hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,894 Commits 1,672 Branches 157 Tags
tausbn/python-add-support-for-template-string-literals
Commit Graph

4718 Commits

Author SHA1 Message Date
Edward Minnix III
8e653d01a8 Merge pull request #14127 from egregius313/egregius313/java/mad/localuserinput 
Java: Convert implementations of `LocalUserInput` to Models-as-Data
 2023-10-04 12:55:44 -04:00
Ed Minnix
e2a14c7616 Add note about results to change note 2023-10-04 11:08:40 -04:00
github-actions[bot]
9fe993bec3 Release preparation for version 2.15.0 2023-10-04 14:15:27 +00:00
Michael Nebel
40e63a63e2 Java: Re-factor most queries and tests to use threat models. 2023-10-04 14:01:58 +02:00
Michael Nebel
f0fb065446 Java: Opt-in the SQL injection query to use threat model flow sources. 2023-10-04 10:51:07 +02:00
Michael Nebel
5fd6dc3b87 Java: Opt-in the XSS query to use threat model flow sources. 2023-10-04 10:48:09 +02:00
Ed Minnix
581d410304 Add change note 2023-10-03 22:29:00 -04:00
Edward Minnix III
a1d3667f1c Refactor Hudson file methods to MaD 2023-10-03 22:28:59 -04:00
Edward Minnix III
3a75c0fde7 Refactor DatabaseInput to MaD 2023-10-03 22:28:59 -04:00
Edward Minnix III
655470f3da Refactor EnvInput to MaD 2023-10-03 22:28:47 -04:00
Henry Mercer
da92da2204 Bump minor versions of packs we regularly release 2023-10-03 16:31:23 +01:00
Henry Mercer
f3847b3f51 Merge branch 'main' into henrymercer/rc-3.11-mergeback 2023-10-03 16:30:23 +01:00
Michael Nebel
fcbd301de8 Java: Address review comments. 2023-10-03 10:36:45 +02:00
Michael Nebel
5b949b19f7 Java: Cleanup threat model taxanomy to align with the EDR. 2023-10-03 09:16:39 +02:00
Michael Nebel
2055d5492c Java: Let RemoteFlowSource and LocalUserInput extends SourceNode and fine grain the LocalUserInput threat models. 2023-10-03 09:16:38 +02:00
Michael Nebel
9a112dde66 Java: Introduce a class of dataflow nodes for the threat modeling. 2023-10-03 09:16:38 +02:00
Anders Schack-Mulligen
efb49fcd3e Merge pull request #14336 from aschackmull/java/switch-rule-stmt-cfg 
Java: Fix CFG for case rule statements.
 2023-09-29 12:02:48 +02:00
Anders Schack-Mulligen
15e1098791 Java: Add change note. 2023-09-28 14:28:24 +02:00
Anders Schack-Mulligen
94556078f1 Java: Add guards logic for SwitchExpr default cases. 2023-09-28 14:21:04 +02:00
Anders Schack-Mulligen
917a15647e Java: Fix CFG for rule statements. 2023-09-28 14:19:36 +02:00
Asger F
0d96ed8aee Merge pull request #14305 from asgerf/shared/flow-state-inout-barriers 
Shared: add in/out barriers with flow state
 2023-09-28 11:07:23 +02:00
Anders Schack-Mulligen
5feb2f7622 Merge pull request #14321 from aschackmull/shared/filesystem 
All languages: Use shared FileSystem library and minor regex performance improvement.
 2023-09-28 10:51:05 +02:00
Koen Vlaswinkel
10231e99ce Merge pull request #14199 from github/koesie10/add-java-model-editor-queries 
Java: Add VS Code model editor queries
 2023-09-28 10:13:13 +02:00
Anders Schack-Mulligen
653844cc46 Java: Use shared FileSystem library. 2023-09-28 08:58:55 +02:00
Anders Schack-Mulligen
e6d832c7e5 Merge pull request #14297 from aschackmull/java/additional-steps-and-nodes 
Java: Add support for additional nodes, read steps, and store steps for QL models and model ThreadLocal.initialValue
 2023-09-26 14:50:37 +02:00
Anders Schack-Mulligen
06cb277eb0 Merge pull request #14299 from aschackmull/dataflow/more-defaults 
Dataflow: Make use of defaults for language-specific hooks.
