hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
57,369 Commits 1,672 Branches 157 Tags
69aa099ed1e74fcbb8e6b51a9551e4df877a5737
Commit Graph

10178 Commits

Author SHA1 Message Date
Jami
5862cd2378 Merge pull request #13889 from jcogs33/jcogs33/fix-some-models 
Java: remove duplicate models
 2023-08-07 08:46:18 -04:00
Edward Minnix III
58d8a2d77f Merge pull request #13899 from egregius313/egregius313/random-nextbytes-typo-fix 
Java: Fix typo in `StdlibRandomSource::getOutput`
 2023-08-07 07:36:44 -04:00
Tom Hvitved
2126ab0dde Merge pull request #13901 from hvitved/dataflow/refactor 
Data flow: Refactor shared library
 2023-08-07 13:22:53 +02:00
Ian Lynagh
0d97c1c54a Merge pull request #13837 from igfoo/igfoo/nullFunLabel 
Kotlin: Pass on a parentId and remove some redundant braces
 2023-08-07 12:19:22 +01:00
Michael Nebel
e62ec888c0 Merge pull request #13506 from michaelnebel/java/threatmodels 
Java: Threat Models
 2023-08-07 12:50:01 +02:00
Tom Hvitved
693970f243 Java: Adjust to data flow refactor 2023-08-07 11:35:23 +02:00
Ed Minnix
23e2eb11dd Change note 2023-08-07 00:23:58 -04:00
Ed Minnix
fe4eef0bcb Fix typo, replace getBytes with nextBytes 2023-08-07 00:16:47 -04:00
Jami Cogswell
19622aec49 Java: remove duplicate 'Files.newOutputStream' ai model 2023-08-04 14:06:57 -04:00
Jami Cogswell
e64d581f7a Java: remove duplicate 'Files.newInputStream' ai model 2023-08-04 14:05:05 -04:00
Jami Cogswell
d2a24dee7f Java: remove duplicate 'Files.delete' ai model 2023-08-04 14:02:59 -04:00
Jami Cogswell
516831aa41 Java: remove duplicate 'Files.move' ai model 2023-08-04 14:01:27 -04:00
Jami Cogswell
c510d33fbf Java: remove duplicate 'Files.deleteIfExists' ai model 2023-08-04 13:52:18 -04:00
Mathias Vorreiter Pedersen
abe3a816ce Merge pull request #13851 from MathiasVP/sink-without-states 
DataFlow: Support stateless `isSink` in `StateConfigSig`s
 2023-08-04 18:01:42 +02:00
Michael Nebel
9c4d77a925 Java: Address review comments. 2023-08-04 13:47:30 +02:00
Tony Torralba
586c8803c5 Move the sources back the .ql files 
Otherwise they would both apply at the same time, making both versions of the query identical.
 2023-08-04 10:02:56 +02:00
Tony Torralba
e9bad321b6 Apply suggestions from code review 2023-08-04 09:21:45 +02:00
Paul Hodgkinson
fba37aa7c9 Merge branch 'main' into java/experimental/command-injection 2023-08-03 14:12:38 +01:00
aegilops
fc7f8409be Fix up for code review 2023-08-03 13:50:40 +01:00
aegilops
3658710578 Fixed formatting, committed expected test results 2023-08-03 13:50:40 +01:00
Mathias Vorreiter Pedersen
3007fdab5e Sync identical files. 2023-08-02 14:33:33 +02:00
Anders Schack-Mulligen
7bc8bf616f Merge pull request #13863 from aschackmull/dataflow/pack4 
Dataflow: Move the shared library to a properly shared qlpack.
 2023-08-02 14:19:49 +02:00
Stephan Brandauer
cb55b10edc Merge pull request #13788 from github/kaeluka/automodel-telemetry-testing 
Java: Tests for Automodel Extraction Queries
 2023-08-01 15:30:26 +02:00
Anders Schack-Mulligen
405a3a73d1 Java: Remove irrelevant import. 2023-08-01 14:31:30 +02:00
Anders Schack-Mulligen
15da4ee009 Merge pull request #13856 from aschackmull/java/maybebrokencrypto-barrier 
Java: Make the barrier in java/potentially-weak-cryptographic-algorithm less restrictive
 2023-08-01 14:20:44 +02:00
Anders Schack-Mulligen
c34c667e6b Java: Adjust to use the qlpack data-flow api. 2023-08-01 13:47:09 +02:00
Anders Schack-Mulligen
d7ea60e137 Java: Move data flow lib. 2023-08-01 13:47:08 +02:00
Michael Nebel
4568cccd71 Java: Add some unit tests for sourceModelKindConfig. 2023-08-01 12:56:13 +02:00
Michael Nebel
a9bc23fa3e Java: Add threat model configuration related extensible predicates and some initial tuples. 2023-08-01 12:56:13 +02:00
Tony Torralba
b5d08ade59 Formatting 2023-08-01 09:35:25 +02:00
Anders Schack-Mulligen
e73e312e10 Java: Add change note. 2023-08-01 09:28:56 +02:00
Stephan Brandauer
621c05dc4b Java: format 2023-08-01 09:19:03 +02:00
Stephan Brandauer
bc3e78f034 Java: add automodel framework mode test case for newly supported interface-method parameter extraction 2023-08-01 09:18:58 +02:00
Stephan Brandauer
058236877e Java: Drive-by: fix oversight in #13823 
In PR #13823, we had rewritten the endpoints that are being considered for framework mode. We used to use `DataFlow::ParameterNode` as endpoints.
However, `ParameterNode`s do not exist for the implicit `this` parameter; they also do not exist for bodiless interface-methods.

