hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,275 Commits 1,671 Branches 157 Tags
tausbn/python-refine-location-of-flask-request-sources
Commit Graph

13656 Commits

Author SHA1 Message Date
Owen Mansel-Chan
b20b7c7572 Remove escaped "{" and "}" before counting placeholders 2024-12-05 10:43:13 +00:00
Anders Schack-Mulligen
4bf63fedc9 Merge pull request #18179 from aschackmull/dataflow/accesspath-notypes 
Dataflow: Remove tracked types from Access Paths, track tainted object type, and tweak type pruning.
 2024-12-05 09:58:36 +01:00
Jami Cogswell
121780c55a Java: add File.getName as a path injection sanitizer 2024-12-04 18:57:51 -05:00
github-actions[bot]
cf71a1525b Post-release preparation for codeql-cli-2.20.0 2024-12-04 18:36:17 +00:00
github-actions[bot]
96564b7128 Release preparation for version 2.20.0 2024-12-04 16:01:14 +00:00
Henry Mercer
963f084d87 Merge branch 'main' into henrymercer/merge-back-rc-3.16 2024-12-04 13:39:10 +00:00
Jeroen Ketema
10592bb1c4 Merge pull request #18192 from jketema/inline-rm 
Remove deprecated `InlineExpectationsTest` class-based API
 2024-12-04 11:34:39 +01:00
Anders Schack-Mulligen
03fdceb0fd Merge pull request #18191 from aschackmull/dataflow/remove-deprecated-lib 
Dataflow: Delete the old configuration-class based api.
 2024-12-04 11:31:46 +01:00
Owen Mansel-Chan
5351f5b69d Update wording of alert (accepting review suggestion) 
Co-authored-by: Chris Smowton <smowton@github.com>
 2024-12-04 10:31:14 +00:00
Anders Schack-Mulligen
5042753b29 C#/Java: Add change notes. 2024-12-04 10:20:43 +01:00
Owen Mansel-Chan
95116eec51 Update recommendations 2024-12-04 00:42:23 +00:00
Anders Schack-Mulligen
f38602e9fe Java: Update references to deleted aliases. 2024-12-03 20:08:45 +01:00
Anders Schack-Mulligen
b12a1c078c Java: Delete deprecated extension points referencing deleted api. 2024-12-03 20:08:44 +01:00
Anders Schack-Mulligen
cca27e4c77 Add change notes for all languages. 2024-12-03 19:42:33 +01:00
Jeroen Ketema
89d20fd086 Java: Update expected test results 2024-12-03 19:18:59 +01:00
Anders Schack-Mulligen
2c0baff76a Java: Delete deprecated data flow api. 2024-12-03 14:13:03 +01:00
Anders Schack-Mulligen
9734cff15b Java/C#: Update expected files. 2024-12-03 12:57:44 +01:00
Tom Hvitved
fbeb6f3940 Shared: Move shared logic into FlowSummaryImpl.qll 2024-12-03 09:11:11 +01:00
Owen Mansel-Chan
5c99c8cc37 Improve suggestion for ECB 2024-11-29 14:05:07 +00:00
Owen Mansel-Chan
95d26d96d2 Add change note 2024-11-29 11:54:30 +00:00
Owen Mansel-Chan
09240e46f2 Refactor: use concat instead of hand-written version 
This changes the order of the algorithms in the regex, but I don't think
that makes any difference.
 2024-11-29 11:54:29 +00:00
Owen Mansel-Chan
e6409e159f Give reason why crypto algorithm is insecure 2024-11-29 11:54:27 +00:00
Owen Mansel-Chan
2c061b0d56 Add QLDoc for HostnameSanitizingPrefix 2024-11-29 09:46:44 +00:00
Owen Mansel-Chan
7f8a1ae941 Add change note 2024-11-29 09:46:42 +00:00
Owen Mansel-Chan
7648d397f8 Improve model to remove some false positives 2024-11-29 09:46:41 +00:00
Owen Mansel-Chan
617f4f140e Make HostnameSanitizingPrefix public 2024-11-29 09:46:39 +00:00
Owen Mansel-Chan
ba3f9d6134 Convert model to QL 2024-11-29 09:46:38 +00:00
Owen Mansel-Chan
b5fbf2e944 Add models for third arg of getForObject 
No attempt to stop FPs.
