hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-13 14:34:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
49,038 Commits 1,680 Branches 158 Tags
aefb43324b7dd2f4fcd0cb4cf8b6712d8d03a4ac
Commit Graph

4304 Commits

Author SHA1 Message Date
Michael Nebel
18a815ca8b Merge pull request #11721 from michaelnebel/csharpjava/refactorprovenance 
C#/Java: Re-factor provenance related predicates.
 2023-01-12 10:50:31 +01:00
Pierre
c3116b3f0f Merge branch 'main' into turbo/experimental/combined 2023-01-11 18:02:55 +01:00
Michael Nebel
6a047d6916 Java: Re-factor provenance related predicates for summarized callable. 2023-01-11 16:20:55 +01:00
Michael Nebel
11ca3f49f6 C#/Java: Adjust imports after moving files. 2023-01-11 13:13:33 +01:00
Michael Nebel
787b4743ee C#/Java: Rename the directories containing the model generator and tests. 2023-01-11 13:13:33 +01:00
Michael Nebel
178fd0e9e1 C#/Java: Remove all dashes in mode-generator. 2023-01-11 13:13:33 +01:00
Tony Torralba
32471d326e Java: Remove omittable exists variables 2023-01-10 13:37:19 +01:00
Chris Smowton
efe23c1da7 Note that alerts should not be re-raised 2023-01-09 10:56:13 +00:00
Chris Smowton
994a46289f Add change note 2023-01-09 10:56:13 +00:00
Chris Smowton
ef27f9fe96 Replace one more mention of escaping 2023-01-09 10:56:13 +00:00
Chris Smowton
45c732a6f9 Java: improve naming and description of SqlUnescaped.ql 
Since the main thing it's objecting to is concatenation not lack of escaping (in particular it doesn't look for escaping sanitizers), rename and re-describe it accordingly.
 2023-01-09 10:56:13 +00:00
github-actions[bot]
cdb8f67601 Post-release preparation for codeql-cli-2.12.0 2023-01-06 10:36:34 +00:00
Nick Rolfe
6e07076151 tweak wording in 2.12 release notes 2023-01-05 16:46:44 +00:00
github-actions[bot]
b6a8193785 Release preparation for version 2.12.0 2023-01-05 16:32:14 +00:00
Edward Minnix III
597523e65a Merge pull request #11766 from atorralba/atorralba/java/fix-android-query-id 
Java: Fix new Android queries' IDs
 2022-12-21 11:21:12 -05:00
Arthur Baars
98c5b81456 Merge pull request #11723 from aibaars/alert-suppression 
CodeQL alert suppression
 2022-12-21 10:59:57 +01:00
Arthur Baars
035ad65e43 AlertSuppression: move library into util folder 2022-12-21 10:39:57 +01:00
Tony Torralba
345c383acc Fix new Android queries' IDs 2022-12-21 09:36:57 +01:00
Tony Torralba
149cae9603 Merge pull request #10971 from joefarebrother/android-certificate-pinning 
Java: Add Android missing certificate pinning query (CWE-295)
 2022-12-20 11:03:16 +01:00
Tony Torralba
a47ef17a0d Update java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning1.java 
Co-authored-by: Edward Minnix III <egregius313@github.com>
 2022-12-19 18:11:54 +01:00
Edward Minnix III
39a7c7bb12 Merge pull request #11282 from egregius313/egregiu313/webview-addjavascriptinterface 
Java: Query for detecting addJavascriptInterface method calls
 2022-12-19 11:28:45 -05:00
Tony Torralba
624c9ff834 Update java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning1.java 2022-12-19 17:26:41 +01:00
Arthur Baars
a8be5d7274 AlertSuppression: add change notes 2022-12-19 17:02:52 +01:00
Tony Torralba
0c6ace350f Update java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-12-19 16:24:39 +01:00
