Dave Bartolomeo
613ccaac1d
Add change note to all v1.0.0 packs
2024-05-23 13:01:22 -04:00
Arthur Baars
b2c64eabd4
Merge pull request #16572 from github/aibaars-patch-2
...
Java: include link to `remote source` in TrustBoundaryViolation.ql
2024-05-23 18:16:11 +02:00
Philip Ginsbach
4fbbda508b
Merge pull request #16580 from github/ginsbach/MonotonicAggregateModules
...
`monotonicAggregates` can apply to modules (see language spec)
2024-05-23 16:40:29 +01:00
Philip Ginsbach
1129df9cb7
'monotonicAggregates' can apply to modules (see language spec)
2024-05-23 16:20:54 +01:00
Tamas Vajk
5928ede324
C#: Fix integration test expected file
2024-05-23 16:47:35 +02:00
Michael Nebel
9cf0995720
Java: Update test expected output.
2024-05-23 16:33:04 +02:00
Michael Nebel
6f5bdfba65
Java: Do not lift neutrals and only generate for public endpoints.
2024-05-23 16:32:45 +02:00
Arthur Baars
b5b5fef642
Switch source and sink in TrustBoundaryViolation.ql
2024-05-23 15:53:12 +02:00
Arthur Baars
5c4eb3c943
Java: add change note
2024-05-23 13:06:01 +00:00
Michael Nebel
1e54422662
Java: Add neutral implementations.
2024-05-23 15:00:23 +02:00
Tamás Vajk
c0d623c056
Merge pull request #16567 from tamasvajk/refactor/static-extraction-state
...
C#: Refactor static compilation state
2024-05-23 14:49:33 +02:00
Anders Schack-Mulligen
4905612905
Merge pull request #16573 from aschackmull/java/dispatch-joinorder
...
Java: Fix join-order in viableImplInCallContext.
2024-05-23 14:48:25 +02:00
Arthur Baars
d540675b9e
Update TrustBoundaryViolation.ql
2024-05-23 12:04:47 +00:00
Tom Hvitved
e4cd9d86f6
Tree-sitter: Respect verbosity defined in CODEQL_VERBOSITY
2024-05-23 13:38:35 +02:00
Anders Schack-Mulligen
1bc3f6b0e7
Java: Add change note.
2024-05-23 13:03:06 +02:00
Tom Hvitved
a523be4d0a
Tree-sitter: Add set_tracing_level to shared extractor module
2024-05-23 12:58:53 +02:00
Anders Schack-Mulligen
bf3dbc24de
Java: Add support for flow through side-effects on static fields.
2024-05-23 12:57:57 +02:00
Anders Schack-Mulligen
619913b553
Merge pull request #16552 from aschackmull/java/no-source-dispatch-for-exact-mad
...
Java: Remove source dispatch when there's an exact match from a manual model.
2024-05-23 12:56:58 +02:00
Paolo Tranquilli
7da7416bcd
Merge pull request #16568 from github/redsun82/m1-opts
...
Swift: add flags and instructions for building on macOS ARM
2024-05-23 12:53:29 +02:00
Anders Schack-Mulligen
4b3e35ed52
Java: Fix join-order in viableImplInCallContext.
2024-05-23 12:49:57 +02:00
Owen Mansel-Chan
b2deea4606
Avoid duplicate additional flow steps in configs
...
`localTaintStep` includes a lot of steps which are already part of value
flow. Instead use `defaultAdditionalTaintStep`, which is just the extra
steps that are added for taint tracking.
2024-05-23 11:13:35 +01:00
Owen Mansel-Chan
7e5891b443
Remove unnecessary additional flow step
...
TaintTracking already adds taint steps for field reads
2024-05-23 11:08:29 +01:00
Owen Mansel-Chan
cf997fddf6
Trivial: improve parameter names
...
These names make more sense and match everywhere
else that this function signature is used.
