8325 Commits

Author	SHA1	Message	Date
Chris Smowton	38c0557d90	Adjust test to moved and expanded stubs	2022-08-15 12:08:14 +01:00
Chris Smowton	1a3dc1d6eb	Remove extra closing tag	2022-08-15 11:31:53 +01:00
Ian Lynagh	09d249e5d8	Merge pull request #10038 from igfoo/igfoo/java-downgrades ... Java: Add initial downgrades directory	2022-08-15 10:57:52 +01:00
Chris Smowton	5677e38994	Style edit	2022-08-15 10:37:55 +01:00
Chris Smowton	3cf871e9e5	Apply docs suggestions ... Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>	2022-08-15 10:34:55 +01:00
Anders Schack-Mulligen	a3fb54c9de	Merge pull request #10007 from aschackmull/dataflow/source-node-identity ... Dataflow: Fix identification of source PathNodes in the presence of source-to-source flow	2022-08-15 10:39:17 +02:00
Chris Smowton	ca4ef6578d	Spelling	2022-08-13 14:37:08 +01:00
Chris Smowton	c5e46f78ec	Add change note	2022-08-13 14:29:17 +01:00
Chris Smowton	8bea2a5f6c	Add missing qldoc	2022-08-13 14:20:48 +01:00
Chris Smowton	b62e9dc92c	Convert tests to inline expectations and fix one bug revealed doing so ... Specifically Apache sshd defines its sensitive api calls on an inherited interface, and they need to be described that way for us to pick them up.	2022-08-13 14:02:05 +01:00
Chris Smowton	ddb0846e06	Split up hardcoded creds queries, ready for conversion to inline expectations	2022-08-13 12:39:16 +01:00
Chris Smowton	0a6ccbca45	Add stubs and tests for new hardcoded-credential sinks	2022-08-13 12:39:15 +01:00
Daniel Santos	60e0f09586	Additional hardcoded credentials candidates 3rd-party api calls	2022-08-13 12:39:15 +01:00
erik-krogh	3a4a3437b5	fix some QL-for-QL warnings	2022-08-12 20:38:50 +02:00
erik-krogh	b54f037424	Merge branch 'main' into refacReDoS	2022-08-12 20:28:30 +02:00
erik-krogh	b9e96fb078	sync changes to other languages	2022-08-12 20:28:12 +02:00
Ian Lynagh	254c166f93	Java: Add initial downgrades directory	2022-08-12 16:19:31 +01:00
Tamas Vajk	ccef2f7646	Address review comments	2022-08-12 15:25:46 +02:00
Tamas Vajk	451be6c32c	Kotlin: Add explicit CI version number to build script	2022-08-12 14:27:06 +02:00
Tamas Vajk	0bd00ce1db	Kotlin: Change handling of version variants in build script	2022-08-12 13:11:33 +02:00
github-actions[bot]	21d0c78376	Post-release preparation for codeql-cli-2.10.3	2022-08-11 23:20:39 +00:00
Anders Schack-Mulligen	a3fc463d0a	Java: Minor perf improvement.	2022-08-11 14:21:10 +02:00
github-actions[bot]	57c4f9145b	Release preparation for version 2.10.3	2022-08-11 11:12:15 +00:00
Erik Krogh Kristensen	73df8e4c7d	Merge pull request #9832 from erik-krogh/misspellings ... Fix lots of misspellings	2022-08-11 12:43:26 +02:00
Chris Smowton	e9df675f88	Autoformat ql	2022-08-11 09:55:46 +01:00
Anders Schack-Mulligen	74b05d2aa4	Kotlin: Reflection test should not refer to DataFlowPrivate.	2022-08-11 09:48:10 +02:00
Anders Schack-Mulligen	87461fece4	Merge pull request #10006 from aschackmull/java/sensitive-log-dedup ... Java: Remove SensitiveLoggingQuery results that flow through a source.	2022-08-11 09:26:33 +02:00
github-actions[bot]	33ce9552cb	Add changed framework coverage reports	2022-08-11 00:17:52 +00:00
Erik Krogh Kristensen	887f6557ed	fix common misspellings throughout github/codeql	2022-08-10 23:21:41 +02:00
Chris Smowton	cc8e9806c4	Merge pull request #10009 from smowton/smowton/java17-options ... Java: Adapt tests as required by JDK17 extractor upgrade	2022-08-10 18:46:06 +01:00
Chris Smowton	341241cf43	Use SrcFloatingPointLiteral	2022-08-10 17:28:14 +01:00
Anders Schack-Mulligen	abad133ab5	Dataflow: Fix identification of source PathNodes in the presence of source-to-source flow.	2022-08-10 15:02:56 +02:00
Anders Schack-Mulligen	cbd6d24b9c	Merge pull request #9963 from intrigus-lgtm/java/model-set-properties ... Model `java.util.Properties.setProperty`	2022-08-10 14:51:00 +02:00
Anders Schack-Mulligen	ecc15a1f95	Java: Remove SensitiveLoggingQuery results that flow through a source.	2022-08-10 14:28:07 +02:00
Chris Smowton	8c32758ae5	Merge pull request #9829 from smowton/smowton/fix/kotlin-underscore-parameter-names ... Kotlin: Don't extract a name for a '_' parameter	2022-08-10 12:28:26 +01:00
Chris Smowton	09e4c6b66b	Add dataflow path-graph	2022-08-10 10:37:55 +01:00
Chris Smowton	2ca0b0c6b5	Inline qhelp overview ... A <p> at the top isn't allowed, and for some reason the inclusion is required to be a valid qhelp file.	2022-08-10 10:37:48 +01:00
Erik Krogh Kristensen	559ec7ba56	Merge branch 'main' into repeatedWord	2022-08-09 21:22:47 +02:00
smehta23	cf68a11267	Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.qhelp ... Co-authored-by: Chris Smowton <smowton@github.com>	2022-08-09 11:59:28 -07:00
smehta23	4d80fd0b00	Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.qhelp ... Co-authored-by: Chris Smowton <smowton@github.com>	2022-08-09 11:59:14 -07:00
smehta23	7da07400ea	Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversalFromRemote.qhelp ... Co-authored-by: Chris Smowton <smowton@github.com>	2022-08-09 11:59:03 -07:00
smehta23	c2b670eff8	Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversalFromRemote.qhelp ... Co-authored-by: Chris Smowton <smowton@github.com>	2022-08-09 11:58:55 -07:00
Tony Torralba	7f5fe85e2e	Merge pull request #9975 from atorralba/atorralba/asynctask-improvs ... Java: Improve AsyncTask data flow support	2022-08-09 17:10:09 +02:00
Erik Krogh Kristensen	49276b1f38	Merge branch 'main' into refacReDoS	2022-08-09 16:18:46 +02:00
Erik Krogh Kristensen	0abbd50ca1	apply changes based on docs review	2022-08-09 13:51:40 +02:00
Chris Smowton	1c6642f3fb	Format QL	2022-08-09 11:50:54 +01:00
Chris Smowton	80f5b977d6	Use sealed classes released version	2022-08-09 11:50:54 +01:00
yo-h	c46b54b9c2	Java 17: exclude non-source locations in some tests	2022-08-09 11:50:54 +01:00
yo-h	0bf7e075e5	Java 17: adjust expected test output	2022-08-09 11:50:54 +01:00
yo-h	27b699df33	Java: adjust test options for JDK 17 upgrade	2022-08-09 11:50:54 +01:00