hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-31 20:58:16 +02:00
Code Issues Packages Projects Releases Wiki Activity
86,698 Commits 1,723 Branches 164 Tags
59eec7ffa2ec135cd91347e8868eaeb65ef1c45f
Commit Graph

813 Commits

Author SHA1 Message Date
Óscar San José
59eec7ffa2 Merge branch 'main' of https://github.com/github/codeql into post-release-prep/codeql-cli-2.25.1 2026-03-30 10:51:12 +02:00
Kaixuan Li
b595a70384 Update java/ql/lib/change-notes/2026-03-28-tainted-arithmetic-bounds-check.md 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-03-29 11:45:27 +08:00
Kaixuan Li
938039d82c Merge branch 'main' into fix/tainted-arithmetic-bounds-check-barrier 2026-03-29 10:25:39 +08:00
Owen Mansel-Chan
2b8558706f Add sentence to change note. 2026-03-28 16:39:16 +00:00
Owen Mansel-Chan
ea9b99f67c Rephrase change note 2026-03-28 16:36:39 +00:00
MarkLee131
0c5e89a68e Exclude bounds-check arithmetic from tainted-arithmetic sinks 
The java/tainted-arithmetic query now recognizes when an arithmetic
expression appears directly as an operand of a comparison (e.g.,
`if (off + len > array.length)`). Such expressions are bounds checks,
not vulnerable computations, and are excluded via the existing
overflowIrrelevant predicate.

