codeql

mirror of https://github.com/github/codeql.git synced 2026-02-14 22:21:06 +01:00

Author	SHA1	Message	Date
Owen Mansel-Chan	6a3c74c989	Merge pull request #20999 from joefarebrother/java-spring-websocket Java: Add models for spring WebSocketHandler	2026-01-07 13:29:19 +00:00
Owen Mansel-Chan	6c291e1e7f	Add model for `handlePongMessage` and update test	2026-01-07 11:09:59 +00:00
Anders Schack-Mulligen	eaa96864f7	Java: Extend test to cover assertion-like barrier guards.	2025-12-10 12:23:52 +01:00
Joe Farebrother	94fcee5340	minor formatting tweak	2025-12-09 14:15:36 +00:00
Joe Farebrother	d98e660803	Test fixes + more tests	2025-12-09 14:13:28 +00:00
Joe Farebrother	1d61da51a6	Generate stubs	2025-12-09 14:13:02 +00:00
Joe Farebrother	a594ca9de8	Add tests	2025-12-09 14:12:45 +00:00
Owen Mansel-Chan	5c8ab1f6d1	Merge pull request #20956 from owen-mc/java/improve-regex-sanitizer Java: improve regex sanitizer for `java/ssrf`	2025-12-04 15:32:12 +00:00
Anders Schack-Mulligen	dc6d3fe7ba	Use flowFrom.	2025-12-03 14:04:18 +01:00
Owen Mansel-Chan	a85d0ea8a3	Make tests pass	2025-12-02 17:08:16 +00:00
Owen Mansel-Chan	8fd8fc07b7	Add failing tests for more regex match methods	2025-12-02 17:06:34 +00:00
Owen Mansel-Chan	1a59839f3c	Range library recognises long literals now	2025-11-24 14:10:54 +00:00
Owen Mansel-Chan	ec381e4ec5	Use range analysis and improve tests	2025-11-21 10:31:50 +00:00
aegilops	e904520779	Fixed formatting	2025-11-20 17:34:42 +00:00
Paul Hodgkinson	801cd72965	Merge branch 'main' into java-kotlin-sensitive-logging-substring-barriers	2025-11-20 12:24:22 +00:00
aegilops	1e67907516	Merge commit	2025-11-20 12:22:39 +00:00
aegilops	62ee6d3a33	Made changes requested by reviewers - bounded() for range checking, style and better comments	2025-11-20 11:46:42 +00:00
Anders Schack-Mulligen	fe7be22478	Merge pull request #20761 from aschackmull/java/ssa-shared Java: Replace SSA wrapper classes with shared implementation.	2025-11-18 13:31:50 +01:00
Paul Hodgkinson	7b25e22a37	Merge branch 'main' into java-kotlin-sensitive-logging-substring-barriers	2025-11-17 11:03:39 +00:00
aegilops	fa703e3e60	Test cases for sensitive logging sanitizer	2025-11-14 16:53:46 +00:00
Anders Schack-Mulligen	d6800394fa	Guards: Support disjunctive implications.	2025-11-12 14:14:32 +01:00
Anders Schack-Mulligen	2192d75286	Java: Add test for a known FP.	2025-11-12 14:08:18 +01:00
Anders Schack-Mulligen	109a5eb7e7	Java: Accept qltest changes due to dropped UntrackedDef.	2025-11-12 09:06:21 +01:00
Anders Schack-Mulligen	e059ded133	Java: Accept toString changes in qltest.	2025-11-12 09:06:21 +01:00
Anders Schack-Mulligen	f0bd0346f0	Java: Replace usages of SsaVariable.	2025-11-12 09:06:19 +01:00
Anders Schack-Mulligen	f4b9efcdce	Java: Replace getAUse with getARead.	2025-11-12 09:06:18 +01:00
Anders Schack-Mulligen	35caede859	Java: Replace SsaPhiNode with SsaPhiDefinition.	2025-11-12 09:06:18 +01:00
Anders Schack-Mulligen	06df5c0bd1	Java: Introduce SsaCapturedDefinition and replace uses of getAnUltimateDefinition.	2025-11-12 09:06:17 +01:00
Anders Schack-Mulligen	07e635636c	Java: Replace getAFirstUse with top-level predicate.	2025-11-12 09:06:16 +01:00
