hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
63,168 Commits 1,672 Branches 157 Tags
b8cb514dc45b29b471ec8b321507a10cc97c464d
Commit Graph

11297 Commits

Author SHA1 Message Date
Tony Torralba
b8cb514dc4 Rename the other change note 2024-01-26 12:46:51 +01:00
Tony Torralba
19a6b7858b Remove reference to PathCreation 
ZipSlip no longer needs to make this exclusion, since PathCreation arguments are no longer path-injection sinks
 2024-01-26 12:45:00 +01:00
Tony Torralba
2a146405ac Adjust tests 2024-01-26 12:38:32 +01:00
Tony Torralba
1d2a51c522 Rename change note 2024-01-26 12:20:47 +01:00
Tony Torralba
19cb7adb6d Migrate path injection sinks to MaD 
Deprecate and stop using PathCreation

Path creation sinks are now summaries
 2024-01-26 12:19:54 +01:00
Tony Torralba
52d7bd93a5 Merge pull request #15420 from github/java/update-mad-decls-after-triage-2024-01-24T10-05-04 
Java: Update MaD Declarations after Triage
 2024-01-26 08:42:49 +01:00
Tony Torralba
d299971086 Fix code review mistake 2024-01-25 17:42:11 +01:00
Tony Torralba
661c5cf6aa Merge pull request #15409 from erik-krogh/path-java 
Java: Improve the QHelp for `java/path-injection`.
 2024-01-25 17:14:59 +01:00
Henry Mercer
10343dd822 Merge pull request #15416 from github/post-release-prep/codeql-cli-2.16.1 
Post-release preparation for codeql-cli-2.16.1
 2024-01-25 14:15:25 +00:00
Tony Torralba
282632c33b Add new snippets as tests 2024-01-25 15:11:11 +01:00
Stephan Brandauer
1f9a968774 Java: PR discussion 2024-01-25 13:59:47 +01:00
erik-krogh
73e3fada44 add missing </p> 2024-01-25 12:14:10 +01:00
erik-krogh
05a59d2a94 apply suggestions from doc review 2024-01-25 11:20:46 +01:00
Stephan Brandauer
5d6ee9c0cb Update java/ql/lib/ext/com.fasterxml.jackson.databind.model.yml 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2024-01-25 10:00:56 +01:00
Chris Smowton
ed9abdd9bd Mock Java 8 toolchain so sibling test works on arm runners 2024-01-24 16:51:38 +00:00
Chris Smowton
287fb8003d Make all toolchains available to test 2024-01-24 16:51:38 +00:00
Chris Smowton
16d30d7335 Remove xml and properties tests 2024-01-24 16:51:38 +00:00
Chris Smowton
042a3b64bb Use Java 11 to run old Gradle 2024-01-24 16:51:38 +00:00
Chris Smowton
b5429f1a50 Add test for buildless with sibling projects 2024-01-24 16:51:38 +00:00
Chris Smowton
e3ef8aa6f6 Adjust test expectations 2024-01-24 16:51:37 +00:00
Chris Smowton
96bf47fbd9 Remove accidentally-committed actual files 2024-01-24 16:51:37 +00:00
Stephan Brandauer
4e63cbc993 Merge branch 'main' into java/update-mad-decls-after-triage-2024-01-24T10-05-04 2024-01-24 14:55:20 +01:00
Ian Lynagh
67242278ee Merge pull request #15384 from igfoo/igfoo/kt2 
Kotlin: Support Kotlin 2.0.0-Beta3
 2024-01-24 12:47:35 +00:00
Stephan Brandauer
d5bcbcddab Update MaD Declarations after Triage 2024-01-24 11:05:07 +01:00
github-actions[bot]
465e8d3530 Add changed framework coverage reports 2024-01-24 00:17:20 +00:00
github-actions[bot]
d0b74c00fe Post-release preparation for codeql-cli-2.16.1 2024-01-23 23:02:29 +00:00
github-actions[bot]
7ef611e6dc Release preparation for version 2.16.1 2024-01-23 19:45:16 +00:00
Edward Minnix III
3c8b09307d Merge pull request #15291 from egregius313/egregius313/java/dataflow/default-sanitizers 
Java: Introduce a common sanitizer type for types which cannot realistically carry taint.
 2024-01-23 13:28:03 -05:00
erik-krogh
158ff0da0a add a trailing slash to the folder check in the QHelp for java/path-injection 2024-01-23 14:46:02 +01:00
Erik Krogh Kristensen
f1d6f56621 Merge pull request #15393 from erik-krogh/deps-jan-2024 
All: delete outdated deprecations
 2024-01-23 13:52:38 +01:00
erik-krogh
00dadeb3bf delete the markdown file again 2024-01-23 12:57:15 +01:00
erik-krogh
57e0b3cceb iterate on the java/path-injection qhelp 2024-01-23 12:56:43 +01:00
erik-krogh
4958c19c67 move the examples for the qhelps into an example/ folder 2024-01-23 12:56:23 +01:00
erik-krogh
6b66f5cbc5 check in the TaintedPath qhelp as markdown to get pretty diffs 2024-01-23 12:56:22 +01:00
Tony Torralba
fcd9a5ed71 Update java/ql/lib/change-notes/2023-12-21-new-models.md 2024-01-23 11:18:12 +01:00
Stephan Brandauer
95b439bf31 Merge branch 'main' into java/update-mad-decls-after-triage-2023-12-21T14-39-02 2024-01-23 09:40:50 +01:00
Stephan Brandauer
cd765e7c19 work on review comments 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2024-01-23 09:35:36 +01:00
Stephan Brandauer
8b34407ab7 Java: java.awt.Desktop::browse is a url-redirection sink 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2024-01-23 09:28:13 +01:00
Ed Minnix
fcbee1994b Update change note 2024-01-22 23:57:31 -05:00
Ed Minnix
fb80c5ea84 Rename SimpleScalarSanitizer to SimpleTypeSanitizer 2024-01-22 23:55:29 -05:00
Ed Minnix
696788e5b2 Rename semmle.code.java.security.dataflow.CommonSanitizers to semmle.code.java.security.Sanitizers 2024-01-22 23:52:19 -05:00
Ed Minnix
bb44277090 Make import of dataflow private 2024-01-22 23:40:24 -05:00
Ed Minnix
ec3d683186 Change change note category to feature 2024-01-22 23:39:23 -05:00
Ed Minnix
38828672a9 Update change note 2024-01-22 23:38:33 -05:00
Ed Minnix
32fe8e02fb Change note 2024-01-22 23:38:31 -05:00
Ed Minnix
3311b3be8e Convert experimental queries' isBarrier to use instanceof SimpleScalarSanitizer 2024-01-22 23:38:29 -05:00
Ed Minnix
67dfca2e58 Convert libraries to use instanceof SimpleScalarSanitizer 2024-01-22 23:38:26 -05:00
Ed Minnix
7f7c49d6ce Add the SimpleScalarSanitizer class 
The `SimpleScalarSanitizer` class represents common scalar types which
cannot realistically carry taint (e.g. primitives/numbers, and
eventually UUIDs and Dates)
 2024-01-22 23:38:24 -05:00
erik-krogh
865df920f9 add change-notes 2024-01-22 19:30:57 +01:00
Max Schaefer
5c43a0b1e4 Merge pull request #15356 from github/max-schaefer/automodel-void-source-candidates 
Automodel: Switch tests to inline expectations
 2024-01-22 17:05:10 +00:00