hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,275 Commits 1,672 Branches 157 Tags
tausbn/python-refine-location-of-flask-request-sources
Commit Graph

3153 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
f353065d26 Java: Allow overloading for exact model matches. 2024-05-23 10:50:01 +02:00
Anders Schack-Mulligen
0f864081cb Java: Remove source dispatch when there's an exact match from a manual model. 2024-05-23 10:50:00 +02:00
Anders Schack-Mulligen
d82acf5866 Java: Add simple type sanitization to java/zipslip. 2024-05-22 10:23:30 +02:00
Michael Nebel
b1329fd806 Merge pull request #16362 from michaelnebel/java/removelocalqueries 
Java: Remove local query variants.
 2024-05-16 14:34:04 +02:00
Anders Schack-Mulligen
76e740bc1d Java: Clean up some instances of getQualifiedName. 2024-05-13 13:06:44 +02:00
Michael Nebel
95ff5bae65 Merge pull request #16297 from michaelnebel/java/improveapitelemetry 
Java: Identify more APIs as supported in the telemetry queries.
 2024-05-03 12:34:19 +02:00
Michael Nebel
c07bf65eb6 Update java/ql/lib/semmle/code/java/dataflow/FlowSources.qll 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2024-05-03 11:13:05 +02:00
Michael Nebel
8def1c2c13 Java: Address review comments and some other code quality improvements. 2024-05-03 11:11:52 +02:00
Michael Nebel
58bbfe694f Java: Deprecate the content of ExecTaintedLocalQuery as this is unused. 2024-05-01 13:07:21 +02:00
Michael Nebel
d9c7401ea2 Java: Deprecate the local content of UrlRedirectLocalQuery and remove the local query variant. 2024-05-01 13:07:21 +02:00
Michael Nebel
ed7538d0b9 Java: Deprecate the local content of TaintedPathQuery and remove the local query variant. 2024-05-01 13:07:21 +02:00
Michael Nebel
5b89bd23c7 Java: Deprecate the content of SqlTaintedLocalQuery and remove the local query variant. 2024-05-01 13:07:21 +02:00
Michael Nebel
b68abab12a Java: Deprecate the content of ResponseSplittingLocalQuery and remove local query variant. 2024-05-01 13:07:21 +02:00
Michael Nebel
d05c5e3d94 Java: Deprecate the content of NumericCastTaintedLocalQuery, remove the local query variant and update the non-local query variant. 2024-05-01 13:07:21 +02:00
Michael Nebel
301a6cc191 Java: Deprecate the content of ImproperValidationOrArray and remove local query variants. 2024-05-01 13:07:21 +02:00
Michael Nebel
acd0fa4b7b Java: Deprecate the content of ExternallyControlledFormatStringLocalQuery and remove the externally controlled format string local query variant. 2024-05-01 13:07:21 +02:00
Michael Nebel
85a4dd0325 Java: Deprecate the local content of CommandLineQuery and remove the exec tainted local query variant. 2024-05-01 13:07:20 +02:00
Michael Nebel
072f19008a Java: Deprecate the content of ArithmeticTaintedLocalQuery and remove the arithmetic tainted local query variant. 2024-05-01 08:59:51 +02:00
Michael Nebel
93988e5834 Java: Deprecate the content of XxeLocalQuery and remove the Xxe local query variant. 2024-05-01 08:59:50 +02:00
Michael Nebel
e0c2a43780 Java: Deprecate the content of XssLocalQuery and remove the Xss local query variant. 2024-05-01 08:59:50 +02:00
Michael Nebel
f95b33049e Java: Improve the Api sources and sinks implementation. 2024-04-26 14:12:41 +02:00
Michael Nebel
9db32f4d26 Java: Identify more APIs as supported in the telemetry queries (as QL defined sinks). 2024-04-26 12:39:46 +02:00
Michael Nebel
acb2bbb2a3 Java: Identify more APIs as supported in the telemetry queries (as QL defined sources). 2024-04-26 12:39:46 +02:00
erik-krogh
fb376a1cfd revert the deletion of explorationLimit. It'll be deleted along with the entire class later 2024-04-25 22:31:11 +02:00
erik-krogh
baa31e1469 delete outdated deprecations 2024-04-25 22:19:28 +02:00
Anders Schack-Mulligen
b2f09949df Merge pull request #15599 from aschackmull/dataflow/fieldflowbranchlimit-v2 
Dataflow: update fieldFlowBranchLimit semantics
 2024-04-23 10:08:05 +02:00
Anders Schack-Mulligen
c45fd4080d Java: Fix join-order. 
