hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,874 Commits 1,672 Branches 157 Tags
codeql-cli-2.23.5
Commit Graph

4641 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
d4e6e77200 Java: Refactor StackTraceExposure, XSS.qll 2023-03-07 10:38:00 +01:00
Mathias Vorreiter Pedersen
92ad099c1b DataFlow: Remove bindingsets, remove the call column, and swap parameter and argument columns. 2023-03-06 13:47:59 +00:00
Mathias Vorreiter Pedersen
3bf28cc752 DataFlow: Sync identical files. 2023-03-06 13:46:21 +00:00
Mathias Vorreiter Pedersen
4720e2a30a Java: Add stub. 2023-03-06 13:44:24 +00:00
Anders Schack-Mulligen
5c7f2ac7f7 Merge pull request #12186 from aschackmull/dataflow/refactor-configuration 
Data flow: Refactor configuration
 2023-03-06 13:38:59 +01:00
Anders Schack-Mulligen
557cb17f4d Dataflow: Minor perf fix for single config wrapper. 2023-03-06 10:24:33 +01:00
github-actions[bot]
af61b45785 Post-release preparation for codeql-cli-2.12.4 2023-03-04 14:16:55 +00:00
github-actions[bot]
462da63970 Release preparation for version 2.12.4 2023-03-03 14:11:51 +00:00
Anders Schack-Mulligen
0addcfa7c5 Dataflow: Fix some perf issues. 2023-03-03 11:45:32 +01:00
erik-krogh
a928f4c9ef add change-notes 2023-03-03 09:23:10 +01:00
erik-krogh
f96d6accbb delete old deprecations 2023-03-03 09:23:02 +01:00
Anders Schack-Mulligen
b34f99f716 Dataflow: Add change notes. 2023-03-02 16:01:29 +01:00
Tony Torralba
59bd1e5ab1 Merge pull request #12228 from github/java/mad-decls-triage-request-2276 
Java: Update MaD sink decls after triage
 2023-03-01 17:08:38 +01:00
Tony Torralba
0439eb640d Add tests 2023-03-01 09:49:28 +01:00
Edward Minnix III
7f607fb46b Merge pull request #12032 from egregius313/egregius313/promote-hardcoded-jwt-credential 
Java: Promote Hardcoded JWT credential query
 2023-02-27 11:33:53 -05:00
Tony Torralba
db6cb1ffe3 Remove dubious model after investigating it 2023-02-27 14:57:56 +01:00
Ed Minnix
4aec708fac Add change note 2023-02-27 12:16:14 +01:00
Ed Minnix
3ff1a97e38 Add byte[] signatures 2023-02-27 12:16:14 +01:00
Ed Minnix
fa6ac063d1 Add com.auth0.jwt.algorithm.Algorithm sinks 
The HMAC* constructors of the com.auth0.jwt.algorithm.Algorithm class
take a secret as a parameter. Therefore, the arguments should be added
to be checked for hardcoded credentials.
 2023-02-27 12:16:14 +01:00
Tony Torralba
4a9f63ea1a Fix toASCIIString casing 2023-02-27 09:32:42 +01:00
Alvaro Muñoz
f393a3c549 Add toExternalForm 2023-02-24 18:50:31 +01:00
Alvaro Muñoz
f1d765aa27 Missing taintstep for java.net.URL.toURI() 2023-02-24 18:45:52 +01:00
intrigus-lgtm
540d3a3a99 Fix grammar 2023-02-22 00:42:50 +01:00
Anders Schack-Mulligen
acf6a77c6b Dataflow: Amend qldoc 2023-02-21 10:20:42 +01:00
Anders Schack-Mulligen
00a273b959 Java: Refactor data flow library. 2023-02-21 10:04:14 +01:00
Stephan Brandauer
7714acea82 delete a model that should pbly be a summary step 2023-02-20 15:44:58 +01:00
Michael Nebel
813ffa440c Java: Consider ai-generated flow summaries to as generated summaries in dataflow. 2023-02-20 12:11:48 +01:00
Michael Nebel
54c0404110 Java: Allow ai-generated as a provenance value. 2023-02-20 11:47:09 +01:00
Stephan Brandauer
cf5a651b1f use provenance ai-generated for triage data and use the read-file MaD label 2023-02-20 11:33:18 +01:00
Stephan Brandauer
8d7031c166 Update Java MaD sink decls after triage 
Triage request: 2276
 2023-02-20 11:33:18 +01:00
Nick Rolfe
cef6765890 Merge pull request #12221 from github/post-release-prep/codeql-cli-2.12.3 
Post-release preparation for codeql-cli-2.12.3
 2023-02-17 17:59:45 +00:00
Nick Rolfe
3e5534f0ba Merge branch 'main' into post-release-prep/codeql-cli-2.12.3 2023-02-17 14:39:26 +00:00
Chris Smowton
6fc5bdd871 Announce JDK20 support 2023-02-17 08:15:33 +00:00
github-actions[bot]
8eb8daa4d4 Post-release preparation for codeql-cli-2.12.3 2023-02-16 17:23:25 +00:00
github-actions[bot]
b0315119c6 Release preparation for version 2.12.3 2023-02-16 11:49:06 +00:00
Chad Bentz
f3124d3239 Merge branch 'main' into main 2023-02-15 18:46:15 -05:00
Chad Bentz
2f1bd93a49 change-notes for this minorAnalysis lib change 2023-02-15 18:40:40 -05:00
Chris Smowton
62d10f91d8 Improve join ordering 2023-02-14 17:21:24 +00:00
Chris Smowton
d5f7ef08b7 Update stats 2023-02-14 17:21:24 +00:00
Chris Smowton
82a2f4349a Resolve a newly-introduced ambiguity 
Also fix a simple redundancy noticed while debugging
 2023-02-14 17:21:24 +00:00
Chris Smowton
f48d87ba55 Add deletions for removed tables 2023-02-14 17:21:24 +00:00
Chris Smowton
3514dd1e4d Java: merge the @class and @interface database types and tables 
This will allow the extractor to emit class(id, ...) when all it knows about a class is its name, due to not having it available on the classpath. Previously it would have had to guess whether it belonged to @class or @interface, possibly introducing an inconsistency.
 2023-02-14 17:21:23 +00:00
Jami
029e1d47fe Merge pull request #12081 from jcogs33/jcogs33/update-some-Files-sinks 
Java: update `createTempDirectory` and `copy` "create-file" sinks
 2023-02-14 10:53:17 -05:00
Anders Schack-Mulligen
0600a2ba96 Merge pull request #12138 from aschackmull/java/gen-file-mark-perf 
Java: Improve performance of GeneratedFileMarker.
 2023-02-14 09:57:09 +01:00
Tony Torralba
935e22d10d Merge pull request #12139 from atorralba/atorralba/java/xxe-local-query 
Java: Add local version of the XXE query
 2023-02-14 09:54:36 +01:00
Chad Bentz
cfe169a4f9 Adding MSSQL to SensitiveAPI 2023-02-13 19:42:28 -05:00
Tony Torralba
1c57aa0456 Fix import locations 2023-02-13 17:13:01 +01:00
Jami Cogswell
1c3d4b98c8 Java: move change note 2023-02-13 09:15:31 -05:00
Anders Schack-Mulligen
e877b161d8 Merge pull request #12124 from hvitved/dataflow/stage1-dispatch 
Data flow: Call context virtual dispatch pruning in stage 1
 2023-02-13 13:13:43 +01:00
Tony Torralba
4fad01a739 Further refactoring 
Avoid having two taint tracking configurations in the same file
 2023-02-13 09:18:05 +01:00