codeql

mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00

Author	SHA1	Message	Date
jorgectf	e0952ba432	Fix change note Thanks @atorralba!	2022-03-15 16:41:32 +01:00
jorgectf	3356bc4085	Add change note	2022-03-15 16:26:34 +01:00
jorgectf	ed198709b4	Refactor `MyBatisAbstractSQLMethodsStep` Set output to `Argument[-1]` instead of `ReturnValue` to be able to get rid of `MyBatisAbstractSQLAnonymousClassStep`. Thanks @pwntester!	2022-03-15 13:46:06 +01:00
jorgectf	9aa440e5b6	Refactor `MyBatisAbstractSQLMethodsStep` and `MyBatisAbstractSQLMethod` See https://github.com/github/codeql/pull/8345\#discussion_r826734537	2022-03-15 13:23:23 +01:00
Chris Smowton	451661dd20	Improve guard class names	2022-03-15 11:46:54 +00:00
Jeroen Ketema	157a36bc4f	Use node variable in all disjuncts	2022-03-15 11:55:35 +01:00
Jeroen Ketema	9a0e94f389	Add flow state versions of isBarrierIn, isBarrierOut, and isBarrierGuard	2022-03-15 11:55:34 +01:00
Joe Farebrother	e4a16cc700	Add security severity	2022-03-15 10:42:41 +00:00
Erik Krogh Kristensen	c7509c4dd3	Merge branch 'main' into deadCode	2022-03-15 09:19:14 +01:00
Jonas Jensen	d89c52f4b0	Merge pull request #8403 from erik-krogh/noUpper Rename all upper-case variables, and all lower-case modules	2022-03-15 09:00:37 +01:00
jorgectf	f10dac31f9	Format some tests	2022-03-14 22:12:22 +01:00
jorgectf	b62b8c8d28	Use `SummaryModelCsv` for the `toString` taint step	2022-03-14 21:47:06 +01:00
jorgectf	c683b48af7	Add `MyBatisInjectionSink`'s QLDoc	2022-03-14 21:41:36 +01:00
jorgectf	8482c01959	Make `MyBatisProviderStep` an `AdditionalValueStep`	2022-03-14 21:35:26 +01:00
jorgectf	32f494eba1	Use `SummaryModelCsv` in `MyBatisAbstractSQLMethodsStep`	2022-03-14 21:32:55 +01:00
jorgectf	d47fcedd21	Add tests	2022-03-14 21:31:51 +01:00
Jorge	158366ab46	Apply suggestions from code review Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>	2022-03-14 21:27:37 +01:00
Arthur Baars	6a74e761c8	Merge pull request #8398 from github/post-release-prep/codeql-cli-2.8.3 Post-release preparation for codeql-cli-2.8.3	2022-03-14 21:05:09 +01:00
Michael Nebel	bcdbfefb2b	Merge pull request #8329 from michaelnebel/csharp/model-generator C#: Capture Summary models.	2022-03-14 16:10:05 +01:00
Joe Farebrother	d4b5eed3e4	Merge pull request #8410 from joefarebrother/sensitive-logging Java: Promote Sensitive Logging query	2022-03-14 14:50:26 +00:00
Chris Smowton	9f02ca0db2	Merge pull request #8357 from p0wn4j/jdbc-url-ssrf-sink Java: Add JDBC connection SSRF sinks	2022-03-14 13:27:34 +00:00
Chris Smowton	ca8237b9de	Make comment into qldoc	2022-03-14 13:14:31 +00:00
Joe Farebrother	e4b762b5c5	Improve qldoc; make taint tracking	2022-03-14 13:10:34 +00:00
Michael Nebel	21bcaf6a0e	C#/Java: After remaining code after rebase.	2022-03-14 14:08:49 +01:00
Michael Nebel	74352925e4	C#/Java: Remove inline from returnNodeEnclosingCallable.	2022-03-14 13:50:55 +01:00
Michael Nebel	48dc9d7057	C#/Java: Move containerContent to DataFlowPrivate.	2022-03-14 13:50:55 +01:00
Michael Nebel	b7803ef0b1	C#: Introduce SyntheticFieldContent in RelevantContent.	2022-03-14 13:50:55 +01:00
Michael Nebel	12ff2c6cd5	C#/Java: Improve comments in CaptureSummaryModels.	2022-03-14 13:50:55 +01:00
Michael Nebel	3ad9731e91	C#/Java: Add some more QL docs.	2022-03-14 13:50:50 +01:00
Michael Nebel	2476e716a2	C#: Move the isRelevantTaintStep and isRelevantContent into the shared utils.	2022-03-14 13:49:52 +01:00
Michael Nebel	665e3c9326	C#: Re-factor containerContent into standalone predicate in DataFlow library.	2022-03-14 13:49:51 +01:00
Michael Nebel	5d03e510d2	C#/Java: Include synthetic fields in isRelevantContent.	2022-03-14 13:49:51 +01:00
Michael Nebel	cd03af3be4	C#: Get rid of the isOwnInstanceAccess based on ReturnStmt.	2022-03-14 13:49:46 +01:00
Michael Nebel	34a91f1aac	C#: Rename CaptureSummaryModelsQuery to CaptureSummaryModels.	2022-03-14 13:48:56 +01:00
Michael Nebel	36e0c683bd	C#: Add QL Doc to the primary predicate used for capturing flow.	2022-03-14 13:48:56 +01:00
Michael Nebel	e8aacb710e	C#: Add file level QL Doc to Capture Summary models specific implementations.	2022-03-14 13:48:56 +01:00
Michael Nebel	d114582b56	C#: Add QLDoc to the shared Capture summary models library.	2022-03-14 13:48:51 +01:00
Michael Nebel	82d93d0f9e	Java: Refactor CaptureSummaryModels code to enable re-use in C#.	2022-03-14 13:47:20 +01:00
Michael Nebel	ba233ed7a1	Java: Rearrange and refactor language specific content into standalone predicates.	2022-03-14 13:46:24 +01:00
Chris Smowton	b351d5bc2f	Autoformat	2022-03-14 12:44:40 +00:00
Michael Nebel	9ca199c9ae	Java: Move generic code out of language specific file for model generation.	2022-03-14 13:43:45 +01:00
Michael Nebel	a2d9f4f6f4	Java: Introduce language specific file for model generator code.	2022-03-14 13:40:40 +01:00
jorgectf	a0bf68f7cd	Generally extend `TaintTracking::AdditionalTaintStep`	2022-03-14 13:39:20 +01:00
Michael Nebel	a1c642685a	Java: Re-arrange code in ModelGeneratorUtils.	2022-03-14 13:35:56 +01:00
Chris Smowton	f83ea25ead	Add change note	2022-03-14 12:14:37 +00:00
Erik Krogh Kristensen	3bf5e06d53	delete all dead code	2022-03-14 13:03:31 +01:00
Chris Smowton	aada8d3af9	Merge pull request #8405 from smowton/smowton/fix/range-analysis-use-ranked-phi-nodes C#/Java: Range analysis: use ranked phi nodes	2022-03-14 11:55:55 +00:00
Jeroen Ketema	4c2081b7fc	Merge pull request #8401 from jketema/taint-flow Extend taint tracking interface with flow states	2022-03-14 12:06:10 +01:00
Erik Krogh Kristensen	83f26eb833	rename all upper-case variables to start with a lower-case letter	2022-03-14 11:50:48 +01:00
Erik Krogh Kristensen	bbb2847ec1	Merge pull request #8323 from erik-krogh/acronyms Enforcing consistent casing of acronyms	2022-03-14 11:38:25 +01:00

... 6 7 8 9 10 ...

4850 Commits