The TC was being fully materialised but all we need is unary
reachability.
 2024-04-19 15:41:35 +02:00
Anders Schack-Mulligen
3c69f8f607 Java: Count second level scopes for fieldFlowBranchLimit. 2024-04-15 15:17:43 +02:00
Anders Schack-Mulligen
2f0987e980 Dataflow: Add dummy DataFlowSecondLevelScope implementations. 
These could be an empty type, but Unit was available and it probably
doesn't matter.
 2024-04-15 15:16:30 +02:00
Anders Schack-Mulligen
eafc0075fd Legacy dataflow: Sync. 2024-04-12 09:19:54 +02:00
Anders Schack-Mulligen
2925e45434 Java/Dataflow: Propagate MaD-id/model-id to PathGraph. 2024-04-12 09:19:51 +02:00
Mathias Vorreiter Pedersen
2256c4c008 Merge pull request #15728 from MathiasVP/shared-typeflow-library 
Java/Shared: Refactor `TypeFlow.qll` into a shared library
 2024-04-05 16:24:17 +01:00
Mathias Vorreiter Pedersen
1775bdee5f Java: Remove redundant qualifiers. 2024-04-05 12:52:04 +01:00
Mathias Vorreiter Pedersen
26cf8df8d6 Update java/ql/lib/semmle/code/java/dataflow/TypeFlow.qll 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2024-04-05 12:50:26 +01:00
Mathias Vorreiter Pedersen
3f63d3a865 Update java/ql/lib/semmle/code/java/dataflow/TypeFlow.qll 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2024-04-05 12:49:40 +01:00
Mathias Vorreiter Pedersen
1acbb84444 Shared/Java: Make the 'isNull' interface slightly prettier. 2024-04-05 11:58:43 +01:00
Tom Hvitved
1dc13cc169 Merge pull request #15923 from hvitved/shared-xml-impl 
Properly shared `XML.qll` implementation
 2024-04-03 11:39:50 +02:00
Jami
d889e3cf98 Merge pull request #14854 from jcogs33/jcogs33/unsafe-url-forward-promotion 
Java: Promote Unsafe URL Forward query from experimental
 2024-03-29 16:34:06 -04:00
Jami Cogswell
40c932a5f9 Java: move UrlForward.qll code to UrlForwardQuery.qll 2024-03-27 10:12:28 -04:00
Jami Cogswell
121b24ea7c Java: remove parentheses 2024-03-27 08:16:06 -04:00
Jami Cogswell
35fbc95cc7 Java: remove redundant line 2024-03-27 08:09:40 -04:00
Chris Smowton
dcebcc35b6 Rename getPatternAtIndex 2024-03-25 16:36:38 +00:00
Chris Smowton
17193ac11b Distinguish record patterns that do or don't declare identifiers 2024-03-25 16:31:40 +00:00
Chris Smowton
a4401963f5 Use getAPattern 2024-03-25 16:31:39 +00:00
Chris Smowton
5cb5ee026c Fix pretty-printing of anonymous vars and multiple patterns; add test 2024-03-25 16:31:38 +00:00
Chris Smowton
ee36e3b72b autoformat 2024-03-25 16:31:38 +00:00
Chris Smowton
403e86878c Don't mistake a rule case for a fall-through edge 2024-03-25 16:31:37 +00:00
Chris Smowton
c0874ab04b Fix pattern-case variable pretty-printer 2024-03-25 16:31:37 +00:00
Chris Smowton
f66811048d Fix next-normal-statement predicate 2024-03-25 16:31:37 +00:00
Chris Smowton
d5443b3f10 Remove dead code 2024-03-25 16:31:37 +00:00