hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,874 Commits 1,672 Branches 157 Tags
codeql-cli-2.23.5
Commit Graph

4641 Commits

Author SHA1 Message Date
Stephan Brandauer
0cab45e4b9 update old data to current standard (stream creation arg is a sink) 2023-03-20 17:09:48 +01:00
Stephan Brandauer
8802fbdfe7 Update java/ql/lib/ext/java.nio.file.model.yml 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2023-03-20 17:09:48 +01:00
Stephan Brandauer
bc227179c7 Update java/ql/lib/ext/org.geogebra.web.full.main.model.yml 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2023-03-20 17:09:48 +01:00
Tony Torralba
bc99a44f3a Apply suggestions from code review 2023-03-20 17:09:48 +01:00
Stephan Brandauer
12bb0d98c0 move toFile back to its original location 2023-03-20 17:09:48 +01:00
Stephan Brandauer
4761c3a328 remove duplicates 2023-03-20 17:09:48 +01:00
Stephan Brandauer
bd21dc9460 remove nonexploitable sinks 2023-03-20 17:09:48 +01:00
Stephan Brandauer
b7ce0c2d96 fix: taint flow of ctor goes to Argument[-1], instead of ReturnValue 2023-03-20 17:09:48 +01:00
Stephan Brandauer
2236db43ec sort the changed MaD declarations 2023-03-20 17:09:46 +01:00
Stephan Brandauer
74e261738f remove predicate 2023-03-20 17:06:40 +01:00
Stephan Brandauer
ec1762e015 Update MaD Declarations after Triage 2023-03-20 17:06:37 +01:00
Tony Torralba
fa60fa0ae2 Merge pull request #12572 from github/java/update-mad-decls-after-triage-2023-03-17T15-01-35 
Java: Update MaD Declarations after Triage
 2023-03-20 17:02:27 +01:00
Anders Schack-Mulligen
3876e4335f Merge pull request #12420 from kaspersv/kaspersv/dataflow-remove-alias-preds 
Dataflow: Remove revFlowAlias and revFlowApAlias predicates
 2023-03-20 16:30:15 +01:00
Michael Nebel
17b3383043 Merge pull request #12556 from michaelnebel/java/argumentthis 
Java: Argument[-1] -> Argument[this]
 2023-03-20 15:59:59 +01:00
Erik Krogh Kristensen
a9d40d39d9 Merge pull request #12550 from erik-krogh/useNumberUtil 
Java/Python: use Number.qll to parse hex numbers in regex parsing
 2023-03-20 15:50:31 +01:00
Stephan Brandauer
39726a54ec fix suggestion 2023-03-20 14:12:46 +01:00
Stephan Brandauer
116108851f Update MaD Declarations after Triage 2023-03-20 13:45:39 +01:00
Kasper Svendsen
1d2f1b6ae6 Address comments 2023-03-20 13:34:14 +01:00
Ed Minnix
1c661fd3ac Add missing QLDocs 2023-03-20 08:10:07 -04:00
Kasper Svendsen
e0e3a1d621 Dataflow: remove revFlowApAlias trick 2023-03-20 13:04:13 +01:00
Ed Minnix
60a4a79537 Make the Config module of public Flow modules public 
This is to make things easier for the CodeML/ATM team once these
configurations are moved from `src/` to `lib/`.
 2023-03-20 07:47:55 -04:00
Tony Torralba
27fc14236f Add change note 2023-03-20 10:48:56 +01:00
Tony Torralba
bff8bbfe33 Apply suggestions from code review 2023-03-20 10:43:46 +01:00
Michael Nebel
ae12510d8d Java: Add change-note. 2023-03-20 10:14:20 +01:00
Michael Nebel
9039a468cb Java: Update models that uses -1 in a range. 2023-03-20 10:14:20 +01:00
Michael Nebel
e86f1e4961 Java: Replace Argument[-1] with Argument[this]. 2023-03-20 10:14:20 +01:00
Michael Nebel
0ec56203f9 Java: Introduce index validation. 2023-03-20 09:38:40 +01:00
Michael Nebel
9a3c2d3fbe Java: Update summary parsing to use this instead of -1 and adjust the model generator. 2023-03-20 09:38:40 +01:00
Michael Nebel
abd9f673e1 Java: Update the java internal documentation for models. 2023-03-20 09:38:39 +01:00
Kasper Svendsen
9630feb5e4 Dataflow: Remove revFlowAlias trick 2023-03-20 09:04:35 +01:00
Ed Minnix
c852d3a541 Rename configurations from "Conf" to "Config" 2023-03-19 17:55:53 -04:00
Ed Minnix
2d5944fb0e Refactor DataFlow configurations to use "Config" naming convention 2023-03-19 17:44:07 -04:00
Ed Minnix
d317de14c9 XXE Configuration Deprecation messages 2023-03-17 15:17:18 -04:00
Ed Minnix
271d50ba99 Refactor Security.CWE.CWE-611 Xxe queries 2023-03-17 15:17:18 -04:00
Stephan Brandauer
dce81cf0ae Merge pull request #12463 from github/java/update-mad-decls-after-triage-2023-03-09T10-41-58 
Java: Add MaD declarations after triage
 2023-03-17 17:02:42 +01:00
Stephan Brandauer
8f565f5023 Update MaD Declarations after Triage 2023-03-17 16:01:36 +01:00
github-actions[bot]
981e171525 Post-release preparation for codeql-cli-2.12.5 2023-03-17 13:27:00 +00:00
Ian Lynagh
b8fb4b9b0f Merge pull request #12521 from igfoo/igfoo/printast_sig 
Java: PrintAst: Improve the ranking of callables
 2023-03-17 11:43:40 +00:00
Ian Lynagh
13c2ef8c20 Java: PrintAst: Improve the ranking or callables 
We now look not only at how many parameters each callable has, but what
its full signature is. This allows us to give a consistent order to
    Test(Throwable) { ... }
    Test(String) { ... }
 2023-03-16 15:20:07 +00:00
erik-krogh
880632f536 use Number.qll to parse hex numbers in regex parsing for Python/Java 2023-03-16 14:25:53 +01:00
Michael Nebel
2e86bbd6cd Java: Introduce helper predicate to avoid empty predicate in IPA branch. 2023-03-16 14:11:53 +01:00
github-actions[bot]
fe4d27e8cc Release preparation for version 2.12.5 2023-03-16 12:58:50 +00:00
Tom Hvitved
9f798902bd Data flow: Add consistency check for DataFlowCall::getEnclosingCallable 2023-03-16 08:40:53 +01:00
Anders Schack-Mulligen
bc9942eb75 Merge pull request #12530 from aschackmull/java/refactor-dataflow-queries-3 
Java: Refactor more dataflow queries to the new API (take 3)
 2023-03-15 14:57:29 +01:00
Tony Torralba
3b4980ba2f org.kohsuke.stapler.model tests 2023-03-15 14:36:45 +01:00
Anders Schack-Mulligen
6408d7cbbe Java: Refactor RsaWithoutOaep. 2023-03-15 10:37:54 +01:00
Anders Schack-Mulligen
b3b5c2c767 Java: Refactor UnsafeContentUriResolution. 2023-03-15 10:32:58 +01:00
Anders Schack-Mulligen
4b814ec71c Java: Refactor SensitiveCommunication.ql. 2023-03-15 10:32:35 +01:00
Anders Schack-Mulligen
ca8e013618 Java: Refactor FragmentInjection. 2023-03-15 10:23:21 +01:00
Anders Schack-Mulligen
5bd530f570 Java: Refactor IntentUriPermissionManipulation. 2023-03-15 10:13:28 +01:00