hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
31,412 Commits 1,671 Branches 157 Tags
henrymercer/codeql-worse-remove-code-to-features
Commit Graph

4180 Commits

Author SHA1 Message Date
Tamás Vajk
9065a7f320 Merge pull request #7573 from tamasvajk/fix/java-field-decl-tostr 
Java: Fix toString on field declarations with single field
 2022-01-12 13:03:16 +01:00
Tony Torralba
c2105e506b Added test cases 2022-01-12 11:06:58 +01:00
Alvaro Muñoz Sanchez
715d372572 Add models for AbstractStringBuilder.substring,subsequence,getChars 2022-01-12 10:54:27 +01:00
Tamas Vajk
b9e0310aa2 Java: Fix toString on field declarations with single field 2022-01-12 09:22:16 +01:00
github-actions[bot]
c79e8ab440 Add changed framework coverage reports 2022-01-12 00:10:48 +00:00
Andrew Eisenberg
07228672df Merge branch 'main' into aeisenberg/remove-upgrades 2022-01-11 11:25:27 -08:00
Tony Torralba
7b0d9ea525 Merge pull request #7054 from atorralba/atorralba/promote-log-injection 
Java: Promote Log Injection from experimental
 2022-01-11 17:26:18 +01:00
Tony Torralba
1030ff7063 Update java/ql/src/Security/CWE/CWE-117/LogInjection.ql 2022-01-11 16:25:32 +01:00
Tony Torralba
4aacba8594 Merge pull request #6468 from atorralba/atorralba/promote-cleartext-sharedprefs 
Java: Promote Cleartext storage of sensitive information using SharedPreferences from experimental
 2022-01-11 16:23:53 +01:00
Tony Torralba
394c4a9ee0 Remove unused code 2022-01-11 14:50:48 +01:00
Tony Torralba
50caf7d8dc Move change note to new location and remove import 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2022-01-11 12:24:44 +01:00
Tony Torralba
b9e32208ee Move change note to new location 2022-01-11 12:23:16 +01:00
Chris Smowton
e352a4b994 Note that parameterizations of local classes are themselves local 
Previously `LocalClass` itself would match `.isLocal()` whereas `LocalClass<Param>` would not. Rather than require each individual user to check for `.getSourceDeclaration().isLocal()`, let's note that the specializations themselves are local.
 2022-01-10 18:19:31 +00:00
Tony Torralba
fbebf5e953 Move change note to new location 2022-01-10 17:27:02 +01:00
Tony Torralba
0e738622df Merge branch 'main' into atorralba/promote-log-injection 2022-01-10 17:24:25 +01:00
Tony Torralba
cc92ce2754 Fix QLDoc 2022-01-10 17:13:13 +01:00
Tony Torralba
e1e5e78464 Apply suggestions from code review 
- Update CleartextStorage library to latest refactor
- Move change note to new location
 2022-01-10 17:10:55 +01:00
Tony Torralba
d17e973b6b Apply suggestions from code review 
Co-authored-by: Ethan Palm <56270045+ethanpalm@users.noreply.github.com>
 2022-01-10 17:09:41 +01:00
Tony Torralba
ec8c234872 Fix predicate name 2022-01-10 17:09:41 +01:00
Tony Torralba
55dc783f28 Move from experimental and refactor 2022-01-10 17:09:37 +01:00
github-actions[bot]
0aa1152899 Add changed framework coverage reports 2022-01-05 00:10:19 +00:00
Dave Bartolomeo
83ceb822aa Move upgrades into standard library packs 
Move upgrade to new location

