hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,531 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.7
Commit Graph

4687 Commits

Author SHA1 Message Date
Kasper Svendsen
dd8af3baf7 Overlay: Mark RefType.getAStrictAncestor overlay[caller?] 2025-07-03 12:23:20 +02:00
Kasper Svendsen
649091c0ed Fix java/local-temp-file-or-directory-information-disclosure overlay compilation regression 2025-07-03 10:47:33 +02:00
Asger F
4a2d795076 Shared: Make approximate location filtering the default behaviour 2025-07-02 14:41:02 +02:00
Asger F
82d190f4bf Java: use approximate related sink locations in polynomial redos 2025-07-02 14:40:56 +02:00
REDMOND\brodes
ff93045938 Crypto: remove JCA bad import. 2025-07-01 12:21:51 -04:00
REDMOND\brodes
88d36aa574 Crypto: Intermediate JCA updates to support new MAC model. Work in progress. 2025-07-01 12:19:15 -04:00
Kasper Svendsen
3d7343273e Merge pull request #19813 from github/kaspersv/overlay-java-discarding 
Overlay: Add manual Java overlay annotations & discard predicates
 2025-06-30 11:17:31 +02:00
Kasper Svendsen
c7194a4012 Overlay: Add missing QLDoc 2025-06-30 08:40:46 +02:00
Nicolas Will
38fdf7eea0 Merge pull request #19880 from bdrodes/operation_step_refactor 
Crypto: Refactor OpenSSL operation step data-flow logic
 2025-06-27 17:19:11 +02:00
Kasper Svendsen
e02affd327 Merge pull request #19901 from github/kaspersv/overlay-guards-inline 
Overlay: Add missing `overlay[caller?]` annotation
 2025-06-27 15:13:09 +02:00
Nicolas Will
976364fcaa Merge branch 'main' into operation_step_refactor 2025-06-27 12:05:14 +02:00
Kasper Svendsen
5096ce405f Overlay: Add missing overlay[caller?] annotation 2025-06-27 10:50:28 +02:00
Jonas Jensen
b446fe74c2 Merge pull request #19846 from jbj/diff-informed-CleartextStorageCookie 
Java: Diff-informed CleartextStorageCookie.ql
 2025-06-27 08:45:11 +02:00
Kasper Svendsen
e6ef6a3326 Merge branch 'main' into kaspersv/overlay-java-discarding 2025-06-27 08:28:34 +02:00
Kasper Svendsen
da1b99b921 Merge pull request #19779 from github/kaspersv/overlay-java-annotations 
Overlay: Add overlay annotations to Java & shared libraries
 2025-06-27 08:26:33 +02:00
REDMOND\brodes
0aee4f76f9 Crypto: Minor change to force CI/CD checks to restart, prior ql check failures do not make sense. 2025-06-26 16:35:01 -04:00
REDMOND\brodes
dc8d22a468 Crypto: Fix JCA to account for new key gen instance API in model.qll. 2025-06-26 15:48:10 -04:00
Nicolas Will
c54e68c855 Merge branch 'main' into pr/19880 2025-06-26 16:47:38 +02:00
Nicolas Will
652e7ba15b Merge branch 'main' into codescanning_fixes_cpp 2025-06-26 14:54:36 +02:00
Kasper Svendsen
9d2dd782d9 Merge remote-tracking branch 'github/main' into kaspersv/overlay-java-annotations 2025-06-26 13:18:25 +02:00
Anders Schack-Mulligen
321a4afd5c Merge pull request #19883 from aschackmull/java/fix-assert-cfg 
Java: Fix assert CFG by properly tagging the false successor.
 2025-06-26 11:43:27 +02:00
Kasper Svendsen
64f27e2adf Java: Add abstraction for discardable locatables 2025-06-26 11:35:37 +02:00
Anders Schack-Mulligen
c091fc585b Java: Account for AssertionError possibly not being extracted. 2025-06-26 11:03:59 +02:00
Anders Schack-Mulligen
f07d9dda39 Guards: Refactor EqualityTest interface. 2025-06-26 10:26:40 +02:00
Anders Schack-Mulligen
1d4c8197ec Java: Fix assert CFG by properly tagging the false successor. 2025-06-26 10:18:14 +02:00
Jonas Jensen
fc2b18ae8a Java: Diff-informed CleartextStorageCookie.ql 
This query shares implementation with several other queries about
cleartext storage, but it's the only one of them that's in the
code-scanning suite. The sharing mechanism remains the same as before,
but now each query has to override `getASelectedLocation` to become
diff-informed.

