hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,893 Commits 1,671 Branches 157 Tags
tausbn/python-add-support-for-template-string-literals
Commit Graph

4718 Commits

Author SHA1 Message Date
Nicolas Will
0354afc365 Make ArtifactConsumers instances of some Artifacts 
TODO: refactor the interfaces
 2025-02-27 15:54:38 +01:00
Nicolas Will
04f4683399 Rewrite handling of known unknowns and data-flow 2025-02-27 05:42:02 +01:00
Alex Eyers-Taylor
5e3ccc0cca Java: Simplify interpretOutput 2025-02-26 18:20:46 +00:00
Nicolas Will
f55f27b0d9 Expand handling of generic artifact sources 2025-02-25 18:22:38 +01:00
Anders Schack-Mulligen
994a8eea39 Merge pull request #18857 from aschackmull/ssa/refactor-df-integr 
Ssa: Refactor the data flow integration module
 2025-02-25 15:04:11 +01:00
Anders Schack-Mulligen
2c3b48946d Merge pull request #18824 from aschackmull/java/basessa 
Java: Switch BaseSSA to use shared SSA lib.
 2025-02-25 14:23:46 +01:00
Nicolas Will
eb91ecf1fb Add generic artifact data-flow 
The relation between RNG and other artifacts has been added
Nonce has been completed to report its source
 2025-02-25 02:53:13 +01:00
Owen Mansel-Chan
74a249597a Merge pull request #18607 from owen-mc/java/xss-content-type-sanitizer 
Java: Add XSS Sanitizer for `HttpServletResponse.setContentType` with safe values
 2025-02-24 23:39:18 +00:00
Jami Cogswell
6fe7c7a233 Java: some refactoring 2025-02-24 18:33:29 -05:00
Jami Cogswell
9e51b014d2 Java: handle example in Spring docs 2025-02-24 18:27:43 -05:00
Jami Cogswell
b2469ff8ba Java: add APIs and tests for more recent Spring versions: authorizeHttpRequests, AuthorizeHttpRequestsConfigurer, securityMatcher(s) 2025-02-24 18:26:02 -05:00
Jami Cogswell
8dfb920e05 Java: refactor QL, move code to libraries 2025-02-24 18:24:48 -05:00
Jami Cogswell
8064e8f1f9 Java: convert tests to inline expectations 2025-02-24 18:24:26 -05:00
Nicolas Will
2b0b927b0b Add Nonce association to Operation, update graph 2025-02-24 17:37:41 +01:00
Anders Schack-Mulligen
db7ec4a781 Java: Remove getDefinitionExt reference 2025-02-24 13:50:08 +01:00
REDMOND\brodes
86cab46b8d Misc. updates to support all JCA cipher operations, including wrap, unwrap and doFinal calls. Corrected pathing for init tracing to detect what mode is being set along a path. Added support for tracing the init operation mode argument to source. Since this involved creating an Operation Mode, changes were also made to make cipher block modes (CBC) more explicit (previously just called mode, but now that term is used for various purposes). 2025-02-21 12:53:35 -05:00
Anders Schack-Mulligen
6932e000c6 Java: Switch BaseSSA to use shared SSA lib. 2025-02-21 08:57:23 +01:00
Anders Schack-Mulligen
1c616d10d4 Merge pull request #18819 from aschackmull/ssa/refactor-phiread3 
Ssa: Refactor shared SSA in preparation for eliminating phi-read definitions
 2025-02-21 08:56:38 +01:00
REDMOND\brodes
9ac9252f75 Adding a todo 2025-02-20 11:11:41 -05:00
REDMOND\brodes
011ed3fbfd Simplifying additional flow step logic. 2025-02-20 11:10:24 -05:00
REDMOND\brodes
9ee4a7a7b8 Adding a sketch for a CipherOperation concept to model encryption/decryption operations. 2025-02-20 10:37:40 -05:00
