hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-14 19:29:28 +02:00
Code Issues Packages Projects Releases Wiki Activity
86,161 Commits 1,758 Branches 167 Tags
3869abebea44d8d19e18dda24b1e84c183f0958e
Commit Graph

14262 Commits

Author SHA1 Message Date
Nicolas Will
3869abebea Fix Micronaut ql-for-ql alerts 2026-02-27 17:24:02 +01:00
Nicolas Will
ededc8c676 Create 2026-02-27-micronaut.md 2026-02-27 17:22:06 +01:00
Nicolas Will
cf31af77c9 Add Micronaut framework support for Java QL 
Add CodeQL support for Micronaut: add MaD models for HTTP, HTTP client and multipart (sources, sinks and summary propagation), new framework QLL modules (Controller, WebSocket, Config, Data, Security). Add library tests and query tests exercising request inputs, file uploads, HttpClient sinks (SSRF), header sinks (response-splitting) and redirect sinks (open-redirect), plus expected results and extractor options. Include Micronaut 4.x stubs used by the tests.
 2026-02-27 17:17:07 +01:00
Idriss Riouak
744ade6720 Merge pull request #21338 from github/idrissrio/java/fix-change-note 
Java: Fix Maven change note
 2026-02-17 14:48:37 +01:00
Idriss Riouak
c877487e11 Merge pull request #21337 from github/idrissrio/java/jdk26-note 
Java: Add change note for Java 26 and updated supported languages
 2026-02-17 14:48:16 +01:00
idrissrio
5151df456c Java: Fix Maven change note 2026-02-17 14:27:27 +01:00
idrissrio
8aa839f4c0 Java: Address review comments 2026-02-17 14:19:12 +01:00
idrissrio
bd94ceddd9 Java: Add change note for JDK 26 2026-02-17 13:58:55 +01:00
Owen Mansel-Chan
94e3d86f6a Merge pull request #21319 from owen-mc/java/javax-jakarta 
Java: Always use both "javax" and "jakarta" at the beginning of Jave EE packages
 2026-02-17 08:31:52 +00:00
github-actions[bot]
b5898c5a30 Post-release preparation for codeql-cli-2.24.2 2026-02-16 17:07:45 +00:00
github-actions[bot]
ef04f927fb Release preparation for version 2.24.2 2026-02-16 13:29:25 +00:00
Owen Mansel-Chan
cf73d96c9d Update test results (remove SPURIOUS annotations) 2026-02-16 12:03:02 +00:00
Owen Mansel-Chan
597be6a1c0 Add change note 2026-02-16 12:01:15 +00:00
Owen Mansel-Chan
94f1d94a2b Rename MethodCall ma to mc 2026-02-16 12:01:14 +00:00
Owen Mansel-Chan
9fc95f5171 Expand log injection sanitizers to annotation regex matches 2026-02-16 12:01:13 +00:00
Owen Mansel-Chan
924bb92d91 Expand log injection sanitizer guards to non-annotation regex matches 2026-02-16 12:01:11 +00:00
Owen Mansel-Chan
60e58f8219 Refactor logInjectionGuard part 2 2026-02-16 12:01:10 +00:00
Owen Mansel-Chan
6c0c1d558e Refactor logInjectionGuard part 1 2026-02-16 12:01:08 +00:00
Owen Mansel-Chan
146fc7a8c0 Add failing log injection test for @Pattern validation 2026-02-16 12:01:07 +00:00
Owen Mansel-Chan
91c731f68d Fix new usage that was introduced 2026-02-16 11:03:27 +00:00
Owen Mansel-Chan
c4192b670b More copilot suggestions 2026-02-16 11:02:21 +00:00
Owen Mansel-Chan
53b8f2abb1 Apply copilot's fixes 2026-02-16 11:02:20 +00:00
Owen Mansel-Chan
178fbf9600 Add missing QLDoc 2026-02-16 11:02:19 +00:00
Owen Mansel-Chan
6da3a4557e Add change note 2026-02-16 11:02:17 +00:00
Owen Mansel-Chan
31840902cd Fix places which already dealt with both javax and jakarta 2026-02-16 11:02:16 +00:00
Owen Mansel-Chan
4b240ebf8a Define new predicate javaxOrJakarta() 2026-02-16 11:02:14 +00:00
Owen Mansel-Chan
a5e6f6daf9 Replace "javax" with javaxOrJakarta() 
This is just a find-replace of `"javax` with `javaxOrJakarta() + "`.
 2026-02-16 11:02:12 +00:00
Owen Mansel-Chan
47a9f87d9b Merge pull request #21310 from owen-mc/java/regex-execution 
Java: Add RegexMatch concept and recognise `@Pattern` annotation as sanitizer
 2026-02-16 09:11:47 +00:00
Owen Mansel-Chan
16ddb5658f Small refactor for stylistic consistency 2026-02-15 14:39:23 +00:00
Owen Mansel-Chan
d6b71a346e Extend RegexMatch framework to allow for MatcherMatchesCall edge case 2026-02-15 14:39:21 +00:00
Owen Mansel-Chan
8f8f4c2d52 Fix Matcher.matches edge case 2026-02-14 00:28:37 +00:00
Owen Mansel-Chan
90befa0c00 Add failing test for Matcher.matches() edge case 2026-02-14 00:28:34 +00:00
Owen Mansel-Chan
ca4c988e97 Remove redundant variable 2026-02-13 22:58:09 +00:00
Owen Mansel-Chan
2e0f244376 Improve QLDoc on RegexMatch.getName() 2026-02-13 22:55:01 +00:00
Owen Mansel-Chan
c7099584b4 Put imports implementing abstract classes in private module 2026-02-13 22:51:53 +00:00
Owen Mansel-Chan
3c161f9c93 Make contract of RegexMatch clear 2026-02-13 22:47:44 +00:00
Owen Mansel-Chan
1fefa989d7 Rename RegexMatch and only include expressions 2026-02-13 22:45:48 +00:00
Owen Mansel-Chan
953ff9f0d0 PatternAnnotation.getString() should only be field reads 2026-02-13 22:41:20 +00:00
Owen Mansel-Chan
106254b220 Improve QLDocs 2026-02-13 22:40:36 +00:00
Owen Mansel-Chan
5bdf550317 Fix QLDocs 2026-02-12 16:57:14 +00:00
Owen Mansel-Chan
c539c2f4fd Add change note 2026-02-12 16:57:12 +00:00
Owen Mansel-Chan
bfe26c1989 Add @Pattern as RegexExecution => SSRF sanitizer 2026-02-12 16:57:11 +00:00
Owen Mansel-Chan
d0999e3abd Add failing test for @Pattern validation 2026-02-12 16:57:04 +00:00
Anders Schack-Mulligen
5c53677051 Java: Deprecate UnreachableBlocks. 2026-02-12 11:06:34 +01:00
Owen Mansel-Chan
6a8204d28c "dataflow" -> "data flow" in QLDoc 2026-02-11 13:41:14 +00:00
Owen Mansel-Chan
1ee5728311 Add missing QLDoc 2026-02-11 13:40:20 +00:00
Owen Mansel-Chan
a22fd39230 Use RegexExecution in sanitizer definitions (expands scope) 2026-02-11 13:09:48 +00:00
Owen Mansel-Chan
fa3fba4a00 Use new regex-related classes (no functional change) 2026-02-11 13:09:46 +00:00
Owen Mansel-Chan
44eeee5757 Add and improve classes for regex-related methods 2026-02-11 13:09:45 +00:00
Owen Mansel-Chan
e6dbd525c3 Add RegexExecution in Concepts.qll 2026-02-11 13:09:42 +00:00