codeql

mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00

Author	SHA1	Message	Date
github-actions[bot]	c79e8ab440	Add changed framework coverage reports	2022-01-12 00:10:48 +00:00
Andrew Eisenberg	07228672df	Merge branch 'main' into aeisenberg/remove-upgrades	2022-01-11 11:25:27 -08:00
Tony Torralba	7b0d9ea525	Merge pull request #7054 from atorralba/atorralba/promote-log-injection Java: Promote Log Injection from experimental	2022-01-11 17:26:18 +01:00
Tony Torralba	1030ff7063	Update java/ql/src/Security/CWE/CWE-117/LogInjection.ql	2022-01-11 16:25:32 +01:00
Tony Torralba	4aacba8594	Merge pull request #6468 from atorralba/atorralba/promote-cleartext-sharedprefs Java: Promote Cleartext storage of sensitive information using SharedPreferences from experimental	2022-01-11 16:23:53 +01:00
Tony Torralba	394c4a9ee0	Remove unused code	2022-01-11 14:50:48 +01:00
Anders Schack-Mulligen	fdb4851521	Java: A few perf fixes for getASupertype*().	2022-01-11 13:33:54 +01:00
Tony Torralba	50caf7d8dc	Move change note to new location and remove import Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2022-01-11 12:24:44 +01:00
Tony Torralba	b9e32208ee	Move change note to new location	2022-01-11 12:23:16 +01:00
Sebastian Bauersfeld	e2a9ced691	Java: Pass taint through Apache's StringEscapeUtils.escapeJson() method.	2022-01-11 15:49:44 +07:00
Sebastian Bauersfeld	f36ee95128	Java: Pass taint through Spring's AbstractMessageSource.getMessage() methods.	2022-01-11 15:48:29 +07:00
Chris Smowton	e352a4b994	Note that parameterizations of local classes are themselves local Previously `LocalClass` itself would match `.isLocal()` whereas `LocalClass<Param>` would not. Rather than require each individual user to check for `.getSourceDeclaration().isLocal()`, let's note that the specializations themselves are local.	2022-01-10 18:19:31 +00:00
Tony Torralba	fbebf5e953	Move change note to new location	2022-01-10 17:27:02 +01:00
Tony Torralba	0e738622df	Merge branch 'main' into atorralba/promote-log-injection	2022-01-10 17:24:25 +01:00
Tony Torralba	cc92ce2754	Fix QLDoc	2022-01-10 17:13:13 +01:00
Tony Torralba	e1e5e78464	Apply suggestions from code review - Update CleartextStorage library to latest refactor - Move change note to new location	2022-01-10 17:10:55 +01:00
Tony Torralba	d17e973b6b	Apply suggestions from code review Co-authored-by: Ethan Palm <56270045+ethanpalm@users.noreply.github.com>	2022-01-10 17:09:41 +01:00
Tony Torralba	ec8c234872	Fix predicate name	2022-01-10 17:09:41 +01:00
Tony Torralba	55dc783f28	Move from experimental and refactor	2022-01-10 17:09:37 +01:00
Anders Schack-Mulligen	f590d2566e	DataFlow: Fix test.	2022-01-10 11:25:52 +01:00
Anders Schack-Mulligen	ef714f7328	Dataflow: Sync	2022-01-05 14:25:35 +01:00
Anders Schack-Mulligen	6b6a9df0eb	Dataflow: Remove abstract class	2022-01-05 14:13:26 +01:00
Henry Mercer	19933262c4	Java: Fix copy/paste error in existing queries Co-authored-by: yo-h <55373593+yo-h@users.noreply.github.com>	2022-01-05 10:50:22 +00:00
github-actions[bot]	0aa1152899	Add changed framework coverage reports	2022-01-05 00:10:19 +00:00
Dave Bartolomeo	83ceb822aa	Move upgrades into standard library packs Move upgrade to new location Remove incorrectly merged files Fix upgrades section	2022-01-04 11:30:25 -08:00
github-actions[bot]	1dfcf427aa	Release preparation for version 2.7.5	2022-01-04 14:44:56 +00:00
Anders Schack-Mulligen	6457f42497	Merge pull request #7500 from zbazztian/stringbuilder-reverse-taint Propagate taint through AbstractStringBuilder.reverse()	2022-01-04 13:28:14 +01:00
Anders Schack-Mulligen	f8380dabe0	Update java/ql/lib/semmle/code/java/frameworks/Strings.qll	2022-01-04 11:47:26 +01:00
Dave Bartolomeo	ded3c52a34	Merge pull request #7407 from github/post-release-prep/codeql-cli-2.7.4 Post-release preparation for codeql-cli-2.7.4	2022-01-03 17:09:58 -05:00
github-actions[bot]	1334d207fa	Post-release version bumps	2022-01-03 20:11:15 +00:00
Sebastian Bauersfeld	421bd1b970	Propagate taint through AbstractStringBuilder.reverse() and its overrides.	2022-01-03 10:38:27 +07:00
Tom Hvitved	27f786b41e	Merge pull request #7442 from hvitved/ruby/dataflow/keyword-params Ruby: Data flow for keyword arguments/parameters	2021-12-22 15:23:22 +01:00
Tom Hvitved	06575efce9	Data flow: Fix bad join-order	2021-12-20 15:44:16 +01:00
Nick Rolfe	f18492e39b	Merge pull request #7443 from github/nickrolfe/behavior QL4QL: catch behaviour/behavior in ql/non-us-spelling	2021-12-20 13:23:53 +00:00
Tom Hvitved	ed006d7283	Merge pull request #7231 from hvitved/csharp/dataflow/consistency-queries C#: Enable data-flow consistency queries	2021-12-20 08:46:19 +01:00
Nick Rolfe	28912c508f	Fix non-US spelling of 'behavior'	2021-12-17 15:29:31 +00:00
Tom Hvitved	e4d9f5f29e	Fix QL doc	2021-12-17 13:14:11 +01:00
Tom Hvitved	ab2e0fdb18	Data flow: Sync files	2021-12-17 13:13:36 +01:00
Tony Torralba	6f2d91a8ad	Sinks for CloseableThreadContext	2021-12-17 09:17:04 +01:00
Tony Torralba	7d6cba77a0	Add tests	2021-12-16 13:44:01 +01:00
Tony Torralba	2e0ca6ce2b	Add stubs	2021-12-16 13:44:01 +01:00
Tony Torralba	7d70b77141	Add new sinks and taint steps	2021-12-16 13:43:58 +01:00
Henry Mercer	5696146179	Java: Convert telemetry queries to summary metrics Use the support for summary metrics with messages that'll be in the next version of the CodeQL CLI.	2021-12-15 17:59:01 +00:00
luchua-bc	29ce0e9ef1	Add sanitizer for virtual method calls	2021-12-15 16:19:50 +00:00
Tony Torralba	6dfe0ce7c5	Adapt chage note to new format	2021-12-15 16:57:20 +01:00
Tony Torralba	f0e9b768f2	Apply suggestions from code review Co-authored-by: Felicity Chapman <felicitymay@github.com>	2021-12-15 16:53:47 +01:00
Tony Torralba	65b6c16254	Fix stub after merge	2021-12-15 16:53:47 +01:00
Tony Torralba	6363ff3c08	QLDoc	2021-12-15 16:53:46 +01:00
Tony Torralba	7a1b854678	Add change note	2021-12-15 16:53:46 +01:00
Tony Torralba	85526d71da	Add Fragment injection in PreferenceActivity query	2021-12-15 16:53:46 +01:00

... 6 7 8 9 10 ...

4548 Commits