hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
80,465 Commits 1,671 Branches 157 Tags
ginsbach/overlay-java-discarding
Commit Graph

13311 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
c6761db2fc SSA: Replace the Guards interface in the SSA data flow integration. 2025-03-05 13:29:31 +01:00
Lukas Abfalterer
41e9a837e5 Fix naming 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2025-03-05 12:50:54 +01:00
Anders Schack-Mulligen
709d36b502 Merge pull request #18869 from aschackmull/ssa/refactor3 
Ssa: Update qltests including consistency checks
 2025-03-05 11:40:27 +01:00
Lukas Abfalterer
c9b75afc2a Fix QLL and add change notes with tests 2025-03-05 10:23:35 +01:00
Jami Cogswell
82062e2847 Java: update test 2025-03-04 11:15:00 -05:00
Jami Cogswell
746f022cfa Java: add 'Spring' prefix to public class names 2025-03-04 10:34:16 -05:00
Anders Schack-Mulligen
9e03b12ba0 C#/Java/Ruby/Rust/SSA: Replace DefinitionExt with SourceVariable in data flow integration predicates. 2025-03-04 12:24:21 +01:00
REDMOND\brodes
8865d89fe9 Removing old ReusedNonce query. 2025-03-03 16:51:30 -05:00
REDMOND\brodes
2ee1681126 Adding a proof-of-concept PossibleReusedNonce query. 2025-03-03 15:09:27 -05:00
REDMOND\brodes
14cb2bb12f Updates to insecure or unknown nonce at operation. 2025-03-03 14:42:50 -05:00
REDMOND\brodes
076f53147d Proof-of-concept query for InsecureOrUnknownNonceAtOperation 2025-03-03 13:53:16 -05:00
github-actions[bot]
58f355ae5a Post-release preparation for codeql-cli-2.20.6 2025-03-03 18:18:15 +00:00
Nicolas Will
627790f98b Clean up consumer and instance interfaces 2025-03-03 19:06:53 +01:00
github-actions[bot]
fa850cccb1 Release preparation for version 2.20.6 2025-03-03 17:13:19 +00:00
Lukas Abfalterer
a3749530d6 The query should only report cases when the method is not empty. 2025-03-03 10:20:46 +01:00
Jami Cogswell
b0b95965f6 Java: add change note 2025-03-02 17:13:37 -05:00
Jami Cogswell
fbf7513f37 Java: handle lock state check stored in variable 2025-03-02 17:01:18 -05:00
Nicolas Will
cf33cf7653 Add input and output nodes and fix cross product 2025-02-28 15:21:46 +01:00
Chris Smowton
79e581f555 Change note 2025-02-28 11:23:10 +00:00
Chris Smowton
1577b40b45 Accept test changes 2025-02-28 11:23:07 +00:00
Chris Smowton
178e90c2f1 Update test expectations for JDK24 upgrade 2025-02-28 11:23:06 +00:00
Nicolas Will
0354afc365 Make ArtifactConsumers instances of some Artifacts 
TODO: refactor the interfaces
 2025-02-27 15:54:38 +01:00
Nicolas Will
04f4683399 Rewrite handling of known unknowns and data-flow 2025-02-27 05:42:02 +01:00
Alex Eyers-Taylor
5e3ccc0cca Java: Simplify interpretOutput 2025-02-26 18:20:46 +00:00
Nicolas Will
f55f27b0d9 Expand handling of generic artifact sources 2025-02-25 18:22:38 +01:00
Anders Schack-Mulligen
994a8eea39 Merge pull request #18857 from aschackmull/ssa/refactor-df-integr 
Ssa: Refactor the data flow integration module
 2025-02-25 15:04:11 +01:00
Anders Schack-Mulligen
2c3b48946d Merge pull request #18824 from aschackmull/java/basessa 
Java: Switch BaseSSA to use shared SSA lib.
