hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-18 21:27:08 +02:00
Code Issues Packages Projects Releases Wiki Activity
86,162 Commits 1,759 Branches 167 Tags
nicolaswill/micronaut
Commit Graph

4845 Commits

Author SHA1 Message Date
Nicolas Will
3869abebea Fix Micronaut ql-for-ql alerts 2026-02-27 17:24:02 +01:00
Nicolas Will
ededc8c676 Create 2026-02-27-micronaut.md 2026-02-27 17:22:06 +01:00
Nicolas Will
cf31af77c9 Add Micronaut framework support for Java QL 
Add CodeQL support for Micronaut: add MaD models for HTTP, HTTP client and multipart (sources, sinks and summary propagation), new framework QLL modules (Controller, WebSocket, Config, Data, Security). Add library tests and query tests exercising request inputs, file uploads, HttpClient sinks (SSRF), header sinks (response-splitting) and redirect sinks (open-redirect), plus expected results and extractor options. Include Micronaut 4.x stubs used by the tests.
 2026-02-27 17:17:07 +01:00
Owen Mansel-Chan
94e3d86f6a Merge pull request #21319 from owen-mc/java/javax-jakarta 
Java: Always use both "javax" and "jakarta" at the beginning of Jave EE packages
 2026-02-17 08:31:52 +00:00
github-actions[bot]
b5898c5a30 Post-release preparation for codeql-cli-2.24.2 2026-02-16 17:07:45 +00:00
github-actions[bot]
ef04f927fb Release preparation for version 2.24.2 2026-02-16 13:29:25 +00:00
Owen Mansel-Chan
597be6a1c0 Add change note 2026-02-16 12:01:15 +00:00
Owen Mansel-Chan
94f1d94a2b Rename MethodCall ma to mc 2026-02-16 12:01:14 +00:00
Owen Mansel-Chan
9fc95f5171 Expand log injection sanitizers to annotation regex matches 2026-02-16 12:01:13 +00:00
Owen Mansel-Chan
924bb92d91 Expand log injection sanitizer guards to non-annotation regex matches 2026-02-16 12:01:11 +00:00
Owen Mansel-Chan
60e58f8219 Refactor logInjectionGuard part 2 2026-02-16 12:01:10 +00:00
Owen Mansel-Chan
6c0c1d558e Refactor logInjectionGuard part 1 2026-02-16 12:01:08 +00:00
Owen Mansel-Chan
91c731f68d Fix new usage that was introduced 2026-02-16 11:03:27 +00:00
Owen Mansel-Chan
c4192b670b More copilot suggestions 2026-02-16 11:02:21 +00:00
Owen Mansel-Chan
53b8f2abb1 Apply copilot's fixes 2026-02-16 11:02:20 +00:00
Owen Mansel-Chan
178fbf9600 Add missing QLDoc 2026-02-16 11:02:19 +00:00
Owen Mansel-Chan
6da3a4557e Add change note 2026-02-16 11:02:17 +00:00
Owen Mansel-Chan
31840902cd Fix places which already dealt with both javax and jakarta 2026-02-16 11:02:16 +00:00
Owen Mansel-Chan
4b240ebf8a Define new predicate javaxOrJakarta() 2026-02-16 11:02:14 +00:00
Owen Mansel-Chan
a5e6f6daf9 Replace "javax" with javaxOrJakarta() 
This is just a find-replace of `"javax` with `javaxOrJakarta() + "`.