Add test cases for bounds-checking patterns that should not be flagged.
 2026-03-28 17:39:40 +08:00
MarkLee131
da4a2238bc Address PR review: add Signature.getInstance sink, HMAC/PBKDF2 whitelist, fix test APIs 
- Model Signature.getInstance() as CryptoAlgoSpec sink (previously only
  Signature constructor was modeled)
- Add HMAC-based algorithms (HMACSHA1/256/384/512, HmacSHA1/256/384/512)
  and PBKDF2 to the secure algorithm whitelist
- Fix XDH/X25519/X448 tests to use KeyAgreement.getInstance() instead of
  KeyPairGenerator.getInstance() to match their key agreement semantics
- Add test cases for SHA384withECDSA, HMACSHA*, and PBKDF2WithHmacSHA1
  from user-reported false positives
- Update change note to document all additions
 2026-03-28 16:53:46 +08:00
MarkLee131
a9449cc991 Add EC to secure algorithm whitelist for Java CWE-327 query 2026-03-28 16:48:58 +08:00
github-actions[bot]
fb011842c9 Release preparation for version 2.25.1 2026-03-25 23:43:06 +00:00
github-actions[bot]
8cf0954796 Release preparation for version 2.25.1 2026-03-25 08:28:30 +00:00
github-actions[bot]
d6055754b6 Release preparation for version 2.25.0 2026-03-16 12:15:34 +00:00
Óscar San José
3b9eba2afc Merge branch 'main' of https://github.com/github/codeql into oscarsj/merge-back-rc-3.21 2026-03-06 16:20:36 +01:00
Anders Schack-Mulligen
8ef4be49aa Merge pull request #21412 from aschackmull/java/binary-assignment 
Java: Make Assignment extend BinaryExpr.
 2026-03-05 13:19:45 +01:00
Owen Mansel-Chan
c82f75604a Add change notes 2026-03-05 10:34:30 +00:00
Anders Schack-Mulligen
ea77c0d86c Java: Add change note. 2026-03-05 11:32:00 +01:00
github-actions[bot]
7795badd18 Release preparation for version 2.24.3 2026-03-02 13:23:40 +00:00
Anders Schack-Mulligen
0d0711f2a7 Java: Add change note. 2026-02-23 15:10:02 +01:00
Owen Mansel-Chan
94e3d86f6a Merge pull request #21319 from owen-mc/java/javax-jakarta 
Java: Always use both "javax" and "jakarta" at the beginning of Jave EE packages
 2026-02-17 08:31:52 +00:00
github-actions[bot]
ef04f927fb Release preparation for version 2.24.2 2026-02-16 13:29:25 +00:00
Owen Mansel-Chan
597be6a1c0 Add change note 2026-02-16 12:01:15 +00:00
Owen Mansel-Chan
6da3a4557e Add change note 2026-02-16 11:02:17 +00:00
Owen Mansel-Chan
47a9f87d9b Merge pull request #21310 from owen-mc/java/regex-execution 
Java: Add RegexMatch concept and recognise `@Pattern` annotation as sanitizer
 2026-02-16 09:11:47 +00:00
Owen Mansel-Chan
c539c2f4fd Add change note 2026-02-12 16:57:12 +00:00
Anders Schack-Mulligen
5c53677051 Java: Deprecate UnreachableBlocks. 2026-02-12 11:06:34 +01:00
Anders Fugmann
c5179e40c6 Kotlin: Add change note for supporting 2.3.10 2026-02-06 14:59:34 +01:00
Anders Schack-Mulligen
2d02908e7f Java: Add change note. 2026-02-04 14:43:32 +01:00
Henry Mercer
5f1fd57f84 Fix formatting of Kotlin version ranges 2026-02-02 12:22:50 +00:00
Henry Mercer
38fcc61817 Fix formatting in Kotlin changelog 2026-02-02 12:10:15 +00:00
github-actions[bot]
0db542e9f0 Release preparation for version 2.24.1 2026-02-02 12:09:09 +00:00
Anders Peter Fugmann
78495035a6 Merge pull request #20965 from github/andersfugmann/kotlin_2.3.0-beta2 
Kotlin: Support Kotlin 2.3.0
 2026-01-30 11:37:19 +01:00
Owen Mansel-Chan
a35e7b27af Merge pull request #21226 from owen-mc/java/update-qhelp-unrelease-lock 
Java: Improve qhelp for `java/unreleased-lock` and add lock type exclusion
 2026-01-28 09:46:31 +00:00
Anders Fugmann
6d60595d73 Kotlin: Add changenotes for Kotlin 2.3 support and removal of support for Kotlin 1.6 and 1.7 2026-01-28 09:30:21 +01:00
Anders Peter Fugmann
f4edff9452 Merge pull request #21216 from github/andersfugmann/kotlin_extractor_load_last 
Kotlin: Load kotlin extractor last
 2026-01-28 09:22:46 +01:00
Owen Mansel-Chan
a0c35516bd Add change note 2026-01-27 15:48:04 +00:00
Mads Navntoft
b7125a009e Merge pull request #21221 from github/navntoft/struts 
Java: Add support for Struts 7.x package names
 2026-01-27 15:53:26 +01:00
Mads Navntoft
ede05b54ea Java: Add change note for Struts 7.x package name support 2026-01-27 13:00:16 +01:00
Anders Fugmann
73850f1b56 Kotlin: Add changenote 2026-01-26 13:27:34 +01:00
Tom Hvitved
0f6bae0ae1 Add change notes 2026-01-26 12:40:22 +01:00
Michael B. Gale
f76211c64a Merge pull request #21136 from github/mbg/java/maven-plugin-repo-changenote 
Java: Add change note for plugin repo support
 2026-01-26 10:44:51 +00:00
github-actions[bot]
4142b9c4ce Release preparation for version 2.24.0 2026-01-19 14:49:14 +00:00
Owen Mansel-Chan
a5d9cb179a Merge pull request #20930 from owen-mc/java/spring-rest-template-request-forgery-sinks 
Java: add more Spring RestTemplate request forgery sinks
 2026-01-15 14:23:15 +00:00
Ian Lynagh
dcd0a69759 Merge remote-tracking branch 'upstream/main' into igfoo/mb 2026-01-13 01:01:35 +00:00
Chris Smowton
634e9e6c39 Reapply "Change note" 
This reverts commit 688f10daf1.
 2026-01-09 13:42:48 +00:00
Michael B. Gale
157487d8f2 Java: Add change note for plugin repo support 2026-01-09 12:49:12 +00:00
Owen Mansel-Chan
8a80158959 Merge pull request #17590 from Kwstubbs/java-mad-test 
Java: FileUpload Support MaD
 2026-01-08 13:33:55 +00:00
Chris Smowton
d048d394b4 Merge pull request #21117 from smowton/smowton/admin/revert-java-paths-directives 
Java: revert filtering of ancillary data extraction
 2026-01-07 16:13:21 +00:00
Owen Mansel-Chan
6a3c74c989 Merge pull request #20999 from joefarebrother/java-spring-websocket 
Java: Add models for spring WebSocketHandler
 2026-01-07 13:29:19 +00:00
Chris Smowton
688f10daf1 Revert "Change note" 
This reverts commit 6fb6923f63.
 2026-01-07 13:20:17 +00:00
Chris Smowton
6fb6923f63 Change note 2026-01-06 10:59:06 +00:00
github-actions[bot]
c00663766e Release preparation for version 2.23.9 2026-01-05 11:57:06 +00:00