hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,874 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.5
Commit Graph

5917 Commits

Author SHA1 Message Date
github-actions[bot]
e4be303a23 Release preparation for version 2.13.4 2023-06-08 19:57:37 +00:00
Stephan Brandauer
2921df41da Java: fix import 2023-06-07 15:22:59 +02:00
Stephan Brandauer
ec3a7e39ad Java: qldoc style 2023-06-07 14:57:38 +02:00
Stephan Brandauer
715b1351f3 Java: share considerSubtypes predicate between Java modes 2023-06-07 14:55:00 +02:00
Stephan Brandauer
7e77e2ea82 Java: comment why we're using erased types in MaD 2023-06-07 14:42:20 +02:00
Stephan Brandauer
a8799fe981 Java: share getCallable interface between automodel extraction modes 2023-06-07 14:38:52 +02:00
Tony Torralba
6d7234f8ed Merge pull request #13225 from atorralba/atorralba/java/path-injection-mad-sinks-2 
Java: Migrate path injection sinks to models-as-data (simplified)
 2023-06-07 14:27:36 +02:00
Stephan Brandauer
92ad02a752 Java: update getRelatedLocation qldoc 2023-06-07 14:09:07 +02:00
Stephan Brandauer
be6b1d8aaf Java: remove SkipFrameworkModeling characteristic in favour of later evaluation 2023-06-07 13:58:56 +02:00
Stephan Brandauer
2e16b71215 Java: update qldoc of ClassQualifierCharacteristic 2023-06-07 13:52:57 +02:00
Stephan Brandauer
1bfbfec1bc Java: use problem.severity in automodel extraction queries 2023-06-07 13:44:52 +02:00
Erik Krogh Kristensen
6ba7f9a238 Merge pull request #13352 from erik-krogh/once-again-deps-not-py-cpp 
delete old deprecations
 2023-06-07 13:00:57 +02:00
Ian Lynagh
f690d150b0 Merge pull request #13373 from igfoo/igfoo/kotlin-loc 
Java/Kotlin: Split lines of code by language
 2023-06-06 11:49:18 +01:00
Nick Rolfe
6c5c338e6b Merge pull request #13348 from github/nickrolfe/java-location-tostring 
Java: avoid call to `Location.toString()`
 2023-06-06 09:55:42 +01:00
Ian Lynagh
e49b278d61 Java/Kotlin: Add a changenote for the lines-of-code changes. 2023-06-05 16:33:12 +01:00
Ian Lynagh
a4a7ad8f99 Java/Kotlin: Split lines of code by language 
We were giving the sum of all lines for both languages, but labelling it
as "Total lines of Java code in the database", which was confusing.