 2026-02-16 11:02:12 +00:00
Owen Mansel-Chan
47a9f87d9b Merge pull request #21310 from owen-mc/java/regex-execution 
Java: Add RegexMatch concept and recognise `@Pattern` annotation as sanitizer
 2026-02-16 09:11:47 +00:00
Owen Mansel-Chan
16ddb5658f Small refactor for stylistic consistency 2026-02-15 14:39:23 +00:00
Owen Mansel-Chan
d6b71a346e Extend RegexMatch framework to allow for MatcherMatchesCall edge case 2026-02-15 14:39:21 +00:00
Owen Mansel-Chan
8f8f4c2d52 Fix Matcher.matches edge case 2026-02-14 00:28:37 +00:00
Owen Mansel-Chan
2e0f244376 Improve QLDoc on RegexMatch.getName() 2026-02-13 22:55:01 +00:00
Owen Mansel-Chan
c7099584b4 Put imports implementing abstract classes in private module 2026-02-13 22:51:53 +00:00
Owen Mansel-Chan
3c161f9c93 Make contract of RegexMatch clear 2026-02-13 22:47:44 +00:00
Owen Mansel-Chan
1fefa989d7 Rename RegexMatch and only include expressions 2026-02-13 22:45:48 +00:00
Owen Mansel-Chan
953ff9f0d0 PatternAnnotation.getString() should only be field reads 2026-02-13 22:41:20 +00:00
Owen Mansel-Chan
106254b220 Improve QLDocs 2026-02-13 22:40:36 +00:00
Owen Mansel-Chan
5bdf550317 Fix QLDocs 2026-02-12 16:57:14 +00:00
Owen Mansel-Chan
c539c2f4fd Add change note 2026-02-12 16:57:12 +00:00
Owen Mansel-Chan
bfe26c1989 Add @Pattern as RegexExecution => SSRF sanitizer 2026-02-12 16:57:11 +00:00
Anders Schack-Mulligen
5c53677051 Java: Deprecate UnreachableBlocks. 2026-02-12 11:06:34 +01:00
Owen Mansel-Chan
6a8204d28c "dataflow" -> "data flow" in QLDoc 2026-02-11 13:41:14 +00:00
Owen Mansel-Chan
1ee5728311 Add missing QLDoc 2026-02-11 13:40:20 +00:00
Owen Mansel-Chan
a22fd39230 Use RegexExecution in sanitizer definitions (expands scope) 2026-02-11 13:09:48 +00:00
Owen Mansel-Chan
fa3fba4a00 Use new regex-related classes (no functional change) 2026-02-11 13:09:46 +00:00
Owen Mansel-Chan
44eeee5757 Add and improve classes for regex-related methods 2026-02-11 13:09:45 +00:00
Owen Mansel-Chan
e6dbd525c3 Add RegexExecution in Concepts.qll 2026-02-11 13:09:42 +00:00
Anders Schack-Mulligen
5116b0c1e5 Java: Add delayed deprecation annotation. 2026-02-10 14:02:48 +01:00
Anders Fugmann
c5179e40c6 Kotlin: Add change note for supporting 2.3.10 2026-02-06 14:59:34 +01:00
Anders Schack-Mulligen
29e01748b7 Merge pull request #21267 from aschackmull/java/rename-misc 
Java: Rename several AST predicates.
 2026-02-05 11:15:29 +01:00
Anders Schack-Mulligen
11003e685d Java: Fix qldoc 2026-02-05 10:37:19 +01:00
Anders Schack-Mulligen
32fe12a6dd Java: Delay deprecation a bit. 2026-02-05 08:51:27 +01:00
Anders Schack-Mulligen
2d02908e7f Java: Add change note. 2026-02-04 14:43:32 +01:00
Anders Schack-Mulligen
4fcf3fbff8 Java: Make loop classes extend LoopStmt and use getBody instead of getStmt. 2026-02-04 14:43:31 +01:00
Anders Schack-Mulligen
6f40ac15b4 Java: Rename ReturnStmt.getResult to getExpr. 2026-02-04 14:43:31 +01:00
Anders Schack-Mulligen
36fa0a22f9 Java: Rename getTrueExpr/getFalseExpr on ConditionalExpr to getThen/getElse. 2026-02-04 13:38:11 +01:00
Anders Schack-Mulligen
5e6e64b2b7 Java: Rename UnaryExpr.getExpr to getOperand. 2026-02-04 10:50:49 +01:00