hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,920 Commits 1,672 Branches 157 Tags
codeql-cli-2.23.2
Commit Graph

13744 Commits

Author SHA1 Message Date
Michael Nebel
5623ccf4a0 Java: Re-factor NeutralCallable to include all neutrals and introduce NeutralSummaryCallable. 2023-08-21 09:59:00 +02:00
Michael Nebel
6deeb36a97 Java: Update the comments in SupportedExternalApis to include the neutral kind and add a sink neutral example. 2023-08-21 09:58:59 +02:00
github-actions[bot]
181b3d0e33 Add changed framework coverage reports 2023-08-21 00:14:44 +00:00
github-actions[bot]
098dfb4242 Release preparation for version 2.14.3 2023-08-18 14:48:15 +00:00
Edward Minnix III
d109637e2d Merge pull request #13413 from egregius313/egregius313/trust-boundary 
Java: Trust Boundary Violation Query
 2023-08-18 10:33:32 -04:00
Erik Krogh Kristensen
08ef31d452 Merge pull request #13916 from erik-krogh/limit-java-field-reg 
Java: limit field flow when tracking regex strings
 2023-08-18 12:14:31 +02:00
Stephan Brandauer
480e3bf506 Java: update model exclusions logic to cope with new automodel test location 2023-08-18 10:28:51 +02:00
Edward Minnix III
8d88af1af0 Apply docs review suggestions 
Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com>
 2023-08-17 13:05:38 -04:00
Ed Minnix
4eb1035dfe Documentation fixes 2023-08-17 13:05:38 -04:00
Ed Minnix
655a98452a Remove escapeHTML models 2023-08-17 13:05:37 -04:00
Ed Minnix
d468ea9e90 Add default sanitizers 2023-08-17 13:05:37 -04:00
Ed Minnix
b305962c9a Use more appropriate description 2023-08-17 13:05:37 -04:00
Ed Minnix
a36c12ff1f Add trust-boundary-violation sink kind 2023-08-17 13:05:37 -04:00
Ed Minnix
60642c52aa Use non-extending subtype 2023-08-17 13:05:37 -04:00
Ed Minnix
e22a67e7fe Remove unnecessary methods 2023-08-17 13:05:37 -04:00
Ed Minnix
a3a4c31911 Replace servlet source node with RemoteFlowSource 2023-08-17 13:05:37 -04:00
Edward Minnix III
929090a847 Typos and style fixes 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2023-08-17 13:05:37 -04:00
Ed Minnix
52ebf9fff6 Java: Add trust boundary change note 2023-08-17 13:05:37 -04:00
Ed Minnix
172b8a6967 Documentation fixes 2023-08-17 13:05:37 -04:00
Ed Minnix
b567ec875a Documentation 2023-08-17 13:05:37 -04:00
Ed Minnix
55fae2daaa Added ESAPI sanitizer 2023-08-17 13:05:37 -04:00
Ed Minnix
97d6e82869 Stubs for org.owasp.esapi 2023-08-17 13:05:37 -04:00
Ed Minnix
f58590c6a9 Trust Boundary Work 2023-08-17 13:05:37 -04:00
Ed Minnix
2aba425464 TrustBoundary test ql file 2023-08-17 13:05:36 -04:00
Ed Minnix
ab9f0240d3 Add taint steps for HTML encoding methods 2023-08-17 13:05:36 -04:00
Ed Minnix
b9f2da7875 Comments and import fixes 2023-08-17 13:05:36 -04:00
Ed Minnix
3e7444cd66 Style fixes 2023-08-17 13:05:36 -04:00
Ed Minnix
15370506b8 Add missing security severity 2023-08-17 13:05:36 -04:00
Ed Minnix
a8b7e70d01 Convert trust boundary models to MaD 2023-08-17 13:05:36 -04:00
Ed Minnix
76438f13b6 Trust Boundary Query 2023-08-17 13:05:36 -04:00
Edward Minnix III
41a527cf72 Merge pull request #13934 from egregius313/egregius313/add-dashes-to-sha-algorithms 
Java: Add dashes to SHA algorithm names in `Encryption.qll`
 2023-08-17 13:03:15 -04:00
Anders Schack-Mulligen
e27aad9d6c Merge pull request #13987 from aschackmull/java/rangeanalysis-joinorder-fix 
Java: Join-order fix in RangeAnalysis.
 2023-08-17 14:47:26 +02:00
Anders Schack-Mulligen
f8a0b6cd22 Java: Add nomagic 2023-08-17 11:20:02 +02:00
Anders Starcke Henriksen
1b31c4dd4c Update filter to point to right pack. 2023-08-17 11:07:27 +02:00
Anders Schack-Mulligen
0afda68ba1 Java: Join-order fix in RangeAnalysis. 2023-08-17 11:07:24 +02:00
Anders Starcke Henriksen
56871c77f5 Merge branch 'main' into starcke/automodel-pack 2023-08-17 10:04:44 +02:00
github-actions[bot]
b0da1ef892 Add changed framework coverage reports 2023-08-17 00:14:13 +00:00
Jeroen Ketema
33e8310625 Merge branch 'main' into shared-taint-tracking 2023-08-17 00:14:25 +02:00
Ian Lynagh
1fb4e13e0a Merge pull request #13960 from igfoo/igfoo/parent 
Kotlin: Handle Kotlin 2 parents better
 2023-08-16 16:27:15 +01:00
Stephan Brandauer
44a9cf93e0 Merge branch 'main' into kaeluka/add-provenance-to-metadata 2023-08-16 09:31:03 +02:00
Stephan Brandauer
808dc3e8d3 Java: Automodel framework mode: track exact ai- provenance in alreadyAiModeled meta data property 2023-08-16 09:25:03 +02:00
Stephan Brandauer
20254c3d0a Merge pull request #13886 from github/kaeluka/java-automodel-variadic-args 
Java: automodel application mode: use endpoint class like in framework mode
 2023-08-16 08:49:01 +02:00
Ed Minnix
cafd08521e Add change note 2023-08-15 23:46:12 -04:00
Ed Minnix
7cfe78a52d Add dashes to SHA algorithm names in Encryption.qll 2023-08-15 23:42:17 -04:00
Ian Lynagh
3b9bd16097 Kotlin: Mark some functions as private 2023-08-15 12:38:47 +01:00
Ian Lynagh
a8b69e5b55 Kotlin: Fix build on old versions 2023-08-15 11:30:23 +01:00
Michael Nebel
a95aad51bd Merge pull request #13546 from michaelnebel/java/withoutelement 
Java: Support for With[out]Element for MaD.
 2023-08-15 10:03:03 +02:00
Ian Lynagh
eb27428514 Kotlin: Handle IrExternalPackageFragment when dealing with external decls 2023-08-14 17:37:48 +01:00
Ian Lynagh
72af8ac1e2 Kotlin: Switch to useDeclarationParentOf 
This lets us handle Kotlin 2 declarations whose parent is an
IrExternalPackageFragment, indicating that they are in a (multi)file
class.
 2023-08-14 17:02:49 +01:00
Ian Lynagh
4f336820de Kotlin: Start handling IrExternalPackageFragment parents 2023-08-14 17:02:48 +01:00