12764 Commits

Author	SHA1	Message	Date
REDMOND\brodes	86cab46b8d	Misc. updates to support all JCA cipher operations, including wrap, unwrap and doFinal calls. Corrected pathing for init tracing to detect what mode is being set along a path. Added support for tracing the init operation mode argument to source. Since this involved creating an Operation Mode, changes were also made to make cipher block modes (CBC) more explicit (previously just called mode, but now that term is used for various purposes).	2025-02-21 12:53:35 -05:00
REDMOND\brodes	9ac9252f75	Adding a todo	2025-02-20 11:11:41 -05:00
REDMOND\brodes	011ed3fbfd	Simplifying additional flow step logic.	2025-02-20 11:10:24 -05:00
REDMOND\brodes	9ee4a7a7b8	Adding a sketch for a CipherOperation concept to model encryption/decryption operations.	2025-02-20 10:37:40 -05:00
REDMOND\brodes	3871c6a33e	Adding support for encryption operation detection.	2025-02-18 16:09:00 -05:00
Nicolas Will	8707e4d9a3	Continue Artifact data-flow WIP	2025-02-18 18:35:49 +01:00
Nicolas Will	df01fa7a9c	Expand model and JCA modeling	2025-02-17 00:16:08 +01:00
Nicolas Will	b777a22d35	Expand model and specialize newtype relations	2025-02-14 23:43:07 +01:00
Nicolas Will	874e3b5e06	Modify model to use newtypes, expand modeling	2025-02-12 17:58:15 +01:00
Nicolas Will	4d44755945	Refactor Model and CBOM print queries	2025-02-11 15:37:15 +01:00
Kristen Newbury	1a12fb3099	Update JCA model, refactor modes	2025-02-10 13:49:32 -05:00
Kristen Newbury	59208bdb85	Update JCA model to use shared lib	2025-02-10 12:22:22 -05:00
Kristen Newbury	6005437001	Update JCA model with flow to call as AESuse and format JCA model	2025-02-10 11:26:48 -05:00
Kristen Newbury	60d931af9f	Update progress on JCA	2025-02-07 15:46:13 -05:00
Kristen Newbury	efcf7eab0c	Add broken crypto query	2025-02-05 17:24:25 -05:00
Kristen Newbury	86e51dad8a	Improve JCA aes alg model, add test	2025-02-05 13:39:48 -05:00
Kristen Newbury	5f355c7f55	Add first sample JCA encryption model	2025-02-04 11:55:09 -05:00
Tom Hvitved	303b11ec36	Merge pull request #18298 from hvitved/rust/mad-source-sink ... Rust: Add support for MaD sources and sinks with access paths	2025-01-10 11:49:51 +01:00
yoff	b263132ab2	Merge pull request #17998 from yoff/shared/locations-in-range-analysis	2025-01-09 14:05:54 +01:00
Owen Mansel-Chan	0f8f5d2793	Merge branch 'main' into post-release-prep/codeql-cli-2.20.1	2025-01-08 16:28:23 +00:00
yoff	21e7a0e828	Merge branch 'main' into shared/locations-in-range-analysis	2025-01-08 16:40:59 +01:00
Tom Hvitved	868caf948c	Rename {Source,Sink}Node to {Source,Sink}Element	2025-01-08 15:21:43 +01:00
github-actions[bot]	fb20f6ca63	Post-release preparation for codeql-cli-2.20.1	2025-01-07 22:07:40 +00:00
github-actions[bot]	88b6f1e79a	Release preparation for version 2.20.1	2025-01-07 20:50:36 +00:00
Dave Bartolomeo	72a53c4b23	Revert "Release preparation for version 2.20.1"	2025-01-07 13:32:23 -05:00
github-actions[bot]	fbf9f2fff8	Release preparation for version 2.20.1	2025-01-07 17:20:13 +00:00
Dave Bartolomeo	22e030584c	Revert "Release preparation for version 2.20.1"	2025-01-07 12:14:27 -05:00
Chris Smowton	dd0012edcb	ASCII	2025-01-06 23:28:02 +01:00
Chris Smowton	03c6529961	Spelling	2025-01-06 22:46:22 +01:00
github-actions[bot]	a121c5a5d0	Release preparation for version 2.20.1	2025-01-06 18:20:22 +00:00
Chris Smowton	d0eab598b1	Change note	2025-01-06 14:44:12 +00:00
Chris Smowton	5c2df36786	Exclude classes with a writeReplace method from serializability checks	2025-01-06 14:42:44 +00:00
Tom Hvitved	1b31c90d26	Implement FlowSummaryImpl stubs	2025-01-06 13:26:51 +01:00
Asger F	be939dca29	Merge pull request #14350 from asgerf/shared/deduplicate-path-graph ... Shared: Add DataFlow::DeduplicatePathGraph	2024-12-18 14:04:29 +01:00
Asger F	8340841d54	Shared: Fix propagation of call bit	2024-12-17 11:16:04 +01:00
Asger F	950ae44d03	Shared: Show test failures	2024-12-17 11:15:57 +01:00
Michael Nebel	aaf0cd5dee	Merge pull request #17968 from michaelnebel/java/movetestutils ... Move test utilities to the query pack.	2024-12-16 13:41:30 +01:00
Asger F	f2968f4e14	Shared: Ensure subpath-induced edges are handled properly ... Argument-passing and flow-through edges are present in 'edges' in addition to 'subpaths', but the implementation didn't take this into account.	2024-12-16 13:21:43 +01:00
Michael Nebel	0bfc1b6ea8	Also move the postprocessing queries to the library pack.	2024-12-12 15:03:03 +01:00
Michael Nebel	941b0abbf6	Move modules to the library packs.	2024-12-12 15:03:01 +01:00
Owen Mansel-Chan	8703e21f62	Merge pull request #17996 from owen-mc/java/lightweight-IR-layer-classes ... Java: Make separate classes for different control flow node kinds	2024-12-12 13:36:54 +00:00
Owen Mansel-Chan	8e11789186	Restore asStmt, asExpr and asCall to Node ... It doesn't really make sense to define them in terms of dispatch.	2024-12-12 12:30:01 +00:00
Michael Nebel	0a1d2d0bbb	Java: Update all test util paths to point to the new location.	2024-12-12 13:21:25 +01:00
Michael Nebel	91cfb30513	Java: Move test utilities to the java query pack.	2024-12-12 13:21:22 +01:00
Owen Mansel-Chan	066db766ef	Merge pull request #18153 from owen-mc/java/resttemplate-getforobject ... Java: add SSRF sink model for the third parameter of `RestTemplate.getForObject`	2024-12-11 16:37:35 +00:00
Jami	538dee81b6	Merge pull request #18214 from jcogs33/jcogs33/java/file-getname-path-sanitizer ... Java: add File.getName as a path injection sanitizer	2024-12-11 10:18:02 -05:00
Owen Mansel-Chan	1420bce36a	Move import statement in SpringWebClient.qll	2024-12-11 14:19:24 +00:00
Anders Schack-Mulligen	066cfa31d2	Merge pull request #18258 from aschackmull/dataflow/simplify-apapprox3 ... Dataflow: Simplify references to access paths from prior stage.	2024-12-11 14:23:31 +01:00
Asger F	889100a243	Java: update test output with provenance	2024-12-11 13:19:47 +01:00
Asger F	afdbf2c3c6	Java: update test to account for key,val	2024-12-11 13:19:36 +01:00