Eric Bickle
4cb78ab3c7
Remove change notes
2023-10-11 13:08:56 -07:00
Henry Mercer
1a370bfbbe
Merge pull request #14443 from github/post-release-prep/codeql-cli-2.15.0
...
Post-release preparation for codeql-cli-2.15.0
2023-10-11 17:39:04 +01:00
github-actions[bot]
ae6af17c74
Post-release preparation for codeql-cli-2.15.0
2023-10-11 14:19:20 +00:00
Eric Bickle
7a4382fb69
Merge branch 'main' into fix/thread-resource-arithmetic
2023-10-10 09:38:16 -07:00
Eric Bickle
80c8259e34
Remove unnecessary AdditionalValueStep check
2023-10-10 09:35:45 -07:00
Michael Nebel
5c44f8bbad
Merge pull request #14370 from michaelnebel/java/enablethreatmodels
...
Java: Enable threat models for most Java queries.
2023-10-10 09:25:47 +02:00
Michael Nebel
cf3a62d201
Java: Address review comments.
2023-10-09 13:06:59 +02:00
erik-krogh
e3e8f3d7c4
Java: delete various outdated deprecations
2023-10-09 09:14:54 +02:00
Eric Bickle
4dca396106
Add change notes for ThreadResourceAbuse ArithExpr fix
2023-10-06 14:31:37 -07:00
Eric Bickle
000c1f7ec8
Java: Flow taint through ArithExpr for ThreadResourceAbuse
...
Ensure that tainted values flow through arithmetic operations when
checking for ThreadResourceAbuse vulnerabilities.
For example, multiplying 'number of seconds' by 1000 as an input
to Thread.Sleep, which accepts milliseconds, is a common scenario.
2023-10-06 14:24:37 -07:00
Michael Nebel
dca39348ab
Java: Add change note.
2023-10-06 15:09:16 +02:00
github-actions[bot]
9fe993bec3
Release preparation for version 2.15.0
2023-10-04 14:15:27 +00:00
Michael Nebel
40e63a63e2
Java: Re-factor most queries and tests to use threat models.
2023-10-04 14:01:58 +02:00
Henry Mercer
da92da2204
Bump minor versions of packs we regularly release
2023-10-03 16:31:23 +01:00
Henry Mercer
f3847b3f51
Merge branch 'main' into henrymercer/rc-3.11-mergeback
2023-10-03 16:30:23 +01:00
Koen Vlaswinkel
10231e99ce
Merge pull request #14199 from github/koesie10/add-java-model-editor-queries
...
Java: Add VS Code model editor queries
2023-09-28 10:13:13 +02:00
Koen Vlaswinkel
ced95e0f45
Java: Split API name column into separate columns
2023-09-25 10:16:59 +02:00
Koen Vlaswinkel
f4522edc95
Java: Remove unnecessary columns
2023-09-22 16:11:30 +02:00
Koen Vlaswinkel
7dc22e47d6
Java: Switch from problem to table query
2023-09-22 16:08:20 +02:00
Koen Vlaswinkel
9e2984770f
Java: Fix identification of supported endpoints in framework mode
2023-09-20 14:25:06 +02:00
Koen Vlaswinkel
73ebd21c33
Java: Refactor most of the logic out of the model editor query files
2023-09-20 14:13:28 +02:00
Koen Vlaswinkel
6e78aac6cc
Java: Rename CallableMethod to Endpoint
2023-09-20 13:57:27 +02:00
Koen Vlaswinkel
fee9640077
Java: Update query id/tags and documentation
2023-09-20 13:54:35 +02:00
Koen Vlaswinkel
fe7ce0ae0b
Java: Rename queries from fetch methods to endpoints
2023-09-20 13:52:49 +02:00
Koen Vlaswinkel
082a45400d
Java: Rename AutomodelVsCode to ModelEditor
2023-09-20 13:51:05 +02:00
github-actions[bot]
3acf5244b0
Post-release preparation for codeql-cli-2.14.6
2023-09-20 10:25:10 +00:00
github-actions[bot]
0a3670727f
Release preparation for version 2.14.6
2023-09-19 11:40:30 +00:00
intrigus-lgtm
874f91c7ae
Java: Further alert message improvement
...