 2025-02-25 14:23:46 +01:00
Jonas Jensen
2edc9af1e0 Merge pull request #18848 from jbj/StaticInitializationVector-postprocess 
Java: StaticInitializationVector with postprocess
 2025-02-25 12:44:16 +01:00
Nicolas Will
eb91ecf1fb Add generic artifact data-flow 
The relation between RNG and other artifacts has been added
Nonce has been completed to report its source
 2025-02-25 02:53:13 +01:00
Owen Mansel-Chan
74a249597a Merge pull request #18607 from owen-mc/java/xss-content-type-sanitizer 
Java: Add XSS Sanitizer for `HttpServletResponse.setContentType` with safe values
 2025-02-24 23:39:18 +00:00
Jami Cogswell
c2e859c756 Java: add change note 2025-02-24 18:33:45 -05:00
Jami Cogswell
26e396732a Java: edit qhelp 2025-02-24 18:33:43 -05:00
Jami Cogswell
53cb30dcd0 Java: update metadata, move from CWE-016 to CWE-200 2025-02-24 18:33:41 -05:00
Jami Cogswell
6fe7c7a233 Java: some refactoring 2025-02-24 18:33:29 -05:00
Jami Cogswell
f65a5b9a66 Java: add test for qhelp good example 2025-02-24 18:27:45 -05:00
Jami Cogswell
9e51b014d2 Java: handle example in Spring docs 2025-02-24 18:27:43 -05:00
Jami Cogswell
b2469ff8ba Java: add APIs and tests for more recent Spring versions: authorizeHttpRequests, AuthorizeHttpRequestsConfigurer, securityMatcher(s) 2025-02-24 18:26:02 -05:00
Jami Cogswell
8dfb920e05 Java: refactor QL, move code to libraries 2025-02-24 18:24:48 -05:00
Jami Cogswell
8064e8f1f9 Java: convert tests to inline expectations 2025-02-24 18:24:26 -05:00
Jami Cogswell
5e5bc2afe9 Java: remove experimental files 2025-02-24 18:24:19 -05:00
Jami Cogswell
089a491d5a Java: fix tests; update for non-experimental directory 2025-02-24 18:24:17 -05:00
Jami Cogswell
978834bd9c Java: remove deprecations 2025-02-24 18:24:14 -05:00
Jami Cogswell
2ce5920c5e Java: copy out of experimental 2025-02-24 18:24:12 -05:00
Nicolas Will
2b0b927b0b Add Nonce association to Operation, update graph 2025-02-24 17:37:41 +01:00
Anders Schack-Mulligen
db7ec4a781 Java: Remove getDefinitionExt reference 2025-02-24 13:50:08 +01:00
Jonas Jensen
11a0a9f8af Java: StaticInitializationVector with postprocess 
Use the new `postprocess` feature for the test of
`StaticInitializationVector.ql`. This makes it easier to modify and test
this query for diff-informed operation.
 2025-02-24 13:33:02 +01:00
REDMOND\brodes
86cab46b8d Misc. updates to support all JCA cipher operations, including wrap, unwrap and doFinal calls. Corrected pathing for init tracing to detect what mode is being set along a path. Added support for tracing the init operation mode argument to source. Since this involved creating an Operation Mode, changes were also made to make cipher block modes (CBC) more explicit (previously just called mode, but now that term is used for various purposes). 2025-02-21 12:53:35 -05:00
Chris Smowton
32e4c741cc Merge pull request #18554 from smowton/smowton/admin/test-gbk-xml-extraction 
Java: Add tests for XML and Java extraction with GBK charset
 2025-02-21 17:27:32 +00:00
Anders Schack-Mulligen
6932e000c6 Java: Switch BaseSSA to use shared SSA lib. 2025-02-21 08:57:23 +01:00
Anders Schack-Mulligen
1c616d10d4 Merge pull request #18819 from aschackmull/ssa/refactor-phiread3 
Ssa: Refactor shared SSA in preparation for eliminating phi-read definitions
 2025-02-21 08:56:38 +01:00