hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 08:43:11 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,879 Commits 1,670 Branches 157 Tags
main
Commit Graph

14067 Commits

Author SHA1 Message Date
idrissrio
fcc54c1470 Java: Add test for detecting --add-exports in poms 2025-11-12 08:39:36 +01:00
idrissrio
5247c88da1 Java: Add test for pom targeting Java 8 but rquiring Java 11 2025-11-12 08:39:35 +01:00
idrissrio
6b890eaf94 Java: Add test for multi-module projects with different Java versions 2025-11-12 08:39:34 +01:00
Napalys Klicius
d122534398 Merge pull request #20671 from github/napalys/adjust_query_severity 
Adjust query severity ratings
 2025-11-11 12:37:31 +01:00
Michael B. Gale
046db0419f Merge pull request #20758 from github/post-release-prep/codeql-cli-2.23.4 
Post-release preparation for codeql-cli-2.23.4
 2025-11-05 10:45:51 +00:00
Owen Mansel-Chan
85175f6d18 Merge pull request #20714 from owen-mc/java/pretty-print-models-quantum-nonce-reuse 
Java: Pretty print models in nonce reuse test in experimental/quantum
 2025-11-05 09:53:21 +00:00
github-actions[bot]
4014df9a6e Post-release preparation for codeql-cli-2.23.4 2025-11-04 17:57:52 +00:00
github-actions[bot]
64fcdd1f2f Release preparation for version 2.23.4 2025-11-03 14:52:23 +00:00
aegilops
d1eceee9d4 Fixed format/docs issues 2025-10-31 18:19:27 +00:00
aegilops
26087f6060 Added java-kotlin Sensitive Logging barriers (substrings) 2025-10-31 17:56:04 +00:00
Ian Lynagh
06218d8acd Kotlin: Add a test for recursive interfaces 2025-10-31 13:42:44 +00:00
Ian Lynagh
9182da1d58 Kotlin: Add a test for nested types 2025-10-31 13:42:44 +00:00
Ian Lynagh
1efecc099c Kotlin: Avoid infinite recursion when extracting recursive interfaces 2025-10-31 13:42:43 +00:00
Owen Mansel-Chan
7ad570b5f5 Pretty print models in test 
Otherwise the test output changes when unrelated models are added.
 2025-10-29 12:03:32 +00:00
yoff
4461be180a Merge pull request #19539 from yoff/java/conflicting-access 2025-10-28 20:37:44 +01:00
Nora Dimitrijević
a0975e7e19 Constrain location overrides to actual sources/sinks 2025-10-28 09:42:20 +01:00
Nora Dimitrijević
f24a6f64ab Java/WebviewDebugEnabledQuery 
java/ql/src/Security/CWE/CWE-489/WebviewDebuggingEnabled.ql
 2025-10-28 09:40:06 +01:00
Nora Dimitrijević
518c0818a4 Java/UnsafeDeserializationQuery 
java/ql/src/Security/CWE/CWE-502/UnsafeDeserialization.ql
 2025-10-28 09:40:03 +01:00
Nora Dimitrijević
4439322e88 Java/TempDirLocalInformationDisclosureQuery 
java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql
 2025-10-28 09:40:01 +01:00
Nora Dimitrijević
2a889f4f98 Java/TaintedPermissionsCheckQuery 
java/ql/src/Security/CWE/CWE-807/TaintedPermissionsCheck.ql
 2025-10-28 09:39:58 +01:00
Nora Dimitrijević
697f428eae Java/TaintedEnvironmentVariableQuery 
java/ql/src/Security/CWE/CWE-078/ExecTaintedEnvironment.ql
 2025-10-28 09:39:55 +01:00
Nora Dimitrijević
72a97773b1 Java/NumericCastTaintedQuery 
java/ql/src/Security/CWE/CWE-681/NumericCastTainted.ql
 2025-10-28 09:39:52 +01:00
Nora Dimitrijević
247ae1d23c Java/MaybeBrokenCryptoAlgorithmQuery 
java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql
 2025-10-28 09:39:50 +01:00
Nora Dimitrijević
eebff9c282 Java/ImproperValidationOfArrayConstructionFlow 
java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstruction.ql
 2025-10-28 09:39:47 +01:00
Nora Dimitrijević
9eeeec336e Java/ImproperValidationOfArrayConstructionCodeSpecifiedQuery 
java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstructionCodeSpecified.ql
 2025-10-28 09:39:45 +01:00
Nora Dimitrijević
dc1dff98b0 Java/ConditionalBypass 
java/ql/src/Security/CWE/CWE-807/ConditionalBypass.ql
 2025-10-28 09:39:42 +01:00
Nora Dimitrijević
4482e831d7 Java/CommandLineQuery 
85a4dd0325/java/ql/src/Security/CWE/CWE-078/ExecTainted.ql