Arthur Baars
c9739b21cb AlertSuppression: add support for //codeql comments 2022-12-19 16:10:28 +01:00
Arthur Baars
c176606be5 AlertSuppression: allow //lgtm comments to scope over the next line 2022-12-19 16:10:26 +01:00
Arthur Baars
016c7a8ca7 Merge pull request #11719 from aibaars/alert-suppression-shared 
Shared AlertSuppression library
 2022-12-19 16:04:44 +01:00
Tony Torralba
484a16ce1b Update java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql 2022-12-19 12:10:32 +01:00
Arthur Baars
bc646d407e Java: use shared AlertSuppression.qll 2022-12-19 12:07:28 +01:00
Tony Torralba
a880fecc8b Apply suggestions from code review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-12-19 11:56:36 +01:00
turbo
1e5426fca2 Create security-experimental suite helper and all language suite implementations 2022-12-18 15:44:08 +01:00
Henry Mercer
30451ee950 Merge pull request #11681 from github/henrymercer/mergeback-3.8 
Merge `rc/3.8` back to `main`
 2022-12-16 17:43:12 +00:00
Michael Nebel
b2856c1f5a Merge pull request #11705 from michaelnebel/dataextensiontests 
C#/Java: Migrate tests to use implicitly loaded extensions.
 2022-12-16 10:50:07 +01:00
Jami
fd63348549 Merge pull request #11585 from jcogs33/jcogs33/mad-metrics-query 
Java: add MaD metrics query
 2022-12-15 19:26:51 -05:00
Jami Cogswell
c33bc63aed Java: remove extraneous parentheses 2022-12-15 15:26:04 -05:00
Jami Cogswell
cfeedb5cb4 Java: add float cast 2022-12-15 15:23:28 -05:00
Jami Cogswell
b68a9a51e2 Java: add coverage, generatedCoverage, and manualCoverage metrics 2022-12-15 15:20:08 -05:00
Jami Cogswell
9d10b719d6 Java: add match metric 2022-12-15 15:10:35 -05:00
Jami Cogswell
1c5d4f8048 Java: rename generatedCoverage and manualCoverage 2022-12-15 15:03:00 -05:00
Michael Nebel
31c60e545e Java: Update the flow test generator to create ext.yml files. 2022-12-15 14:46:20 +01:00
Michael Nebel
a67e02df21 Merge pull request #11691 from michaelnebel/renameextensibles 
C#/Java: Rename externalflow extensible predicates
 2022-12-15 11:05:22 +01:00
Michael Nebel
12c1ebd81c C#/Java: Add change note. 2022-12-15 09:41:14 +01:00
Ed Minnix
72484b9483 Change wording of addJavascriptInterface query description 2022-12-14 16:19:03 -05:00
Jami
359e49044f Merge branch 'main' into jcogs33/mad-metrics-query 2022-12-14 15:33:29 -05:00
Jami
33955ee4ab Merge pull request #11623 from jcogs33/jcogs33/exclude-funcexpr-from-dataflowtargetapi 
Java/C#: exclude `FunctionalExpr`s from `DataFlowTargetApi`
 2022-12-14 12:22:50 -05:00
turbo
4ec401a3f6 Tag all security queries in supported languages' experimental directories with an experimental tag 2022-12-14 17:15:50 +01:00
Jami
b248b44983 Merge pull request #11668 from jcogs33/jcogs33/update-isjdkinternal 
Java: update `isJdkInternal`
 2022-12-14 08:33:18 -05:00
Jami
f61b817751 Merge pull request #11631 from jcogs33/jcogs33/update-externalapi-charpredicate 
Java/C#: add `isUninteresting` to `ExternalApi` characteristic predicate
 2022-12-14 08:25:02 -05:00
Michael Nebel
bc02adb400 Java: Make the corresponding rename in all the data extensions. 2022-12-14 13:48:31 +01:00
Jami Cogswell
c956589945 Java: remove dot before percent 2022-12-13 17:46:20 -05:00