hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-06 19:20:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
55,666 Commits 1,675 Branches 157 Tags
afec9b05e9d52e2c7efcd4004cad80db92e2e2c1
Commit Graph

2168 Commits

Author SHA1 Message Date
Michael Nebel
afec9b05e9 Merge pull request #13147 from michaelnebel/csharp/entityframeworkrefactor 
C#: Use synthetic global in the EntityFramework code instead of jump steps.
 2023-06-14 13:47:56 +02:00
Tony Torralba
182513a981 Merge pull request #13235 from atorralba/atorralba/java/hudson-models 
Java: Add Hudson models
 2023-06-14 12:33:18 +02:00
Anders Schack-Mulligen
2d616d494e C#/Ruby: Add fields as per review comments. 2023-06-13 11:26:30 +02:00
Anders Schack-Mulligen
97b2bdaa9f Java: Fix types of summary parameter nodes. 2023-06-09 15:39:28 +02:00
Anders Schack-Mulligen
254d60c826 Dataflow: Refactor FlowSummaryImpl to synthesize nodes independently from DataFlow::Node. 2023-06-09 15:27:17 +02:00
Anders Schack-Mulligen
59636c43ca Dataflow: Rename two private predicates. 2023-06-09 15:27:17 +02:00
Anders Schack-Mulligen
1b7bbf6320 Merge pull request #13083 from aschackmull/dataflow/typestrengthen 
Dataflow: Strengthen tracked types.
 2023-06-09 13:23:30 +02:00
Anders Schack-Mulligen
44b09507ab Merge pull request #13408 from aschackmull/java/loginjection-perf 
Java: Add more negation context to reduce string ops and improve perf.
 2023-06-09 08:44:27 +02:00
Anders Schack-Mulligen
d230509905 Dataflow: Address review comments. 2023-06-09 08:37:36 +02:00
Anders Schack-Mulligen
4399138c82 Dataflow: Fix QL4QL alert. 2023-06-09 08:37:36 +02:00
Anders Schack-Mulligen
8a584b78ac Dataflow: Enable type strengthening in partial flow. 2023-06-09 08:37:36 +02:00
Anders Schack-Mulligen
441ccef6c4 Dataflow: Bugfix, use arg type rather than strengthened param type. 2023-06-09 08:37:36 +02:00
Anders Schack-Mulligen
4633abe19e Java: Autoformat 2023-06-09 08:37:35 +02:00
Anders Schack-Mulligen
ad461a87b4 Dataflow: Strengthen tracked types. 2023-06-09 08:37:35 +02:00
Anders Schack-Mulligen
1d87f0793b Dataflow: Minor refactor. 2023-06-09 08:37:35 +02:00
Anders Schack-Mulligen
5a2ac1b5ca Java: Add more negation context to reduce string ops and improve perf. 2023-06-08 14:04:57 +02:00
Anders Schack-Mulligen
dabb4dd643 Java: Improve join-order for FunctionalInterface. 2023-06-08 13:02:54 +02:00
Tony Torralba
6d7234f8ed Merge pull request #13225 from atorralba/atorralba/java/path-injection-mad-sinks-2 
Java: Migrate path injection sinks to models-as-data (simplified)
 2023-06-07 14:27:36 +02:00
Erik Krogh Kristensen
6ba7f9a238 Merge pull request #13352 from erik-krogh/once-again-deps-not-py-cpp 
delete old deprecations
 2023-06-07 13:00:57 +02:00
Tony Torralba
27763d6bbe Improve ZipSlip exclusion to take varargs into account 2023-06-07 09:25:56 +02:00
Tony Torralba
8001ae9669 Update java/ql/lib/semmle/code/java/security/ZipSlipQuery.qll 
Co-authored-by: Jami <57204504+jcogs33@users.noreply.github.com>
 2023-06-07 09:08:24 +02:00
Tony Torralba
1601846478 Add exclusion to the ZipSlip query to avoid FPs 2023-06-06 10:28:49 +02:00
Jami
64830809a6 Merge pull request #13228 from jcogs33/jcogs33/deprecated-sink-error-message 
Java: add error message for outdated sink kinds in `getInvalidModelKind`
 2023-06-02 13:44:18 -04:00
erik-krogh
44b6366586 delete old deprecations 2023-06-02 11:58:08 +02:00
Tony Torralba
ad2f558002 Add Hudson models 
Includes models-as-data rows, flow sources, and XSS sanitizers.