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com >
2023-09-18 12:25:31 +02:00
Koen Vlaswinkel
0434cce4c3
Java: Fix formatting of AutomodelVsCode.qll file
2023-09-13 14:54:03 +02:00
Koen Vlaswinkel
95296f1518
Java: Use don't care expression for kind and provenance
2023-09-13 14:45:47 +02:00
Koen Vlaswinkel
7db082f3fd
Java: Add VS Code model editor queries
2023-09-13 13:04:26 +02:00
intrigus-lgtm
b6417ca212
Java: Fix alert message
...
The signing key that is being set, is _not_ what is being parsed.
A _JWT_ is being parsed, that will then be verified using the set key.
(Or in our case not, because we're looking for security problems :P)
2023-09-12 02:23:37 +02:00
github-actions[bot]
d699880c86
Post-release preparation for codeql-cli-2.14.4
2023-09-08 21:17:52 +00:00
github-actions[bot]
abf2b12b1c
Release preparation for version 2.14.4
2023-09-05 16:56:14 +00:00
Ian Lynagh
a2659eecfb
Merge pull request #14018 from igfoo/igfoo/extractor_information_kotlin1
...
Kotlin: Write usesK2 ("uses Kotlin 2") information to the database
2023-09-04 13:38:23 +01:00
Anders Starcke Henriksen
361ae1747e
Merge branch 'main' into starcke/automodel-pack
2023-08-30 09:25:28 +02:00
Jean Helie
41726f52a2
Merge pull request #13954 from github/kaeluka/add-provenance-to-metadata
...
Java: Automodel: Add Candidates for Regression Testing
2023-08-29 14:33:02 +01:00
Jean Helie
de76c0749a
Java: Automodel Framework Mode: Add Candidates for Regression Testing
2023-08-29 09:53:55 +01:00
Dave Bartolomeo
3343b78015
Merge pull request #14074 from github/post-release-prep/codeql-cli-2.14.3
...
Post-release preparation for codeql-cli-2.14.3
2023-08-28 13:34:10 -04:00
github-actions[bot]
3eba77421a
Post-release preparation for codeql-cli-2.14.3
2023-08-28 15:53:49 +00:00
Tony Torralba
0f3918af16
Merge pull request #13773 from atorralba/atorralba/java/mdht-xxe-sink
...
Java: Add XXE sinks for MDHT
2023-08-23 13:49:49 +02:00
Ian Lynagh
deaf912cb8
Kotlin: Add an integration test for extractor information
2023-08-22 16:39:18 +01:00
Michael Nebel
51f166d71e
Java: Address review comments.
2023-08-21 10:22:28 +02:00
Michael Nebel
5623ccf4a0
Java: Re-factor NeutralCallable to include all neutrals and introduce NeutralSummaryCallable.
2023-08-21 09:59:00 +02:00
github-actions[bot]
098dfb4242
Release preparation for version 2.14.3
2023-08-18 14:48:15 +00:00
Edward Minnix III
8d88af1af0
Apply docs review suggestions
...
Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com >
2023-08-17 13:05:38 -04:00
Ed Minnix
4eb1035dfe
Documentation fixes
2023-08-17 13:05:38 -04:00
Ed Minnix
b305962c9a
Use more appropriate description
2023-08-17 13:05:37 -04:00
Edward Minnix III
929090a847
Typos and style fixes
...
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com >
2023-08-17 13:05:37 -04:00
Ed Minnix
52ebf9fff6
Java: Add trust boundary change note
2023-08-17 13:05:37 -04:00
