hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
81,482 Commits 1,671 Branches 157 Tags
move-cors-query-from-experimental2
Commit Graph

13522 Commits

Author SHA1 Message Date
github-actions[bot]
88ba02edf8 Release preparation for version 2.22.0 2025-06-09 18:14:51 +00:00
Chad Bentz
371a50e6c4 Merge branch 'main' into cwe-134 2025-06-09 11:22:40 -04:00
Chuan-kai Lin
631502e129 Merge branch 'main' into cklin/rc-3.18-mergeback 2025-06-09 07:19:40 -07:00
Chad Bentz
53a6133e6f Add change-notes for csharp/java/swift 2025-06-06 12:23:59 -04:00
Chad Bentz
77e49f1f90 Merge branch 'main' into cwe-134 2025-06-06 11:16:10 -04:00
Nicolas Will
5a822462ad Merge branch 'main' into openssl_keyagreement_instances_and_consumers 2025-06-02 16:54:22 +02:00
REDMOND\brodes
f5d24c5a7b Crypto: Fix UnknownKeyAgreementType to OthernKeyAgreementType for JCA. 2025-06-02 10:11:53 -04:00
github-actions[bot]
d2c6875eac Post-release preparation for codeql-cli-2.21.4 2025-05-27 18:16:21 +00:00
github-actions[bot]
bfb91e95e3 Release preparation for version 2.21.4 2025-05-27 17:22:05 +00:00
Anders Schack-Mulligen
62000319fe Rangeanalysis: Simplify Guards integration. 2025-05-23 13:39:53 +02:00
Anders Schack-Mulligen
1d30103559 SSA: Distinguish between has and controls branch edge. 2025-05-23 09:56:22 +02:00
Owen Mansel-Chan
663c83d8c6 Merge pull request #19556 from owen-mc/java/pr/19512 
Java: Fix SpringRequestMappingMethod URL Extraction #2
 2025-05-22 15:08:31 +01:00
Owen Mansel-Chan
79453cc103 Add test showing correct usage 2025-05-22 14:30:32 +01:00
Owen Mansel-Chan
476ada13db Improve QLDoc for SpringRequestMappingMethod.getAValue 2025-05-22 14:22:28 +01:00
Owen Mansel-Chan
45475c5c1d Add change note 2025-05-22 12:29:31 +01:00
Owen Mansel-Chan
59d4f039d8 Deprecate SpringRequestMappingMethod.getValue (which didn't work) 2025-05-22 12:29:29 +01:00
Owen Mansel-Chan
708bbe391e Add test for SpringRequestMappingMethod.getAValue 2025-05-22 12:22:34 +01:00
Owen Mansel-Chan
775338ebdd Rename getArrayValue to getAValue 2025-05-22 12:21:20 +01:00
Nicolas Will
7ee1bd61fb Merge pull request #19541 from bdrodes/openssl_ec_key_gen 
Openssl ec key gen
 2025-05-21 16:13:05 +02:00
Anders Schack-Mulligen
00c7bc1e70 Merge pull request #19505 from aschackmull/java/basicblock 
Java: Use the shared BasicBlocks library.
 2025-05-21 13:37:19 +02:00
Michael Nebel
2952c0d2b4 Merge pull request #19507 from michaelnebel/removehardcodedpassword 
Exclude some queries from query suites by lowering their precision.
 2025-05-21 11:13:14 +02:00
Anders Schack-Mulligen
10efea1075 Java/Shared: Address review comments. 2025-05-21 09:01:47 +02:00
Anders Schack-Mulligen
3fde675d08 Java: Extend qldoc. 2025-05-21 09:01:47 +02:00
Anders Schack-Mulligen
a98d93b98b Java: Override dominates to reference the right type. 2025-05-21 09:01:46 +02:00
Anders Schack-Mulligen
6b830faa62 Java: Add change note. 2025-05-21 09:01:46 +02:00
Anders Schack-Mulligen
db01828717 Java: Deprecate redundant basic block predicates. 2025-05-21 09:01:46 +02:00
Anders Schack-Mulligen
f202586f5e Java: Use the shared BasicBlocks library. 2025-05-21 09:01:45 +02:00
REDMOND\brodes
