hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-21 02:14:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
44,844 Commits 1,684 Branches 158 Tags
9d6ea28448f079f8866906be7e183cfb66bfd337
Commit Graph

3938 Commits

Author SHA1 Message Date
Josh Soref
9eac158d7c spelling: revocation 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 04:40:26 -04:00
Josh Soref
08a79531cf spelling: response 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 04:40:26 -04:00
Josh Soref
1a14c06008 spelling: receiver 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 04:40:26 -04:00
Josh Soref
ba0f34afed spelling: owasp 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 04:40:26 -04:00
Josh Soref
22141e378e spelling: necessary 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 03:59:17 -04:00
Josh Soref
8f7e76f0cb spelling: initialization 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 03:59:08 -04:00
Josh Soref
b5bed9cbf5 spelling: explicitly 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:36 -04:00
Josh Soref
3b9546f02e spelling: deserialization 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:36 -04:00
Josh Soref
3e6477f878 spelling: currently 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:36 -04:00
Josh Soref
5755159f08 spelling: authentication 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:36 -04:00
Josh Soref
6db36616cd spelling: arbitrary 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:35 -04:00
Josh Soref
c2a0dbe715 spelling: application 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:35 -04:00
Tamás Vajk
1cf2db1a0b Merge pull request #10718 from tamasvajk/kotlin-internal-repr 
Kotlin: ignore properties in `java/internal-representation-exposure` check
 2022-10-10 13:58:55 +02:00
Tamás Vajk
cd8ac1a835 Merge pull request #10720 from tamasvajk/kotlin-equals-fix 
Kotlin: Consider `::class` type check in `java/unchecked-cast-in-equals`
 2022-10-10 13:58:15 +02:00
github-actions[bot]
b8ef9e0ddc Post-release preparation for codeql-cli-2.11.1 2022-10-07 15:59:45 +00:00
Tamas Vajk
51f9314a50 Kotlin: Consider ::class type check in equals 2022-10-07 09:23:01 +02:00
Tamas Vajk
cd64faf635 Kotlin: ignore properties in java/internal-representation-exposure check 2022-10-07 09:13:14 +02:00
github-actions[bot]
a02dcdc5e1 Release preparation for version 2.11.1 2022-10-07 02:20:28 +00:00
Henry Mercer
7a7d164b07 Merge pull request #10698 from github/henrymercer/successfully-extracted-files-tag 
Tag successfully extracted files queries
 2022-10-06 13:21:52 +01:00
Anders Schack-Mulligen
5b67ba2939 Merge pull request #10177 from atorralba/atorralba/path-sanitizer 
Java: Promote `PathSanitizer.qll` from experimental
 2022-10-06 10:29:33 +02:00
Henry Mercer
d80d39504f Tag successfully extracted files queries 
Tag the successfully extracted files queries with
`successfully-extracted-files` to make them easier to identify
programmatically in a language-independent way.
This follows the prior art for lines of code queries, which are tagged
`lines-of-code`.
 2022-10-05 19:19:43 +01:00
Chris Smowton
7f8bcf76bf Merge pull request #10665 from dilanbhalla/dilan-java/guidance-exectainted 
Java Guidance: ExecTainted.ql (experimental version)
 2022-10-05 15:05:10 +01:00
Tony Torralba
9db65eae7f Address review comments 2022-10-04 12:27:01 +02:00
Tony Torralba
f19eb783be Generalize file/path taint steps 
This is needed by PathSanitizer but also helps simplify ZipSlip.ql
 2022-10-04 12:27:01 +02:00
Tony Torralba
4e29c39c78 Merge ZipSlip sanitization logic into PathSanitizer.qll 
Apply code review suggestions regarding weak sanitizers
 2022-10-04 12:27:01 +02:00
Tony Torralba
89d905cc03 Add change note 2022-10-04 12:27:01 +02:00
Tony Torralba
08c67fb174 Use PathInjectionSanitizer in relevant queries 2022-10-04 12:27:01 +02:00
Tony Torralba
dff878e531 Apply TaintedPath recent changes to TaintedPathLocal 2022-10-04 12:26:59 +02:00
Tony Torralba
5706e8b377 Improve PathSanitizer 
Rename PathTraversalSanitizer to PathInjectionSanitizer
 2022-10-04 12:26:17 +02:00
Tony Torralba
50ad234694 Move PathSanitizer to the main library 2022-10-04 12:26:17 +02:00
Tony Torralba
2deb3e5625 Reapply "Java: Fix cartesian product" 
This reverts commit c1654ce7cc.
 2022-10-04 11:11:44 +02:00
Tony Torralba
281e49daf7 Revert "Java: Add CompilationUnit.getATypeAvailableBySimpleName()" 
This reverts commit 431aa2cb79.
 2022-10-04 10:59:45 +02:00
Tony Torralba
01b950f68b Revert "Java: Rename predicate to getATypeInScope" 
This reverts commit fd99ae78b3.
 2022-10-04 10:59:43 +02:00
Tony Torralba
df29e05b9f Revert "Java: Adjust ImpossibleJavadocThrows.ql" 
This reverts commit c40b6285a2.
 2022-10-04 10:59:39 +02:00
Tony Torralba
c1654ce7cc Revert "Java: Fix cartesian product" 2022-10-04 10:56:32 +02:00
Dilan Bhalla
bff2633f8d java guidance: experimental version of exectainted 2022-10-03 11:18:17 -07:00
Tony Torralba
ba9eb8c73c Fix stub generator 
Add line break after all stubbed annotations to avoid malformed code

See https://github.com/github/codeql/pull/8695\#discussion_r985674245
 2022-10-03 14:43:58 +02:00
Tony Torralba
f860ae8c82 Apply review suggestions 2022-10-03 10:38:35 +02:00
Tony Torralba
0645f62a0d Use monotonicAggregates to avoid non-monotonic recursions 2022-10-03 10:31:14 +02:00
Tony Torralba
66e6f4d25e Use empty string as default value for string annotation values 2022-10-03 10:31:14 +02:00
Tony Torralba
8a3ed6bdcf Apply code review suggestions 2022-10-03 10:31:14 +02:00
Tony Torralba
6f7b7c9efe If an annotation value is an array, order its elements by index 2022-10-03 10:31:14 +02:00
Tony Torralba
6f1124d7e7 Handle more annotation element value types 2022-10-03 10:31:13 +02:00
Tony Torralba
1ece12efd7 Add annotation element names 2022-10-03 10:31:13 +02:00
Tony Torralba
d4499a10d2 Fix typo 2022-10-03 10:31:13 +02:00
Tony Torralba
ee7507386c Fix annotation vs interface keyword stubbing 2022-10-03 10:31:13 +02:00
Tony Torralba
eda676df3e Add support for Annotation types stub generation 2022-10-03 10:31:13 +02:00
Erik Krogh Kristensen
3d00a61dac Merge pull request #10528 from erik-krogh/java-followMsg 
Java: Update the alert messages to better follow the style guide
 2022-10-03 09:49:47 +02:00
erik-krogh
39ffa558f1 make a few more queries consistent with the other languages 2022-10-02 22:38:25 +02:00
erik-krogh
2f673efc67 autoformat 2022-10-01 13:21:20 +02:00