 2023-09-25 11:19:44 +02:00
Asger F
d501856519 Update DataFlowImpl.qll copies 2023-09-25 10:05:29 +02:00
Tony Torralba
b1cee2f35c Merge pull request #14254 from atorralba/atorralba/arithexpr-improv 
Java: Consider AssignOps in ArithExpr
 2023-09-22 15:22:27 +02:00
Anders Schack-Mulligen
66da997b7b Dataflow: Make use of defaults for language-specific hooks. 2023-09-22 14:54:22 +02:00
Anders Schack-Mulligen
b11194e561 Java: Add missing qldoc. 2023-09-22 13:46:08 +02:00
Anders Schack-Mulligen
8ee1f8ae69 Java: Add missing flow step for ThreadLocal.initialValue. 2023-09-22 13:33:45 +02:00
Anders Schack-Mulligen
9f905497a5 Java: Add support for additional read and store steps and additional nodes. 2023-09-21 15:05:30 +02:00
Anders Schack-Mulligen
7e04ac55b7 Merge pull request #14268 from aschackmull/java/xmlparsers-typetrack 
Java/Dataflow: Add new light-weight data flow api and use it in XmlParsers
 2023-09-21 13:33:21 +02:00
Anders Schack-Mulligen
13f7daf71e Merge pull request #13982 from aschackmull/dataflow/typeflow-calledge-pruning 
Dataflow: Add type-based call-edge pruning.
 2023-09-21 13:33:08 +02:00
github-actions[bot]
3acf5244b0 Post-release preparation for codeql-cli-2.14.6 2023-09-20 10:25:10 +00:00
Anders Schack-Mulligen
5c40d553b4 Java: Switch XmlParsers lib to lightweight data flow. 2023-09-20 10:21:53 +02:00
github-actions[bot]
0a3670727f Release preparation for version 2.14.6 2023-09-19 11:40:30 +00:00
Tony Torralba
1e95a5a38a Java: Consider AssignOps in ArithExpr 2023-09-19 12:15:59 +02:00
yoff
4a37c2fc3a Merge pull request #13778 from geoffw0/javaparsemode 
Java: Understand multiple parse mode flags specified in a regular expression string
 2023-09-18 14:22:59 +02:00
Tony Torralba
b08e410f45 Merge pull request #14029 from atorralba/atorralba/apache-cxf-models 
Java: Add new Apache CXF models
 2023-09-18 10:54:05 +02:00
Chris Smowton
e62fcf9a45 Fix formatting mistake 2023-09-15 12:37:34 +01:00
Chris Smowton
a1a7640427 Give ErrorExpr default control flow 
This prevents a CFG dead-end because of one ErrorExpr
 2023-09-14 17:42:00 +01:00
Chris Smowton
b1e128b5c1 Pretty-print a ClassInstanceExpr without a bound constructor nicely 2023-09-14 17:42:00 +01:00
Chris Smowton
c0f8973749 Add test for extracting a Java AST with an error expression 
Also note that ErrorExpr can occur outside upgrade/downgrade scripts
 2023-09-14 17:42:00 +01:00
Geoffrey White
1c81bd52e6 Java: Change note. 2023-09-13 17:51:26 +01:00
Geoffrey White
8c3e778be6 Java: Port regex mode flag character fix from Python. 2023-09-13 17:50:52 +01:00
Anders Schack-Mulligen
c8094d34a7 Dataflow: Add type-based call-edge pruning. 2023-09-13 15:43:45 +02:00
Anders Schack-Mulligen
300425540a Java: Minor improvement to TypeFlow for super accesses. 2023-09-13 15:43:45 +02:00
Anders Schack-Mulligen
a7b677ba40 Java: Bugfix for SuperAccess.isOwnInstanceAccess(). 2023-09-13 15:43:45 +02:00
Anders Schack-Mulligen
110a4c81e3 Java: Minor perf fix. 2023-09-13 15:43:45 +02:00