hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,161 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.6
Commit Graph

3229 Commits

Author SHA1 Message Date
Ed Minnix
c65d407937 Remove old DataFlow2 import 2023-10-16 10:30:00 -04:00
Tony Torralba
d08ee76b16 Java: Improve java/spring-disabled-csrf-protection 2023-10-16 16:01:14 +02:00
Ed Minnix
3356261031 Static IV refactor to MaD 2023-10-13 12:50:49 -04:00
Tony Torralba
0cea3f8531 Remove library annotations 2023-10-13 12:46:56 +02:00
Ed Minnix
4eeaf84133 Sync NumericCastTaintedQuery 2023-10-12 09:58:08 -04:00
Ed Minnix
ec84f072eb Sync ArithmeticTaintedLocalQuery 2023-10-12 09:58:08 -04:00
Ed Minnix
da933fb77a Sync ExternallyControlledFormatStringLocalQuery 2023-10-12 09:58:08 -04:00
Ed Minnix
f1886320e5 Sync ImproperValidationOfArrayIndexLocalQuery 2023-10-12 09:58:08 -04:00
Ed Minnix
69531b9f7c Sync ResponseSplittingLocalQuery 2023-10-12 09:58:08 -04:00
Ed Minnix
ef282955fd Sync SqlTaintedLocalQuery with SqlInjectionQuery 2023-10-12 09:58:08 -04:00
Ed Minnix
e4f567979a Sync XSS Local 2023-10-12 09:58:08 -04:00
Michael Nebel
5c44f8bbad Merge pull request #14370 from michaelnebel/java/enablethreatmodels 
Java: Enable threat models for most Java queries.
 2023-10-10 09:25:47 +02:00
Erik Krogh Kristensen
4489e2bf28 Merge pull request #14403 from erik-krogh/dDEps 
All: delete outdated deprecations
 2023-10-09 21:04:55 +02:00
Michael Nebel
cf3a62d201 Java: Address review comments. 2023-10-09 13:06:59 +02:00
Anders Schack-Mulligen
4a0ab4a050 Merge pull request #14402 from Marcono1234/marcono1234/MemberRefExpr-getReceiverExpr 
Java: Add predicate `MemberRefExpr::getReceiverExpr`
 2023-10-09 13:01:36 +02:00
erik-krogh
e3e8f3d7c4 Java: delete various outdated deprecations 2023-10-09 09:14:54 +02:00
erik-krogh
0d992a3d1f delete old deprecated aliases of various regex libraries 2023-10-09 09:14:54 +02:00
erik-krogh
4bc4e0845d delete the deprecated isBarrierGuard predicate from the shared dataflow library, and its uses 2023-10-07 21:48:49 +02:00
Marcono1234
f3e5045259 Java: Add predicate MemberRefExpr::getReceiverExpr 2023-10-07 14:53:07 +02:00
Marcono1234
2c0dcd3a2d Java: Adjust ClassInstanceExpr type argument predicates docs 
The type arguments which these predicates have as result are for the
type of the created instance.

Previously the documentation said "provided to the constructor", which
is misleading / incorrect. Type arguments provided to the constructor
are specified directly after the `new` keyword:
```
class C {
    <T> C() {
    }
}

new <String> C();
```

