hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,294 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.3
Commit Graph

3186 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
dbfc256f40 Java: Remove low-confidence dispatch to known neutrals. 2023-03-14 11:34:07 +01:00
Edward Minnix III
de1ecf943e Merge pull request #11915 from egregius313/egregius313/arbitrary-apk-installation 
Java: Arbitrary APK installation
 2023-03-14 06:23:51 -04:00
Tom Hvitved
bdd56f1b6e Data flow: Sync files 2023-03-14 10:01:56 +01:00
Tamas Vajk
c57fcfb8fb Java: Fix printAST to handle javadoc belonging to multiple elements 2023-03-13 14:26:33 +01:00
Tony Torralba
705691b096 Merge pull request #12446 from github/java/update-mad-decls-after-triage-2023-03-08T14-51-59 
Java: Update MaD Declarations after Triage
 2023-03-13 14:07:59 +01:00
Anders Schack-Mulligen
0c95ab2cdc Merge pull request #12474 from hvitved/dataflow/call-back-post-update 
Data flow: Synthesize post-update nodes for callback arguments inside summarized callables
 2023-03-13 13:21:52 +01:00
Erik Krogh Kristensen
060c37b6a2 Merge pull request #12345 from erik-krogh/delOldDeps 
delete old deprecations
 2023-03-13 12:48:24 +01:00
Anders Schack-Mulligen
da273269cb Java: Refactor PolynomialReDoS.ql 2023-03-13 11:27:14 +01:00
erik-krogh
6c1ebd999e Merge branch 'main' into delOldDeps 2023-03-13 11:00:29 +01:00
Ed Minnix
59eea2a4a3 Change FlowState classes to use IPAs instead of string 2023-03-10 15:24:04 -05:00
Ed Minnix
b6eeac5bc8 Update names to new naming convention 2023-03-10 15:13:58 -05:00
Anders Schack-Mulligen
1e64748ffe Dataflow: Autoformat. 2023-03-10 15:12:19 +01:00
Anders Schack-Mulligen
a836444bc6 Dataflow: Add some qldoc. 2023-03-10 14:56:54 +01:00
Anders Schack-Mulligen
cce3728edf Dataflow: Add MergePathGraph module. 2023-03-10 14:56:54 +01:00
Tom Hvitved
32a699e34a Data flow: Sync files 2023-03-10 12:43:21 +01:00
Anders Schack-Mulligen
64dd8b9488 Merge branch 'main' into java/refactor-dataflow-queries-1 2023-03-10 12:38:06 +01:00
Tony Torralba
77d9bac52d Support ai-generated summaries 2023-03-10 12:35:13 +01:00
Anders Schack-Mulligen
159d8e978c Dataflow: one more autoformat post rebase 2023-03-10 10:04:35 +01:00
Anders Schack-Mulligen
730eae9521 Java: Autoformat 2023-03-10 09:39:41 +01:00
Ed Minnix
cb53ff70a6 Remove unused imports 2023-03-09 10:44:59 -05:00
Mathias Vorreiter Pedersen
1f77f77153 DataFlow: Sync identical files. 2023-03-09 10:41:15 +00:00
Ed Minnix
48ca1d0b72 Convert the taint tracking configurations to modules 2023-03-08 19:51:54 -05:00
Ed Minnix
ae0b4970ac Remove commented out code 2023-03-08 19:21:58 -05:00
Ed Minnix
da43a61506 Convert dataflow configuration to using new module-configuration 2023-03-08 19:19:00 -05:00
Ed Minnix
24c9a516c9 Add QLdoc to ArbitraryApkInstallationQuery.qll 2023-03-08 13:21:09 -05:00
Ed Minnix
3ea167cadf Split ArbitraryApkInstallation file into 3 files 2023-03-08 12:12:11 -05:00
Anders Schack-Mulligen
e7f85673e9 Java: Fix tests and make modules private 2023-03-08 13:35:25 +01:00
Anders Schack-Mulligen
cc75a1a97e Java: Refactor RequestForgery.ql 2023-03-07 11:39:03 +01:00
Anders Schack-Mulligen
35beadc3bb Java: Refactor SensitiveInfoLog.ql 2023-03-07 11:31:49 +01:00
Anders Schack-Mulligen
d4e6e77200 Java: Refactor StackTraceExposure, XSS.qll 2023-03-07 10:38:00 +01:00
Mathias Vorreiter Pedersen
92ad099c1b DataFlow: Remove bindingsets, remove the call column, and swap parameter and argument columns. 2023-03-06 13:47:59 +00:00
Mathias Vorreiter Pedersen
3bf28cc752 DataFlow: Sync identical files. 2023-03-06 13:46:21 +00:00
Mathias Vorreiter Pedersen
4720e2a30a Java: Add stub. 2023-03-06 13:44:24 +00:00
Anders Schack-Mulligen
5c7f2ac7f7 Merge pull request #12186 from aschackmull/dataflow/refactor-configuration 
Data flow: Refactor configuration
 2023-03-06 13:38:59 +01:00
Anders Schack-Mulligen
557cb17f4d Dataflow: Minor perf fix for single config wrapper. 2023-03-06 10:24:33 +01:00
Anders Schack-Mulligen
0addcfa7c5 Dataflow: Fix some perf issues. 2023-03-03 11:45:32 +01:00
erik-krogh
f96d6accbb delete old deprecations 2023-03-03 09:23:02 +01:00
Tony Torralba
59bd1e5ab1 Merge pull request #12228 from github/java/mad-decls-triage-request-2276 
Java: Update MaD sink decls after triage
 2023-03-01 17:08:38 +01:00
Ed Minnix
3ff1a97e38 Add byte[] signatures 2023-02-27 12:16:14 +01:00
Ed Minnix
fa6ac063d1 Add com.auth0.jwt.algorithm.Algorithm sinks 
The HMAC* constructors of the com.auth0.jwt.algorithm.Algorithm class
take a secret as a parameter. Therefore, the arguments should be added
to be checked for hardcoded credentials.
 2023-02-27 12:16:14 +01:00
intrigus-lgtm
540d3a3a99 Fix grammar 2023-02-22 00:42:50 +01:00
Anders Schack-Mulligen
acf6a77c6b Dataflow: Amend qldoc 2023-02-21 10:20:42 +01:00
Anders Schack-Mulligen
00a273b959 Java: Refactor data flow library. 2023-02-21 10:04:14 +01:00
Michael Nebel
813ffa440c Java: Consider ai-generated flow summaries to as generated summaries in dataflow. 2023-02-20 12:11:48 +01:00
Michael Nebel
54c0404110 Java: Allow ai-generated as a provenance value. 2023-02-20 11:47:09 +01:00
Chad Bentz
f3124d3239 Merge branch 'main' into main 2023-02-15 18:46:15 -05:00
Chris Smowton
62d10f91d8 Improve join ordering 2023-02-14 17:21:24 +00:00
Chris Smowton
82a2f4349a Resolve a newly-introduced ambiguity 
Also fix a simple redundancy noticed while debugging
 2023-02-14 17:21:24 +00:00
Chris Smowton
3514dd1e4d Java: merge the @class and @interface database types and tables 
This will allow the extractor to emit class(id, ...) when all it knows about a class is its name, due to not having it available on the classpath. Previously it would have had to guess whether it belonged to @class or @interface, possibly introducing an inconsistency.
 2023-02-14 17:21:23 +00:00
Jami
029e1d47fe Merge pull request #12081 from jcogs33/jcogs33/update-some-Files-sinks 
Java: update `createTempDirectory` and `copy` "create-file" sinks
 2023-02-14 10:53:17 -05:00