In PR #13823, we forgot to model that `this` only exists for non-static methods and to only consider parameters that we have source code for.
 2023-08-01 09:18:58 +02:00
Stephan Brandauer
5ad984f22f Java: update text expectations after merging #13823 2023-08-01 09:18:58 +02:00
Stephan Brandauer
da87d82d08 Java: fix a comment 2023-08-01 09:18:58 +02:00
Stephan Brandauer
be629b27ed Java: Automodel package private test case 2023-08-01 09:18:57 +02:00
Stephan Brandauer
f5c4155d63 Java: Automodel tests: update after merging #13818 2023-08-01 09:18:57 +02:00
Stephan Brandauer
44b8ec642e Java: merge framework mode tests into one 2023-08-01 09:18:57 +02:00
Stephan Brandauer
8cc367c45e Java: merge application mode tests into one 2023-08-01 09:18:57 +02:00
Stephan Brandauer
37b6b46dbf Java: update extraction query tests after merging PR #13747 2023-08-01 09:18:57 +02:00
Stephan Brandauer
50603102d1 Java: tests for automodel application mode, test that local calls are not candidates 2023-08-01 09:18:57 +02:00
Stephan Brandauer
457604e37e Java: tests for automodel framework mode negative example extraction 2023-08-01 09:18:57 +02:00
Stephan Brandauer
938a7a788f Java: tests for automodel application mode negative example extraction 2023-08-01 09:18:57 +02:00
Stephan Brandauer
abed936556 Java: tests for automodel framework mode positive example extraction 2023-08-01 09:18:57 +02:00
Stephan Brandauer
1bc222ec40 Java: tests for automodel application mode positive example extraction 2023-08-01 09:18:57 +02:00
Stephan Brandauer
2e89a11949 Java: tests for automodel application mode candidate extraction 2023-08-01 09:18:56 +02:00
Stephan Brandauer
18fe587e75 Java: tests for automodel framework mode candidate extraction 2023-08-01 09:18:56 +02:00
github-actions[bot]
b547ae7c2f Add changed framework coverage reports 2023-08-01 00:18:36 +00:00
Paul Hodgkinson
3bc7cf6ac7 Merge branch 'main' into java/experimental/command-injection 2023-07-31 19:14:55 +01:00