hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
79,003 Commits 1,671 Branches 157 Tags
ginsbach/NewOverlayLocalJavaRebase
Commit Graph

4305 Commits

Author SHA1 Message Date
Tony Torralba
5367fb99d9 Manually update a couple of models affected by the nested name change 2023-08-25 11:25:40 +02:00
Tony Torralba
25ac87279e Add change note 2023-08-25 11:17:54 +02:00
Tony Torralba
2448bc8ce2 Java: Add new Apache CXF models 2023-08-25 11:17:51 +02:00
Tony Torralba
2ed01d06b4 Java: Re-generate Jenkins and Stapler models 
Re-generated the Jenkins and Stapler models to pick up the changes from github/codeql#14032
 2023-08-25 10:01:28 +02:00
Ian Lynagh
5dff1852e1 Kotlin: We now support 1.9.10 2023-08-24 17:36:45 +01:00
Asger F
f17518ace2 Java: update to reflect changes in VariableCapture.qll 2023-08-24 14:06:44 +02:00
Anders Schack-Mulligen
7af1e96943 Merge pull request #14032 from aschackmull/java/mad-nestednames 
Java: Use nested names in MaD signatures.
 2023-08-24 13:53:55 +02:00
Tony Torralba
6b58d11eeb Merge pull request #13900 from atorralba/atorralba/java/jaxws-getaremotemethod-improv 
Java: Improve `JaxWsEndpoint::getARemoteMethod`
 2023-08-24 13:37:15 +02:00
Tony Torralba
8c32919381 Merge pull request #13903 from atorralba/atorralba/jaxrs-mad-models 
Java: New models for JAX-RS
 2023-08-24 11:43:13 +02:00
Tony Torralba
3f9701cea7 Two fixes: 
* Consider that the @WebService annotation (et al) can be in a supertype or interface

