hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 03:06:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,920 Commits 1,672 Branches 157 Tags
codeql-cli-2.23.2
Commit Graph

13744 Commits

Author SHA1 Message Date
Ed Minnix
4bdf2b5e18 Bump change note date 2023-12-11 11:18:39 -05:00
Ed Minnix
b9d2a26e6e Move ESAPI models into the Weak Randomness query 
These models don't need to apply to all queries. So instead they are
better suited to be within the weak randomness query itself.
 2023-12-11 11:18:39 -05:00
Ed Minnix
7f3995f524 Remove extra encryption-iv models 2023-12-11 11:18:39 -05:00
Ed Minnix
7241e0920c Replace convertBytesToString with models 2023-12-11 11:18:39 -05:00
Ed Minnix
e9ca4a25d4 Update to new MethodCall name 2023-12-11 11:18:39 -05:00
Ed Minnix
a1e9564cc5 Add more sources 2023-12-11 11:18:39 -05:00
Ed Minnix
b8b2de2f3c Remove use of crypto-parameter sink kind 2023-12-11 11:18:39 -05:00
Ed Minnix
646254c9b2 Add credentials sinks from SensitiveApi 2023-12-11 11:18:39 -05:00
Ed Minnix
057a74d914 Remove unnused class 2023-12-11 11:18:39 -05:00
Ed Minnix
fb875f5095 More variety of test cases 2023-12-11 11:18:39 -05:00
Ed Minnix
ba3c38c226 Restrict addCookie to specific interface 2023-12-11 11:18:38 -05:00
Ed Minnix
dc3e4cd928 Refactored method accesses to the RandomDataSource library 2023-12-11 11:18:38 -05:00
Ed Minnix
ce7690b53f Make imports private 2023-12-11 11:18:38 -05:00
Edward Minnix III
bc0655573f Simplifications 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2023-12-11 11:18:38 -05:00
Ed Minnix
14fdfa4428 Add new sink kind and change note 2023-12-11 11:18:38 -05:00
Ed Minnix
0313f39229 Cryptographic sinks 2023-12-11 11:18:38 -05:00
Ed Minnix
b713efb711 Add ThreadLocalRandom.current as another source 2023-12-11 11:18:38 -05:00
Ed Minnix
bf0123d6ae Add org.apache.commons.lang.RandomStringUtils as a source 2023-12-11 11:18:38 -05:00
Ed Minnix
1daa83bf46 Add test cases 2023-12-11 11:18:38 -05:00
Ed Minnix
e69ff7b601 Move to library and add docs 2023-12-11 11:18:38 -05:00
Ed Minnix
9f986ca527 Add Weak Randomness Query 2023-12-11 11:18:38 -05:00
Tom Hvitved
f9dbf676a6 Java: Use FlowSummaryImpl from dataflow pack 2023-12-10 11:25:45 +01:00
Ed Minnix
1526da5929 Deprecation change note 2023-12-08 10:50:04 -05:00
Ed Minnix
aebbc7d4ab Add private imports to prevent compile warnings 2023-12-08 10:42:11 -05:00
Ed Minnix
1b8f3f3450 Deprecate or remove imports of dataflow library copies 2023-12-08 10:42:10 -05:00
Anders Schack-Mulligen
0618568cdc Merge pull request #15045 from aschackmull/java/fix-cp 
Java: Fix accidental cartesian product.
 2023-12-08 15:43:01 +01:00
Ian Lynagh
eab32ea24b Kotlin 2: Accept changes in query-tests/UnderscoreIdentifier 2023-12-08 13:49:25 +00:00
Anders Schack-Mulligen
64eb4ff753 Merge pull request #14983 from aschackmull/dataflow/deprecate-old-api 
Data Flow: Deprecate old data flow api.
 2023-12-08 14:27:25 +01:00
Anders Schack-Mulligen
7ee3068fe7 Java: Fix accidental cartesian product. 2023-12-08 13:27:05 +01:00
github-actions[bot]
92af5f5386 Post-release preparation for codeql-cli-2.15.4 2023-12-06 22:59:22 +00:00
github-actions[bot]
c04457e9e7 Release preparation for version 2.15.4 2023-12-06 21:11:50 +00:00
Ian Lynagh
fc11a87882 Kotlin: Fix dataflow with Array.set wrappers 2023-12-06 12:19:46 +00:00
Ian Lynagh
7fc7b96ed7 Kotlin: Add a test for dataflow with an Array.set wrapper 2023-12-06 12:19:25 +00:00
Ian Lynagh
2c625e34b5 Merge pull request #15008 from igfoo/igfoo/kot-arr-taint 
Kotlin: Track taint through Array.get/set
 2023-12-05 18:30:21 +00:00
Ian Lynagh
8ea155ef24 Kotlin: Add changenote 2023-12-05 14:48:02 +00:00
Ian Lynagh
babf1d6648 Kotlin: Track Kotlin's Array.set when tracking taint 2023-12-05 14:42:45 +00:00
Ian Lynagh
124487c57c Kotlin: Add more taint tests 2023-12-05 14:42:45 +00:00
Ian Lynagh
821b4c727e Kotlin: Add Array.get(_) support to taint tracking 2023-12-05 14:41:32 +00:00
Ian Lynagh
9953794101 Kotlin: Add an extra test case for Kotlin array taint 2023-12-05 14:41:32 +00:00
Ian Lynagh
70ff59eee1 Merge pull request #14997 from igfoo/igfoo/locs 
Kotlin: Accept some location changes in test-kotlin2/library-tests/vararg
 2023-12-05 11:18:27 +00:00
github-actions[bot]
48c15035b9 Add changed framework coverage reports 2023-12-05 00:16:34 +00:00
Ian Lynagh
1aa1698f44 Kotlin: Accept some location changes in test-kotlin2/library-tests/vararg 2023-12-04 16:44:38 +00:00
Jami
651653998c Merge pull request #14913 from jcogs33/jcogs33/unsafe-url-forward_path-inj-related_cve-2019-3799 
Java: add Spring models
 2023-12-04 10:18:50 -05:00
Tony Torralba
649dc9d1d4 Merge pull request #14993 from github/shati-patel/fix-cwe-tags 
Update inconsistent CWE tags
 2023-12-04 14:30:32 +01:00
Chris Smowton
97266c252e Remove mention of TSP 2023-12-04 12:36:04 +00:00
Shati Patel
6284781a9b Update inconsistent CWE tags 
Most tags use the "external/cwe/cwe-xxx" format, except for these few queries. Updating them for consistency.
 2023-12-04 11:52:31 +00:00
Chris Smowton
6d5a493e2d Add change note 2023-12-04 11:48:51 +00:00
Anders Schack-Mulligen
67f0529cda Dataflow: Sync. 2023-12-04 12:36:57 +01:00
Anders Schack-Mulligen
fd920b8585 Java: Deprecate old data flow api. 2023-12-04 12:36:57 +01:00
Chris Smowton
ad713a7a93 Java: report any extracted file as successfully extracted 2023-12-01 22:35:00 +00:00