4531 Commits

Author	SHA1	Message	Date
Jami Cogswell	ba3548b317	Java: switch to createRelative sink and add UrlPathHelper sources	2023-11-29 14:46:28 -05:00
Jami Cogswell	efa5ab18c1	Java: add taint steps for getResource sink	2023-11-29 14:46:27 -05:00
Eric Bickle	aab7ff919e	Java: Improve Gson parse, get, and stream models	2023-11-27 12:26:28 -08:00
Tom Hvitved	1a6886cf99	SSA: Add locations to ease debugging	2023-11-22 08:37:02 +01:00
github-actions[bot]	bad499e360	Post-release preparation for codeql-cli-2.15.3	2023-11-17 14:35:41 +00:00
github-actions[bot]	6ec9b95072	Release preparation for version 2.15.3	2023-11-16 13:07:16 +00:00
Anders Schack-Mulligen	bf6cfd3bef	Rangeanalysis: Simplify api.	2023-11-13 10:35:44 +01:00
Anders Schack-Mulligen	30aefabb2a	Rangeanalysis: Rename predicate.	2023-11-13 10:35:44 +01:00
Anders Schack-Mulligen	66b03bfb12	Java: Remove unused import	2023-11-13 10:35:44 +01:00
Anders Schack-Mulligen	3a73faf061	Rangeanalysis: Remove unused getAlternateType predicates.	2023-11-13 10:35:43 +01:00
Anders Schack-Mulligen	657c29f409	Java/C++: Share valueFlowStep.	2023-11-09 20:24:28 +01:00
Anders Schack-Mulligen	b8e7e1d15e	Java/C++: Share ssaUpdateStep.	2023-11-09 16:02:44 +01:00
Anders Schack-Mulligen	daffae020b	Java/C++: Share eqFlowCond.	2023-11-09 16:00:46 +01:00
Chris Smowton	c060827a5d	Merge pull request #14699 from smowton/smowton/feature/jdk21-sequenced-collections-models ... Java: model JDK21 SequencedCollection, Set and Map	2023-11-09 14:15:08 +00:00
Anders Schack-Mulligen	f9132c5ff0	Java: Duplicate a bit more code to postpone Java-C# cleanup.	2023-11-08 14:04:34 +01:00
Anders Schack-Mulligen	1f4cd74a1c	Java/C++: Move SsaReadPosition to shared qlpack.	2023-11-08 12:11:17 +01:00
Tony Torralba	5442cdb49c	Merge pull request #14610 from atorralba/atorralba/java/jms-deserialization ... Java: Add JMS sink to java/unsafe-deserialization	2023-11-08 09:10:20 +01:00
Anders Schack-Mulligen	45ae4ed362	Merge pull request #14711 from aschackmull/shared/rangeutil-share2 ... Java/C++/RangeAnalysis: Move a couple of utility predicates to shared qlpack	2023-11-08 08:33:12 +01:00
Geoffrey White	b63294764b	Merge pull request #14705 from geoffw0/qhelplink ... Fix a dead ReDoS link in docs	2023-11-07 17:40:19 +00:00
Anders Schack-Mulligen	12cba7909b	Java/C++: Move range util guard-controls predicates to shared pack.	2023-11-07 15:14:34 +01:00
Anders Schack-Mulligen	f2ca52d951	Java/C++: Move range util backEdge predicate to shared pack.	2023-11-07 15:14:34 +01:00
Tom Hvitved	af7b295c59	Address review comments	2023-11-07 13:01:19 +01:00
Geoffrey White	e8a466a02c	Update dead link.	2023-11-07 09:26:07 +00:00
Chris Smowton	24b4b05be8	Add models for new Collections methods	2023-11-06 16:44:40 +00:00
Chris Smowton	d30d71e048	Add change note	2023-11-06 16:38:44 +00:00
Chris Smowton	5b72aee3ae	Java: model JDK21 SequencedCollection, Set and Map	2023-11-06 16:04:13 +00:00
Anders Schack-Mulligen	f8ab64dff0	Java: Switch to shared modulus analysis.	2023-11-01 16:34:28 +01:00