b56472436e Crypto: Alterations to OpenSSL cipher algorithms to use new fixed keysize predicate. 2025-05-20 10:36:56 -04:00
Jon Janego
9d65b5f85c Merge pull request #19531 from github/changedocs-2.21.3 
Changenotes for 2.21.3
 2025-05-19 19:00:47 -05:00
Jon Janego
e5efe83243 Fixing upstream backticks around problematic characters so that the RST generator doesn't choke on asterisks 2025-05-19 17:03:23 -05:00
Jon Janego
b9841dccfb Fixing more upstream typos 2025-05-19 16:45:08 -05:00
Jon Janego
3bd2f85a8e Fixing some upstream typos etc 2025-05-19 16:33:45 -05:00
Chad Bentz
8a81aa1762 Set CWE-134 from 9.3 to 7.3 CVSS score for memory safe languages 
- Sync up to score given to javascript/ruby
 2025-05-19 14:43:08 -04:00
REDMOND\brodes
e7535b3eff Crypto: Updating JCA to use new key size predicate returning int for elliptic curve. 2025-05-19 13:09:33 -04:00
Michael Nebel
dabeddb62d Add change-notes. 2025-05-19 09:26:49 +02:00
Michael Nebel
530025b7ae Update integration tests expected output. 2025-05-19 09:26:47 +02:00
Michael Nebel
03ecd24469 Lower the precision of a range of harcoded password queries to remove them from query suites. 2025-05-19 09:26:45 +02:00
sentient0being
f575d2f941 get array string url 2025-05-17 19:40:41 +08:00
REDMOND\brodes
dbd66e64c6 Fixing bug in JCA cipher modeling. intermediate operations should not be key operations. 2025-05-16 11:23:42 -04:00
Chris Smowton
084222ec58 Inline version-specific override code where there is now only one version 2025-05-15 12:13:14 +01:00
Chris Smowton
79171a9232 Fold v_1_5_0 and v_1_5_20 files forwards into v_1_6_0, dropping any that are overridden 2025-05-15 11:39:26 +01:00
Mathias Vorreiter Pedersen
e903d76fa0 Merge pull request #19443 from MathiasVP/generate-more-value-preserving-summaries-2 
Shared: Generate more value-preserving flow summaries
 2025-05-14 09:12:28 +01:00
github-actions[bot]
5f9dd75d7d Post-release preparation for codeql-cli-2.21.3 2025-05-13 21:49:43 +00:00
github-actions[bot]
2de4a01c86 Release preparation for version 2.21.3 2025-05-13 21:14:27 +00:00
Chris Smowton
fecad025de Fix handling of X/jvm-default intermediate modes such as 'compatibility', the new default as of 2.2.0 2025-05-13 18:10:21 +01:00
Chris Smowton
a2836f5aab Adjust integration test expectations 2025-05-13 14:42:19 +01:00
Chris Smowton
27222499d4 Update test expectation 2025-05-13 14:42:18 +01:00
Chris Smowton
fc1fd263df Fix plugin test to work with Kotlin 2.1.20 2025-05-13 14:42:17 +01:00
Chris Smowton
0d34837eaf Bump unit tests to use latest stable Kotlin 2025-05-13 14:42:16 +01:00
Chris Smowton
1afe67ab13 Accept Kotlin 2.1.20 test changes 
These are mainly small changes in how source-locations are ascribed to synthetic expressions, plus three real changes:

- The comment extractor is performing better presumably due to improvements in the underlying representation
- *= /= and %= operations are once again extracted correctly; presumably their origin information has been fixed
- Reference to a static final Java field can lead to more constant propagation than before

The last one might be a minor nuisance to someone trying to find references to such a field.
 2025-05-13 14:42:15 +01:00