Remove incorrectly merged files

Fix upgrades section
 2022-01-04 11:30:25 -08:00
Anders Schack-Mulligen
6457f42497 Merge pull request #7500 from zbazztian/stringbuilder-reverse-taint 
Propagate taint through AbstractStringBuilder.reverse()
 2022-01-04 13:28:14 +01:00
Anders Schack-Mulligen
f8380dabe0 Update java/ql/lib/semmle/code/java/frameworks/Strings.qll 2022-01-04 11:47:26 +01:00
Dave Bartolomeo
ded3c52a34 Merge pull request #7407 from github/post-release-prep/codeql-cli-2.7.4 
Post-release preparation for codeql-cli-2.7.4
 2022-01-03 17:09:58 -05:00
github-actions[bot]
1334d207fa Post-release version bumps 2022-01-03 20:11:15 +00:00
Sebastian Bauersfeld
421bd1b970 Propagate taint through AbstractStringBuilder.reverse() and its overrides. 2022-01-03 10:38:27 +07:00
Tom Hvitved
27f786b41e Merge pull request #7442 from hvitved/ruby/dataflow/keyword-params 
Ruby: Data flow for keyword arguments/parameters
 2021-12-22 15:23:22 +01:00
Tom Hvitved
06575efce9 Data flow: Fix bad join-order 2021-12-20 15:44:16 +01:00
Nick Rolfe
f18492e39b Merge pull request #7443 from github/nickrolfe/behavior 
QL4QL: catch behaviour/behavior in ql/non-us-spelling
 2021-12-20 13:23:53 +00:00
Tom Hvitved
ed006d7283 Merge pull request #7231 from hvitved/csharp/dataflow/consistency-queries 
C#: Enable data-flow consistency queries
 2021-12-20 08:46:19 +01:00
Nick Rolfe
28912c508f Fix non-US spelling of 'behavior' 2021-12-17 15:29:31 +00:00
Tom Hvitved
e4d9f5f29e Fix QL doc 2021-12-17 13:14:11 +01:00
Tom Hvitved
ab2e0fdb18 Data flow: Sync files 2021-12-17 13:13:36 +01:00
Tony Torralba
6f2d91a8ad Sinks for CloseableThreadContext 2021-12-17 09:17:04 +01:00
Tony Torralba
7d6cba77a0 Add tests 2021-12-16 13:44:01 +01:00
Tony Torralba
2e0ca6ce2b Add stubs 2021-12-16 13:44:01 +01:00
Tony Torralba
7d70b77141 Add new sinks and taint steps 2021-12-16 13:43:58 +01:00
Tony Torralba
c1e4c05aa2 Update change note to new format 2021-12-15 13:08:34 +01:00
Tony Torralba
e2022f467c Update java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-12-15 13:00:16 +01:00
Tony Torralba
a3b25f0eb5 Don't consider subtypes of fields 2021-12-15 13:00:16 +01:00
Tony Torralba
47002a3bd7 Fix test 2021-12-15 13:00:16 +01:00
Tony Torralba
1426c5b406 Consider parameterized types 2021-12-15 13:00:16 +01:00
Tony Torralba
7ce9b04941 Add change note 2021-12-15 13:00:15 +01:00
Tony Torralba
5e80044f11 Preserve taint on field-read-steps on entrypoint types 2021-12-15 13:00:15 +01:00
github-actions[bot]
59da2cdf69 Release preparation for version 2.7.4 2021-12-14 21:35:09 +00:00
Dave Bartolomeo
fa40d59332 Move older change notes to old-change-notes 
Now that change notes are per-package, new change notes should be created in the `change-notes` folder under the affected pack (e.g., `cpp/ql/src/change-notes` for C++ query change notes. I've moved all of the change note files that were added before we started publishing them in packs to an `old-change-notes` directory under each language, to reduce the temptation to add new change notes there.

I'm working on a document to describe how and when to create change notes for packs separately.
 2021-12-14 12:35:04 -05:00
Dave Bartolomeo
a62f181d42 Move new change notes to appropriate packs 2021-12-14 12:05:15 -05:00
Tony Torralba
68a0efaf0c Formatting 2021-12-14 14:53:38 +01:00
Bas van Schaik
d85ed9ea7a Clarify Log4jJndiInjection.ql query help 2021-12-14 12:32:36 +00:00