857b51be58/java/ql/src/Security/CWE/CWE-078/ExecUnescaped.ql

b6e56f26c7/java/ql/src/experimental/Security/CWE/CWE-078/ExecTainted.ql
 2025-10-28 09:39:39 +01:00
Nora Dimitrijević
b023880a0a Java/BrokenCryptoAlgorithmQuery 
java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql
 2025-10-28 09:39:37 +01:00
Nora Dimitrijević
1129230e10 Java/ArithmeticUncontrolledQuery 
java/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql
 2025-10-28 09:39:34 +01:00
Nora Dimitrijević
a228936c63 Java/ArithmeticTainted 
java/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql
 2025-10-28 09:39:31 +01:00
Nora Dimitrijević
913550f408 Java/ArbitraryApkInstallationQuery 
java/ql/src/Security/CWE/CWE-094/ArbitraryApkInstallation.ql
 2025-10-28 09:39:29 +01:00
Alexander Eyers-Taylor
227e1fcbde Merge pull request #20598 from github/alexet/overlay-query-libraries 
Java: Make some query libraries local.
 2025-10-27 17:52:27 +00:00
Idriss Riouak
11a7d53002 Merge pull request #20657 from github/idrissrio/java-maven-fix 
Java: Add integration test to reproduce regression
 2025-10-27 15:09:41 +01:00
yoff
406e48b3bb java: fix aliasing FP 
reorganise code, adding `LockField`
 2025-10-27 14:30:25 +01:00
yoff
531b994819 java: add test for aliasing 
found by triage
 2025-10-27 14:27:32 +01:00
idrissrio
d473b36918 Java: Accept new test results after extractor changes 2025-10-27 14:26:48 +01:00
idrissrio
714b2ad565 Java: Add integration test for maven 2025-10-27 14:26:47 +01:00
Anders Schack-Mulligen
96fc1e889a Java: Accept .expected file. 2025-10-27 13:17:53 +01:00
Anders Schack-Mulligen
02a942554d Java: Remove old SSA consistency queries. 2025-10-27 12:55:43 +01:00
yoff
83508ba661 java: adjust qhelp and examples for SafePublication 2025-10-27 11:25:51 +01:00
Nicolas Will
d4787520fd Merge pull request #20690 from bdrodes/weak_symmetric_cipher_bug 
Crypto: Fix bug in weak symmetric cipher query
 2025-10-24 22:38:07 +02:00
Nicolas Will
e7bd435bee Merge pull request #20696 from bdrodes/bad_mac_decrypt_then_mac 
Crypto: Adding bad decrypt then mac order query.
 2025-10-24 22:07:26 +02:00
REDMOND\brodes
65d0ca9e53 Crypto: Simplifying expression for ql-for-ql alert. 2025-10-24 14:08:25 -04:00
REDMOND\brodes
0394816756 Crypto: typo fix 2025-10-24 14:06:52 -04:00
REDMOND\brodes
b20689fa46 Crypto: removing comments 2025-10-24 14:06:08 -04:00
REDMOND\brodes
0e624f51d5 Crypto: Adding bad decrypt then mac order query. Fixes to BadMacOrderMacOnEncryptPlaintext as well. 2025-10-24 12:44:28 -04:00
Tom Hvitved
32f21d6d49 Merge pull request #20688 from hvitved/java/request-forgery-matches-sanitizer 
Java: Treat `x.matches(regexp)` as a sanitizer for request forgery
 2025-10-24 14:34:32 +02:00
REDMOND\brodes
ed492c7d5a Crypto: Fixed bug in WeakSymmetricCipher.qll, forgot to not only filter if !=AES but the algorithm must still be a SymmetriCipher algorithm. 2025-10-24 08:16:22 -04:00
Tom Hvitved
a4eab484ce Address review comments 2025-10-24 13:32:39 +02:00
Tom Hvitved
ce379161fc Add change note 2025-10-24 09:34:11 +02:00