2024-05-23 11:04:09 +01:00
Pierre
52a834dfa3
Add changelogs for 2.17.2 and 2.17.3
2024-05-23 11:26:16 +02:00
Anders Schack-Mulligen
70d3be0a3a
Java: Fix test.
2024-05-23 11:24:11 +02:00
Geoffrey White
1f13e462b1
Swift: Change note.
2024-05-23 10:14:59 +01:00
Geoffrey White
06dea2d27f
Swift: Use sensitive private info regex from the shared library, now that it has that.
2024-05-23 10:07:42 +01:00
Geoffrey White
0d4cd3e103
Swift: Add more sensitive data test cases.
2024-05-23 10:03:27 +01:00
Anders Schack-Mulligen
b519f13600
Java: Add change note.
2024-05-23 10:50:16 +02:00
Anders Schack-Mulligen
527dafa346
Java: Improve dispatch through TypeFlow of effectively private calls.
2024-05-23 10:50:16 +02:00
Anders Schack-Mulligen
f353065d26
Java: Allow overloading for exact model matches.
2024-05-23 10:50:01 +02:00
Anders Schack-Mulligen
0f864081cb
Java: Remove source dispatch when there's an exact match from a manual model.
2024-05-23 10:50:00 +02:00
Paolo Tranquilli
90a152a2bc
Swift: add flags and instructions for building on macOS ARM
2024-05-23 10:44:06 +02:00
Tamás Vajk
5cf7112d4c
Merge pull request #16541 from tamasvajk/buildless/use-nuget-config-fallback
...
C#: Use nuget feeds from nuget.config in fallback restore
2024-05-23 10:43:03 +02:00
Owen Mansel-Chan
4567b17a58
Merge pull request #16566 from github/workflow/coverage/update
...
Update CSV framework coverage reports
2024-05-23 09:42:51 +01:00
Cornelius Riemenschneider
303dc200c1
Add standalone dependency to autobuilder, following upstream changes.
2024-05-23 10:24:44 +02:00
Cornelius Riemenschneider
576ea325e8
Merge remote-tracking branch 'origin/main' into criemen/bazel-csharp
2024-05-23 10:21:19 +02:00
Tamas Vajk
7042f3222a
Code quality improvements
2024-05-23 09:49:09 +02:00
Tamas Vajk
c58971e632
C#: Refactor static compilation state
2024-05-23 09:47:49 +02:00
Tom Hvitved
11da42b049
Merge pull request #16134 from hvitved/csharp/autobuild-buildless-process-indirection
...
C#: Avoid process creation indirection in auto-builder
2024-05-23 09:25:58 +02:00
Tom Hvitved
f517c00658
Merge pull request #16559 from hvitved/csharp/callable-always-returns-true
...
C#: Simplify logic in `JsonWebTokenHandlerLib.qll`
2024-05-23 09:25:19 +02:00
Owen Mansel-Chan
0cc868c742
Merge branch 'main' into workflow/coverage/update
2024-05-23 07:49:02 +01:00
Tony Torralba
d202355b07
Merge pull request #16553 from atorralba/atorralba/java/xxe-qhelp-reword
...
Java: Reword recommendation section of XXE query
2024-05-23 08:48:29 +02:00
erik-krogh
c80f48b23a
Merge branch 'main' into amammad-js-CodeInjection_execa
2024-05-23 08:02:22 +02:00
github-actions[bot]
0f2d0c098f
Add changed framework coverage reports
2024-05-23 00:16:44 +00:00
Alvaro Muñoz
16a7522807
Improve Untrusted checkout queries
2024-05-22 23:24:17 +02:00
Joe Farebrother
2db1fbc713
Merge branch 'main' into python-flask-session-interface
2024-05-22 21:48:01 +01:00
Tom Hvitved
621de2b977
C#: Avoid process creation indirection in auto-builder
2024-05-22 20:05:16 +02:00
Dave Bartolomeo
ffe4c8c87b
Update all pack versions to 1.0.0
2024-05-22 13:39:08 -04:00
Alvaro Muñoz
33ae3b1625
minor updates
2024-05-22 18:53:39 +02:00
