hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
31,240 Commits 1,671 Branches 157 Tags
codeql-cli-2.7.6
Commit Graph

4152 Commits

Author SHA1 Message Date
github-actions[bot]
4ce8ccc52b Release preparation for version 2.7.6 2022-01-20 08:21:18 +00:00
github-actions[bot]
1dfcf427aa Release preparation for version 2.7.5 2022-01-04 14:44:56 +00:00
Anders Schack-Mulligen
6457f42497 Merge pull request #7500 from zbazztian/stringbuilder-reverse-taint 
Propagate taint through AbstractStringBuilder.reverse()
 2022-01-04 13:28:14 +01:00
Anders Schack-Mulligen
f8380dabe0 Update java/ql/lib/semmle/code/java/frameworks/Strings.qll 2022-01-04 11:47:26 +01:00
Dave Bartolomeo
ded3c52a34 Merge pull request #7407 from github/post-release-prep/codeql-cli-2.7.4 
Post-release preparation for codeql-cli-2.7.4
 2022-01-03 17:09:58 -05:00
github-actions[bot]
1334d207fa Post-release version bumps 2022-01-03 20:11:15 +00:00
Sebastian Bauersfeld
421bd1b970 Propagate taint through AbstractStringBuilder.reverse() and its overrides. 2022-01-03 10:38:27 +07:00
Tom Hvitved
27f786b41e Merge pull request #7442 from hvitved/ruby/dataflow/keyword-params 
Ruby: Data flow for keyword arguments/parameters
 2021-12-22 15:23:22 +01:00
Tom Hvitved
06575efce9 Data flow: Fix bad join-order 2021-12-20 15:44:16 +01:00
Nick Rolfe
f18492e39b Merge pull request #7443 from github/nickrolfe/behavior 
QL4QL: catch behaviour/behavior in ql/non-us-spelling
 2021-12-20 13:23:53 +00:00
Tom Hvitved
ed006d7283 Merge pull request #7231 from hvitved/csharp/dataflow/consistency-queries 
C#: Enable data-flow consistency queries
 2021-12-20 08:46:19 +01:00
Nick Rolfe
28912c508f Fix non-US spelling of 'behavior' 2021-12-17 15:29:31 +00:00
Tom Hvitved
e4d9f5f29e Fix QL doc 2021-12-17 13:14:11 +01:00
Tom Hvitved
ab2e0fdb18 Data flow: Sync files 2021-12-17 13:13:36 +01:00
Tony Torralba
6f2d91a8ad Sinks for CloseableThreadContext 2021-12-17 09:17:04 +01:00
Tony Torralba
7d6cba77a0 Add tests 2021-12-16 13:44:01 +01:00
Tony Torralba
2e0ca6ce2b Add stubs 2021-12-16 13:44:01 +01:00
Tony Torralba
7d70b77141 Add new sinks and taint steps 2021-12-16 13:43:58 +01:00
Tony Torralba
c1e4c05aa2 Update change note to new format 2021-12-15 13:08:34 +01:00
Tony Torralba
e2022f467c Update java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-12-15 13:00:16 +01:00
Tony Torralba
a3b25f0eb5 Don't consider subtypes of fields 2021-12-15 13:00:16 +01:00
Tony Torralba
47002a3bd7 Fix test 2021-12-15 13:00:16 +01:00
Tony Torralba
1426c5b406 Consider parameterized types 2021-12-15 13:00:16 +01:00
Tony Torralba
7ce9b04941 Add change note 2021-12-15 13:00:15 +01:00
Tony Torralba
5e80044f11 Preserve taint on field-read-steps on entrypoint types 2021-12-15 13:00:15 +01:00
github-actions[bot]
59da2cdf69 Release preparation for version 2.7.4 2021-12-14 21:35:09 +00:00
Dave Bartolomeo
fa40d59332 Move older change notes to old-change-notes 
Now that change notes are per-package, new change notes should be created in the `change-notes` folder under the affected pack (e.g., `cpp/ql/src/change-notes` for C++ query change notes. I've moved all of the change note files that were added before we started publishing them in packs to an `old-change-notes` directory under each language, to reduce the temptation to add new change notes there.

I'm working on a document to describe how and when to create change notes for packs separately.
 2021-12-14 12:35:04 -05:00
Dave Bartolomeo
a62f181d42 Move new change notes to appropriate packs 2021-12-14 12:05:15 -05:00
Tony Torralba
68a0efaf0c Formatting 2021-12-14 14:53:38 +01:00
Bas van Schaik
d85ed9ea7a Clarify Log4jJndiInjection.ql query help 2021-12-14 12:32:36 +00:00
Chris Smowton
85ff57bae6 Merge pull request #7354 from atorralba/atorralba/log4j-rce-experimental-query 
Java: Experimental query for Log4j JNDI Injection
 2021-12-14 11:32:13 +00:00
Tony Torralba
aee617f911 Autoformat 2021-12-14 08:40:30 +01:00
Tony Torralba
1b761b3d12 Apply suggestions from code review 2021-12-13 20:38:06 +01:00
Tony Torralba
ff2f5a5f91 Apply suggestions from code review 
Co-authored-by: Bas van Schaik <5082246+sj@users.noreply.github.com>
 2021-12-13 19:44:38 +01:00
Tony Torralba
d2dc19900f Apply suggestions from code review 
Co-authored-by: Bas van Schaik <5082246+sj@users.noreply.github.com>
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-12-13 19:39:52 +01:00
Andrew Eisenberg
0669ef505e Fix semver for upgrades references 
Ensure the version range is flexible enough to handle
future version changes.
 2021-12-13 09:03:33 -08:00
Andrew Eisenberg
66c1629974 Merge pull request #7285 from github/post-release-prep-2.7.3-ddd4ccbb 
Post-release preparation 2.7.3
 2021-12-10 09:59:45 -08:00
Tony Torralba
43a10457dd [Java] Query for Log4j JNDI Injection 2021-12-10 17:37:43 +01:00
github-actions[bot]
7e5bfa5aa0 Add changed framework coverage reports 2021-12-10 00:09:34 +00:00
Chris Smowton
753d886b0d Merge pull request #6319 from haby0/java/MyBatisSqlInjection 
[Java] CWE-089 MyBatis Mapper Sql Injection
 2021-12-09 19:57:18 +00:00
Chris Smowton
75f3ebf051 Fix OTHER XML tag 2021-12-09 17:55:03 +00:00
Chris Smowton
9f69c75c50 Fix XML tag 2021-12-09 17:44:49 +00:00
Chris Smowton
2cd70b96cd Fix doctype 2021-12-09 17:44:08 +00:00
Chris Smowton
470256da85 Copyedit 2021-12-09 15:10:07 +00:00
Chris Smowton
d0a19fffee Copyedit 2021-12-09 14:58:29 +00:00
Tony Torralba
38250b0821 Remove unnecessary implicit read step 2021-12-09 15:18:38 +01:00
Tony Torralba
522a4bb9fa Propagate extras through build methods 2021-12-09 14:56:52 +01:00
Tony Torralba
c0c40cc05b Remove synthetic fields 2021-12-09 13:34:41 +01:00
Tony Torralba
3a3c7fc59e Fix stub 2021-12-09 13:34:41 +01:00
Tony Torralba
f209ff4f76 Use synthetic fields to improve taint precision 2021-12-09 13:34:39 +01:00