hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-14 19:29:28 +02:00
Code Issues Packages Projects Releases Wiki Activity
86,770 Commits 1,758 Branches 167 Tags
9ff4ed286f7a060fa77475c6e846546336e0e279
Commit Graph

14341 Commits

Author SHA1 Message Date
MarkLee131
9ff4ed286f Java: recognize Path.toRealPath() as path normalization sanitizer 
PathNormalizeSanitizer recognized Path.normalize() and
File.getCanonicalPath()/getCanonicalFile(), but not Path.toRealPath().

toRealPath() is strictly stronger than normalize() (resolves symlinks
and verifies file existence in addition to normalizing ".." components),
and is functionally equivalent to File.getCanonicalPath() for the NIO.2
API. CERT FIO16-J and OWASP both recommend it for path traversal defense.

This adds toRealPath to PathNormalizeSanitizer alongside normalize,
reducing false positives for code using idiomatic NIO.2 path handling.
 2026-04-04 20:59:45 +08:00
Paolo Tranquilli
628f85aebc Kotlin: accept test changes 2026-03-30 15:35:19 +02:00
Paolo Tranquilli
106d6b91f3 Merge remote-tracking branch 'origin/main' into wild-crest-ql 2026-03-30 14:21:28 +02:00
Paolo Tranquilli
6433b80b25 Kotlin: accept integration test changes 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-03-30 14:21:19 +02:00
Paolo Tranquilli
1d028382da Merge branch 'main' into wild-crest-ql 2026-03-30 12:04:16 +02:00
Óscar San José
59eec7ffa2 Merge branch 'main' of https://github.com/github/codeql into post-release-prep/codeql-cli-2.25.1 2026-03-30 10:51:12 +02:00
github-actions[bot]
ce6e6d5db3 Post-release preparation for codeql-cli-2.25.1 2026-03-30 08:43:48 +00:00
Paolo Tranquilli
6fad5b823c Kotlin: accept test changes 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-03-30 10:07:17 +02:00
MarkLee131
e6adfbca77 Address review: update QLDoc comment and fix expected test output 
- Clarify that arithmeticUsedInBoundsCheck applies to if-condition
  comparisons, not all comparisons
- Update expected test line numbers to reflect added test calls
 2026-03-29 11:53:06 +08:00
Kaixuan Li
b595a70384 Update java/ql/lib/change-notes/2026-03-28-tainted-arithmetic-bounds-check.md 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-03-29 11:45:27 +08:00
Kaixuan Li
938039d82c Merge branch 'main' into fix/tainted-arithmetic-bounds-check-barrier 2026-03-29 10:25:39 +08:00
Kaixuan Li
f5cfc5e282 Update java/ql/test/query-tests/security/CWE-190/semmle/tests/ArithmeticTainted.java 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2026-03-29 10:25:10 +08:00
Owen Mansel-Chan
2b8558706f Add sentence to change note. 2026-03-28 16:39:16 +00:00
Owen Mansel-Chan
ea9b99f67c Rephrase change note 2026-03-28 16:36:39 +00:00
MarkLee131
0c5e89a68e Exclude bounds-check arithmetic from tainted-arithmetic sinks 
The java/tainted-arithmetic query now recognizes when an arithmetic
expression appears directly as an operand of a comparison (e.g.,
`if (off + len > array.length)`). Such expressions are bounds checks,
not vulnerable computations, and are excluded via the existing
overflowIrrelevant predicate.

