hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-26 13:46:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
42,664 Commits 1,673 Branches 157 Tags
b107dd6855dbdaffaf4e034146480735ed757cb9
Commit Graph

1462 Commits

Author SHA1 Message Date
Tony Torralba
1f83c5833b Merge pull request #10092 from zbazztian/zbazztian/string.replace-taint 
Java: Add additional taint steps for java.lang.String methods
 2022-08-30 12:24:37 +02:00
Erik Krogh Kristensen
8f0b999c31 Merge pull request #10207 from erik-krogh/fixRank 
fix performance issue in the ReDoS query
 2022-08-30 10:17:11 +02:00
erik-krogh
f47b097d7c put a limit on the length of the equivalent range 2022-08-29 21:03:52 +02:00
Anders Schack-Mulligen
e26a7fc4f3 Merge pull request #10173 from zbazztian/spring-crudrepository 
Java: Add data flow model for Spring's CrudRepository.save() method
 2022-08-29 15:00:07 +02:00
erik-krogh
77949cbeb3 add context to the rankState predicate in ExponentialBackTracking.qll 2022-08-29 13:42:05 +02:00
Anders Schack-Mulligen
6e7dcfcc6e Merge pull request #10097 from aschackmull/java/unification 
Java: Improve virtual dispatch via better unification check and deduplicate code with parameterised module
 2022-08-29 13:28:04 +02:00
Anders Schack-Mulligen
adfd474fee Java: Move file. 2022-08-29 11:50:54 +02:00
Anders Schack-Mulligen
3e5155d1a1 Java: Address review comments. 2022-08-26 11:45:01 +02:00
erik-krogh
ebb1106d9d add missing qldoc 2022-08-25 20:52:30 +02:00
erik-krogh
cc7a9ef97a rename more acronyms 2022-08-25 20:52:27 +02:00
Sebastian Bauersfeld
130e1892f4 Address review comments. 2022-08-25 18:49:38 +07:00
Sebastian Bauersfeld
207aebc581 Change wording of change note. 2022-08-25 18:47:36 +07:00
Sebastian Bauersfeld
36b5e5f61a Java: Add change notes. 2022-08-25 17:58:24 +07:00
Sebastian Bauersfeld
a486a89cee Java: Taint flow through org.springframework.data.repository.CrudRepository.save(). 2022-08-25 17:58:24 +07:00
Erik Krogh Kristensen
ba1ad00d2a Merge pull request #10062 from erik-krogh/redosPrefix 
JS: use the shared regular expression libraries in `js/case-sensitive-middleware-path`
 2022-08-25 12:57:16 +02:00
Ian Lynagh
bf6d9f8c23 Merge pull request #10161 from igfoo/igfoo/exec 
Make a load of files non-executable
 2022-08-25 10:05:39 +01:00
Ian Lynagh
5f8d8cdf40 Make *.dbscheme non-executable 2022-08-24 16:37:26 +01:00
Ian Lynagh
501a9b3c6b Make *.qll non-executable 2022-08-24 16:36:15 +01:00
Jami
b3e88f8234 Merge pull request #9983 from jcogs33/android-implicit-export 
Java: query to detect implicitly exported Android components
 2022-08-24 10:52:50 -04:00
Michael Nebel
761ed283b6 C#/Java/Ruby/Swift: Address review comments. 2022-08-24 09:58:54 +02:00
Michael Nebel
30d554503a C#/Java: Fix some QL doc spelling typos. 2022-08-24 09:58:53 +02:00
Michael Nebel
160ae934af C#/Java/Ruby/Swift: Fix typo in QL doc. 2022-08-24 09:58:53 +02:00
Michael Nebel
37976d56bc C#/Java/Go/Swift: Move CsvValidation back into ExternalFlow. 2022-08-24 09:58:53 +02:00
Michael Nebel
581824a9b4 C#/Java/Ruby/Swift: Fix various typos. 2022-08-24 09:58:53 +02:00
Michael Nebel
9f9129d3c9 Java: Introduce column validation for negative summaries. 2022-08-24 09:58:52 +02:00
Michael Nebel
4939439982 Java: Re-factor CSV Validation into standalone module. 2022-08-24 09:58:52 +02:00
Michael Nebel
5255e16816 Java: Sync files and make framework specific code. 2022-08-24 09:58:51 +02:00
Michael Nebel
15c05e201d Java: Re-factor specialized CSV predicates into overrides of the row predicate. 2022-08-24 09:58:46 +02:00
Anders Schack-Mulligen
92f2976399 Java: Improve unification check for wildcards with lower bounds. 2022-08-24 09:50:13 +02:00
Anders Schack-Mulligen
f248c6a11e Java: Improve unification check for bounded types. 2022-08-24 09:50:13 +02:00
Anders Schack-Mulligen
6b01f02df6 Java: Deduplicate unification code as a parameterised module. 2022-08-24 09:50:13 +02:00
Erik Krogh Kristensen
4df2e5d937 Merge pull request #10096 from erik-krogh/acronyms-part1 
make acronyms camelcase
 2022-08-24 09:33:53 +02:00
Tamás Vajk
ecde0abc04 Merge pull request #10091 from tamasvajk/kotlin-data-class 
Kotlin: Identify data classes during extraction
 2022-08-24 08:45:41 +02:00
erik-krogh
5e3cb08ed2 rename stateInPumpableRegexp to stateInRelevantRegexp 2022-08-23 12:40:45 +02:00
Chris Smowton
0a7350f3bf Merge pull request #10041 from smowton/AddSensitiveApiCalls 
Java: support more libraries in hardcoded-credentials queries
 2022-08-23 10:51:04 +01:00
Tony Torralba
085c12a51f Merge pull request #10116 from atorralba/atorralba/static-init-vector-fix 
Java: Improve Static Initialization Vector query
 2022-08-23 11:38:41 +02:00
Chris Smowton
131d6043c1 Add java imports 2022-08-23 09:41:00 +01:00
erik-krogh
82d9180892 only have one deprecated alias for XmlDtd 2022-08-23 10:38:23 +02:00
Joe Farebrother
ac79866799 Merge pull request #9982 from joefarebrother/rsa-without-oaep 
Java: Add query for RSA without OAEP
 2022-08-23 09:14:46 +01:00
Tony Torralba
a3f27d4abe Merge pull request #10131 from atorralba/atorralba/path-steps 
Java: Add new java.nio.Path{,s} summary models
 2022-08-23 09:47:34 +02:00
Tony Torralba
da3288fced Move change note to src 2022-08-23 09:40:34 +02:00
erik-krogh
78ba7650b3 change the change-notes 2022-08-23 07:28:46 +02:00
erik-krogh
28083ebe09 run the implicit-this patch 2022-08-22 21:23:31 +02:00
erik-krogh
a593a52b5e add missing qldoc (that was already missing?) 2022-08-22 21:22:39 +02:00
erik-krogh
e89e0eb7fb make some acronyms camelCase 2022-08-22 21:22:35 +02:00
Jami Cogswell
0136c7542b update XML to Xml due to recent deprecation 2022-08-22 12:41:22 -04:00
Jami Cogswell
f34e23bdba adjusted comments and precision level 2022-08-22 12:41:22 -04:00
Jami Cogswell
ac07544d70 group negated expressions together 2022-08-22 12:41:22 -04:00
Jami Cogswell
efac4b197d removed another comment 2022-08-22 12:41:22 -04:00
Jami Cogswell
e003e2c809 lib change note updates 2022-08-22 12:41:22 -04:00