hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 11:46:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,161 Commits 1,672 Branches 157 Tags
codeql-cli-2.23.6
Commit Graph

84161 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jami Cogswell
ed8da5e151 Java: convert tests to inline expectations 2025-07-17 19:22:08 -04:00
Jami Cogswell
fc930d9184 Java: update tests for non-experimental directory 2025-07-17 19:22:06 -04:00
Jami Cogswell
38260e76bf Java: remove deprecation 2025-07-17 19:22:05 -04:00
Jami Cogswell
0dbddbdf0f Java: remove experimental files 2025-07-17 19:22:03 -04:00
Jami Cogswell
a39cb40177 Java: copy out of experimental 2025-07-17 19:22:01 -04:00
Joe Farebrother
6d33a7ec70 Update test output 2025-07-17 22:25:18 +01:00
Joe Farebrother
f2dd96ecf4 Update python/ql/src/Exceptions/NotImplementedIsNotAnException.qhelp 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-07-17 22:08:01 +01:00
Joe Farebrother
57f1d07b2b Undo module deprecation (used by another quality query) 2025-07-17 21:54:55 +01:00
Nora Dimitrijević
05df1d3cb9 [DIFF-INFORMED] Java: AndroidWebViewSettingsAllowsContentAccess 2025-07-17 19:02:15 +02:00
Nora Dimitrijević
24c28ed873 [DIFF-INFORMED] Java: UnsafeCertTrust 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-273/UnsafeCertTrust.ql#L21
 2025-07-17 19:02:13 +02:00
Nora Dimitrijević
ea4af8323c [DIFF-INFORMED] Java: TrustBoundaryViolation 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-501/TrustBoundaryViolation.ql#L18
 2025-07-17 19:02:09 +02:00
Nora Dimitrijević
7888dcbce2 [DIFF-INFORMED] Java: TempDirLocalInformationDisclosure 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql#L56
 2025-07-17 19:02:07 +02:00
Nora Dimitrijević
3785dbec9e [DIFF-INFORMED] Java: TaintedEnvironmentVariable 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-078/ExecTaintedEnvironment.ql#L22
 2025-07-17 19:02:05 +02:00
Nora Dimitrijević
b3b139bb02 [DIFF-INFORMED] Java: SqlConcatenated 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-089/SqlConcatenated.ql#L27
 2025-07-17 19:02:04 +02:00
Nora Dimitrijević
45b627df1d [DIFF-INFORMED] Java: SensitiveLogging 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-532/SensitiveInfoLog.ql#L20
 2025-07-17 19:02:02 +02:00
Nora Dimitrijević
bc0b383595 [DIFF-INFORMED] Java: MaybeBrokenCryptoAlgorithm 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql#L25
 2025-07-17 19:02:00 +02:00
Nora Dimitrijević
b688df9dec [DIFF-INFORMED] Java: LogInjection 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-117/LogInjection.ql#L20
 2025-07-17 19:01:58 +02:00
Nora Dimitrijević
2d734056b1 [DIFF-INFORMED] Java: InsecureLdapAuth 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-522/InsecureLdapAuth.ql#L21
 2025-07-17 19:01:56 +02:00
Nora Dimitrijević
74b37e71a0 [DIFF-INFORMED] Java: InsecureCookie 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql#L21
 2025-07-17 19:01:52 +02:00
Nora Dimitrijević
19e5c3d805 [DIFF-INFORMED] Java: ImproperValidationOfArray… 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndexCodeSpecified.ql#L48
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstructionCodeSpecified.ql#L28
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstruction.ql#L26
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndex.ql#L24
 2025-07-17 19:01:50 +02:00
Nora Dimitrijević
919fea53f0 [DIFF-INFORMED] Java: ExternallyControlledFormatString 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql#L24
 2025-07-17 19:01:34 +02:00
Nora Dimitrijević
1c6ecf1216 [DIFF-INFORMED] Java: UntrustedDataToExternalAPI 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-020/UntrustedDataToExternalAPI.ql#L20
 2025-07-17 18:59:15 +02:00
Nora Dimitrijević
0cf1195678 [DIFF-INFORMED] Java: ConditionalBypass 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-807/ConditionalBypass.ql#L26
 2025-07-17 18:59:14 +02:00
Nora Dimitrijević
0bcdb421ed [DIFF-INFORMED] Java: ArithmeticUncontrolled 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql#L36
