hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 11:46:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
42,828 Commits 1,672 Branches 157 Tags
ae9ba80c400071e872b19ac8975e5f32e2350da4
Commit Graph

6150 Commits

Author SHA1 Message Date
Ian Lynagh
710ba3cb14 Merge pull request #10257 from igfoo/igfoo/hasModifier 
Java: Correct hasModifier documentation
 2022-09-01 15:49:06 +01:00
Edoardo Pirovano
8f332714f4 Merge pull request #10260 from github/edoardo/3.7-mergeback 
Merge `rc/3.7` into `main`
 2022-09-01 15:44:17 +01:00
Ian Lynagh
7ed18f1b32 Java: Correct hasModifier documentation 2022-09-01 11:52:07 +01:00
Tamas Vajk
a5415c9c8a Kotlin: Fix array indexer extraction 2022-09-01 11:12:14 +02:00
Tamas Vajk
afeea64078 Kotlin: Add test case for overloaded array get 2022-09-01 11:09:44 +02:00
Ian Lynagh
7dc5bdafe3 Merge pull request #10186 from github/post-release-prep/codeql-cli-2.10.4 
Post-release preparation for codeql-cli-2.10.4
 2022-08-31 17:29:57 +01:00
Tamás Vajk
bf7437fd2e Merge pull request #10224 from tamasvajk/kotlin-comment-fixes 
Kotlin: Fix issues in comment extraction
 2022-08-31 14:22:09 +02:00
Michael Nebel
1cb6d78d35 Merge pull request #10170 from michaelnebel/java/models-io 
Java: Update models for commons-io and add negative models.
 2022-08-31 11:05:09 +02:00
Tony Torralba
2ec53bf78c Merge pull request #9873 from luchua-bc/java/permissive-dot-regex 
Java: CWE-625 Query to detect regex dot bypass
 2022-08-31 10:24:18 +02:00
luchua-bc
e2e87980cc Move pattern check to MatchRegexConfiguration::isSink 2022-08-30 22:48:12 +00:00
Erik Krogh Kristensen
72942afe3e Merge pull request #10220 from erik-krogh/overlapsWithNothing 
print a correct range for ranges that doesn't contain any alpha-numeric chars
 2022-08-30 15:38:34 +02:00
Tamas Vajk
9ced14672d Kotlin: Assign container class as the owner of init block comments 2022-08-30 15:37:55 +02:00
Tamas Vajk
d9b3726ee8 Kotlin: Add test case for doc comment on init block 2022-08-30 15:37:00 +02:00
Anders Schack-Mulligen
4070860d2b Merge pull request #10208 from aschackmull/java/dispatch-fixes 
Java: A couple of small virtual dispatch fixes
 2022-08-30 15:03:48 +02:00
Michael Nebel
e020ae77e0 Merge pull request #10158 from michaelnebel/csharp/narrowcollectiontypes 
C#: Narrow collection like types in model generation.
 2022-08-30 14:20:57 +02:00
erik-krogh
7fd426e748 print a correct range for ranges that doesn't contain any alpha-numeric chars 2022-08-30 13:57:11 +02:00
Tony Torralba
1f83c5833b Merge pull request #10092 from zbazztian/zbazztian/string.replace-taint 
Java: Add additional taint steps for java.lang.String methods
 2022-08-30 12:24:37 +02:00
Erik Krogh Kristensen
8f0b999c31 Merge pull request #10207 from erik-krogh/fixRank 
fix performance issue in the ReDoS query
 2022-08-30 10:17:11 +02:00
erik-krogh
e2caf3e8c0 put a limit on the length of the equivalent range 2022-08-30 09:29:22 +02:00
erik-krogh
f47b097d7c put a limit on the length of the equivalent range 2022-08-29 21:03:52 +02:00
Anders Schack-Mulligen
e26a7fc4f3 Merge pull request #10173 from zbazztian/spring-crudrepository 
Java: Add data flow model for Spring's CrudRepository.save() method
 2022-08-29 15:00:07 +02:00
Michael Nebel
e8d726606b C#/Java: Add descriptive comment on negative summaries in ExternalFlow. 2022-08-29 14:29:32 +02:00
