8810 Commits

Author	SHA1	Message	Date
Tony Torralba	935e22d10d	Merge pull request #12139 from atorralba/atorralba/java/xxe-local-query ... Java: Add local version of the XXE query	2023-02-14 09:54:36 +01:00
Michael Nebel	781aab3eb7	Merge pull request #11634 from michaelnebel/java/excludeinterfacemembers ... Java: Exclude interface members from model generation.	2023-02-14 09:35:56 +01:00
Chad Bentz	b0c8992eef	Adding CWE-798 MSSQL Tests	2023-02-13 19:44:02 -05:00
Chad Bentz	cfe169a4f9	Adding MSSQL to SensitiveAPI	2023-02-13 19:42:28 -05:00
Joe Farebrother	0b722bfe30	Stub generator: Use fully qualified names to avoid conflicts	2023-02-13 17:09:32 +00:00
Jami Cogswell	e4c8387815	Java: update CaptureSinkModels.expected with read-file sink	2023-02-13 11:29:30 -05:00
Tony Torralba	1c57aa0456	Fix import locations	2023-02-13 17:13:01 +01:00
Jami Cogswell	1c3d4b98c8	Java: move change note	2023-02-13 09:15:31 -05:00
Anders Schack-Mulligen	e877b161d8	Merge pull request #12124 from hvitved/dataflow/stage1-dispatch ... Data flow: Call context virtual dispatch pruning in stage 1	2023-02-13 13:13:43 +01:00
Michael Nebel	2ce6d5f920	Java: Update negative models test to not produce a negative summary for interface member.	2023-02-13 10:45:54 +01:00
Michael Nebel	80628596dd	Java: Exclude interface members from model generation.	2023-02-13 10:21:32 +01:00
Tony Torralba	4fad01a739	Further refactoring ... Avoid having two taint tracking configurations in the same file	2023-02-13 09:18:05 +01:00
Tony Torralba	f3e0b6e62c	PathGraph shouldn't be imported in a QLL library	2023-02-13 09:18:05 +01:00
Tony Torralba	422eb0d1bb	Add change note	2023-02-13 09:18:05 +01:00
Tony Torralba	5555b5cd19	Add local version of the XXE query	2023-02-13 09:18:05 +01:00
Tom Hvitved	f7a5a33474	Address review comment	2023-02-13 09:01:15 +01:00
Jami Cogswell	ad8849c6b8	Java: fix typo	2023-02-12 16:33:26 -05:00
Jami Cogswell	ce1c814daa	Java: update path-injection query to use new 'read-file' sink kind	2023-02-11 17:10:58 -05:00
Jami Cogswell	c87c3e30c7	Java: update getInvalidModelKind with 'read-file' kind	2023-02-11 17:07:25 -05:00
Anders Schack-Mulligen	770f3c24bb	Java: Improve performance of GeneratedFileMarker.	2023-02-09 15:08:32 +01:00
Ian Lynagh	968f588893	Merge pull request #12090 from igfoo/igfoo/kotlin-1.8.10 ... Kotlin: 1.8.10 and 1.8.20 are supported, and use 1.8.10 for CI	2023-02-09 12:06:42 +00:00
Ian Lynagh	844e372651	Kotlin: Add a changenote for 1.8.20 support	2023-02-08 11:35:23 +00:00
Ian Lynagh	6255298876	Kotlin: Use 1.8.10 for CI ... I don't think there's any need for the CI version to be one of the versions we build extractors for, so I've removed that check.	2023-02-08 11:35:23 +00:00
Michael Nebel	02364d072e	Java: Fix bad join in TestLibrary characteristic predicate.	2023-02-08 11:59:59 +01:00
Michael Nebel	f8dbbe006e	C#/Java: Materialize sink/source/summary predicates to avoid join on input/output before filtering.	2023-02-08 10:04:43 +01:00
Tom Hvitved	8e8897b08b	Data flow: Sync files	2023-02-07 15:15:04 +01:00
