hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
55,552 Commits 1,672 Branches 157 Tags
3cd06b00264ea09f06925fd6bbfd84ece679ada3
Commit Graph

9832 Commits

Author SHA1 Message Date
Tony Torralba
3cd06b0026 More review suggestions 2023-10-17 11:54:32 +02:00
Tony Torralba
62a9ffd277 Apply suggestions from code review 2023-10-17 11:51:55 +02:00
Taus
e5b17af9b5 Java: Fix bad tool output 2023-06-14 12:16:44 +02:00
Taus
b860b21ced Update MaD Declarations after Triage 2023-06-13 16:50:58 +02:00
github-actions[bot]
a628384d83 Add changed framework coverage reports 2023-06-12 00:18:38 +00:00
Anders Schack-Mulligen
1b7bbf6320 Merge pull request #13083 from aschackmull/dataflow/typestrengthen 
Dataflow: Strengthen tracked types.
 2023-06-09 13:23:30 +02:00
Tony Torralba
0cef5651e2 Merge pull request #13417 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2023-06-09 09:27:03 +02:00
Anders Schack-Mulligen
44b09507ab Merge pull request #13408 from aschackmull/java/loginjection-perf 
Java: Add more negation context to reduce string ops and improve perf.
 2023-06-09 08:44:27 +02:00
Anders Schack-Mulligen
68f1e40370 Java/C#: Add change notes. 2023-06-09 08:37:36 +02:00
Anders Schack-Mulligen
85d6b44d92 Java: Fix test output. 2023-06-09 08:37:36 +02:00
Anders Schack-Mulligen
d230509905 Dataflow: Address review comments. 2023-06-09 08:37:36 +02:00
Anders Schack-Mulligen
95afd551ff Java: Fix qltest 2023-06-09 08:37:36 +02:00
Anders Schack-Mulligen
4399138c82 Dataflow: Fix QL4QL alert. 2023-06-09 08:37:36 +02:00
Anders Schack-Mulligen
8a584b78ac Dataflow: Enable type strengthening in partial flow. 2023-06-09 08:37:36 +02:00
Anders Schack-Mulligen
441ccef6c4 Dataflow: Bugfix, use arg type rather than strengthened param type. 2023-06-09 08:37:36 +02:00
Anders Schack-Mulligen
a0a9d30286 Java: Fix qltests. 2023-06-09 08:37:35 +02:00
Anders Schack-Mulligen
4633abe19e Java: Autoformat 2023-06-09 08:37:35 +02:00
Anders Schack-Mulligen
ad461a87b4 Dataflow: Strengthen tracked types. 2023-06-09 08:37:35 +02:00
Anders Schack-Mulligen
1d87f0793b Dataflow: Minor refactor. 2023-06-09 08:37:35 +02:00
github-actions[bot]
81b08b4399 Add changed framework coverage reports 2023-06-09 00:18:12 +00:00
Tony Torralba
abb775c616 Merge pull request #13409 from atorralba/atorralba/java/fix-gson-models 
Java: Fix more problems in the Gson models
 2023-06-08 17:36:40 +02:00
Tony Torralba
4608481d7b Java: Fix more problems in the Gson models 
Found during type strengthening work by @aschackmull
 2023-06-08 14:53:09 +02:00
Anders Schack-Mulligen
5a2ac1b5ca Java: Add more negation context to reduce string ops and improve perf. 2023-06-08 14:04:57 +02:00
Anders Schack-Mulligen
dabb4dd643 Java: Improve join-order for FunctionalInterface. 2023-06-08 13:02:54 +02:00
Anders Schack-Mulligen
cc45db7c76 Merge pull request #13394 from atorralba/atorralba/java/fix-gson-jsonarray-models 
Java: Fix Gson's JsonArray.add models
 2023-06-08 11:05:40 +02:00
github-actions[bot]
cbbd885e22 Add changed framework coverage reports 2023-06-08 00:17:14 +00:00
Ian Lynagh
1b83aeb25d Merge pull request #13393 from igfoo/igfoo/remove_explorer 
Kotlin: Remove kotlin-explorer
 2023-06-07 16:32:00 +01:00
Ian Lynagh
c4e829f1d4 Merge pull request #13385 from igfoo/igfoo/kotlin_version_relax 
Kotlin: Relax version requirements
 2023-06-07 16:31:49 +01:00
Tony Torralba
c0135673fa Fix JsonArray.addAll model 
Properly test JsonArray.add(String) and JsonArray.addAll(JsonArray) as well
 2023-06-07 16:18:32 +02:00
Tony Torralba
6d7234f8ed Merge pull request #13225 from atorralba/atorralba/java/path-injection-mad-sinks-2 
Java: Migrate path injection sinks to models-as-data (simplified)
 2023-06-07 14:27:36 +02:00
Tony Torralba
35b4c438ff Fix Gson's JsonArray.add models 
When the type of the argument isn't JsonElement, the summary must be taint flow instead of value flow
 2023-06-07 14:12:20 +02:00
yoff
911835c30e Merge pull request #13392 from yoff/java/test-type-tracking-through-flow-summaries 
java: test type tracking through flow summaries
 2023-06-07 14:10:23 +02:00
Ian Lynagh
d6ac5cdc94 Kotlin: Remove kotlin-explorer 
This was an exploration tool that I don't think has been used for some
time.