Owen Mansel-Chan	7ad570b5f5	Pretty print models in test Otherwise the test output changes when unrelated models are added.	2025-10-29 12:03:32 +00:00
yoff	4461be180a	Merge pull request #19539 from yoff/java/conflicting-access	2025-10-28 20:37:44 +01:00
yoff	406e48b3bb	java: fix aliasing FP reorganise code, adding `LockField`	2025-10-27 14:30:25 +01:00
yoff	531b994819	java: add test for aliasing found by triage	2025-10-27 14:27:32 +01:00
Nicolas Will	d4787520fd	Merge pull request #20690 from bdrodes/weak_symmetric_cipher_bug Crypto: Fix bug in weak symmetric cipher query	2025-10-24 22:38:07 +02:00
Nicolas Will	e7bd435bee	Merge pull request #20696 from bdrodes/bad_mac_decrypt_then_mac Crypto: Adding bad decrypt then mac order query.	2025-10-24 22:07:26 +02:00
$REDMOND\brodes$ REDMOND\brodes	0e624f51d5	Crypto: Adding bad decrypt then mac order query. Fixes to BadMacOrderMacOnEncryptPlaintext as well.	2025-10-24 12:44:28 -04:00
Tom Hvitved	32f21d6d49	Merge pull request #20688 from hvitved/java/request-forgery-matches-sanitizer Java: Treat `x.matches(regexp)` as a sanitizer for request forgery	2025-10-24 14:34:32 +02:00
$REDMOND\brodes$ REDMOND\brodes	ed492c7d5a	Crypto: Fixed bug in WeakSymmetricCipher.qll, forgot to not only filter if !=AES but the algorithm must still be a SymmetriCipher algorithm.	2025-10-24 08:16:22 -04:00
Tom Hvitved	a4eab484ce	Address review comments	2025-10-24 13:32:39 +02:00
Tom Hvitved	7a9cb64e2e	Java: Treat `x.matches(regexp)` as a sanitizer for request forgery	2025-10-24 09:06:57 +02:00
$REDMOND\brodes$ REDMOND\brodes	08379393b3	Crypto: Fix off by one column issue in unit tests.	2025-10-22 15:50:33 -04:00
$REDMOND\brodes$ REDMOND\brodes	3561d01144	Crytpo: Trying to fix in pipeline test failure, experimentally altering a line to see if this forces the test to pass. The test is off by one column in the piepline	2025-10-22 14:16:12 -04:00
$REDMOND\brodes$ REDMOND\brodes	dd60cf9395	Crypto: Adjust output of bad mac order queries, update associated bad mac order expected results, fix erroneous change to ID for a slicing query, update model to specify elliptic curve type as a property, update associated graph test expected files, update the not_included_in_qls.expected to reflect all queries now under quantum.	2025-10-22 10:29:31 -04:00
$REDMOND\brodes$ REDMOND\brodes	ddeb42cddb	Crypto: Adding false positive to BadMacUse.java, we have no way to avoid this FP currently but should note it exists in the test case.	2025-10-21 11:04:57 -04:00
yoff	9e77e5b046	java: add test with deeper paths also format test files	2025-10-21 14:02:36 +02:00
yoff	f183a7223f	java: add test for `notFullyMonitored`	2025-10-21 13:40:29 +02:00
yoff	de05bfbce3	java: address review comments - do not use `getQualifiedName` - use camelCase - rework alert predicates	2025-10-21 13:25:26 +02:00
$REDMOND\brodes$ REDMOND\brodes	cc436e897d	Merge branch 'santander-java-crypto-check' of https://github.com/bdrodes/codeql into santander-java-crypto-check	2025-10-20 15:24:40 -04:00
$REDMOND\brodes$ REDMOND\brodes	354effe829	Crypto: Missing hash algorithms for HMAC operations in jca.	2025-10-20 15:24:18 -04:00
Ben Rodes	2b683c210f	Merge branch 'main' into santander-java-crypto-check	2025-10-18 17:56:43 -04:00

1 2 3 4 5 ...

4352 Commits