codeql

mirror of https://github.com/github/codeql.git synced 2026-04-08 00:24:03 +02:00

Author	SHA1	Message	Date
Jami Cogswell	c6a71cd3fd	Java: minor qhelp updates	2025-02-05 10:20:57 -05:00
Jami Cogswell	0367846333	Java: remove token section from qhelp overview discussing tokens is not directly relevant to this query's recommendation and examples	2025-02-04 13:36:15 -05:00
Jami Cogswell	f438282674	Java: rewrite qhelp overview section; aligns with overview section used by Python and Ruby	2025-02-04 13:21:43 -05:00
Jami Cogswell	283c3b1e44	Java: minor qhelp updates	2025-02-04 12:47:19 -05:00
Jami Cogswell	516df3b4be	Java: qhelp wording updates	2025-02-03 14:52:57 -05:00
Jami Cogswell	0071e1acc2	Java: resolve merge conflict remove import no longer needed since contents of MyBatisMapperXML.qll have been moved to MyBatis.qll	2025-01-30 10:19:21 -05:00
Jami Cogswell	577152e20f	Java: minor qhelp update	2025-01-30 10:14:33 -05:00
Jami Cogswell	530103e2d9	Java: narrow query remove PUT and DELETE from StaplerCsrfUnprotectedMethod remove OPTIONS and TRACE from SpringCsrfUnprotectedMethod	2025-01-30 10:14:31 -05:00
Jami Cogswell	ead224c7b2	Java: expand qhelp, include Stapler examples	2025-01-30 10:14:29 -05:00
Jami Cogswell	096f6f88b2	Java: precision to medium	2025-01-30 10:14:27 -05:00
Jami Cogswell	f3721ebccf	Java: refactor unprotectedDatabaseUpdate	2025-01-30 10:14:26 -05:00
Jami Cogswell	530a77e5a0	Java: refactor into canTargetDatabaseUpdateMethod	2025-01-30 10:14:24 -05:00
Jami Cogswell	8173fd01b8	Java: use two negations	2025-01-30 10:14:22 -05:00
Jami Cogswell	0462425191	Java: rename getMethod to getMethodValue	2025-01-30 10:14:20 -05:00
Jami Cogswell	20e8eb4323	Java: some clean-up and refactoring	2025-01-30 10:14:18 -05:00
Jami Cogswell	d4114f66c2	Java: more name-based heuristic tests to test regex	2025-01-30 10:14:16 -05:00
Jami Cogswell	0ab37684e1	Java: more database update tests and stubs	2025-01-30 10:14:14 -05:00
Jami Cogswell	3bf6dc24c1	Java: Stapler tests and stubs	2025-01-30 10:14:11 -05:00
Jami Cogswell	26b7c1a572	Java: qldocs for CallGraph module	2025-01-30 10:14:09 -05:00
Jami Cogswell	27aa9c97a4	Java: add change note	2025-01-30 10:14:07 -05:00
Jami Cogswell	fa27689719	Java: update InlineExpectationsTest import for new location	2025-01-30 10:14:05 -05:00
Jami Cogswell	48d55ec518	Java: performance fix	2025-01-30 10:14:03 -05:00
Jami Cogswell	ede9e78645	Java: remove exists variable in test	2025-01-30 10:14:01 -05:00
Jami Cogswell	48d1fe062b	Java: remove exists variable	2025-01-30 10:13:59 -05:00
Jami Cogswell	c9ad15cc83	Java: update .expected file contents	2025-01-30 10:13:57 -05:00
Jami Cogswell	39ccde0c9d	Java: add name-based heuristic	2025-01-30 10:13:54 -05:00
Jami Cogswell	286c655264	Java: add class for Stapler web methods that are not default-protected from CSRF	2025-01-30 10:13:52 -05:00
Jami Cogswell	0f39011122	Java: add taint-tracking config for execute to exclude FPs from non-update queries like select	2025-01-30 10:13:50 -05:00