 2023-06-07 12:39:00 +01:00
Erik Krogh Kristensen
6ba7f9a238 Merge pull request #13352 from erik-krogh/once-again-deps-not-py-cpp 
delete old deprecations
 2023-06-07 13:00:57 +02:00
Tony Torralba
46b30453e3 Merge pull request #13386 from github/java/update-mad-decls-after-triage-2023-06-06T14-38-29 
Java: Update MaD Declarations after Triage
 2023-06-07 12:33:26 +02:00
Rasmus Lerchedahl Petersen
aec1e4a713 java: address ql alert 2023-06-07 11:40:50 +02:00
Rasmus Lerchedahl Petersen
76e1c6f76f java: test type tracking through flow summaries 2023-06-07 11:18:53 +02:00
Tony Torralba
416d3d587d Accept test changes 
An uncovered test case is now correctly covered
 2023-06-07 10:33:17 +02:00
Tony Torralba
27763d6bbe Improve ZipSlip exclusion to take varargs into account 2023-06-07 09:25:56 +02:00
Tony Torralba
8001ae9669 Update java/ql/lib/semmle/code/java/security/ZipSlipQuery.qll 
Co-authored-by: Jami <57204504+jcogs33@users.noreply.github.com>
 2023-06-07 09:08:24 +02:00
Tony Torralba
60725e9580 Update java/ql/lib/ext/org.springframework.core.io.model.yml 2023-06-07 09:07:22 +02:00
Tony Torralba
2f12ae2e0d Update java/ql/lib/ext/okhttp3.model.yml 2023-06-07 08:57:12 +02:00
github-actions[bot]
a14e7fa694 Add changed framework coverage reports 2023-06-07 00:16:58 +00:00
Stephan Brandauer
b31131d33a Merge pull request #13344 from github/java/update-mad-decls-after-triage-2023-06-01T12-58-13 
Java: Update MaD Declarations after Triage
 2023-06-06 17:08:50 +02:00
Stephan Brandauer
75cbcdd72e Update MaD Declarations after Triage 2023-06-06 16:38:31 +02:00
Ian Lynagh
ca63122ce4 Kotlin: Relax version requirements 
If the latest version we know about is 1.9, and we are faced with 1.10,
then we try 1.9 rather than failing with an exception.
 2023-06-06 14:09:55 +01:00
Tony Torralba
49c6ea27a0 Merge pull request #13379 from atorralba/atorralba/kotlin/use-with-flow 
Kotlin: Add flow through kotlin.io.use and kotlin.with
 2023-06-06 13:44:14 +02:00
Taus
f4fd908f7f Java: Comment out sinks for which no query exists 2023-06-06 13:01:59 +02:00
Ian Lynagh
f690d150b0 Merge pull request #13373 from igfoo/igfoo/kotlin-loc 
Java/Kotlin: Split lines of code by language
 2023-06-06 11:49:18 +01:00
Tony Torralba
1d8ca88aca Add change note 2023-06-06 11:25:07 +02:00