Anders Schack-Mulligen	a7f3ef1a6c	Rangeanalysis: Parameterise shared modulus analysis.	2023-11-01 15:59:24 +01:00
Anders Schack-Mulligen	6d859daf3d	Merge pull request #14656 from aschackmull/shared/range-utils ... Rangeanalysis: Share ssaRead predicate	2023-11-01 15:57:52 +01:00
Anders Schack-Mulligen	048a7c4e42	Rangeanalysis: Rename SsaBound.getAVariable to getVariable.	2023-11-01 11:58:06 +01:00
Anders Schack-Mulligen	48291dd32d	Rangeanalysis: Remove superfluous ignoreZeroLowerBound.	2023-11-01 11:51:46 +01:00
Edward Minnix III	1ec1dd368d	Merge pull request #13978 from egregius313/egregius313/java/mad/convert-sensitive-api-to-mad ... Java: Convert `SensitiveApi.qll` to use Models-as-Data	2023-10-31 15:25:42 -04:00
Tony Torralba	107a05af71	Update MaD Declarations after Triage	2023-10-31 16:52:02 +01:00
Anders Schack-Mulligen	34b9791e46	Rangeanalysis: Remove superfluous ignoreSsaReadCopy.	2023-10-31 15:32:25 +01:00
Anders Schack-Mulligen	322e6c91be	Rangeanalysis: Remove superfluous specificSsaRead.	2023-10-31 15:30:36 +01:00
Anders Schack-Mulligen	8b6c940e76	Rangeanalysis: Remove superfluous ignoreSsaReadAssignment.	2023-10-31 15:28:37 +01:00
Anders Schack-Mulligen	6d6f89e71e	Rangeanalysis: Remove superfluous ignoreSsaReadArithmeticExpr.	2023-10-31 15:25:28 +01:00
Anders Schack-Mulligen	a39a94ca8e	Rangeanalysis: Switch to shared ssaRead predicate.	2023-10-31 15:23:05 +01:00
Anders Schack-Mulligen	19644a8f07	Rangeanalysis: Implement shared ssaRead predicate	2023-10-31 15:07:11 +01:00
github-actions[bot]	2b939fdf08	Post-release preparation for codeql-cli-2.15.2	2023-10-30 16:06:51 +00:00
Tony Torralba	45cf50c2af	Apply JMS sink only when there isn't an implementation available	2023-10-30 15:56:24 +01:00
github-actions[bot]	4641990021	Release preparation for version 2.15.2	2023-10-30 11:05:53 +00:00
Dave Bartolomeo	b18a6d5e0b	Merge pull request #14582 from github/dbartol/threat-models-2 ... Java: Threat model implementation with priorities.	2023-10-27 09:33:53 -04:00
Anders Schack-Mulligen	9769953669	Java: Split the different layers of virtual dispatch into separate cached stages.	2023-10-27 09:40:20 +02:00
Dave Bartolomeo	d2afb20f3f	Merge remote-tracking branch 'origin/main' into dbartol/threat-models-2	2023-10-26 14:05:40 -04:00
Mathias Vorreiter Pedersen	30ecb4b0c8	Merge pull request #14588 from aschackmull/shared/rangeanalysis ... C++/Java: Share core range analysis	2023-10-26 16:32:46 +01:00
Tony Torralba	7af3d239ab	Java: Add JMS sink to java/unsafe-deserialization	2023-10-26 16:46:19 +02:00
Chris Smowton	8198898d73	Merge pull request #14583 from smowton/smowton/admin/really-deprecate-old-java-names ... Java: Deprecate MethodAccess and SuperMethodAccess	2023-10-26 10:25:05 +01:00
Anders Schack-Mulligen	ec58b209e3	Merge pull request #14584 from Marcono1234/kotlin-Literal-getLiteral ... Kotlin: Mention `Literal::getLiteral()` difference from source code	2023-10-26 10:03:57 +02:00
Chris Smowton	29d57d82b7	Deprecate MethodAccess and SuperMethodAccess	2023-10-25 22:26:38 +01:00