hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-10 23:41:09 +02:00
Code Issues Packages Projects Releases Wiki Activity
62,503 Commits 1,777 Branches 169 Tags
3edfdc5cebdc4aa0c9ca8540ccb165c56ea2147a
Commit Graph

11110 Commits

Author SHA1 Message Date
Marcono1234
3edfdc5ceb Java: Improve Regex flag parsing 
Fixes:
- Flag `d` not being recognized
- Syntax for disabling flags (`-`) not being recognized
- Non-capturing group with flags erroneously containing `:` as literal
 2024-01-06 04:15:09 +01:00
Chris Smowton
8144d90d4d Merge pull request #15227 from smowton/smowton/admin/add-test-buildless-maven-multimodule 
Add test for Java buildless vs Maven multimodule projects
 2024-01-04 16:36:44 +00:00
Ian Wright
dab28edfa9 0.0.11 release of automodel extraction queries 2024-01-04 13:10:46 +00:00
Chris Smowton
c90171c73f Add test for Java buildless vs Maven multimodule projects 2024-01-04 12:30:13 +00:00
Ian Wright
468454645e better 2024-01-04 11:15:05 +00:00
Ian Wright
4530510450 check if provided argument is valid 2024-01-04 11:02:58 +00:00
Ian Wright
545b5e7e83 better comment 2024-01-04 11:02:58 +00:00
Ian Wright
fb44b9c7dd better comment 2024-01-04 11:02:57 +00:00
Ian Wright
e4a798e9cc better comment 2024-01-04 11:02:57 +00:00
Ian Wright
af940f5e41 don't specify defaults 2024-01-04 11:02:57 +00:00
Ian Wright
45b1790fa2 add publication warning 2024-01-04 11:02:57 +00:00
Ian Wright
337512174f wip 
wip

wip

more checks

fix bug if release folder already exists

fix bug if release folder already exists

ensure branch has correct release; dry-run

simplify branches

step by step

fix paths

pushd/popd

pushd/popd

use bash

simplify

simplify

simplify

simplify

add dry run
 2024-01-04 11:02:57 +00:00
Ian Wright
6572be668c get release version 2024-01-04 11:02:57 +00:00
Ian Lynagh
7b48e2e4ae Merge pull request #15049 from igfoo/igfoo/UnderscoreIdentifier 
Kotlin 2: Accept changes in query-tests/UnderscoreIdentifier
 2024-01-03 13:43:24 +00:00
Aditya Sharad
bbe3269b8c Merge pull request #15189 from github/adityasharad/merge/3.12-main 
Merge `rc/3.12` into `main`
 2023-12-22 11:26:37 -08:00
Edward Minnix III
d6d76fa4f1 Merge pull request #15183 from egregius313/egregius313/java/fix-weak-hashing-adddition 
Java: Fix minor error in `java/potentially-weak-cryptographic-algorithm`
 2023-12-22 11:38:55 -05:00
Arthur Baars
c5b6f48569 Merge pull request #15127 from smowton/smowton/feature/buildless-tests 
Add buildless tests
 2023-12-22 11:39:16 +01:00
Tony Torralba
67f8bcce44 Merge pull request #14752 from masterofnow/LoadClassNoSignatureCheck 
Java: Insecure Loading of Class in Android App without Package Signature Checking
 2023-12-22 10:24:34 +01:00
Tony Torralba
8ad787f3b8 Java: Generelize MaybeBrokenCryptoAlgorithmQuery.qll 2023-12-22 10:15:40 +01:00
Ed Minnix
8051cfcef5 Fix tests and fix getStringValue method 2023-12-21 22:48:08 -05:00
Ed Minnix
6455e1893d Add more test cases 2023-12-21 22:48:08 -05:00
Ed Minnix
7f9dff2dc7 Fix minor error in Weak Hashing 2023-12-21 22:48:07 -05:00
Aditya Sharad
b1803d0ac2 Merge rc/3.12 into main 2023-12-21 16:40:51 -08:00
masterofnow
0fd09759df Added sample java file for qhelp to render correctly. 2023-12-22 08:31:23 +08:00
masterofnow
cb5733d647 Apply suggestions from code review 
Update to documentation.

Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2023-12-22 08:25:05 +08:00
masterofnow
7162540faf Added options, .qhelp and .expected file for unit test. 2023-12-21 19:57:37 +08:00
masterofnow
8dc522fb5f Merge remote-tracking branch 'origin/LoadClassNoSignatureCheck' into LoadClassNoSignatureCheck 2023-12-21 12:15:06 +08:00
masterofnow
25c818f425 Added unit test files. 2023-12-21 12:13:00 +08:00
github-actions[bot]
d77e8df800 Add changed framework coverage reports 2023-12-21 00:16:28 +00:00
Tony Torralba
1b9f59efa7 Merge pull request #14646 from github/java/update-mad-decls-after-triage-2023-10-31T15-52-01 
Java: Update MaD Declarations after Triage
 2023-12-20 15:37:19 +01:00
Tony Torralba
39708524e7 Minor fixes 
- Query ID
- MethodAccess -> MethodCall
- Redundant import
- Formatting
 2023-12-20 15:31:09 +01:00
Tony Torralba
e744d974e8 Merge pull request #14580 from github/java/update-mad-decls-after-triage-2023-10-24T15-42-01 
Java: Update MaD Declarations after Triage
 2023-12-20 15:01:24 +01:00
Tony Torralba
2df8bcb9dc Update java/ql/lib/change-notes/2023-10-31-new-models.md 
Co-authored-by: Jami <57204504+jcogs33@users.noreply.github.com>
 2023-12-20 14:59:07 +01:00
masterofnow
e85c4b5bf6 Update query from code review feedback to express it as a dataflow problem. 2023-12-20 18:28:16 +08:00
Ed Minnix
a93d6dd956 Change note 2023-12-19 10:28:23 -05:00
Ed Minnix
ce130c6ed5 Add replace to MapMutator 2023-12-19 10:23:06 -05:00
Tony Torralba
c8a369d9ef Update java/ql/lib/ext/jakarta.persistence.model.yml 2023-12-19 14:58:07 +01:00
github-actions[bot]
8f72b0e4f7 Post-release preparation for codeql-cli-2.15.5 2023-12-19 10:32:57 +00:00
github-actions[bot]
19af35b29a Release preparation for version 2.15.5 2023-12-18 21:22:44 +00:00
Edward Minnix III
56921a6e21 Merge pull request #14040 from egregius313/egregius313/weak-hashing-properties 
Java: Add support for algorithm names specified in `.properties` files to `java/potentially-weak-cryptographic-algorithm`
 2023-12-18 09:38:58 -05:00
Tony Torralba
9446249e94 Merge pull request #15012 from atorralba/atorralba/java/fix-missing-pinning-fp 
Java: Fix FPs in Missing certificate pinning
 2023-12-18 09:37:18 +01:00
Tony Torralba
0524289a73 Update java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql 2023-12-18 08:50:10 +01:00
masterofnow
4a77f45aa6 Minor adjustment to resolve error for codeql version 2.15.4 2023-12-16 12:41:39 +08:00
masterofnow
99b273d308 Apply suggestions from code review 
Added suggestion from atorralba.

Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2023-12-16 12:00:45 +08:00
Chris Smowton
84c86f256a Add buildless tests 2023-12-15 22:37:55 +00:00
Ed Minnix
09a0730491 QLdoc fix 2023-12-15 11:13:09 -05:00
Ed Minnix
02581a3850 Move class for getProperty method call to Properties.qll 2023-12-15 11:09:08 -05:00
Ed Minnix
73cb01fc89 Remove integration test (ported to query test) 
The `.properties` file extractor has been enabled by default, so the
test about sources from `getProperty` calls can be ported to a query test.
 2023-12-15 11:09:08 -05:00
Ed Minnix
fc53727b9d Bump change note date 2023-12-15 11:09:08 -05:00
Ed Minnix
8826eaf1a3 Move test case to query tests 2023-12-15 11:09:08 -05:00