hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,049 Commits 1,671 Branches 157 Tags
35caede859ba7d8b51a5259ef8a85ec96d72b54e
Commit Graph

3242 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
35caede859 Java: Replace SsaPhiNode with SsaPhiDefinition. 2025-11-12 09:06:18 +01:00
Anders Schack-Mulligen
3e43c53b9d Java: Update some qldoc deprecation notices. 2025-11-12 09:06:17 +01:00
Anders Schack-Mulligen
06df5c0bd1 Java: Introduce SsaCapturedDefinition and replace uses of getAnUltimateDefinition. 2025-11-12 09:06:17 +01:00
Anders Schack-Mulligen
483b2d89a7 Java: Replace uses of SsaExplicitUpdate. 2025-11-12 09:06:16 +01:00
Anders Schack-Mulligen
07e635636c Java: Replace getAFirstUse with top-level predicate. 2025-11-12 09:06:16 +01:00
Anders Schack-Mulligen
99aa0333cf Java: Replace usages of isParameterDefinition. 2025-11-12 09:06:15 +01:00
Anders Schack-Mulligen
154f0770de Java: Simplify instantiation of Guards and ControlFlowReachability. 2025-11-12 09:06:15 +01:00
Anders Schack-Mulligen
d5708fdd4e Java: Instantiate shared SSA wrappers for main SSA. 2025-11-12 09:06:14 +01:00
Anders Schack-Mulligen
942dc2b89e Java: Replace BaseSSA class wrappers with shared code. 2025-11-12 09:06:14 +01:00
Anders Schack-Mulligen
551944bacb Java: Add VariableWrite class. 2025-11-12 09:06:13 +01:00
Anders Schack-Mulligen
374c77213f Java: Remove getAFirstUse in BaseSSA. 2025-11-12 09:06:12 +01:00
Anders Schack-Mulligen
f2181ece4f Java: Get rid of untracked SSA definitions. 2025-11-12 09:06:11 +01:00
Anders Schack-Mulligen
c4f0868844 Java: Move SSA entry defs to index -1. 2025-11-12 09:06:11 +01:00
yoff
4461be180a Merge pull request #19539 from yoff/java/conflicting-access 2025-10-28 20:37:44 +01:00
Nora Dimitrijević
a0975e7e19 Constrain location overrides to actual sources/sinks 2025-10-28 09:42:20 +01:00
Nora Dimitrijević
f24a6f64ab Java/WebviewDebugEnabledQuery 
java/ql/src/Security/CWE/CWE-489/WebviewDebuggingEnabled.ql
 2025-10-28 09:40:06 +01:00
Nora Dimitrijević
518c0818a4 Java/UnsafeDeserializationQuery 
java/ql/src/Security/CWE/CWE-502/UnsafeDeserialization.ql
 2025-10-28 09:40:03 +01:00
Nora Dimitrijević
4439322e88 Java/TempDirLocalInformationDisclosureQuery 
java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql
 2025-10-28 09:40:01 +01:00
Nora Dimitrijević
2a889f4f98 Java/TaintedPermissionsCheckQuery 
java/ql/src/Security/CWE/CWE-807/TaintedPermissionsCheck.ql
 2025-10-28 09:39:58 +01:00
Nora Dimitrijević
697f428eae Java/TaintedEnvironmentVariableQuery 
java/ql/src/Security/CWE/CWE-078/ExecTaintedEnvironment.ql
 2025-10-28 09:39:55 +01:00
Nora Dimitrijević
72a97773b1 Java/NumericCastTaintedQuery 
java/ql/src/Security/CWE/CWE-681/NumericCastTainted.ql
 2025-10-28 09:39:52 +01:00
Nora Dimitrijević
247ae1d23c Java/MaybeBrokenCryptoAlgorithmQuery 
java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql
 2025-10-28 09:39:50 +01:00
Nora Dimitrijević
eebff9c282 Java/ImproperValidationOfArrayConstructionFlow 
java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstruction.ql
 2025-10-28 09:39:47 +01:00
Nora Dimitrijević
9eeeec336e Java/ImproperValidationOfArrayConstructionCodeSpecifiedQuery 
java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstructionCodeSpecified.ql
 2025-10-28 09:39:45 +01:00
Nora Dimitrijević
dc1dff98b0 Java/ConditionalBypass 
java/ql/src/Security/CWE/CWE-807/ConditionalBypass.ql
 2025-10-28 09:39:42 +01:00
Nora Dimitrijević
4482e831d7 Java/CommandLineQuery 
85a4dd0325/java/ql/src/Security/CWE/CWE-078/ExecTainted.ql