 2024-11-28 16:51:13 +00:00
Owen Mansel-Chan
65fb895ed5 (Unrelated) Fix typo in class name 2024-11-28 16:51:09 +00:00
Anders Schack-Mulligen
df2e2e503a Merge pull request #17901 from aschackmull/java/allowlist-sanitizer 
Java: Add a default taint sanitizer for contains-checks on lists of constants
 2024-11-27 11:09:05 +01:00
Anders Schack-Mulligen
5ef496dd1b Java: Add more qldoc. 2024-11-27 09:07:35 +01:00
Anders Schack-Mulligen
85778f7fea Java: Fix semantic merge conflict in expected file. 2024-11-27 08:53:41 +01:00
Jami
36acfeb305 Merge pull request #18087 from jcogs33/jcogs33/java-sha2 
Java: add SHA-384 to list of secure crypto algorithms
 2024-11-26 08:51:58 -05:00
yoff
6d6f269e6c Merge pull request #17997 from yoff/java/inline-range-tests 2024-11-26 14:48:07 +01:00
Anders Schack-Mulligen
a6fc41ec4b Java: Accept consistency failure. 2024-11-26 13:25:44 +01:00
Anders Schack-Mulligen
38eb3e4952 Java: Adjust expected output. 2024-11-26 13:25:44 +01:00
Anders Schack-Mulligen
2ff2d25784 Java: Cherry-pick test from https://github.com/github/codeql/pull/17051 2024-11-26 13:25:43 +01:00
Anders Schack-Mulligen
408a38d9fb Java: Address review comment, include addFirst,addLast. 2024-11-26 13:25:43 +01:00
Anders Schack-Mulligen
0d45f0efb2 Java: Accept consistency check result. 2024-11-26 13:25:43 +01:00
Anders Schack-Mulligen
2b1caa8a35 Java: Add test. 2024-11-26 13:25:42 +01:00
Anders Schack-Mulligen
5a4b720322 Java: Add change note. 2024-11-26 13:25:42 +01:00
Anders Schack-Mulligen
6f32c4129d Java: Add a default taint sanitizer for contains-checks on lists of constants. 2024-11-26 13:25:41 +01:00
Anders Schack-Mulligen
7f86f8cac7 Java: Prepare TypeFlow for separate instantiation of universal flow. 2024-11-26 13:25:41 +01:00
Rasmus Lerchedahl Petersen
f508f8eb83 Java: address review comments 2024-11-26 11:44:16 +01:00
Jami Cogswell
05b6700607 Java: add SHA384 to list of secure algorithms 2024-11-25 09:27:53 -05:00
Arthur Baars
c2b342f1a0 Merge pull request #18084 from github/aibaars/java-sha3 
Java: add SHA3 family to list of secure crypto algorithms
 2024-11-25 15:07:43 +01:00
Rasmus Lerchedahl Petersen
25664d0e53 Java: Add support for non-integer bounds in inline expectations 2024-11-25 14:48:17 +01:00
Rasmus Lerchedahl Petersen
37935eea3b java: separate bounds onto different lines 2024-11-25 12:32:11 +01:00
Arthur Baars
5eb91fd516 Drop SHA3-224 
Drop the 224bits variant as it looks like SHA3-224 may be deprecated soon based on NIST's most recent draft revision of Transitioning the Use of Cryptographic Algorithms and Key Lengths
 2024-11-25 11:25:45 +01:00
Jami
f0045692a7 Merge pull request #17869 from jcogs33/jcogs33/improve-weak-crypto 
Java: Improve weak crypto query
 2024-11-24 12:04:00 -05:00