hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,644 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.1
Commit Graph

12338 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
448cc82ef9 Kotlin: Accept more test changes. 2025-07-17 11:21:27 +02:00
Anders Schack-Mulligen
54775e0958 Java: Adjust Paths.qll 2025-07-17 11:21:26 +02:00
Anders Schack-Mulligen
e7a6259bd7 Java: Accept test changes. 2025-07-17 11:21:26 +02:00
Anders Schack-Mulligen
fbe79e8a52 Java: Add AnnotatedExitNodes to the CFG. 2025-07-17 11:21:26 +02:00
Owen Mansel-Chan
805e31fdb9 Update test expectations 2025-07-16 15:25:45 +01:00
Owen Mansel-Chan
7d4a70cc1d Add change notes 2025-07-16 14:44:24 +01:00
Owen Mansel-Chan
fdd1e3fefe Use MaD models for unsafe deserialization sinks when possible 
Many of the unsafe deserialization sinks have to stay defined in QL
because they have custom logic that cannot be expressed in MaD models.
 2025-07-16 14:42:07 +01:00
Owen Mansel-Chan
9ef22fff8e Update SnakeYaml reference to note that it is outdated 2025-07-15 15:27:01 +01:00
Kasper Svendsen
10a678dcbd Java lib qlpack: Enable overlay compilation 2025-07-15 16:23:40 +02:00
Kasper Svendsen
9c3e275e66 Merge pull request #20011 from kaspersv/kaspersv/discard-xml 
Overlay: Add XML and Java property discarding
 2025-07-15 16:13:38 +02:00
Kasper Svendsen
f84a3084f0 Address review comment about ignored QL variable 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2025-07-15 15:34:08 +02:00
Anders Schack-Mulligen
9e87095bed Java: Restrict results to source literals. 2025-07-15 14:54:02 +02:00
Nick Rolfe
16e9e8e836 Merge pull request #20049 from github/nickrolfe/java-deleted-files 
Java: use `overlayChangedFiles` in discard prediactes
 2025-07-15 07:42:54 -04:00
Nick Rolfe
c199d0cbbe Java: use overlayChangedFiles in discard prediactes 2025-07-15 10:10:32 +01:00
Paolo Tranquilli
31d0897f74 Kotlin: disable bazel cache in plugin test 2025-07-14 15:30:11 +02:00
Paolo Tranquilli
77cab9d068 Kotlin: tweak plugin test 
Put less emphasis on plugin build isolation, to get a better DevEx out
of it. The crux of the test is the database extraction part, not the
plugin build.
 2025-07-14 13:52:22 +02:00
Owen Mansel-Chan
03e8865933 Merge pull request #20025 from owen-mc/java/unsafe-deserialization 
Java: add extra sink for `java/unsafe-deserialization`
 2025-07-11 23:59:22 +01:00
Owen Mansel-Chan
7764fbb664 Change note 2025-07-11 11:05:48 +01:00
Owen Mansel-Chan
8e4bd1a102 Add sink for ObjectInput.readObject to make test pass 2025-07-11 11:05:38 +01:00
Owen Mansel-Chan
34fae324a0 Add test for ObjectInput.readObject 2025-07-11 11:03:47 +01:00
Jonas Jensen
76544f2966 Merge pull request #19943 from asgerf/approximate-related-location 
Support approximate related locations
 2025-07-11 10:16:24 +02:00
Owen Mansel-Chan
006d77ffdd Refactor QL to make type check more concise 2025-07-11 06:13:01 +01:00
Owen Mansel-Chan
c39e5a7d97 Update qhelp: SnakeYaml is safe from version 2.0 2025-07-10 16:54:00 +01:00
Tamás Vajk
1351f57d2b Merge pull request #19998 from tamasvajk/quality/label-in-switch 
Java: Add query to detect non-case labels in switch statements
 2025-07-10 14:13:38 +02:00
Kasper Svendsen
0739c03d03 Overlay: Add discarding of base XML locatables for Java 2025-07-10 12:31:16 +02:00
Kasper Svendsen
d7094a96b5 Overlay: Add discarding of all Java base properties 2025-07-10 12:31:15 +02:00
Tamas Vajk
5edb60ea04 Improve query documentation 2025-07-10 09:43:15 +02:00
Jonas Jensen
5a1246a586 Merge remote-tracking branch 'upstream/main' into approximate-related-location 2025-07-09 10:10:20 +02:00
Tamas Vajk
5f7d746266 Java: Add query to detect non-case labels in switch statements 2025-07-08 14:53:39 +02:00
Tamas Vajk
ccbf7055f1 Adjust query precision 2025-07-08 13:31:08 +02:00
Tamas Vajk
d16570b05e Revert "Adjust query tags" 
This reverts commit 92685e6c2de69898d556706b04e6c562e54b26b8.
 2025-07-08 13:28:26 +02:00
Tamas Vajk
c4def103f7 Improve query documentation 2025-07-08 13:28:26 +02:00
Tamas Vajk
15de398806 Adjust query tags 2025-07-08 13:28:25 +02:00
Tamas Vajk
a0c9c98373 Adjust references in query doc 2025-07-08 13:28:25 +02:00
Tamas Vajk
fd8b37cc28 Exclude Kotlin files 2025-07-08 13:28:24 +02:00
Tamas Vajk
09a2aeead6 Java: Add query to detect special characters in string literals 2025-07-08 13:28:18 +02:00
Tamas Vajk
813ce7d3f8 Rename query 2025-07-08 11:28:12 +02:00
Tamas Vajk
f2805ba80c Improve query help 2025-07-08 11:28:11 +02:00
Tamas Vajk
82fe647a40 Improve alert message 2025-07-08 11:28:11 +02:00
Tamas Vajk
528389af38 Adjust expected file for query suite integration test 2025-07-08 11:28:10 +02:00
Tamas Vajk
a2d4f58af7 Use inline test expectations 2025-07-08 11:28:10 +02:00
Tamas Vajk
2cd0c64e41 Improve query quality 2025-07-08 11:28:09 +02:00
Tamas Vajk
e0cb1792bd Java: Add 'Useless serialization member in record class' query 2025-07-08 11:28:09 +02:00
Tom Hvitved
6fdec47e83 Java: Use MaD in log injection test 2025-07-08 10:25:58 +02:00
github-actions[bot]
24a0ac1223 Post-release preparation for codeql-cli-2.22.2 2025-07-07 18:15:04 +00:00
github-actions[bot]
f12daefabe Release preparation for version 2.22.2 2025-07-07 14:00:26 +00:00
Tamas Vajk
6013c347df Improve query docs for java/java-util-concurrent-scheduledthreadpoolexecutor 2025-07-07 14:22:40 +02:00
Arthur Baars
84e5f2846b Merge branch 'main' into nickrolfe/overlay-deleted-files 2025-07-04 16:19:59 +02:00
Kasper Svendsen
785e0273f2 Merge pull request #19968 from kaspersv/kaspersv/overlay-java-getastrictancestor-caller 
Overlay: Mark `RefType.getAStrictAncestor`` overlay[caller?]`
 2025-07-04 09:38:02 +02:00
Nick Rolfe
a02aabe797 Java: add upgrade scripts for overlayChangedFiles dbscheme addition 2025-07-03 12:44:12 +01:00