hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,820 Commits 1,671 Branches 157 Tags
44258913525e4859be81845182dbbf5e30de0711
Commit Graph

14054 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
4066c0d84a Java: Fix input/output naming. 2025-12-11 16:24:29 +01:00
Owen Mansel-Chan
87f58fe51a Convert regex injection barrier to MaD 2025-12-11 16:24:29 +01:00
Owen Mansel-Chan
44295e4c7d Convert XSS barrier to MaD 2025-12-11 16:24:28 +01:00
Owen Mansel-Chan
7e562f3150 Convert request forgery barrier guard to MaD 2025-12-11 16:24:28 +01:00
Owen Mansel-Chan
f6e3c77145 Convert path injection barrier to MaD 2025-12-11 16:24:27 +01:00
Owen Mansel-Chan
f6e40bd49d Convert trust boundary violation barrier and barrier guard to MaD 2025-12-11 16:24:26 +01:00
Anders Schack-Mulligen
dcf6041dca Java: Add empty extensible data. 2025-12-11 16:24:26 +01:00
Anders Schack-Mulligen
8da65ec6d0 Java: Add support for boolean MaD barrier guards. 2025-12-11 16:24:25 +01:00
Anders Schack-Mulligen
d24b0ff596 Java: Basic support for pass-through barrier models. 2025-12-11 16:24:25 +01:00
Anders Schack-Mulligen
eaa96864f7 Java: Extend test to cover assertion-like barrier guards. 2025-12-10 12:23:52 +01:00
Anders Schack-Mulligen
9cd2247b91 Java: expose support for more general BarrierGuards. 2025-12-10 12:23:52 +01:00
Anders Schack-Mulligen
ebb989962c Guards: Generalise ValidationWrapper to support GuardValue-based BarrierGuards. 2025-12-10 12:23:51 +01:00
Chris Smowton
359a28e409 Merge pull request #20984 from github/rc/3.20 
Java: Add change note for Maven compiler flags
 2025-12-08 14:24:58 +00:00
idrissrio
a0e7afde8e Java: Add change note for Maven compiler flags 2025-12-08 12:14:03 +01:00
Óscar San José
bc6133de5c Merge branch 'main' of https://github.com/github/codeql into oscarsj/merge-back-rc-3.20 2025-12-05 19:31:47 +01:00
Owen Mansel-Chan
5c8ab1f6d1 Merge pull request #20956 from owen-mc/java/improve-regex-sanitizer 
Java: improve regex sanitizer for `java/ssrf`
 2025-12-04 15:32:12 +00:00
Anders Schack-Mulligen
607ad1f886 Merge pull request #20961 from aschackmull/dataflow/flowfrom 
Dataflow: Add flowFrom predicates to mirror flowTo.
 2025-12-04 10:09:29 +01:00
Tom Hvitved
3ba256a72a C#/Java: Go back to access path limit 2 2025-12-03 15:05:02 +01:00
Anders Schack-Mulligen
dc6d3fe7ba Use flowFrom. 2025-12-03 14:04:18 +01:00
Owen Mansel-Chan
e710c150de Add change note 2025-12-02 17:12:05 +00:00
Owen Mansel-Chan
a85d0ea8a3 Make tests pass 2025-12-02 17:08:16 +00:00
Owen Mansel-Chan
8fd8fc07b7 Add failing tests for more regex match methods 2025-12-02 17:06:34 +00:00
github-actions[bot]
085faa2bdb Post-release preparation for codeql-cli-2.23.7 2025-12-02 16:39:43 +00:00
Owen Mansel-Chan
566aa8f201 Refactor regex sanitizer 
Move it to Sanitizers.qll and rename it to be more general (mostly
following Go).
 2025-12-02 16:04:39 +00:00
github-actions[bot]
a045b317ac Release preparation for version 2.23.7 2025-12-02 15:31:27 +00:00
github-actions[bot]
19a13467e0 Release preparation for version 2.23.7 2025-12-01 16:07:37 +00:00
Asger F
b8cff77cab Merge pull request #20873 from github/shared-xml-discard 
Share XML discard predicates
 2025-12-01 10:06:02 +01:00
Asger F
38a1bb0e29 Use string instead of @file in XML discards 2025-11-28 09:23:27 +01:00
Owen Mansel-Chan
992bd68d4b Use set literals #2 2025-11-28 03:48:50 +00:00
Owen Mansel-Chan
220fd08428 Improve formatting of tags #2 2025-11-28 03:34:30 +00:00
Owen Mansel-Chan
22b614ac48 Use set literals 2025-11-28 03:34:17 +00:00
Owen Mansel-Chan
62238fcbd7 Fix variable name in qldoc 2025-11-28 03:33:18 +00:00
Felicity Chapman
caf6b950ac Remove trailing periods from @name metadata in query files 
Fixed 73 .ql query files where the @name metadata contained an ending period.
This ensures consistency with the CodeQL query metadata style guidelines.
 2025-11-26 14:29:51 +00:00
Asger F
dbf14c190a Factor XML discard predicates into OverlayXml.qll 2025-11-26 11:48:32 +01:00
Owen Mansel-Chan
f0dec21b9b Merge branch 'main' into java-kotlin-sensitive-logging-substring-barriers 2025-11-25 23:24:58 +00:00
Owen Mansel-Chan
1a59839f3c Range library recognises long literals now 2025-11-24 14:10:54 +00:00
Owen Mansel-Chan
e37336d550 No need for getUnderlyingExpr to look through casts 2025-11-24 14:10:20 +00:00
Owen Mansel-Chan
d2fc6a7b5b Merge branch 'main' into java-kotlin-sensitive-logging-substring-barriers 2025-11-21 12:20:04 +00:00
Anders Schack-Mulligen
298e4cfcc5 Java: Recognize int-sized long literals. 2025-11-21 12:53:39 +01:00
Owen Mansel-Chan
ec381e4ec5 Use range analysis and improve tests 2025-11-21 10:31:50 +00:00
Anders Schack-Mulligen
30d68d8906 Java: Add missing deprecated annotations. 2025-11-21 10:14:13 +01:00
aegilops
ce136684e6 Fixed formatting 2025-11-20 17:39:32 +00:00
aegilops
e904520779 Fixed formatting 2025-11-20 17:34:42 +00:00
aegilops
29a5b27b13 Removed bounds checking and only using literals - bounded() predicate did not work 2025-11-20 17:31:56 +00:00
Paul Hodgkinson
801cd72965 Merge branch 'main' into java-kotlin-sensitive-logging-substring-barriers 2025-11-20 12:24:22 +00:00
aegilops
1e67907516 Merge commit 2025-11-20 12:22:39 +00:00
aegilops
62ee6d3a33 Made changes requested by reviewers - bounded() for range checking, style and better comments 2025-11-20 11:46:42 +00:00
Paolo Tranquilli
b3c09389c8 Java: add missing QLDoc 
The check for QLDoc comments was unfortunately broken for some time, so
we missed this.
 2025-11-19 11:59:25 +01:00
Paolo Tranquilli
773b6c04a1 Merge branch 'main' into post-release-prep/codeql-cli-2.23.6 2025-11-18 13:44:21 +01:00
Anders Schack-Mulligen
fe7be22478 Merge pull request #20761 from aschackmull/java/ssa-shared 
Java: Replace SSA wrapper classes with shared implementation.
 2025-11-18 13:31:50 +01:00