Anders Schack-Mulligen	3c580896dc	Merge pull request #11712 from aschackmull/java/constant-guards ... Java: Apply deadcode guard to data flow nodes.	2023-02-07 09:14:20 +01:00
Anders Schack-Mulligen	b4607d3fab	Java: Add change notes.	2023-02-06 13:55:34 +01:00
Mathias Vorreiter Pedersen	00fe448e3a	Merge pull request #12072 from aschackmull/dataflow/stage3-perf ... Dataflow: Fix join in `fwdFlowRead` (take 2)	2023-02-06 10:43:11 +00:00
Jami Cogswell	2d7e71dfce	Java: add read-file sink kind for first arg of copy	2023-02-03 17:28:46 -05:00
Jami	b6805c6913	Merge pull request #11863 from jcogs33/jcogs33/update-paramsString ... Java: update paramsString	2023-02-03 15:47:38 -05:00
Anders Schack-Mulligen	2d6d8aaa74	Java: Account for additional constants in ArrayIndexOutOfBounds query.	2023-02-03 16:16:39 +01:00
Anders Schack-Mulligen	a1aeb995e6	Java: Apply deadcode guard to data flow nodes.	2023-02-03 16:16:39 +01:00
Anders Schack-Mulligen	e8dbd65d77	Java: Refactor compile-time constant calculation and apply to ConstantIntegerExpr.	2023-02-03 16:16:27 +01:00
github-actions[bot]	faf21f3edb	Post-release preparation for codeql-cli-2.12.2	2023-02-02 23:01:04 +00:00
Jami Cogswell	30b1a2edbc	Java: add first argument to copy sink	2023-02-02 16:20:54 -05:00
Jami Cogswell	61a8f5e425	Java: add signature to createTempDirectory sink	2023-02-02 16:19:20 -05:00
Anders Schack-Mulligen	67d4ed53b9	Dataflow: Sync.	2023-02-02 16:33:00 +01:00
Anders Schack-Mulligen	8cb233df1a	Dataflow: A proper perf fix for the stage-dependent fanout direction of the Content-to-Ap relation.	2023-02-02 16:31:07 +01:00
github-actions[bot]	a4fa984792	Release preparation for version 2.12.2	2023-02-02 14:34:55 +00:00
Joe Farebrother	97b2e852c9	Merge pull request #11713 from joefarebrother/sensitive-result-receiver ... Java: Add query for leaking sensitive data through a ResultReceiver	2023-02-01 16:34:17 +00:00
Tony Torralba	834fc51a3a	Update java/ql/src/Security/CWE/CWE-927/SensitiveResultReceiver.ql	2023-02-01 15:26:26 +01:00
Joe Farebrother	74dba953ca	Apply suggestions from docs review ... Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com>	2023-02-01 12:54:19 +00:00
Jami	7f6efae7dc	Merge pull request #12008 from jcogs33/jcogs33/update-queryproducer-package ... Java: update package for `QueryProducer` sinks	2023-01-30 10:27:58 -05:00
Alexander Eyers-Taylor	89d835b9ec	Merge pull request #11988 from github/alexet/force-java-11 ... Use Java 11 for some integration tests	2023-01-30 15:19:00 +00:00
Ian Lynagh	25e703e562	Merge pull request #11579 from igfoo/igfoo/only_lockless ... Kotlin: Remove legacy trap-locking support	2023-01-30 13:44:31 +00:00
Mathias Vorreiter Pedersen	95b15825f9	DataFlow: Sync identical files.	2023-01-27 16:24:31 +00:00
Jami Cogswell	85c228a0cd	Java: remove old sinks	2023-01-27 10:40:17 -05:00
Jami Cogswell	a3fe8c0e93	Java: add change note	2023-01-27 10:35:16 -05:00
Jami Cogswell	9bf43483db	Java: update package for QueryProducer sinks	2023-01-27 10:16:42 -05:00