hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,294 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.3
Commit Graph

3186 Commits

Author SHA1 Message Date
Chuan-kai Lin
4960305022 Merge pull request #13025 from cklin/java-location-tostring-bindingset 
Java: Add pragma[only_bind_out] to Top::toString() calls
 2023-05-08 06:27:42 -07:00
Mathias Vorreiter Pedersen
09ba9a74ce Merge pull request #12959 from MathiasVP/identity-consistency-check 
DataFlow: Add an "identity-step" consistency check
 2023-05-05 10:03:20 +01:00
Edward Minnix III
2d5b35067e Merge pull request #12721 from egregius313/egregius313/java/move-configurations-to-libraries 
Java: Move more dataflow configurations to `*Query.qll` files
 2023-05-04 20:14:22 -04:00
Edward Minnix III
a34a51737f Add SyntheticFields for JwsHeader 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2023-05-04 16:52:40 -04:00
Jami
3c74c8bbe0 Merge pull request #13019 from jcogs33/jcogs33/url-open-stream-updates 
Java: switch `url-open-stream` sink models to `experimentalSinkModel`
 2023-05-04 15:07:44 -04:00
Chuan-kai Lin
d968cee2c4 Java: Add pragma[only_bind_out] to Top::toString() calls 2023-05-04 11:46:35 -07:00
Ed Minnix
5f3c8fef3f Privacy markers and fixed imports 2023-05-04 10:25:17 -04:00
Ed Minnix
74fc6382a6 Add improper validation of array size query libraries 2023-05-04 10:25:17 -04:00
Ed Minnix
c319ee4c0d Add TempDirLocalInformationDisclosureQuery 2023-05-04 10:25:16 -04:00
Ed Minnix
b087cf9a0a Add Arithmetic query libraries 2023-05-04 10:25:16 -04:00
Ed Minnix
b6361cdd3d Move CWE-190/ArithmeticCommon.qll to semmle.code.java.security 2023-05-04 10:25:16 -04:00
Ed Minnix
24b00bac11 Add UnsafeHostnameVerificationQuery 2023-05-04 10:25:16 -04:00
Ed Minnix
f4a6f555b4 Add NumericCastTaintedQuery 2023-05-04 10:25:13 -04:00
Ed Minnix
e65a54b85f Add BrokenCryptoAlgorithmQuery 2023-05-04 10:19:12 -04:00
Ed Minnix
4b76564911 Add MaybeBrokenCryptoAlgorithmQuery 2023-05-04 10:15:00 -04:00
Ed Minnix
e4f47ece43 Add ResponseSplittingLocalQuery 2023-05-04 10:15:00 -04:00
Ed Minnix
91b3533035 Add SqlTaintedLocalQuery 2023-05-04 10:14:59 -04:00
Ed Minnix
a0f7575b34 Add StackTraceExposureQuery 2023-05-04 10:14:59 -04:00
Ed Minnix
aff299eafd Add ExecTaintedLocal 2023-05-04 10:14:59 -04:00
Ed Minnix
b39d5088de Add InsecureCookieQuery 2023-05-04 10:14:59 -04:00
Ed Minnix
be24b29e7a Add UrlRedirectLocalQuery.qll 2023-05-04 10:14:59 -04:00
Ed Minnix
0249187282 Add ExternallyControlledFormatStringLocalQuery.qll 2023-05-04 10:14:59 -04:00
Ed Minnix
5834e4ac52 Add UrlRedirectQuery.qll 2023-05-04 10:14:59 -04:00
Ed Minnix
cc22a7d4b4 Add XssLocalQuery 2023-05-04 10:14:59 -04:00
Ed Minnix
c2b6a3f4e0 Add XPathInjectionQuery 2023-05-04 10:14:59 -04:00
Ed Minnix
c15ce27957 Add SqlConcatenatedQuery 2023-05-04 10:14:59 -04:00
Ed Minnix
1af6d5f7b3 Add TaintedPermissionsCheckQuery 2023-05-04 10:14:59 -04:00
Kasper Svendsen
4035b16ac1 Merge pull request #13008 from kaspersv/kaspersv/explicit-this-receivers-shared1 
Java, C#: Make implicit this receivers explicit
 2023-05-04 15:38:45 +02:00
Anders Schack-Mulligen
1185bfc90f Merge pull request #12986 from aschackmull/java/mapvalue-precision 
Java: Force high precision for MapValueContent.
 2023-05-04 14:52:41 +02:00
Anders Schack-Mulligen
3b004b06b0 Java: Minor perf fix for typePrefixContainsAux1. 2023-05-04 14:21:36 +02:00
Mathias Vorreiter Pedersen
77001a070b Merge branch 'main' into identity-consistency-check 2023-05-03 22:01:06 +01:00
Jami Cogswell
2224c5d9be Java: remove url-open-stream kind from getInvalidModelKind 2023-05-03 10:08:50 -04:00
Kasper Svendsen
081085e128 Java: Make implicit this receivers explicit 2023-05-03 13:37:35 +02:00
Kasper Svendsen
e071a25653 Java, C#: Make implicit this receivers explicit 2023-05-03 13:09:00 +02:00
Anders Schack-Mulligen
97cd3b8576 Java: Force high precision for MapValueContent. 2023-05-02 11:19:21 +02:00
Anders Schack-Mulligen
ca09649679 Dataflow: Forward hasLocationInfo. 2023-05-02 10:48:32 +02:00
Anders Schack-Mulligen
5927bb2030 Dataflow: Replace "extends Node" with "instanceof Node". 2023-05-02 09:48:34 +02:00
Anders Schack-Mulligen
6c8cb0dc5e Merge pull request #12930 from aschackmull/dataflow/split-typedcontent 
Dataflow: Refactor access paths to split TypedContent into an explicit pair
 2023-05-01 14:58:15 +02:00
Mathias Vorreiter Pedersen
e506f638fc DataFlow: Sync identical files. 2023-04-27 18:40:33 +01:00
Anders Schack-Mulligen
9df2ee00d6 Java: Add SrcCallable.isImplicitlyPublic convenience predicate. 2023-04-27 15:20:49 +02:00
Anders Schack-Mulligen
71ae0909d8 Dataflow: Enforce type pruning in all forward stages. 2023-04-27 14:55:26 +02:00
Anders Schack-Mulligen
a761eea2dc Dataflow: Autoformat 2023-04-27 14:52:25 +02:00
Anders Schack-Mulligen
4f2d2361a4 Dataflow: Eliminate TypedContent. 2023-04-27 14:52:25 +02:00
Anders Schack-Mulligen
5373b4d466 Dataflow: Remove superfluous predicates. 2023-04-27 14:52:25 +02:00
Anders Schack-Mulligen
b534e7b6d5 Dataflow: Remove superfluous columns 2023-04-27 14:52:25 +02:00
Anders Schack-Mulligen
a2fa97ac22 Dataflow: Replace TypedContent with Content in access paths. 2023-04-27 14:52:25 +02:00
Anders Schack-Mulligen
123534a676 Dataflow: Eliminate front type in AccessPathFront. 2023-04-27 14:52:25 +02:00
Anders Schack-Mulligen
ff3e45e1ba Dataflow: Eliminate TypedContentApprox. 2023-04-27 14:52:25 +02:00
Anders Schack-Mulligen
748bcba0ae Dataflow: Eliminate now-redundant type in nil accesspath approximations. 2023-04-27 14:52:25 +02:00
Anders Schack-Mulligen
95b95e5c27 Dataflow: Duplicate type info for AccessPathApprox tails. 2023-04-27 14:52:24 +02:00