hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-13 13:41:08 +01:00
Code Issues Packages Projects Releases Wiki Activity
85,461 Commits 1,690 Branches 160 Tags
73eb3e262d8a3eabc866bcffab1e6b280241c9fc
Commit Graph

3307 Commits

Author SHA1 Message Date
Owen Mansel-Chan
a5d9cb179a Merge pull request #20930 from owen-mc/java/spring-rest-template-request-forgery-sinks 
Java: add more Spring RestTemplate request forgery sinks
 2026-01-15 14:23:15 +00:00
Owen Mansel-Chan
97e0b4e9fd Use parameter name to only select correct overloads 2026-01-15 10:36:03 +00:00
Anders Schack-Mulligen
9c1351c3fe Merge pull request #21149 from aschackmull/java/typeflow-partially-unbound 
Java: Add TypeFlow base case for partially unbound types.
 2026-01-13 12:31:38 +01:00
Anders Schack-Mulligen
8e2d74a7b1 Java: Add TypeFlow base case for partially unbound types. 2026-01-12 12:45:06 +01:00
Owen Mansel-Chan
d7acb75f9d Merge pull request #21055 from owen-mc/java/allow-mad-barriers 
Java: allow MaD barriers
 2026-01-09 10:27:48 +00:00
Owen Mansel-Chan
8c9318b1a0 Minor tweaks to QLDocs 2026-01-09 09:38:10 +00:00
Owen Mansel-Chan
766e908c79 Accept MaD sanitizers for existing sink kinds 2026-01-06 14:38:27 +00:00
Owen Mansel-Chan
81667d741a Rename classes for external sanitizers 2026-01-06 14:36:54 +00:00
yoff
cbc0100675 Apply suggestion from @Copilot 2025-12-16 10:11:05 +01:00
yoff
c6240e5a99 java: understand more initializers 
Whne a fiels is assigned a safe type in a constructor,
that field is not exposed.
 2025-12-16 10:11:05 +01:00
Tom Hvitved
d709343d38 Merge pull request #21011 from aschackmull/mad/shared-externalflow 
Java/C++/Go/C#: Share parts of ExternalFlow.qll
 2025-12-15 20:27:04 +01:00
Anders Schack-Mulligen
64a48e4e7b MaD: Use "namespace" instead "package" in shared code. 2025-12-12 13:57:02 +01:00
Anders Schack-Mulligen
7f8d0771df MaD: Rename file. 2025-12-12 13:50:58 +01:00
Tom Hvitved
0b81d44ec7 Rust: Apply same filtering of generated summaries as in C# and Java 2025-12-12 11:16:16 +01:00
Anders Schack-Mulligen
5bddc8d289 Go: Move Go package-grouping support into shared lib. 2025-12-12 09:17:51 +01:00
Anders Schack-Mulligen
07252519c8 Java/C++: Thread additional models through the shared lib. 2025-12-12 08:20:20 +01:00
Anders Schack-Mulligen
47dcf05a32 C++/Go/Java: Don't import top-level extensible predicates. 2025-12-12 08:20:19 +01:00
Anders Schack-Mulligen
3b334ea215 Java/C#: Share model coverage code. 2025-12-12 08:20:19 +01:00
Anders Schack-Mulligen
cb578e32ab Java: Move interpretModelForTest into shared code. 2025-12-12 08:20:17 +01:00
Anders Schack-Mulligen
4066c0d84a Java: Fix input/output naming. 2025-12-11 16:24:29 +01:00
Owen Mansel-Chan
87f58fe51a Convert regex injection barrier to MaD 2025-12-11 16:24:29 +01:00
Owen Mansel-Chan
44295e4c7d Convert XSS barrier to MaD 2025-12-11 16:24:28 +01:00
Owen Mansel-Chan
7e562f3150 Convert request forgery barrier guard to MaD 2025-12-11 16:24:28 +01:00