Now we give separate sums for Kotlin and Java lines.
 2023-06-05 13:57:47 +01:00
erik-krogh
44b6366586 delete old deprecations 2023-06-02 11:58:08 +02:00
Tony Torralba
527fe523a8 Add PathCreation.qll sinks to models-as-data 
The old PathCreation sinks can't be removed because doing so would cause alert wobble in the path injection queries. See their getReportingNode predicates.
 2023-06-02 09:14:35 +02:00
Tony Torralba
c3b1ef2cdf Merge branch 'main' into atorralba/java/command-injection-mad-sinks 2023-06-02 08:57:24 +02:00
Jami
617107de35 Merge pull request #12916 from jcogs33/jcogs33/revamp-java-sink-kinds 
Java: revamp MaD sink kinds
 2023-06-01 12:48:30 -04:00
Nick Rolfe
7290e2bfd9 Java: avoid call to Location.toString() 2023-06-01 17:06:34 +01:00
Erik Krogh Kristensen
96a720cfa0 Merge pull request #13285 from erik-krogh/redoshelp 
ReDoS: fix whitespace in the samples in ReDoS.qhelp
 2023-06-01 15:53:58 +02:00
Jami Cogswell
5dbb698481 Java: update open/jdbc-url sink kinds to request-forgery 2023-05-31 15:50:31 -04:00
Jami Cogswell
cb10f4976b Java: update create/read-file sink kinds to path-injection 2023-05-31 15:49:07 -04:00
Jami Cogswell
eb1a8e2189 Java: update write-file sink kind to file-system-store 2023-05-31 15:49:07 -04:00
Jami Cogswell
430010daa3 Java: update logging sink kind to log-injection 2023-05-31 15:49:06 -04:00
Stephan Brandauer
5de56db3af Java: QlDoc for isKnownKind 2023-05-31 14:13:14 +02:00
Stephan Brandauer
03051dde7f Java: spelling 2023-05-31 14:13:14 +02:00
Taus
ea5c36491b Java: Improve documentation of sampling strategy 2023-05-31 11:39:54 +00:00
Stephan Brandauer
5a9d09c49e Java: docs update 
Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>
 2023-05-31 13:36:58 +02:00
Stephan Brandauer
12ea5e0e90 Java: fix sanitizer bug 2023-05-31 11:53:02 +02:00
Stephan Brandauer
86559317d7 Java: update comments 2023-05-31 11:52:26 +02:00
Stephan Brandauer
96bae2d5ec Java: avoid downcasting to DollarAtString 2023-05-31 10:41:52 +02:00
Arthur Baars
490d22d123 Merge remote-tracking branch 'upstream/main' into post-release-prep/codeql-cli-2.13.3 2023-05-30 21:31:28 +02:00
Andrew Eisenberg
6ba8f9eb36 Merge pull request #13314 from github/aeisenberg/adds-to-pack 
Fix `addsTo.pack` references
 2023-05-30 08:30:16 -07:00
Taus
73aa790cdd Java: Improve sampling strategy 
Instead of the "random" sampling used before (which could -- in rare circumstances -- end up sampling fewer points than we want) we now sample an equally distributed set of points.
 2023-05-30 11:22:26 +00:00
Stephan Brandauer
d4b964c849 add support for sanitizers 2023-05-30 10:25:52 +02:00
Andrew Eisenberg
2d81e30d81 Fix addsTo.pack references 
This change is a prerequisite for a CLI change where there will be
strict testing of the `addsTo.pack` values. It must resolve to a pack
reference that is a transitive dependency of the current query's pack.
 2023-05-29 13:45:41 -07:00
Tony Torralba
6386ef3b96 Further perf improvements 2023-05-29 09:58:52 +02:00
Taus
227c5fab40 Java: Get location ordering without toString 2023-05-26 14:52:08 +00:00
Stephan Brandauer
efe539eb32 Java: better sampling of negative examples 2023-05-26 14:15:32 +02:00
Stephan Brandauer
a89378d86d Java: add extra known frameworks and sample negative samples to manage sarif file sizes 2023-05-26 13:20:04 +02:00
Tony Torralba
4dfc9b13cd Java: Fix performance issue in the stub generator 2023-05-26 12:44:53 +02:00
Stephan Brandauer
5ca2221097 remove some of the biggest frameworks from application mode consideration 2023-05-25 17:06:02 +02:00
Stephan Brandauer
db77c6b9a3 Java: mark functional expressions as likely not sinks 2023-05-25 16:39:27 +02:00
Stephan Brandauer
76d731a61d improve CannotBeTaintedCharacteristic 2023-05-25 16:28:07 +02:00
Stephan Brandauer
9a041243ff Java: fine-tune characteristics 2023-05-25 14:16:32 +02:00
Stephan Brandauer
f224a40dec Java: use containing call as call context, not argument 2023-05-25 14:16:23 +02:00
Stephan Brandauer
33fdb0fc52 Java: remove superfluous characteristic 2023-05-25 14:16:23 +02:00
Taus
2000f22533 Java: Port over characteristics from codex branch 2023-05-25 14:16:23 +02:00