And those are not part of the results of these predicates.
 2023-10-07 03:43:58 +02:00
Michael Nebel
40e63a63e2 Java: Re-factor most queries and tests to use threat models. 2023-10-04 14:01:58 +02:00
Michael Nebel
f0fb065446 Java: Opt-in the SQL injection query to use threat model flow sources. 2023-10-04 10:51:07 +02:00
Michael Nebel
5fd6dc3b87 Java: Opt-in the XSS query to use threat model flow sources. 2023-10-04 10:48:09 +02:00
Edward Minnix III
a1d3667f1c Refactor Hudson file methods to MaD 2023-10-03 22:28:59 -04:00
Edward Minnix III
3a75c0fde7 Refactor DatabaseInput to MaD 2023-10-03 22:28:59 -04:00
Edward Minnix III
655470f3da Refactor EnvInput to MaD 2023-10-03 22:28:47 -04:00
Michael Nebel
fcbd301de8 Java: Address review comments. 2023-10-03 10:36:45 +02:00
Michael Nebel
5b949b19f7 Java: Cleanup threat model taxanomy to align with the EDR. 2023-10-03 09:16:39 +02:00
Michael Nebel
2055d5492c Java: Let RemoteFlowSource and LocalUserInput extends SourceNode and fine grain the LocalUserInput threat models. 2023-10-03 09:16:38 +02:00
Michael Nebel
9a112dde66 Java: Introduce a class of dataflow nodes for the threat modeling. 2023-10-03 09:16:38 +02:00
Anders Schack-Mulligen
efb49fcd3e Merge pull request #14336 from aschackmull/java/switch-rule-stmt-cfg 
Java: Fix CFG for case rule statements.
 2023-09-29 12:02:48 +02:00
Anders Schack-Mulligen
94556078f1 Java: Add guards logic for SwitchExpr default cases. 2023-09-28 14:21:04 +02:00
Anders Schack-Mulligen
917a15647e Java: Fix CFG for rule statements. 2023-09-28 14:19:36 +02:00
Asger F
0d96ed8aee Merge pull request #14305 from asgerf/shared/flow-state-inout-barriers 
Shared: add in/out barriers with flow state
 2023-09-28 11:07:23 +02:00
Anders Schack-Mulligen
5feb2f7622 Merge pull request #14321 from aschackmull/shared/filesystem 
All languages: Use shared FileSystem library and minor regex performance improvement.
 2023-09-28 10:51:05 +02:00
Koen Vlaswinkel
10231e99ce Merge pull request #14199 from github/koesie10/add-java-model-editor-queries 
Java: Add VS Code model editor queries
 2023-09-28 10:13:13 +02:00
Anders Schack-Mulligen
653844cc46 Java: Use shared FileSystem library. 2023-09-28 08:58:55 +02:00
Anders Schack-Mulligen
e6d832c7e5 Merge pull request #14297 from aschackmull/java/additional-steps-and-nodes 
Java: Add support for additional nodes, read steps, and store steps for QL models and model ThreadLocal.initialValue
 2023-09-26 14:50:37 +02:00
Anders Schack-Mulligen
06cb277eb0 Merge pull request #14299 from aschackmull/dataflow/more-defaults 
Dataflow: Make use of defaults for language-specific hooks.
 2023-09-25 11:19:44 +02:00
Asger F
d501856519 Update DataFlowImpl.qll copies 2023-09-25 10:05:29 +02:00
Tony Torralba
b1cee2f35c Merge pull request #14254 from atorralba/atorralba/arithexpr-improv 
Java: Consider AssignOps in ArithExpr
 2023-09-22 15:22:27 +02:00
Anders Schack-Mulligen
66da997b7b Dataflow: Make use of defaults for language-specific hooks. 2023-09-22 14:54:22 +02:00
Anders Schack-Mulligen
b11194e561 Java: Add missing qldoc. 2023-09-22 13:46:08 +02:00
Anders Schack-Mulligen
8ee1f8ae69 Java: Add missing flow step for ThreadLocal.initialValue. 2023-09-22 13:33:45 +02:00
Anders Schack-Mulligen
9f905497a5 Java: Add support for additional read and store steps and additional nodes. 2023-09-21 15:05:30 +02:00
Anders Schack-Mulligen
7e04ac55b7 Merge pull request #14268 from aschackmull/java/xmlparsers-typetrack 
Java/Dataflow: Add new light-weight data flow api and use it in XmlParsers
 2023-09-21 13:33:21 +02:00
Anders Schack-Mulligen
13f7daf71e Merge pull request #13982 from aschackmull/dataflow/typeflow-calledge-pruning 
Dataflow: Add type-based call-edge pruning.
 2023-09-21 13:33:08 +02:00
Anders Schack-Mulligen
5c40d553b4 Java: Switch XmlParsers lib to lightweight data flow. 2023-09-20 10:21:53 +02:00
Tony Torralba
1e95a5a38a Java: Consider AssignOps in ArithExpr 2023-09-19 12:15:59 +02:00
yoff
4a37c2fc3a Merge pull request #13778 from geoffw0/javaparsemode 
Java: Understand multiple parse mode flags specified in a regular expression string
 2023-09-18 14:22:59 +02:00