hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
58,700 Commits 1,672 Branches 157 Tags
b18de9e6417c60b51d2371c98394f4033d2683e4
Commit Graph

10374 Commits

Author SHA1 Message Date
Ian Lynagh
0eb6d1c76e Kotlin: useFunction might return null 2023-08-09 13:45:15 +01:00
Stephan Brandauer
e927470961 Merge branch 'main' into kaeluka/java-automodel-variadic-args 2023-08-09 09:02:32 +02:00
Anders Schack-Mulligen
0ca3f3308b Merge pull request #13478 from aschackmull/java/varcapture 
Java: Add proper support for variable capture flow.
 2023-08-08 16:22:56 +02:00
Anders Starcke Henriksen
3918e57ffe Take filter pack into account. 2023-08-08 15:10:12 +02:00
Anders Starcke Henriksen
8d34ab6d18 Merge branch 'main' into starcke/automodel-pack 2023-08-08 15:02:33 +02:00
Anders Starcke Henriksen
7da6da1c93 Merge pull request #13852 from github/starcke/automodel-package-filter 
Add option to filter automodel queries
 2023-08-08 14:59:00 +02:00
Anders Schack-Mulligen
9d59f50340 Java: Review fixes. 2023-08-08 13:37:40 +02:00
Michael Nebel
0ed724eb13 Java: Make a flow summary for Set.clear using WithoutElement and introduce appropriate tests. 2023-08-08 11:10:08 +02:00
Anders Schack-Mulligen
ab334f6c1b Java: Always apply heuristic query regardless of existing models. 2023-08-08 10:01:43 +02:00
Anders Schack-Mulligen
cd22bb3505 Java: Add another test case. 2023-08-08 10:00:55 +02:00
erik-krogh
45c39e6072 limit field flow when tracking regex strings in Java 2023-08-08 09:01:23 +02:00
github-actions[bot]
79c90fa36a Release preparation for version 2.14.2 2023-08-07 18:08:52 +00:00
Ian Lynagh
3e86c4c39e Kotlin: Allow extractNewExpr to return null 2023-08-07 18:59:51 +01:00
Jeroen Ketema
8b6a7985db Refactor the traint-tracking library to follow the dataflow library refactoring 2023-08-07 15:23:15 +02:00
Jeroen Ketema
5d2984b7a5 Merge branch 'main' into shared-taint-tracking 2023-08-07 15:22:29 +02:00
Jami
5862cd2378 Merge pull request #13889 from jcogs33/jcogs33/fix-some-models 
Java: remove duplicate models
 2023-08-07 08:46:18 -04:00
Stephan Brandauer
3433437034 Java: automodel application mode: only extract the first argument corresponding to a varargs array 2023-08-07 14:15:17 +02:00
Edward Minnix III
58d8a2d77f Merge pull request #13899 from egregius313/egregius313/random-nextbytes-typo-fix 
Java: Fix typo in `StdlibRandomSource::getOutput`
 2023-08-07 07:36:44 -04:00
Tom Hvitved
2126ab0dde Merge pull request #13901 from hvitved/dataflow/refactor 
Data flow: Refactor shared library
 2023-08-07 13:22:53 +02:00
Ian Lynagh
0d97c1c54a Merge pull request #13837 from igfoo/igfoo/nullFunLabel 
Kotlin: Pass on a parentId and remove some redundant braces
 2023-08-07 12:19:22 +01:00
Michael Nebel
e62ec888c0 Merge pull request #13506 from michaelnebel/java/threatmodels 
Java: Threat Models
 2023-08-07 12:50:01 +02:00
Stephan Brandauer
e1a5eba61b Java: automodel application mode: refactor varargs endpoint class to rely on normal argument node for nicer extracted examples 2023-08-07 12:18:52 +02:00
Stephan Brandauer
650ff8db87 Java: automodel comments 2023-08-07 12:18:51 +02:00
Stephan Brandauer
0781cb78e8 Java: automodel application mode: add isVarargsArray metadata value 2023-08-07 12:18:51 +02:00
Stephan Brandauer
5abf7769a7 Java: automodel application mode: use endpoint class like in framework mode 2023-08-07 12:18:51 +02:00
Tony Torralba
fb0102b763 Java: New models for JAX-RS 2023-08-07 11:52:23 +02:00
Tom Hvitved
693970f243 Java: Adjust to data flow refactor 2023-08-07 11:35:23 +02:00
Anders Starcke Henriksen
0d78eeb871 Address comments. 2023-08-07 10:47:59 +02:00
Tony Torralba
43b9199734 Java: Improved JaxWsEndpoint::getARemoteMethod 2023-08-07 10:21:58 +02:00
Ed Minnix
23e2eb11dd Change note 2023-08-07 00:23:58 -04:00
Ed Minnix
fe4eef0bcb Fix typo, replace getBytes with nextBytes 2023-08-07 00:16:47 -04:00
Jeroen Ketema
747cd1745a Update all languages to use the shared taint-tracking library 2023-08-04 22:53:25 +02:00
Jami Cogswell
19622aec49 Java: remove duplicate 'Files.newOutputStream' ai model 2023-08-04 14:06:57 -04:00
Jami Cogswell
e64d581f7a Java: remove duplicate 'Files.newInputStream' ai model 2023-08-04 14:05:05 -04:00
Jami Cogswell
d2a24dee7f Java: remove duplicate 'Files.delete' ai model 2023-08-04 14:02:59 -04:00
Jami Cogswell
516831aa41 Java: remove duplicate 'Files.move' ai model 2023-08-04 14:01:27 -04:00
Jami Cogswell
c510d33fbf Java: remove duplicate 'Files.deleteIfExists' ai model 2023-08-04 13:52:18 -04:00
Mathias Vorreiter Pedersen
abe3a816ce Merge pull request #13851 from MathiasVP/sink-without-states 
DataFlow: Support stateless `isSink` in `StateConfigSig`s
 2023-08-04 18:01:42 +02:00
Michael Nebel
9c4d77a925 Java: Address review comments. 2023-08-04 13:47:30 +02:00
Michael Nebel
d3eb9c1325 Java: Add release note and address review comments. 2023-08-04 13:36:43 +02:00
Anders Starcke Henriksen
3ef82c1091 Address comments. 2023-08-04 10:22:17 +02:00
Tony Torralba
586c8803c5 Move the sources back the .ql files 
Otherwise they would both apply at the same time, making both versions of the query identical.
 2023-08-04 10:02:56 +02:00
Tony Torralba
e9bad321b6 Apply suggestions from code review 2023-08-04 09:21:45 +02:00
Paul Hodgkinson
fba37aa7c9 Merge branch 'main' into java/experimental/command-injection 2023-08-03 14:12:38 +01:00
aegilops
fc7f8409be Fix up for code review 2023-08-03 13:50:40 +01:00
aegilops
3658710578 Fixed formatting, committed expected test results 2023-08-03 13:50:40 +01:00
Anders Starcke Henriksen
e2abd3ff13 Create separate automodel pack. 2023-08-03 13:55:15 +02:00
Anders Schack-Mulligen
0ae81eace3 Java: update fixed test 2023-08-03 10:07:00 +02:00
Anders Schack-Mulligen
84316c41a3 Java: Add more qldoc. 2023-08-03 10:04:06 +02:00
Anders Schack-Mulligen
90052a3ca2 Java: Add proper types for capture nodes. 2023-08-03 10:04:06 +02:00