Tests for models-as-data rows not included.
 2023-06-02 11:06:24 +02:00
Tony Torralba
527fe523a8 Add PathCreation.qll sinks to models-as-data 
The old PathCreation sinks can't be removed because doing so would cause alert wobble in the path injection queries. See their getReportingNode predicates.
 2023-06-02 09:14:35 +02:00
Jami
1a82e21fdb Merge pull request #13136 from jcogs33/jcogs33/revamp-java-source-kinds 
Java: change `android-widget` MaD source kind to `remote`
 2023-06-01 14:18:02 -04:00
Jami Cogswell
b8cedfa817 Java: switch 'deprecated' to 'outdated' 2023-06-01 13:30:27 -04:00
Jami Cogswell
d10857fbdb Java: fix typo blank qldoc 2023-06-01 12:57:06 -04:00
Jami Cogswell
0355b78f13 Java: add deprecation deletion comment 2023-06-01 12:57:06 -04:00
Jami Cogswell
b3d218a503 Java: condense 'replacementKind' code 2023-06-01 12:57:06 -04:00
Jami Cogswell
06c83ee14d Java: add error message for deprecated sink kinds to 'getInvalidModelKind' 2023-06-01 12:57:05 -04:00
Jami
617107de35 Merge pull request #12916 from jcogs33/jcogs33/revamp-java-sink-kinds 
Java: revamp MaD sink kinds
 2023-06-01 12:48:30 -04:00
Jami Cogswell
de15013715 Java: remove RemoteFlowSources module 2023-06-01 12:25:26 -04:00
Jami Cogswell
5700a6eea4 Java: remove DefaultAndroidWidgetSources class 2023-06-01 12:25:26 -04:00
Jami Cogswell
6722892828 Java: switch 'android-widget' source kind to 'remote' 2023-06-01 12:25:25 -04:00
Michael Nebel
06b02eb3ce Sync files. 2023-06-01 09:30:31 +02:00
Jami Cogswell
ca8ac0c93f Java: add comment about request-forgery sinks 2023-05-31 15:51:07 -04:00
Jami Cogswell
5dbb698481 Java: update open/jdbc-url sink kinds to request-forgery 2023-05-31 15:50:31 -04:00
Jami Cogswell
cb10f4976b Java: update create/read-file sink kinds to path-injection 2023-05-31 15:49:07 -04:00
Jami Cogswell
eb1a8e2189 Java: update write-file sink kind to file-system-store 2023-05-31 15:49:07 -04:00
Jami Cogswell
ac8d985a63 Java: update xss sink kind to html-injection and js-injection 2023-05-31 15:49:07 -04:00
Jami Cogswell
041caa7405 Java: update header-splitting sink kind to response-splitting 2023-05-31 15:49:07 -04:00
Jami Cogswell
51df84ed1c Java: update set-hostname-verifier sink kind to hostname-verification 2023-05-31 15:49:07 -04:00
Jami Cogswell
b23f384a50 Java: update intent-start sink kind to intent-redirection 2023-05-31 15:49:07 -04:00
Jami Cogswell
5aa3e57ff3 Java: update pending-intent-sent sink kind to pending-intents 2023-05-31 15:49:07 -04:00
Jami Cogswell
3ff4c7de8f Java: update ldap sink kind to ldap-injection 2023-05-31 15:49:07 -04:00
Jami Cogswell
6d2d25406c Java: update xslt sink kind to xslt-injection 2023-05-31 15:49:07 -04:00
Jami Cogswell
cea97b3f2a Java: update mvel sink kind to mvel-injection 2023-05-31 15:49:06 -04:00
Jami Cogswell
6cee0c4c75 Java: update jexl sink kind to jexl-injection 2023-05-31 15:49:06 -04:00