857b51be58/java/ql/src/Security/CWE/CWE-078/ExecUnescaped.ql

b6e56f26c7/java/ql/src/experimental/Security/CWE/CWE-078/ExecTainted.ql
 2025-10-28 09:39:39 +01:00
Nora Dimitrijević
b023880a0a Java/BrokenCryptoAlgorithmQuery 
java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql
 2025-10-28 09:39:37 +01:00
Nora Dimitrijević
1129230e10 Java/ArithmeticUncontrolledQuery 
java/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql
 2025-10-28 09:39:34 +01:00
Nora Dimitrijević
a228936c63 Java/ArithmeticTainted 
java/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql
 2025-10-28 09:39:31 +01:00
Nora Dimitrijević
913550f408 Java/ArbitraryApkInstallationQuery 
java/ql/src/Security/CWE/CWE-094/ArbitraryApkInstallation.ql
 2025-10-28 09:39:29 +01:00
Alexander Eyers-Taylor
227e1fcbde Merge pull request #20598 from github/alexet/overlay-query-libraries 
Java: Make some query libraries local.
 2025-10-27 17:52:27 +00:00
yoff
406e48b3bb java: fix aliasing FP 
reorganise code, adding `LockField`
 2025-10-27 14:30:25 +01:00
Tom Hvitved
32f21d6d49 Merge pull request #20688 from hvitved/java/request-forgery-matches-sanitizer 
Java: Treat `x.matches(regexp)` as a sanitizer for request forgery
 2025-10-24 14:34:32 +02:00
Tom Hvitved
7a9cb64e2e Java: Treat x.matches(regexp) as a sanitizer for request forgery 2025-10-24 09:06:57 +02:00
Anders Schack-Mulligen
72d83cc966 ControlFlowReachability: Align the SSA signature with the one from shared SSA. 2025-10-23 10:57:21 +02:00
Anders Schack-Mulligen
f257c7a570 Guards: Align the SSA signature with the one from shared SSA. 2025-10-23 10:23:22 +02:00
Anders Schack-Mulligen
20147cdd2b Shared/Java: Rename ControlFlowReachability library. 2025-10-23 09:07:34 +02:00
Anders Schack-Mulligen
8a3f62b9b6 Merge pull request #20558 from aschackmull/csharp/guards3 
C#: Instantiate shared Guards and shared ControlFlowReachability and replace nullness
 2025-10-23 08:43:14 +02:00
yoff
f4878b3806 java: make as many predicates private as possible 2025-10-21 13:25:26 +02:00
yoff
de05bfbce3 java: address review comments 
- do not use `getQualifiedName`
- use camelCase
- rework alert predicates
 2025-10-21 13:25:26 +02:00
yoff
715acefacc Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2025-10-21 12:52:59 +02:00
yoff
3a0a8999d5 java: fix ql alerts 2025-10-17 01:52:23 +02:00
yoff
61a3e9630f java: rewrite conflict detection 
- favour unary predicates over binary ones
(the natural "conflicting access" is binary)
- switch to a dual solution to trade recursion through forall for simple existentials.

Co-authored-by: Anders Schack-Mulligen <aschackmull@github.com>
 2025-10-17 01:43:04 +02:00
yoff
5109babd92 java: add qldoc 
These interfaces were previously in a .ql file.
Also, use the XXAccess variants.
 2025-10-09 14:20:28 +02:00
yoff
1ad239459f java: move shared code into Concurrency.qll 2025-10-09 13:36:35 +02:00
yoff
f90e9dbb5e java: favour inline_late over inline 
This gives much greater control over the join-order
 2025-10-09 13:01:25 +02:00
yoff
830f02af1f java: fixes from the CI bots 2025-10-09 09:37:31 +02:00
yoff
93fc287ef1 java: add auto-generated overlay annotations 2025-10-09 09:25:57 +02:00
yoff
a1671ea8af java: small cleanups 
- add missing qldoc
- remove use of `getErasure`
- remove use of `getTypeDescriptor`
- define `ExposedField`
 2025-10-09 09:16:25 +02:00
yoff
821b1de5b3 java: inline char pred 2025-10-09 09:16:25 +02:00