Add test cases for bounds-checking patterns that should not be flagged.
 2026-03-28 17:39:40 +08:00
MarkLee131
da4a2238bc Address PR review: add Signature.getInstance sink, HMAC/PBKDF2 whitelist, fix test APIs 
- Model Signature.getInstance() as CryptoAlgoSpec sink (previously only
  Signature constructor was modeled)
- Add HMAC-based algorithms (HMACSHA1/256/384/512, HmacSHA1/256/384/512)
  and PBKDF2 to the secure algorithm whitelist
- Fix XDH/X25519/X448 tests to use KeyAgreement.getInstance() instead of
  KeyPairGenerator.getInstance() to match their key agreement semantics
- Add test cases for SHA384withECDSA, HMACSHA*, and PBKDF2WithHmacSHA1
  from user-reported false positives
- Update change note to document all additions
 2026-03-28 16:53:46 +08:00
MarkLee131
a9449cc991 Add EC to secure algorithm whitelist for Java CWE-327 query 2026-03-28 16:48:58 +08:00
Paolo Tranquilli
4e6d94bc4f Kotlin: reinstante trailing whitespace 2026-03-26 14:59:49 +01:00
Paolo Tranquilli
c2e1ae3b9c Kotlin: accept test changes 2026-03-26 12:20:59 +01:00
Paolo Tranquilli
ded6968558 Kotlin: update to 2.3.20 2026-03-26 11:43:37 +01:00
github-actions[bot]
fb011842c9 Release preparation for version 2.25.1 2026-03-25 23:43:06 +00:00
github-actions[bot]
8cf0954796 Release preparation for version 2.25.1 2026-03-25 08:28:30 +00:00
Óscar San José
2139b97628 Merge branch 'main' into post-release-prep/codeql-cli-2.25.0 2026-03-19 13:07:00 +01:00
github-actions[bot]
e3dbf5b022 Post-release preparation for codeql-cli-2.25.0 2026-03-16 16:03:22 +00:00
github-actions[bot]
d6055754b6 Release preparation for version 2.25.0 2026-03-16 12:15:34 +00:00
Owen Mansel-Chan
52809133f5 Add change notes 2026-03-13 11:10:43 +00:00
Owen Mansel-Chan
056aa342fe Change @security-severity for log injection queries from 7.8 to 6.1 2026-03-13 10:02:01 +00:00
Owen Mansel-Chan
f58a6e5d3a Change @security-severity for XSS queries from 6.1 to 7.8 2026-03-13 10:01:02 +00:00
Anders Schack-Mulligen
6a6bb5ebf9 Merge pull request #21441 from aschackmull/cfg/switch-sharing 
Cfg: Share more code for switch statements.
 2026-03-10 13:50:21 +01:00
Anders Schack-Mulligen
77d4f5a2dc Cfg: Update fallsThrough default. 2026-03-10 11:10:24 +01:00
Anders Schack-Mulligen
edf88b34da Cfg: Move Case.getBodyElement to shared code. 2026-03-10 11:02:58 +01:00
Anders Schack-Mulligen
35ac66d3aa Cfg: Move getCaseControlFlowOrder to shared code. 2026-03-10 10:39:32 +01:00
Owen Mansel-Chan
d8007a85e6 Java: Make corresponding predicate private 2026-03-09 13:44:50 +00:00
Óscar San José
3b9eba2afc Merge branch 'main' of https://github.com/github/codeql into oscarsj/merge-back-rc-3.21 2026-03-06 16:20:36 +01:00
Owen Mansel-Chan
e96ba4806b Merge pull request #21415 from owen-mc/java/validate-constructor-summary-models 
Java: validate constructor summary models
 2026-03-06 09:09:18 +00:00
Owen Mansel-Chan
92a719092a Update models in test output 2026-03-05 13:32:52 +00:00
Anders Schack-Mulligen
8ef4be49aa Merge pull request #21412 from aschackmull/java/binary-assignment 
Java: Make Assignment extend BinaryExpr.
 2026-03-05 13:19:45 +01:00
Owen Mansel-Chan
579c871b69 Fix incorrect constructor summary models 2026-03-05 12:03:21 +00:00
Owen Mansel-Chan
63c71b418c Add model validation for constructor summary models 2026-03-05 12:02:37 +00:00
Owen Mansel-Chan
c82f75604a Add change notes 2026-03-05 10:34:30 +00:00
Anders Schack-Mulligen
ea77c0d86c Java: Add change note. 2026-03-05 11:32:00 +01:00
Anders Schack-Mulligen
ec1d034ee0 Java: Make Assignment extend BinaryExpr. 2026-03-05 11:31:59 +01:00
Owen Mansel-Chan
2b3111441d Add space before $ in xml test file 2026-03-04 15:03:24 +00:00
Owen Mansel-Chan
aa28c94562 Remove double space after $ in inline expectations tests 2026-03-04 14:12:42 +00:00
Owen Mansel-Chan
f41c30e335 java: Inline expectation should have space before $ 2026-03-04 13:11:33 +00:00
Anders Schack-Mulligen
3c129fcd23 Java: Align BinaryExpr.getOp() with AssignOp.getOp(). 2026-03-04 13:46:04 +01:00
Owen Mansel-Chan
05a77a2005 Java: Update test expectations 2026-03-04 12:44:56 +00:00
Owen Mansel-Chan
ef345a3279 Java: Inline expectation should have space after $ 
This was a regex-find-replace from `// \$(?! )` (using a negative lookahead) to `// $ `.
 2026-03-04 12:44:54 +00:00
Anders Schack-Mulligen
fe032a5834 Java: Update dbscheme to make @assignment a @binaryexpr. 2026-03-03 15:15:35 +01:00
Anders Schack-Mulligen
daefd5988e Java: Accept CFG diff. 2026-03-03 14:18:10 +01:00