Anders Schack-Mulligen
5379506464 Java: Use firstUse and adjacentUseUse predicates. 2025-02-19 16:17:22 +01:00
REDMOND\brodes
3871c6a33e Adding support for encryption operation detection. 2025-02-18 16:09:00 -05:00
Nicolas Will
8707e4d9a3 Continue Artifact data-flow WIP 2025-02-18 18:35:49 +01:00
Anders Schack-Mulligen
194afbb7f8 Java: Simplify SSA for variable capture. 2025-02-18 14:01:20 +01:00
Jami
d94dc5aa40 Merge pull request #18504 from jcogs33/jcogs33/java/file-constructor-path-sanitizer 
Java: `File` constructor path sanitizer
 2025-02-18 08:00:32 -05:00
Jami Cogswell
9bb5fe837d Java: address review comments 2025-02-17 15:47:45 -05:00
github-actions[bot]
ad24f94a77 Post-release preparation for codeql-cli-2.20.5 2025-02-17 17:58:24 +00:00
github-actions[bot]
6f4562f3bd Release preparation for version 2.20.5 2025-02-17 16:55:54 +00:00
Nicolas Will
df01fa7a9c Expand model and JCA modeling 2025-02-17 00:16:08 +01:00
Nicolas Will
b777a22d35 Expand model and specialize newtype relations 2025-02-14 23:43:07 +01:00
Jami Cogswell
2bb6a3914b Java: update tests 2025-02-14 15:16:08 -05:00
Jami Cogswell
c0ebeb9c7b Java: use AdditionalTaintStep 2025-02-14 13:52:43 -05:00
Nicolas Will
874e3b5e06 Modify model to use newtypes, expand modeling 2025-02-12 17:58:15 +01:00
Jami
2a8cc00284 Merge pull request #18288 from jcogs33/jcogs33/csrf-unprotected-request-type 
Java: add CSRF query
 2025-02-11 15:32:56 -05:00
Nicolas Will
4d44755945 Refactor Model and CBOM print queries 2025-02-11 15:37:15 +01:00
Jonas Jensen
76440120d1 Merge pull request #18737 from jbj/NumericCastTaintedQuery-selectedLocation 
Java: precise diff-informed NumericCastTainted
 2025-02-11 15:33:28 +01:00
Jonas Jensen
71c078dbdd Java: precise diff-informed NumericCastTainted 
It was discovered by the upcoming support for exact locations matching
in diff-informed testing that this data-flow configuration did not
correspond exactly to the query.
 2025-02-11 13:49:15 +01:00
Tom Hvitved
e5e88435bc Java: Remove ExitBasicBlock from SsaInput 2025-02-11 10:07:18 +01:00
Tom Hvitved
6fbb1e2571 Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2025-02-11 10:06:50 +01:00
Anders Schack-Mulligen
e955f58eb1 Java: Bugfix for samevar in useReaches. 2025-02-11 10:06:49 +01:00
Anders Schack-Mulligen
ed284353ef Java: Bugfix for qualifier-of-qualifier update in hasExplicitQualifierUpdate. 2025-02-11 10:06:47 +01:00
Anders Schack-Mulligen
284e48cfbe Java: Fixup private 2025-02-11 10:06:45 +01:00
Tom Hvitved
75137a0f4c Java: Adopt shared SSA library 2025-02-11 10:06:43 +01:00
Kristen Newbury
1a12fb3099 Update JCA model, refactor modes 2025-02-10 13:49:32 -05:00
Kristen Newbury
59208bdb85 Update JCA model to use shared lib 2025-02-10 12:22:22 -05:00
Kristen Newbury
6005437001 Update JCA model with flow to call as AESuse and format JCA model 2025-02-10 11:26:48 -05:00
Kristen Newbury
60d931af9f Update progress on JCA 2025-02-07 15:46:13 -05:00
Jami Cogswell
d21c8d789b Java: restrict sink to first arg of two-arg constructor call 2025-02-05 21:19:59 -05:00
Kristen Newbury
efcf7eab0c Add broken crypto query 2025-02-05 17:24:25 -05:00