codeql

mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00

Author	SHA1	Message	Date
Tony Torralba	8001ae9669	Update java/ql/lib/semmle/code/java/security/ZipSlipQuery.qll Co-authored-by: Jami <57204504+jcogs33@users.noreply.github.com>	2023-06-07 09:08:24 +02:00
Tony Torralba	1601846478	Add exclusion to the ZipSlip query to avoid FPs	2023-06-06 10:28:49 +02:00
Tony Torralba	0065e6e1d6	Apply suggestions from code review Fix incorrect models-as-data rows	2023-06-06 10:04:22 +02:00
Tony Torralba	1ccec90c6f	Apply suggestions from code review Co-authored-by: Jami <57204504+jcogs33@users.noreply.github.com>	2023-06-06 09:10:18 +02:00
Tony Torralba	527fe523a8	Add PathCreation.qll sinks to models-as-data The old PathCreation sinks can't be removed because doing so would cause alert wobble in the path injection queries. See their getReportingNode predicates.	2023-06-02 09:14:35 +02:00
Jami	1a82e21fdb	Merge pull request #13136 from jcogs33/jcogs33/revamp-java-source-kinds Java: change `android-widget` MaD source kind to `remote`	2023-06-01 14:18:02 -04:00
Jami	617107de35	Merge pull request #12916 from jcogs33/jcogs33/revamp-java-sink-kinds Java: revamp MaD sink kinds	2023-06-01 12:48:30 -04:00
Jami Cogswell	de15013715	Java: remove RemoteFlowSources module	2023-06-01 12:25:26 -04:00
Jami Cogswell	5700a6eea4	Java: remove DefaultAndroidWidgetSources class	2023-06-01 12:25:26 -04:00
Jami Cogswell	119b446dbc	Java: add change note	2023-06-01 12:25:26 -04:00
Jami Cogswell	6722892828	Java: switch 'android-widget' source kind to 'remote'	2023-06-01 12:25:25 -04:00
Erik Krogh Kristensen	96a720cfa0	Merge pull request #13285 from erik-krogh/redoshelp ReDoS: fix whitespace in the samples in ReDoS.qhelp	2023-06-01 15:53:58 +02:00
Jami Cogswell	58845eca7c	Java: update recently added 'open-url' sinks to 'request-forgery'	2023-06-01 08:10:44 -04:00
Ian Lynagh	c28af7672d	Merge pull request #13286 from igfoo/igfoo/kotlin-1.9b Kotlin: Support 1.9.0	2023-06-01 13:02:04 +01:00
Jami	10bab71c60	Merge pull request #12249 from jcogs33/jcogs33/add-heuristic-neutral-models Java: add some neutral models discovered with heuristics	2023-06-01 07:51:55 -04:00
Tony Torralba	c1bd04e802	Merge pull request #13332 from atorralba/atorralba/java/gson-serializability Java: Fix GsonDeserializableField	2023-06-01 10:45:32 +02:00
github-actions[bot]	3ef08d5baf	Add changed framework coverage reports	2023-06-01 00:20:17 +00:00
Jami Cogswell	82f208ca7a	Java: add isNeutralSink test case	2023-05-31 17:47:36 -04:00
Jami Cogswell	51f8f98118	Java: update recently added 'sql' sinks	2023-05-31 15:51:07 -04:00
Jami Cogswell	ca8ac0c93f	Java: add comment about request-forgery sinks	2023-05-31 15:51:07 -04:00
Jami Cogswell	9853a66b32	Java: update change note	2023-05-31 15:51:07 -04:00
Jami Cogswell	3e5dc28c0a	Java: update more recently added sinks: path-injection and request-forgery	2023-05-31 15:51:07 -04:00
Jami Cogswell	6bb6802fb8	Java: add change note draft	2023-05-31 15:51:07 -04:00
Jami Cogswell	e28ce959a3	Java: update CaptureSinkModels test case	2023-05-31 15:51:07 -04:00
Jami Cogswell	ad771984f1	Java: update recently added path-injection sinks	2023-05-31 15:51:07 -04:00
Jami Cogswell	36e467e74a	Java: update cwe-sink.csv	2023-05-31 15:51:07 -04:00
Jami Cogswell	5dbb698481	Java: update open/jdbc-url sink kinds to request-forgery	2023-05-31 15:50:31 -04:00
Jami Cogswell	cb10f4976b	Java: update create/read-file sink kinds to path-injection	2023-05-31 15:49:07 -04:00
Jami Cogswell	eb1a8e2189	Java: update write-file sink kind to file-system-store	2023-05-31 15:49:07 -04:00
Jami Cogswell	ac8d985a63	Java: update xss sink kind to html-injection and js-injection	2023-05-31 15:49:07 -04:00
Jami Cogswell	041caa7405	Java: update header-splitting sink kind to response-splitting	2023-05-31 15:49:07 -04:00
Jami Cogswell	51df84ed1c	Java: update set-hostname-verifier sink kind to hostname-verification	2023-05-31 15:49:07 -04:00
Jami Cogswell	b23f384a50	Java: update intent-start sink kind to intent-redirection	2023-05-31 15:49:07 -04:00
Jami Cogswell	5aa3e57ff3	Java: update pending-intent-sent sink kind to pending-intents	2023-05-31 15:49:07 -04:00
Jami Cogswell	3ff4c7de8f	Java: update ldap sink kind to ldap-injection	2023-05-31 15:49:07 -04:00
Jami Cogswell	6d2d25406c	Java: update xslt sink kind to xslt-injection	2023-05-31 15:49:07 -04:00
Jami Cogswell	cea97b3f2a	Java: update mvel sink kind to mvel-injection	2023-05-31 15:49:06 -04:00
Jami Cogswell	6cee0c4c75	Java: update jexl sink kind to jexl-injection	2023-05-31 15:49:06 -04:00
Jami Cogswell	6431d370c1	Java: update groovy sink kind to groovy-injection	2023-05-31 15:49:06 -04:00
Jami Cogswell	430010daa3	Java: update logging sink kind to log-injection	2023-05-31 15:49:06 -04:00
Jami Cogswell	8c4b394e1a	Java: update ssti sink kind to template-injection	2023-05-31 15:49:06 -04:00
Jami Cogswell	fc58d10a4e	Java: update xpath sink kind to xpath-injection	2023-05-31 15:49:06 -04:00
Jami Cogswell	55be2e5b67	Java: update url-redirect sink kind to url-redirection	2023-05-31 15:49:06 -04:00
Jami Cogswell	d24d8b1626	Java: update sql sink kind to sql-injection	2023-05-31 15:49:06 -04:00
Ian Lynagh	82578af349	Kotlin: Use @files for compiler arguments Avoids problems with large line lengths.	2023-05-31 19:43:45 +01:00
Ian Lynagh	a13678c35c	Kotlin: Update expected test output	2023-05-31 19:43:45 +01:00
Ian Lynagh	0090429d53	Kotlin: Support 1.9.0	2023-05-31 19:43:45 +01:00
Arthur Baars	c211b704f3	Merge pull request #13272 from github/post-release-prep/codeql-cli-2.13.3 Post-release preparation for codeql-cli-2.13.3	2023-05-31 15:33:12 +02:00
Tony Torralba	282ee08ba9	Java: Fix GsonDeserializableField	2023-05-31 13:26:35 +02:00
Taus	b39a5a64af	Merge pull request #13317 from github/java/update-mad-decls-after-triage-2023-05-30T14-11-29 Java: Update MaD Declarations after Triage	2023-05-31 11:40:49 +02:00

1 2 3 4 5 ...

9766 Commits