hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-24 00:16:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
24,681 Commits 1,714 Branches 163 Tags
89ce04dcb943f3e0ebc2e06fc63067bf14ec5a67
Commit Graph

24681 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Benjamin Muskalla
89ce04dcb9 Pull usage count into where clause 2021-09-03 11:26:22 +02:00
Benjamin Muskalla
2edb32f344 Fix naming 2021-09-03 10:59:35 +02:00
Benjamin Muskalla
6ede08e3c9 Remove dead code 2021-09-03 10:53:24 +02:00
Benjamin Muskalla
99e19e6d59 Fix predicate to only match the current API 2021-08-17 16:26:08 +02:00
Benjamin Muskalla
035f7b57e9 Improve query name 2021-08-17 16:25:49 +02:00
Benjamin Muskalla
1d3bcdf522 Align tests with new query structure 2021-08-16 21:55:00 +02:00
Benjamin Muskalla
87ef540b52 Split out queries showing supported APIs 2021-08-16 16:38:32 +02:00
Benjamin Muskalla
89f4a35273 Remove filter to see all unsupported APIs 2021-08-16 15:40:53 +02:00
Benjamin Muskalla
8aba0b04bc Add QLDoc for all shared libraries 2021-08-11 16:07:24 +02:00
Benjamin Muskalla
26ffe6c03d Add tests for telemetry queries 2021-08-11 15:32:09 +02:00
Benjamin Muskalla
6287e6d8e9 Filter unused API callsites 2021-08-11 15:31:56 +02:00
Benjamin Muskalla
ec7f4d18e1 Avoid duplicates and support modular runtime 2021-08-11 15:31:33 +02:00
Benjamin Muskalla
8127f63b1e Only include APIs without support 2021-08-10 12:05:16 +02:00
Benjamin Muskalla
26d4269071 Use FlowSources for coverage tracking 2021-08-10 12:02:56 +02:00
Benjamin Muskalla
c48586ff80 Implement coverage tracking using dataflow nodes 2021-08-10 11:38:01 +02:00
Benjamin Muskalla
5b55a83aaa Use basename for jars 2021-08-10 11:37:19 +02:00
Benjamin Muskalla
60c7003667 Optimize return type check 2021-08-02 17:14:44 +02:00
Benjamin Muskalla
fda394858b Turn external API query into diagnostics query 
* Expose (partial) CSV model for the API
* Rework and simplify predicates
 2021-08-02 17:14:44 +02:00
Benjamin Muskalla
8595ae71f7 Simplify api coverage detection 
Fixes a bug that doesn't take super types into account
when computing the usage of a specific API.
 2021-08-02 17:14:44 +02:00
Benjamin Muskalla
3365634259 Expose csv parameter format predicate 2021-08-02 17:14:44 +02:00
Benjamin Muskalla
aab633eced Reformat 2021-08-02 17:14:43 +02:00
Benjamin Muskalla
2064915d3b Fold JDK API query into external API query 2021-08-02 17:14:43 +02:00
Benjamin Muskalla
0c04c9a2c2 Fix aggregation of jar usages 2021-08-02 17:14:43 +02:00
Benjamin Muskalla
722889e881 Make id unique 2021-08-02 17:14:42 +02:00
Benjamin Muskalla
d9285e78c0 Add query to collect external API calls 2021-08-02 17:14:42 +02:00
Benjamin Muskalla
07303ccbb3 Fix formatting 2021-08-02 17:14:42 +02:00
Benjamin Muskalla
b9f6b60c4d Introduce query to capture external libraries 2021-08-02 17:14:41 +02:00
Benjamin Muskalla
32f52ac30d Improve column names 2021-08-02 17:14:41 +02:00
Benjamin Muskalla
18e3763f90 Expose whether APIs are already supported 2021-08-02 17:14:41 +02:00
Benjamin Muskalla
9b6ae9029f Introduce query for capture JDK API usage 2021-08-02 17:14:40 +02:00
Chris Smowton
fad1622730 Merge pull request #5435 from haby0/DynamicallyLoadedClasses 
Java: CWE-470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
 2021-08-02 16:04:30 +01:00
Chris Smowton
09a873138d Add missing qldoc 2021-08-02 14:48:42 +01:00
Chris Smowton
8a78075d3d Remove redundant method taint flow specifications 2021-08-02 14:30:31 +01:00
Mathias Vorreiter Pedersen
bbbbeda7c3 Merge pull request #6385 from MathiasVP/more-FieldConfiguration-sources 
C++: Fix missing local flow in AST dataflow
 2021-08-02 15:22:07 +02:00
Anders Schack-Mulligen
53e6ddfeb6 Merge pull request #6001 from atorralba/atorralba/promote-mvel-injection 
Java: Promote MVEL injection query from experimental
 2021-08-02 14:40:26 +02:00
Anders Schack-Mulligen
3b676d432f Merge pull request #5900 from artem-smotrakov/unsafe-jackson-deserialization 
Java: Unsafe deserialization with Jackson
 2021-08-02 12:45:30 +02:00
Anders Schack-Mulligen
0a1c754de8 Merge pull request #6395 from github/bmuskalla/fixTypoInVariables 
Fix typo in variables documentation
 2021-08-02 12:30:14 +02:00
Benjamin Muskalla
d678cdc815 Update variables.rst 2021-08-02 12:07:09 +02:00
Anders Schack-Mulligen
6c973b59ac Update java/ql/src/semmle/code/java/frameworks/Jackson.qll 2021-08-02 10:16:42 +02:00
Anders Schack-Mulligen
26881ec220 Merge pull request #6389 from github/yo-h-patch-1 
Java: update `frameworks.rst` with Jackson
 2021-08-02 10:07:02 +02:00
Tony Torralba
9fadb26325 Fix qhelp sample 2021-08-02 10:00:59 +02:00
Artem Smotrakov
7959e76da8 Better qldoc in UnsafeDeserializationQuery.qll 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-07-30 09:30:59 +02:00
Fosstars
a4b0041120 Better looksLikeResolveClassStep() predicate 2021-07-30 09:28:03 +02:00
Fosstars
1d3eb570bf hasJsonTypeInfoAnnotation() should check fields recursively 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-07-30 08:30:40 +02:00
yo-h
6a18b33616 Java: update frameworks.rst with Jackson 
Updating manually maintained list with coverage in `JacksonSerializability.qll`
 2021-07-29 17:35:06 -04:00
Aditya Sharad
cb686ea802 Merge pull request #6388 from github/geoffw0-patch-2 
Update query-metadata-style-guide.md
 2021-07-29 10:20:26 -07:00
Geoffrey White
5e6e176f32 Update query-metadata-style-guide.md 
Add a note about the `@security-severity` tag.
 2021-07-29 17:53:31 +01:00
Mathias Vorreiter Pedersen
b1e5fbe2de Merge pull request #6377 from sashabu/sashabu/virtual 
C++: Allow querying virtual, override, and final declaration specifiers.
 2021-07-29 17:51:14 +02:00
Tony Torralba
90b5e02b6e Improve qhelp 2021-07-29 16:28:10 +02:00
Mathias Vorreiter Pedersen
bbb38fd2aa C++: Accept more test changes. 2021-07-29 15:49:50 +02:00