Owen Mansel-Chan
f6e3c77145 Convert path injection barrier to MaD 2025-12-11 16:24:27 +01:00
Owen Mansel-Chan
f6e40bd49d Convert trust boundary violation barrier and barrier guard to MaD 2025-12-11 16:24:26 +01:00
Anders Schack-Mulligen
8da65ec6d0 Java: Add support for boolean MaD barrier guards. 2025-12-11 16:24:25 +01:00
Anders Schack-Mulligen
d24b0ff596 Java: Basic support for pass-through barrier models. 2025-12-11 16:24:25 +01:00
Anders Schack-Mulligen
9cd2247b91 Java: expose support for more general BarrierGuards. 2025-12-10 12:23:52 +01:00
Anders Schack-Mulligen
ebb989962c Guards: Generalise ValidationWrapper to support GuardValue-based BarrierGuards. 2025-12-10 12:23:51 +01:00
Owen Mansel-Chan
5c8ab1f6d1 Merge pull request #20956 from owen-mc/java/improve-regex-sanitizer 
Java: improve regex sanitizer for `java/ssrf`
 2025-12-04 15:32:12 +00:00
Anders Schack-Mulligen
dc6d3fe7ba Use flowFrom. 2025-12-03 14:04:18 +01:00
Owen Mansel-Chan
a85d0ea8a3 Make tests pass 2025-12-02 17:08:16 +00:00
Owen Mansel-Chan
566aa8f201 Refactor regex sanitizer 
Move it to Sanitizers.qll and rename it to be more general (mostly
following Go).
 2025-12-02 16:04:39 +00:00
Owen Mansel-Chan
9f2a7f712a Apply suggestion from @owen-mc 2025-12-02 15:52:01 +00:00
Asger F
b8cff77cab Merge pull request #20873 from github/shared-xml-discard 
Share XML discard predicates
 2025-12-01 10:06:02 +01:00
Asger F
38a1bb0e29 Use string instead of @file in XML discards 2025-11-28 09:23:27 +01:00
Owen Mansel-Chan
992bd68d4b Use set literals #2 2025-11-28 03:48:50 +00:00
Owen Mansel-Chan
22b614ac48 Use set literals 2025-11-28 03:34:17 +00:00
Owen Mansel-Chan
62238fcbd7 Fix variable name in qldoc 2025-11-28 03:33:18 +00:00
Owen Mansel-Chan
89546cbc83 Fix qldoc inaccuracies 2025-11-28 01:09:07 +00:00
Owen Mansel-Chan
8debe49563 Correct mistake in qldoc 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-11-28 01:00:16 +00:00
Owen Mansel-Chan
969b0cf439 Add SSRF sinks for uriVariables arguments of more methods on Spring RestTemplate 2025-11-27 23:44:35 +00:00
Asger F
dbf14c190a Factor XML discard predicates into OverlayXml.qll 2025-11-26 11:48:32 +01:00
Owen Mansel-Chan
f0dec21b9b Merge branch 'main' into java-kotlin-sensitive-logging-substring-barriers 2025-11-25 23:24:58 +00:00
Owen Mansel-Chan
e37336d550 No need for getUnderlyingExpr to look through casts 2025-11-24 14:10:20 +00:00
Owen Mansel-Chan
d2fc6a7b5b Merge branch 'main' into java-kotlin-sensitive-logging-substring-barriers 2025-11-21 12:20:04 +00:00
Anders Schack-Mulligen
298e4cfcc5 Java: Recognize int-sized long literals. 2025-11-21 12:53:39 +01:00
Owen Mansel-Chan
ec381e4ec5 Use range analysis and improve tests 2025-11-21 10:31:50 +00:00
Anders Schack-Mulligen
30d68d8906 Java: Add missing deprecated annotations. 2025-11-21 10:14:13 +01:00
aegilops
ce136684e6 Fixed formatting 2025-11-20 17:39:32 +00:00