codeql

mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00

Author	SHA1	Message	Date
Paolo Tranquilli	096a31dbef	Mark all integration tests as legacy This is in preparation for the new integration test framework. Tests marked thus will be run by the current framework and ignored by the new one.	2024-05-31 16:04:50 +02:00
Anders Schack-Mulligen	06ce40c687	Merge pull request #16561 from aschackmull/java/typeflow-effectively-private Java: Improve dispatch through TypeFlow of effectively private calls.	2024-05-31 15:11:18 +02:00
Mauro Baluda	48fc44baff	Add release notes	2024-05-30 23:21:12 +02:00
Mauro Baluda	bbe888c2b3	Update SpringCsrfProtection.qll	2024-05-30 23:13:08 +02:00
Mauro Baluda	e2479a7ce2	Disable csrf for ServerHttpSecurity	2024-05-30 23:08:57 +02:00
github-actions[bot]	906b65d09c	Post-release preparation for codeql-cli-2.17.4	2024-05-28 18:02:25 +00:00
github-actions[bot]	33b4ae8bbb	Release preparation for version 2.17.4	2024-05-28 15:44:32 +00:00
Anders Schack-Mulligen	5c635e982e	C++/C#/Java: Update expected output.	2024-05-27 11:01:52 +02:00
Anders Schack-Mulligen	5a259843bb	Dataflow: Switch call context to a set representation.	2024-05-27 11:01:52 +02:00
Anders Schack-Mulligen	bc8ca1af86	Dataflow: Introduce NodeRegions for use in isUnreachableInCall.	2024-05-27 11:01:51 +02:00
Anders Schack-Mulligen	5a7174dcbb	Merge pull request #16500 from aschackmull/java/static-field-side-effect Java: Add support for flow through side-effects on static fields.	2024-05-24 09:19:31 +02:00
Michael Nebel	78d4745722	Merge pull request #16578 from michaelnebel/java/dontliftneutral Java: Do not lift neutrals in Model generation.	2024-05-24 09:19:20 +02:00
Dave Bartolomeo	f498e05099	Merge branch 'main' into dbartol/v1	2024-05-23 14:37:28 -04:00
Dave Bartolomeo	613ccaac1d	Add change note to all v1.0.0 packs	2024-05-23 13:01:22 -04:00
Arthur Baars	b2c64eabd4	Merge pull request #16572 from github/aibaars-patch-2 Java: include link to `remote source` in TrustBoundaryViolation.ql	2024-05-23 18:16:11 +02:00
Michael Nebel	9cf0995720	Java: Update test expected output.	2024-05-23 16:33:04 +02:00
Michael Nebel	6f5bdfba65	Java: Do not lift neutrals and only generate for public endpoints.	2024-05-23 16:32:45 +02:00
Arthur Baars	b5b5fef642	Switch source and sink in TrustBoundaryViolation.ql	2024-05-23 15:53:12 +02:00
Arthur Baars	5c4eb3c943	Java: add change note	2024-05-23 13:06:01 +00:00
Michael Nebel	1e54422662	Java: Add neutral implementations.	2024-05-23 15:00:23 +02:00
Anders Schack-Mulligen	4905612905	Merge pull request #16573 from aschackmull/java/dispatch-joinorder Java: Fix join-order in viableImplInCallContext.	2024-05-23 14:48:25 +02:00
Arthur Baars	d540675b9e	Update TrustBoundaryViolation.ql	2024-05-23 12:04:47 +00:00
Anders Schack-Mulligen	1bc3f6b0e7	Java: Add change note.	2024-05-23 13:03:06 +02:00
Anders Schack-Mulligen	bf3dbc24de	Java: Add support for flow through side-effects on static fields.	2024-05-23 12:57:57 +02:00
Anders Schack-Mulligen	4b3e35ed52	Java: Fix join-order in viableImplInCallContext.	2024-05-23 12:49:57 +02:00
Anders Schack-Mulligen	70d3be0a3a	Java: Fix test.	2024-05-23 11:24:11 +02:00
Anders Schack-Mulligen	b519f13600	Java: Add change note.	2024-05-23 10:50:16 +02:00
Anders Schack-Mulligen	527dafa346	Java: Improve dispatch through TypeFlow of effectively private calls.	2024-05-23 10:50:16 +02:00
Anders Schack-Mulligen	f353065d26	Java: Allow overloading for exact model matches.	2024-05-23 10:50:01 +02:00
Anders Schack-Mulligen	0f864081cb	Java: Remove source dispatch when there's an exact match from a manual model.	2024-05-23 10:50:00 +02:00
Owen Mansel-Chan	0cc868c742	Merge branch 'main' into workflow/coverage/update	2024-05-23 07:49:02 +01:00
Tony Torralba	d202355b07	Merge pull request #16553 from atorralba/atorralba/java/xxe-qhelp-reword Java: Reword recommendation section of XXE query	2024-05-23 08:48:29 +02:00
github-actions[bot]	0f2d0c098f	Add changed framework coverage reports	2024-05-23 00:16:44 +00:00
Dave Bartolomeo	ffe4c8c87b	Update all pack versions to `1.0.0`	2024-05-22 13:39:08 -04:00
Anders Schack-Mulligen	15a7c3faeb	Java: Accept qltest .expected file changes.	2024-05-22 15:42:40 +02:00
Anders Schack-Mulligen	a650499a9c	Java: Accept qltest .expected file changes (interesting).	2024-05-22 15:42:12 +02:00
Anders Schack-Mulligen	de5c69d0a1	Merge pull request #16551 from aschackmull/java/model-fixes Java: Revise some jdk time-related models	2024-05-22 14:05:23 +02:00
Anders Schack-Mulligen	a078dcf1f2	Merge pull request #16550 from aschackmull/java/zipslip-number-sanitizer Java: Improve sanitizer for java/zipslip	2024-05-22 12:43:44 +02:00
Tony Torralba	5ec3335b07	Java: Reword recommendation section of XXE query	2024-05-22 11:34:19 +02:00
Anders Schack-Mulligen	a74cf6501a	Java: update qltest expected files.	2024-05-22 11:13:06 +02:00
Michael Nebel	84e412fe36	Merge pull request #16477 from michaelnebel/csharp/madinlinetest C#: Inline expectation for model generator test.	2024-05-22 11:05:23 +02:00
Anders Schack-Mulligen	ba97c3623a	Java: Change most java.time.* df-generated taint models to neutrals.	2024-05-22 10:29:54 +02:00
Anders Schack-Mulligen	54f2316d00	Java: Add a neutral model.	2024-05-22 10:29:49 +02:00
Anders Schack-Mulligen	7828cb8f5a	Java: Add change note.	2024-05-22 10:27:33 +02:00
Anders Schack-Mulligen	d82acf5866	Java: Add simple type sanitization to java/zipslip.	2024-05-22 10:23:30 +02:00
Tom Hvitved	bebcd679a4	Address review comments	2024-05-21 14:51:52 +02:00
Rasmus Wriedt Larsen	2451a6d3f6	Accept `.expected` changes	2024-05-21 14:47:42 +02:00
Tom Hvitved	454687d583	Data flow: Synthesize parameter return nodes	2024-05-21 14:47:42 +02:00
Michael Nebel	78b8a9259a	Share the Models as Data inline expect predicates.	2024-05-17 09:44:57 +02:00
Owen Mansel-Chan	a8201a19ae	Merge pull request #16506 from github/smowton/admin/gradle-version-detection-change-note Java: Add change note for Gradle JDK version detection	2024-05-16 17:11:03 +01:00

1 2 3 4 5 ...

11930 Commits