Two other data-flow configurations are used in this query, but they
can't easily be made diff-informed.
 2025-06-26 09:31:11 +02:00
Anders Schack-Mulligen
73810a6d85 Java: Fix perf issue. 2025-06-26 07:17:35 +02:00
Anders Schack-Mulligen
d4c897f8e2 Java: Fix perf issue. 2025-06-26 07:17:35 +02:00
Anders Schack-Mulligen
5c0dcd980d Java: Switch to the shared Guards library. 2025-06-26 07:17:34 +02:00
Anders Schack-Mulligen
cc13193cb6 Java: Replace some references to basicNullGuard. 2025-06-26 07:17:33 +02:00
Anders Schack-Mulligen
0607fefc57 Java: Refactor integerGuard. 2025-06-26 07:17:33 +02:00
Anders Schack-Mulligen
a2778eee75 Java: Refactor clearlyNotNullExpr into a base case that does not rely on SSA. 2025-06-26 07:17:32 +02:00
Anders Schack-Mulligen
994c1f6427 Java: Add hasInputFromBlock predicate in BaseSSA. 2025-06-26 07:17:28 +02:00
Nicolas Will
6571c11eb7 Merge branch 'main' into operation_step_refactor 2025-06-25 20:38:11 +02:00
Nicolas Will
8e6031df14 Crypto: Fix further acronym casing and remove unused field 2025-06-25 20:25:33 +02:00
Nicolas Will
14472bf744 Crypto: Refactor type name mapping and fix QL-for-QL alerts 2025-06-25 20:08:14 +02:00
REDMOND\brodes
8280cbcaa1 Crypto: Update JCA model to include new model.qll updates. 2025-06-25 13:55:47 -04:00
Nicolas Will
710e08088f Crypto: Refactor casing and documentation 2025-06-25 15:29:03 +02:00
Nora Dimitrijević
a49999dd5d PolynomialReDoS: disable diff-informed support 
This is because it was failing the diff-informed consistency check, and like other ReDoS queries (Python?) the query tries to be helpful by showing a substring of a regex, which has a `hasLocation(...)` (intensional) but no corresponding `getLocation()` (extensional). Until the location overrides get updated to support `hasLocation`-based locations, it's probably best to turn off diff-informed support.
 2025-06-24 16:42:41 +02:00
Nora Dimitrijević
b2cb585bf2 UnsafeDeserialization: add missing getASelectedSinkLocation override 
This fixes the failing diff-informed consistency check.
 2025-06-24 16:42:39 +02:00
github-actions[bot]
6972c7a872 Post-release preparation for codeql-cli-2.22.1 2025-06-24 12:55:14 +00:00
github-actions[bot]
3e074b2425 Release preparation for version 2.22.1 2025-06-24 08:55:31 +00:00
Kasper Svendsen
0ee6a78a4a Java: Allow methods with empty bodies for overlay 2025-06-24 10:38:07 +02:00
Kasper Svendsen
6e92d7e247 Java: Add entity discard predicates 2025-06-24 10:38:06 +02:00
Kasper Svendsen
81b677a2d9 rename overlay[caller] to overlay[caller?] 2025-06-24 10:25:07 +02:00
Kasper Svendsen
c207cfdeb7 Overlay: Add overlay annotations to Java & shared libraries 2025-06-24 10:25:06 +02:00
Nora Dimitrijević
f577c08f4d Merge pull request #19795 from d10c/d10c/java/diff-informed-2 
Java: mass enable diff-informed data flow + `none()` overrides
 2025-06-19 13:48:53 +02:00
Nora Dimitrijević
aa5dd7bb4e Java: mass enable diff-informed data flow + none() overrides 
An auto-generated patch that enables diff-informed data flow in the obvious cases.

Builds on github#18346 and github/codeql-patch#88
 2025-06-17 14:05:36 +02:00
REDMOND\brodes
2b6a8321fd Crypto: Update JCA model to account for Model.qll changes. 2025-06-16 12:53:48 -04:00
Anders Schack-Mulligen
6131c680f6 Update java/ql/lib/semmle/code/java/ControlFlowGraph.qll 
Co-authored-by: Tom Hvitved <hvitved@github.com>
 2025-06-13 14:07:46 +02:00