hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,540 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.8
Commit Graph

14033 Commits

Author SHA1 Message Date
Ana Scolari
b84f9d6c3c Update java/ql/src/change-notes/2025-06-10-reduce-precision-for-building-cmdline-with-string-concatenation.md 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2025-06-11 08:55:45 -07:00
Ana Scolari
f915984b01 Update java/ql/src/change-notes/2025-06-10-reduce-precision-for-building-cmdline-with-string-concatenation.md 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-06-11 08:55:34 -07:00
Anders Schack-Mulligen
f27e310ba3 Java: Adjust references. 2025-06-11 15:53:02 +02:00
Anders Schack-Mulligen
b3bb71f2e2 Java: Update the CFG for assert statements to make them proper guards. 2025-06-11 15:38:29 +02:00
Ana Scolari
510bbac0e4 Create 2025-06-10-reduce-precision-for-building-cmdline-with-string-concatenation.md 2025-06-10 16:17:32 -07:00
Ana Scolari
857b51be58 Update ExecUnescaped.ql - causing FPs with hard coded strings 
This query is generating False positives with hard coded strings declared within the function - issue reported by customer. We had a discussion on code_scanning channel on 6/5/25 and the team agreed upon reducing its precision to Medium.
 2025-06-10 16:06:22 -07:00
Lindsay Simpkins
f96a250ffc fix qhelp files 2025-06-09 18:37:16 -04:00
github-actions[bot]
21463a9653 Post-release preparation for codeql-cli-2.22.0 2025-06-09 18:50:20 +00:00
github-actions[bot]
88ba02edf8 Release preparation for version 2.22.0 2025-06-09 18:14:51 +00:00
Chad Bentz
371a50e6c4 Merge branch 'main' into cwe-134 2025-06-09 11:22:40 -04:00
Chuan-kai Lin
631502e129 Merge branch 'main' into cklin/rc-3.18-mergeback 2025-06-09 07:19:40 -07:00
Chad Bentz
53a6133e6f Add change-notes for csharp/java/swift 2025-06-06 12:23:59 -04:00
Chad Bentz
77e49f1f90 Merge branch 'main' into cwe-134 2025-06-06 11:16:10 -04:00
Nicolas Will
5a822462ad Merge branch 'main' into openssl_keyagreement_instances_and_consumers 2025-06-02 16:54:22 +02:00
REDMOND\brodes
f5d24c5a7b Crypto: Fix UnknownKeyAgreementType to OthernKeyAgreementType for JCA. 2025-06-02 10:11:53 -04:00
github-actions[bot]
d2c6875eac Post-release preparation for codeql-cli-2.21.4 2025-05-27 18:16:21 +00:00
github-actions[bot]
bfb91e95e3 Release preparation for version 2.21.4 2025-05-27 17:22:05 +00:00
Anders Schack-Mulligen
62000319fe Rangeanalysis: Simplify Guards integration. 2025-05-23 13:39:53 +02:00
Anders Schack-Mulligen
1d30103559 SSA: Distinguish between has and controls branch edge. 2025-05-23 09:56:22 +02:00
Owen Mansel-Chan
663c83d8c6 Merge pull request #19556 from owen-mc/java/pr/19512 
Java: Fix SpringRequestMappingMethod URL Extraction #2
 2025-05-22 15:08:31 +01:00
Owen Mansel-Chan
79453cc103 Add test showing correct usage 2025-05-22 14:30:32 +01:00
Owen Mansel-Chan
476ada13db Improve QLDoc for SpringRequestMappingMethod.getAValue 2025-05-22 14:22:28 +01:00
Owen Mansel-Chan
45475c5c1d Add change note 2025-05-22 12:29:31 +01:00
Owen Mansel-Chan
59d4f039d8 Deprecate SpringRequestMappingMethod.getValue (which didn't work) 2025-05-22 12:29:29 +01:00
Owen Mansel-Chan
708bbe391e Add test for SpringRequestMappingMethod.getAValue 2025-05-22 12:22:34 +01:00
Owen Mansel-Chan
775338ebdd Rename getArrayValue to getAValue 2025-05-22 12:21:20 +01:00
Nicolas Will
7ee1bd61fb Merge pull request #19541 from bdrodes/openssl_ec_key_gen 
Openssl ec key gen
 2025-05-21 16:13:05 +02:00
Anders Schack-Mulligen
00c7bc1e70 Merge pull request #19505 from aschackmull/java/basicblock 
Java: Use the shared BasicBlocks library.
