codeql

mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00

Author	SHA1	Message	Date
Tony Torralba	c09b6691e1	Merge pull request #6171 from atorralba/atorralba/promote-unsafe-certificate-trust Java: Promote Unsafe certificate trust query from experimental	2022-01-20 12:07:03 +01:00
Anders Schack-Mulligen	f154530141	Merge pull request #7662 from JLLeitschuh/patch-2 Fix typo in FileWritable	2022-01-20 11:13:59 +01:00
Anders Schack-Mulligen	4aa2661dc1	Merge pull request #7634 from bmuskalla/refactorLangModel Refactor Apache Commons Lang model	2022-01-20 11:01:25 +01:00
CodeQL CI	cfa670c123	Merge pull request #7651 from erik-krogh/CWE-471 Approved by asgerf, esbena	2022-01-20 01:47:39 -08:00
Benjamin Muskalla	2748bbffa3	Merge pull request #7656 from bmuskalla/excludeMainLoggingGenerator Java: Exclude irrelevant rows from models	2022-01-20 10:40:51 +01:00
Michael Nebel	547f492be0	Merge pull request #7577 from michaelnebel/csharp/line-pragma C#: Make support for Line span pragma	2022-01-20 09:51:57 +01:00
Jonathan Leitschuh	23548c50e1	Fix typo in FileWritable	2022-01-19 16:14:38 -05:00
Tom Hvitved	70f4efb834	Merge pull request #7646 from hvitved/csharp/roslyn-tuple-elements-workaround C#: Workaround Roslyn bug in `INamedTypeSymbol.TupleElements`	2022-01-19 19:54:29 +01:00
Tony Torralba	695e77a219	Simplify isSslSocket predicate	2022-01-19 17:01:28 +01:00
Mathias Vorreiter Pedersen	40c8881575	Merge pull request #7472 from erik-krogh/redundant-aggregate QL-for-QL: Add a could-be-cast query	2022-01-19 15:48:00 +00:00
Henry Mercer	58b1a6fd40	Merge pull request #7655 from github/henrymercer/bump-atm-query-pack-v0.0.6 JS: Bump ML-powered query packs to v0.0.6	2022-01-19 15:44:55 +00:00
Tony Torralba	e442e50e6b	Apply suggestions from code review Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2022-01-19 16:43:48 +01:00
Tony Torralba	101ad777e3	Move things around after rebase	2022-01-19 16:43:48 +01:00
Tony Torralba	03020582af	Apply suggestions from code review Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>	2022-01-19 16:43:47 +01:00
Tony Torralba	9ffc5ab183	Update java/ql/src/semmle/code/java/security/UnsafeCertTrustQuery.qll Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>	2022-01-19 16:43:47 +01:00
Tony Torralba	c16181dd2f	QLDocs	2022-01-19 16:43:46 +01:00
Tony Torralba	000a544729	Decouple UnsafeCertTrust.qll to reuse the taint tracking configuration	2022-01-19 16:43:43 +01:00
Tony Torralba	1e2a956a30	Remove unused stub	2022-01-19 16:43:02 +01:00
Tony Torralba	d9e98ceacc	Consider setSslContextFactory and fix tests	2022-01-19 16:43:01 +01:00
Tony Torralba	4d207101e2	Fix QLDoc	2022-01-19 16:43:00 +01:00
Tony Torralba	999acb0021	Improve qhelp references	2022-01-19 16:43:00 +01:00
Tony Torralba	e9712f04a4	Add missing QLDoc	2022-01-19 16:42:59 +01:00
Tony Torralba	698fd64f7f	Adjust test after rebase	2022-01-19 16:42:59 +01:00
Tony Torralba	68fe3dd9f4	Fix conflicts in experimental query	2022-01-19 16:42:58 +01:00
Tony Torralba	c24520cb75	Adjust qhelp after rebase	2022-01-19 16:42:58 +01:00
Tony Torralba	5997b874de	Add change note	2022-01-19 16:42:53 +01:00
Tony Torralba	9e93aecf75	Add spurious test case	2022-01-19 16:42:06 +01:00
Tony Torralba	19d1a780ca	Generalize sanitizer using local flow	2022-01-19 16:42:05 +01:00
Tony Torralba	64518bf91a	Handle a specific pass-by-reference flow issue	2022-01-19 16:42:04 +01:00
Tony Torralba	4508945f85	Fix assumption regarding when an SSLSocket does the TLS handhsake	2022-01-19 16:42:03 +01:00
Tony Torralba	e842acf9e0	Improve qhelp	2022-01-19 16:42:03 +01:00
Tony Torralba	5d4cd70f8c	Adjusted sources and sanitizer of UnsafeCertTrust taint tracking config	2022-01-19 16:42:02 +01:00
Tony Torralba	e43fff2d30	Use InlineExpectationsTest	2022-01-19 16:42:02 +01:00
Tony Torralba	02d0fa9188	Minor changes in QLDocs and a sanitizer's type	2022-01-19 16:42:01 +01:00
Tony Torralba	4313baf622	Big refactor: - Move classes and predicates to appropriate libraries - Overhaul the endpoint identification algorithm logic to use taint tracking - Adapt tests	2022-01-19 16:42:00 +01:00
Tony Torralba	e0f4c73aed	Move from experimental	2022-01-19 16:42:00 +01:00
Benjamin Muskalla	52406dc8df	Exclude logging sinks Those sinks are too coarse grained to be exposed as sinks on any model.	2022-01-19 16:11:59 +01:00
Benjamin Muskalla	25d251c24f	Exclude `main` methods from models	2022-01-19 16:11:59 +01:00
Tom Hvitved	7e3f3c6e2a	Merge pull request #7515 from hvitved/csharp/extraction-mode C#: Introduce extractor mode to identify DBs created with `codeql test run`	2022-01-19 16:04:57 +01:00
Chris Smowton	162b3822dd	Merge pull request #7613 from github/smowton/admin/tag-random-used-once Remove security-severity tag to java/random-used-once	2022-01-19 14:43:08 +00:00
Henry Mercer	c134e6c9ef	JS: Bump ML-powered query packs to v0.0.6	2022-01-19 14:40:42 +00:00
Chris Smowton	c63fcb2c69	Add change note	2022-01-19 14:13:45 +00:00
Chris Smowton	f0645a34b9	Remove security-severity tag instead This leaves the Java query in the same state as its C# cousin.	2022-01-19 14:06:40 +00:00
Erik Krogh Kristensen	cb9e14f544	add cwe-471 to js/prototype-pollution	2022-01-19 14:54:57 +01:00
Tom Hvitved	cb098df4ea	Merge pull request #7334 from github/hmac/regexp-interpolations Ruby: Resolve simple string interpolations	2022-01-19 14:43:58 +01:00
Mathias Vorreiter Pedersen	dfbde23821	Merge pull request #7627 from geoffw0/nullterm5 C++: Fix branch related FPs in cpp/improper-null-termination.	2022-01-19 13:30:05 +00:00
Erik Krogh Kristensen	e4203a4109	add CWE-471 to the prototype-pollution queries	2022-01-19 14:26:34 +01:00
Tom Hvitved	dacb33d1dd	C#: Adjust Roslyn workaround	2022-01-19 14:12:21 +01:00
Geoffrey White	0230494799	C++: Expand QLDoc comment.	2022-01-19 13:07:55 +00:00
Henry Mercer	061b9badfe	Merge pull request #7649 from github/henrymercer/bump-atm-query-pack-v0.0.5 JS: Bump ML-powered query packs to v0.0.5	2022-01-19 13:00:41 +00:00

1 2 3 4 5 ...

31742 Commits