hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 03:36:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
62,739 Commits 1,672 Branches 157 Tags
6af0bca7777a19cd40b71199e46e4b6cf1826979
Commit Graph

9988 Commits

Author SHA1 Message Date
Michael Nebel
6af0bca777 Java: Avoid generating contradicting summary and neutral summary models. 2024-01-12 13:36:23 +01:00
Michael Nebel
03d4025b99 Java: Add a testcase where both a neutral summary and summary is being generated. 2024-01-12 13:36:23 +01:00
Michael Nebel
81de9d35af C#/Java: Don't generate models if there exist a manual summary or neutral summary. 2024-01-12 13:35:22 +01:00
Owen Mansel-Chan
2f01688319 Merge pull request #15280 from owen-mc/java/add-manual-models-for-df-generation 
Java: improve models for some important JDK methods
 2024-01-11 12:47:37 +00:00
Max Schaefer
dba2e06a1d Merge pull request #15283 from github/max-schaefer/release-automodel-query-pack 
Release automodel extraction queries v0.0.12.
 2024-01-11 10:28:55 +00:00
Owen Mansel-Chan
9e2e01ff89 Update Top JDK APIs test expectation 2024-01-10 17:07:33 +00:00
Owen Mansel-Chan
33030417b4 Add change note 2024-01-10 15:48:28 +00:00
Ian Wright
75545db97c restore files, whether overriding or not 2024-01-10 11:40:31 +00:00
Max Schaefer
8d56ee4a56 Release automodel extraction queries v0.0.12. 2024-01-10 11:29:36 +00:00
Ian Wright
f793ce1e49 remove temp testing comments 2024-01-10 11:07:06 +00:00
Ian Wright
ed8422a2da remove need for CODEQL_DIST path 2024-01-10 11:07:06 +00:00
Ian Wright
0d2ec2d632 install codeql extension 2024-01-10 11:07:06 +00:00
Ian Wright
62bdaf069b use gh tool to access codeql 2024-01-10 11:07:05 +00:00
Ian Wright
30e5be68c9 temp comment for testing 2024-01-10 11:07:05 +00:00
Ian Wright
9895114e05 temp comment for testing 2024-01-10 11:07:05 +00:00
Ian Wright
0f76fbad36 better processing of args 2024-01-10 11:07:05 +00:00
Ian Wright
749f8b9807 fix help message 2024-01-10 11:07:05 +00:00
Ian Wright
00f4991648 support dry-run 
fix

fix

temp

temp

better support for dry-run

fix

fix

fix

fix

reinstate exits
 2024-01-10 11:07:05 +00:00
Tom Hvitved
c9cf2a899c Merge pull request #15260 from hvitved/dataflow/may-benefit-from-cctx-simplify 
Data flow: Remove column from `mayBenefitFromCallContext`
 2024-01-10 11:43:15 +01:00
Max Schaefer
ac8e92eec5 Merge pull request #15264 from github/max-schaefer/automodel-exclude-generated-calls 
Automodel: Do not generate features for compiler-generated program elements.
 2024-01-10 10:22:00 +00:00
Tony Torralba
d6082f8446 Merge pull request #14926 from ebickle/fix/update-gson-model 
Java: Improve Gson parse, get, and stream models
 2024-01-10 09:11:01 +01:00
Max Schaefer
9b7cfd88cd Clarify relationship of isFromSource and Element::fromSource. 2024-01-09 16:21:36 +00:00
Max Schaefer
3e8775daaa Automodel: Do not generate features for compiler-generated program elements. 
These have dummy locations, which breaks certain invariants that break downstream processing.
 2024-01-09 13:39:46 +00:00
Ian Lynagh
0bc1463ab0 Merge pull request #14941 from igfoo/igfoo/dff 
Kotlin 2: Accept some location changes
 2024-01-09 12:20:37 +00:00
Tom Hvitved
f90201eb56 Data flow: Remove column from mayBenefitFromCallContext 2024-01-09 11:34:43 +01:00
Eric Bickle
f6fa7120d9 Merge branch 'main' into fix/update-gson-model 2024-01-08 15:46:14 -08:00
Eric Bickle
929ce65af1 Remove zero width space characters. 2024-01-08 13:15:38 -08:00
Ed Minnix
55da62e9cf Remove stray comma 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2024-01-08 11:09:11 -05:00
Ed Minnix
b8466b45be Update change note date 2024-01-08 09:39:11 -05:00
Edward Minnix III
2440075402 Remove off-topic reference 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2024-01-08 09:39:10 -05:00
Edward Minnix III
3816271b3e Remove redundant CWE link 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2024-01-08 09:39:10 -05:00
Ed Minnix
2eff6b351c Add comment 2024-01-08 09:39:09 -05:00
Ed Minnix
16bb19e176 Add OWASP and CERT references 2024-01-08 09:39:08 -05:00
Ed Minnix
9f974415c0 Add references to CWE-454 (External Initialization of Trusted Variables) 2024-01-08 09:39:07 -05:00
Ed Minnix
97b29bb965 Add Java Tutorial reference 2024-01-08 09:39:06 -05:00
Edward Minnix III
938d52b86f Docs review suggestions 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2024-01-08 09:39:05 -05:00
Ed Minnix
a528db8958 Use MapMutation instead of MethodCall 2024-01-08 09:39:05 -05:00
Ed Minnix
e14be0e971 Add BAD markers to samples 2024-01-08 09:39:04 -05:00
Ed Minnix
709649e9df Model replace and putIfAbsent 2024-01-08 09:39:03 -05:00
Ed Minnix
1544330f3f Minor fixes for code review 2024-01-08 09:38:53 -05:00
Ed Minnix
4b9b27c395 change note 2024-01-08 09:38:52 -05:00
Edward Minnix III
18e8a27fca Reworded name and description 2024-01-08 09:38:51 -05:00
Edward Minnix III
1f37e70d83 Fix typos 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2024-01-08 09:38:51 -05:00
Ed Minnix
51006aa088 Formatting fix 2024-01-08 09:38:50 -05:00
Ed Minnix
6eff72f99a Include other map mutations 2024-01-08 09:38:49 -05:00
Ed Minnix
4fc6f710a4 Fix alert message 2024-01-08 09:38:48 -05:00
Ed Minnix
1550f5df2a Environment variable injection query documentation 2024-01-08 09:38:47 -05:00
Ed Minnix
f1f0f50c92 TaintedEnvironmentVariableQuery docs 2024-01-08 09:38:47 -05:00
Ed Minnix
818c5de8d5 security-severity metadata 2024-01-08 09:38:46 -05:00
Ed Minnix
d4e2b84348 Cleanup helper dataflow configuration 2024-01-08 09:38:45 -05:00