 2025-05-21 13:37:19 +02:00
Michael Nebel
2952c0d2b4 Merge pull request #19507 from michaelnebel/removehardcodedpassword 
Exclude some queries from query suites by lowering their precision.
 2025-05-21 11:13:14 +02:00
Anders Schack-Mulligen
10efea1075 Java/Shared: Address review comments. 2025-05-21 09:01:47 +02:00
Anders Schack-Mulligen
3fde675d08 Java: Extend qldoc. 2025-05-21 09:01:47 +02:00
Anders Schack-Mulligen
a98d93b98b Java: Override dominates to reference the right type. 2025-05-21 09:01:46 +02:00
Anders Schack-Mulligen
6b830faa62 Java: Add change note. 2025-05-21 09:01:46 +02:00
Anders Schack-Mulligen
db01828717 Java: Deprecate redundant basic block predicates. 2025-05-21 09:01:46 +02:00
Anders Schack-Mulligen
f202586f5e Java: Use the shared BasicBlocks library. 2025-05-21 09:01:45 +02:00
REDMOND\brodes
b56472436e Crypto: Alterations to OpenSSL cipher algorithms to use new fixed keysize predicate. 2025-05-20 10:36:56 -04:00
Jon Janego
9d65b5f85c Merge pull request #19531 from github/changedocs-2.21.3 
Changenotes for 2.21.3
 2025-05-19 19:00:47 -05:00
Jon Janego
e5efe83243 Fixing upstream backticks around problematic characters so that the RST generator doesn't choke on asterisks 2025-05-19 17:03:23 -05:00
Jon Janego
b9841dccfb Fixing more upstream typos 2025-05-19 16:45:08 -05:00
Jon Janego
3bd2f85a8e Fixing some upstream typos etc 2025-05-19 16:33:45 -05:00
Chad Bentz
8a81aa1762 Set CWE-134 from 9.3 to 7.3 CVSS score for memory safe languages 
- Sync up to score given to javascript/ruby
 2025-05-19 14:43:08 -04:00
REDMOND\brodes
e7535b3eff Crypto: Updating JCA to use new key size predicate returning int for elliptic curve. 2025-05-19 13:09:33 -04:00
Michael Nebel
dabeddb62d Add change-notes. 2025-05-19 09:26:49 +02:00
Michael Nebel
530025b7ae Update integration tests expected output. 2025-05-19 09:26:47 +02:00
Michael Nebel
03ecd24469 Lower the precision of a range of harcoded password queries to remove them from query suites. 2025-05-19 09:26:45 +02:00
sentient0being
f575d2f941 get array string url 2025-05-17 19:40:41 +08:00
REDMOND\brodes
dbd66e64c6 Fixing bug in JCA cipher modeling. intermediate operations should not be key operations. 2025-05-16 11:23:42 -04:00
Chris Smowton
084222ec58 Inline version-specific override code where there is now only one version 2025-05-15 12:13:14 +01:00
Chris Smowton
79171a9232 Fold v_1_5_0 and v_1_5_20 files forwards into v_1_6_0, dropping any that are overridden 2025-05-15 11:39:26 +01:00
Mathias Vorreiter Pedersen
e903d76fa0 Merge pull request #19443 from MathiasVP/generate-more-value-preserving-summaries-2 
Shared: Generate more value-preserving flow summaries
 2025-05-14 09:12:28 +01:00