 2025-07-17 18:59:11 +02:00
Nora Dimitrijević
54546f6e99 [DIFF-INFORMED] Java: ArithmeticTainted 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql#L35
 2025-07-17 18:59:09 +02:00
Nora Dimitrijević
8353fdd041 [DIFF-INFORMED] Java: (Android)SensitiveCommunication 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-927/SensitiveCommunication.ql#L20
 2025-07-17 18:59:06 +02:00
Nora Dimitrijević
b33058c967 [TEST] Java: SensitiveCommunication: convert to qlref 2025-07-17 18:59:05 +02:00
Nora Dimitrijević
44bb5e7220 [TEST] Java: ConditionalBypass: convert to qlref 2025-07-17 18:59:03 +02:00
Nora Dimitrijević
6134518d60 [TEST] Java: SensitiveLogInfo: convert to qlref 2025-07-17 18:59:01 +02:00
Nora Dimitrijević
94386f0550 [TEST] Java: TrustBoundaryViolations: convert test to qlref 2025-07-17 18:58:59 +02:00
Nora Dimitrijević
49e03b4dfd [TEST] Java: UnsafeCertTrust: convert test to qlref 2025-07-17 18:58:56 +02:00
Nora Dimitrijević
7aced48443 [TEST] Java: LogInjection: convert test to qlref 2025-07-17 18:58:54 +02:00
Nora Dimitrijević
5c2cf79785 [TEST] Java: CWE-020/ExternalAPI: new test based on qhelp 2025-07-17 18:58:52 +02:00
Geoffrey White
c2ddf25f11 Merge branch 'main' into constcrypto 2025-07-17 16:13:58 +01:00
Anders Schack-Mulligen
996de78a66 Java: Prune PathGraph for CsrfUnprotectedRequestType.ql 2025-07-17 15:06:38 +02:00
Anders Schack-Mulligen
1485d7072d Merge pull request #19885 from aschackmull/java/annotated-exit-cfg 
Java: Add AnnotatedExitNodes to the CFG.
 2025-07-17 15:02:24 +02:00
Nora Dimitrijević
4342b2b799 [DIFF-INFORMED] Swift: UnsafeWebViewFetch 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/swift/ql/src/queries/Security/CWE-079/UnsafeWebViewFetch.ql#L24
 2025-07-17 14:59:09 +02:00
Nora Dimitrijević
b1e723991e [DIFF-INFORMED] Swift: InsecureTLS 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/swift/ql/src/queries/Security/CWE-757/InsecureTLS.ql#L18
 2025-07-17 14:59:07 +02:00
Nora Dimitrijević
6dea73b081 [DIFF-INFORMED] Swift: CleartextStoragePreferences 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/swift/ql/src/queries/Security/CWE-312/CleartextStoragePreferences.ql#L32
 2025-07-17 14:59:05 +02:00
Nora Dimitrijević
cd3fa64ee3 [DIFF-INFORMED] Swift: CleartextStorageDatabase 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/swift/ql/src/queries/Security/CWE-311/CleartextStorageDatabase.ql#L33
 2025-07-17 14:59:03 +02:00
Michael Nebel
2f29459cda Merge pull request #19931 from michaelnebel/ql4ql/qualitytagcheck 
Ql4ql: Quality query tagging.
 2025-07-17 14:53:14 +02:00
Idriss Riouak
36ebe99f2f Merge pull request #19707 from microsoft/lwsimpkins/fix-qhelp-upstream 
fix qhelp files
 2025-07-17 14:51:01 +02:00
Nora Dimitrijević
4b6135c0f7 [DIFF-INFORMED] Ruby: MissingFullAnchor 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/ruby/ql/src/queries/security/cwe-020/MissingFullAnchor.ql#L18
 2025-07-17 14:44:02 +02:00
Owen Mansel-Chan
af977e9ac7 Merge pull request #20067 from owen-mc/java/unsafe-deserialization-mad-sinks 
Java: allow the definition of `java/unsafe-deserialization` sinks using data extensions
 2025-07-17 13:42:31 +01:00
Nora Dimitrijević
20030d56a5 [DIFF-INFORMED] Python: (Possible)TimingAttackAgainstHash 2025-07-17 14:40:31 +02:00
Nora Dimitrijević
9408a96ba5 [TEST] Python: TimingAttackAgainstHash: add qlref test to existing source (TODO: add source with true positive) 2025-07-17 14:40:29 +02:00
Kasper Svendsen
a807db52ad Merge pull request #19872 from github/kaspersv/overlay-java-enable 
Overlay: Enable overlay compilation for Java
 2025-07-17 14:38:17 +02:00
Geoffrey White
27bea33508 Rust: Accept consistency check change. 2025-07-17 12:44:31 +01:00
Jeroen Ketema
acc66c7b58 Merge pull request #19984 from jketema/jketema/sec-shared 
Make a proper shared library out of the concept related libraries
 2025-07-17 13:25:33 +02:00
Geoffrey White
69064b7f7f Rust: Update the model. 2025-07-17 12:20:34 +01:00