* getARemoteMethod should only return public methods, since protected, package-private, and private methods are not exposed
 2023-08-24 11:35:52 +02:00
Tony Torralba
0f3918af16 Merge pull request #13773 from atorralba/atorralba/java/mdht-xxe-sink 
Java: Add XXE sinks for MDHT
 2023-08-23 13:49:49 +02:00
Anders Schack-Mulligen
736c4beb9e Java: Add change note. 2023-08-23 13:26:41 +02:00
Anders Schack-Mulligen
6c02e30f56 Java: Update models. 2023-08-23 13:24:55 +02:00
Anders Schack-Mulligen
4b0a1cf74b Java: Remove old interpretation. 2023-08-23 13:19:16 +02:00
Anders Schack-Mulligen
410c09270f Java: Use nested names in MaD signatures. 2023-08-23 13:17:52 +02:00
Anders Schack-Mulligen
bdc5f9cdea Merge pull request #14012 from knewbury01/knewbury01/add-sanitizer-command-query 
Java: add sanitizer to command injection query
 2023-08-22 08:40:49 +02:00
Michael Nebel
ce6fd8ac5f Merge pull request #13432 from michaelnebel/updateissupported 
Java/C#: Update telemetry queries to report callables with sink/source neutrals as being supported.
 2023-08-22 08:39:38 +02:00
Kristen Newbury
5e01e1d464 Java: add sanitizer to command injection query 2023-08-21 12:33:05 -04:00
Jeroen Ketema
2d0f73d7c2 Merge pull request #13881 from jketema/shared-taint-tracking 
Introduce shared taint tracking library
 2023-08-21 12:45:49 +02:00
Jeroen Ketema
a2bb7dee18 Java: Delete copy of shared taint tracking library 2023-08-21 10:32:28 +02:00
Michael Nebel
106ba11e10 Address review comments. 2023-08-21 09:59:02 +02:00
Michael Nebel
d66fe08661 Add QLDoc for the getKind predicate. 2023-08-21 09:59:02 +02:00
Michael Nebel
5623ccf4a0 Java: Re-factor NeutralCallable to include all neutrals and introduce NeutralSummaryCallable. 2023-08-21 09:59:00 +02:00
github-actions[bot]
098dfb4242 Release preparation for version 2.14.3 2023-08-18 14:48:15 +00:00
Edward Minnix III
d109637e2d Merge pull request #13413 from egregius313/egregius313/trust-boundary 
Java: Trust Boundary Violation Query
 2023-08-18 10:33:32 -04:00
Erik Krogh Kristensen
08ef31d452 Merge pull request #13916 from erik-krogh/limit-java-field-reg 
Java: limit field flow when tracking regex strings
 2023-08-18 12:14:31 +02:00
Stephan Brandauer
480e3bf506 Java: update model exclusions logic to cope with new automodel test location 2023-08-18 10:28:51 +02:00
Ed Minnix
655a98452a Remove escapeHTML models 2023-08-17 13:05:37 -04:00
Ed Minnix
d468ea9e90 Add default sanitizers 2023-08-17 13:05:37 -04:00
Ed Minnix
a36c12ff1f Add trust-boundary-violation sink kind 2023-08-17 13:05:37 -04:00
Ed Minnix
60642c52aa Use non-extending subtype 2023-08-17 13:05:37 -04:00
Ed Minnix
e22a67e7fe Remove unnecessary methods 2023-08-17 13:05:37 -04:00
Ed Minnix
a3a4c31911 Replace servlet source node with RemoteFlowSource 2023-08-17 13:05:37 -04:00
Ed Minnix
172b8a6967 Documentation fixes 2023-08-17 13:05:37 -04:00
Ed Minnix
b567ec875a Documentation 2023-08-17 13:05:37 -04:00
Ed Minnix
55fae2daaa Added ESAPI sanitizer 2023-08-17 13:05:37 -04:00
Ed Minnix
f58590c6a9 Trust Boundary Work 2023-08-17 13:05:37 -04:00
Ed Minnix
ab9f0240d3 Add taint steps for HTML encoding methods 2023-08-17 13:05:36 -04:00
Ed Minnix
b9f2da7875 Comments and import fixes 2023-08-17 13:05:36 -04:00
Ed Minnix
a8b7e70d01 Convert trust boundary models to MaD 2023-08-17 13:05:36 -04:00
Ed Minnix
76438f13b6 Trust Boundary Query 2023-08-17 13:05:36 -04:00
Edward Minnix III
41a527cf72 Merge pull request #13934 from egregius313/egregius313/add-dashes-to-sha-algorithms 
Java: Add dashes to SHA algorithm names in `Encryption.qll`
 2023-08-17 13:03:15 -04:00
Anders Schack-Mulligen
e27aad9d6c Merge pull request #13987 from aschackmull/java/rangeanalysis-joinorder-fix 
Java: Join-order fix in RangeAnalysis.
 2023-08-17 14:47:26 +02:00
Anders Schack-Mulligen
f8a0b6cd22 Java: Add nomagic 2023-08-17 11:20:02 +02:00
Anders Schack-Mulligen
0afda68ba1 Java: Join-order fix in RangeAnalysis. 2023-08-17 11:07:24 +02:00
Jeroen Ketema
33e8310625 Merge branch 'main' into shared-taint-tracking 2023-08-17 00:14:25 +02:00
Ed Minnix
cafd08521e Add change note 2023-08-15 23:46:12 -04:00
Ed Minnix
7cfe78a52d Add dashes to SHA algorithm names in Encryption.qll 2023-08-15 23:42:17 -04:00
Michael Nebel
a95aad51bd Merge pull request #13546 from michaelnebel/java/withoutelement 
Java: Support for With[out]Element for MaD.
 2023-08-15 10:03:03 +02:00
Henry Mercer
1213eba630 Merge branch 'main' into post-release-prep/codeql-cli-2.14.2 2023-08-11 13:54:55 +01:00