 Java: fix stats for databaseMetadata relation 2025-01-20 17:02:25 +00:00
Nick Rolfe
64f33955b5 Java: add databaseMetadata to dbscheme 2025-01-17 15:18:07 +00:00
Chris Smowton
060161cd5e Add change note 2025-01-14 14:22:27 +00:00
Owen Mansel-Chan
883301938b Merge pull request #18161 from owen-mc/java/weak-crypto-algo-more-informative 
Java: Make `java/weak-cryptographic-algorithm` give  a reason why the algo is insecure
 2025-01-13 23:43:04 +00:00
yoff
599411b440 Merge pull request #17787 from yoff/shared/add-location-to-typetracking-nodes 
shared: Add locations to type tracking nodes
 2025-01-13 23:06:09 +01:00
Ian Lynagh
6b182c5ebd Merge pull request #18396 from igfoo/igfoo/path_transformer 
Kotlin: Add CODEQL_PATH_TRANSFORMER support
 2025-01-13 15:11:41 +00:00
Tom Hvitved
303b11ec36 Merge pull request #18298 from hvitved/rust/mad-source-sink 
Rust: Add support for MaD sources and sinks with access paths
 2025-01-10 11:49:51 +01:00
yoff
b263132ab2 Merge pull request #17998 from yoff/shared/locations-in-range-analysis 2025-01-09 14:05:54 +01:00
yoff
21e7a0e828 Merge branch 'main' into shared/locations-in-range-analysis 2025-01-08 16:40:59 +01:00
Tom Hvitved
868caf948c Rename {Source,Sink}Node to {Source,Sink}Element 2025-01-08 15:21:43 +01:00
yoff
aca5a51a78 Merge branch 'main' into shared/add-location-to-typetracking-nodes 2025-01-08 12:47:05 +01:00
github-actions[bot]
fb20f6ca63 Post-release preparation for codeql-cli-2.20.1 2025-01-07 22:07:40 +00:00
github-actions[bot]
88b6f1e79a Release preparation for version 2.20.1 2025-01-07 20:50:36 +00:00
Dave Bartolomeo
72a53c4b23 Revert "Release preparation for version 2.20.1" 2025-01-07 13:32:23 -05:00
github-actions[bot]
fbf9f2fff8 Release preparation for version 2.20.1 2025-01-07 17:20:13 +00:00
Dave Bartolomeo
22e030584c Revert "Release preparation for version 2.20.1" 2025-01-07 12:14:27 -05:00
Owen Mansel-Chan
7688f46650 Add change note 2025-01-07 17:08:23 +00:00
Owen Mansel-Chan
5959a736ac Only recommend GCM, and tighten wording 2025-01-07 16:55:10 +00:00
Owen Mansel-Chan
9cc614ac2d Allow jax-rs path annotation inheritance 2025-01-07 16:44:12 +00:00
github-actions[bot]
a121c5a5d0 Release preparation for version 2.20.1 2025-01-06 18:20:22 +00:00
Tom Hvitved
1b31c90d26 Implement FlowSummaryImpl stubs 2025-01-06 13:26:51 +01:00
Ian Lynagh
78b277b46f Java/Kotlin: Add a changenote for CODEQL_PATH_TRANSFORMER support. 2025-01-03 16:02:36 +00:00
Jonas Jensen
2b1c70c33b Java: Diff-informed PolynomialReDoS.ql 
This and other queries would also benefit from making `RegexFlow`
diff-informed. That will come later.
 2024-12-20 13:01:09 +01:00
Jonas Jensen
5bebae9abf Java: Diff-informed ImproperIntentVerification.ql 2024-12-20 13:01:07 +01:00
Jonas Jensen
e799bff744 Java: Diff-informed TaintedPermissionsCheck.ql 2024-12-20 13:01:06 +01:00
Jonas Jensen
011d667f06 Java: Diff-informed PredictableSeed.ql 2024-12-20 13:01:05 +01:00
Jonas Jensen
a928a0d2b5 Java: Diff-informed BrokenCryptoAlgorithm.ql 2024-12-20 13:01:04 +01:00
Jonas Jensen
fea260bd55 Java: Diff-informed UnsafeHostnameVerification.ql 
This commit also adds a test case that would fail under `codeql test run
--check-diff-informed` if not for the override of
`getASelectedSourceLocation`. There was no existing such test since all
the existing tests used anonymous classes whose location was on the same
line as the source.
 2024-12-20 12:58:59 +01:00
Jonas Jensen
8224ef6929 Java: Diff-informed InsecureTrustManager.ql 2024-12-20 11:22:58 +01:00
Jonas Jensen
eac1a4c002 Java: Diff-informed SqlTainted.ql 2024-12-20 11:22:57 +01:00
Jonas Jensen
2561cec80c Java: Diff-informed CommandLineQuery 2024-12-20 11:22:56 +01:00
Michael Nebel
aaf0cd5dee Merge pull request #17968 from michaelnebel/java/movetestutils 
Move test utilities to the query pack.
 2024-12-16 13:41:30 +01:00
Michael Nebel
0bfc1b6ea8 Also move the postprocessing queries to the library pack. 2024-12-12 15:03:03 +01:00
Michael Nebel
941b0abbf6 Move modules to the library packs. 2024-12-12 15:03:01 +01:00
Owen Mansel-Chan
8703e21f62 Merge pull request #17996 from owen-mc/java/lightweight-IR-layer-classes 
Java: Make separate classes for different control flow node kinds
 2024-12-12 13:36:54 +00:00
Owen Mansel-Chan
8e11789186 Restore asStmt, asExpr and asCall to Node 
It doesn't really make sense to define them in terms of dispatch.
 2024-12-12 12:30:01 +00:00