Michael Nebel
91abf79404 Java: Update negative summaries where static initializers has been excluded. 2022-08-29 14:29:32 +02:00
Michael Nebel
2b1423dd74 Java: Exclude static initializers from model generation. 2022-08-29 14:29:32 +02:00
Michael Nebel
37aa6b2c5f C#: Add file level QL Doc. 2022-08-29 14:29:32 +02:00
Michael Nebel
dbfd16647b Java: Add negative model CSV validation test. 2022-08-29 14:29:32 +02:00
Michael Nebel
290c35e7c6 Java: Use negative summary models in unsupported external api telemetry query. 2022-08-29 14:28:55 +02:00
Michael Nebel
23e0ee66e0 Java: Add negative models for commons-io. 2022-08-29 14:28:55 +02:00
Michael Nebel
beb85c20f2 Java: Update commons-io generated positive models based on main. 2022-08-29 14:28:55 +02:00
Anders Schack-Mulligen
bd6acc0d75 Java: Refactor upcastCand, and track type flow for upcasts to unbound generics. 2022-08-29 13:57:39 +02:00
Anders Schack-Mulligen
fc415b32c2 Java: Bugfix in TypeFlow. 2022-08-29 13:50:13 +02:00
Anders Schack-Mulligen
e89b42fc11 Java: Allow dispatch to methods on abstract classes without subtypes. 2022-08-29 13:48:55 +02:00
erik-krogh
77949cbeb3 add context to the rankState predicate in ExponentialBackTracking.qll 2022-08-29 13:42:05 +02:00
Anders Schack-Mulligen
6e7dcfcc6e Merge pull request #10097 from aschackmull/java/unification 
Java: Improve virtual dispatch via better unification check and deduplicate code with parameterised module
 2022-08-29 13:28:04 +02:00
Anders Schack-Mulligen
adfd474fee Java: Move file. 2022-08-29 11:50:54 +02:00
Anders Schack-Mulligen
3e5155d1a1 Java: Address review comments. 2022-08-26 11:45:01 +02:00
github-actions[bot]
3b4ad3c4f1 Post-release preparation for codeql-cli-2.10.4 2022-08-26 09:32:11 +00:00
Erik Krogh Kristensen
c02387a25a Merge pull request #10153 from erik-krogh/more-acronyms 
more renamings of acronyms to camelCase
 2022-08-26 10:52:17 +02:00
Michael Nebel
be4c2231d1 C#: Avoid generating new source models on 'file' kind sources. 2022-08-26 09:30:07 +02:00
Tamás Vajk
4f5c06fed7 Merge pull request #10169 from tamasvajk/kotlin-array-iterator 
Kotlin: fix array iterator extraction
 2022-08-26 08:33:52 +02:00
erik-krogh
ebb1106d9d add missing qldoc 2022-08-25 20:52:30 +02:00
erik-krogh
cc7a9ef97a rename more acronyms 2022-08-25 20:52:27 +02:00
Erik Krogh Kristensen
06afe9c0f4 Merge pull request #9816 from erik-krogh/msgConsis 
Make alert messages consistent across languages
 2022-08-25 15:20:01 +02:00
github-actions[bot]
0f63bc077f Release preparation for version 2.10.4 2022-08-25 12:52:26 +00:00
Sebastian Bauersfeld
130e1892f4 Address review comments. 2022-08-25 18:49:38 +07:00
Sebastian Bauersfeld
207aebc581 Change wording of change note. 2022-08-25 18:47:36 +07:00
Sebastian Bauersfeld
36b5e5f61a Java: Add change notes. 2022-08-25 17:58:24 +07:00
Sebastian Bauersfeld
a486a89cee Java: Taint flow through org.springframework.data.repository.CrudRepository.save(). 2022-08-25 17:58:24 +07:00
Erik Krogh Kristensen
ba1ad00d2a Merge pull request #10062 from erik-krogh/redosPrefix 
JS: use the shared regular expression libraries in `js/case-sensitive-middleware-path`
 2022-08-25 12:57:16 +02:00
erik-krogh
c7aa58252a change "does not seem to check" to "does not check" in unchecked-cast-in-equals queries 2022-08-25 12:31:58 +02:00