Jami Cogswell	97aaf4c011	Java: handle MyBatis annotations for insert/update/delete	2025-01-30 10:13:48 -05:00
Jami Cogswell	df77d4914f	Java: initial tests	2025-01-30 10:13:45 -05:00
Jami Cogswell	178b032453	Java: add query	2025-01-30 10:13:43 -05:00
Jami Cogswell	c553e3132e	Java: add CallGraph module for displaying call graph paths	2025-01-30 10:13:41 -05:00
Jami Cogswell	87a8746b22	Java: add a class for methods that update a sql database (found using sql-injection nodes)	2025-01-30 10:13:39 -05:00
Jami Cogswell	43a288070c	Java: add a class for PreparedStatement methods that update a database	2025-01-30 10:13:37 -05:00
Jami Cogswell	b88731df80	Java: move contents of MyBatisMapperXML.qll in src to MyBatis.qll in lib so importable, and fix experimental files broken by the move	2025-01-30 10:13:27 -05:00
Jami Cogswell	8e9f21dc52	Java: add a class for MyBatis Mapper methods that update a database	2025-01-30 10:01:43 -05:00
Jami Cogswell	506d668289	Java: add class for Spring request mapping methods that are not default-protected from CSRF	2025-01-30 10:01:41 -05:00
Jami Cogswell	0c6925399d	Java: add qhelp	2025-01-30 10:01:39 -05:00
Chuan-kai Lin	b3b7817a2b	Merge pull request #18603 from github/cklin/restrict-alerts-to-exact AlertFiltering: add restrictAlertsToExactLocation	2025-01-30 06:40:39 -08:00
Anders Schack-Mulligen	8edcad0509	Merge pull request #18634 from aschackmull/cpp/unnest-getkind C++: Un-nest the if-then-else sequence.	2025-01-30 14:07:07 +01:00
Jeroen Ketema	8f25dbf98d	Merge pull request #18606 from jketema/typeref C++: Support mixed `typedef`s and `using`s	2025-01-30 14:04:48 +01:00
Jonas Jensen	e27e3ae5a1	Merge pull request #18610 from jbj/bigint-language-reference QL reference: more BigInt updates	2025-01-30 13:47:30 +01:00
Anders Schack-Mulligen	15171eb1a5	C++: Un-nest the if-then-else sequence.	2025-01-30 13:28:44 +01:00
Jonas Jensen	455eb5bf9b	QL spec: fix typo	2025-01-30 13:09:15 +01:00
Chuan-kai Lin	d6f9eb2953	Merge pull request #18617 from github/cklin/merge-back-2.20.3 Mergeback from codeql-cli-2.20.3	2025-01-29 08:15:51 -08:00
Chuan-kai Lin	96caa686fc	AlertFiltering: add restrictAlertsToExactLocation This commit introduces a new extensible predicate restrictAlertsToExactLocation, which is similar to the existing restrictAlertsTo predicate but matches alert locations exactly.	2025-01-29 07:50:45 -08:00
Owen Mansel-Chan	04e17ec987	Merge pull request #18565 from owen-mc/go/mad/parameter Go: Fix "Parameter" in models-as-data	2025-01-29 14:13:17 +00:00
Owen Mansel-Chan	168fe4ae20	Merge pull request #18543 from owen-mc/go/misc-improvements-rs-cors Go: miscellaneous improvements rs cors models	2025-01-29 14:12:20 +00:00
Arthur Baars	54efb0a4a6	Merge pull request #18611 from github/aibaars/use-tree-star Rust: add UseTree::is_star	2025-01-29 14:42:03 +01:00
Mathias Vorreiter Pedersen	4b2c7ef03f	Merge pull request #18615 from MathiasVP/fix-fp-buffer-overflow C++: Fix FPs in `cpp/overflow-buffer`	2025-01-29 12:12:47 +00:00

1 2 3 4 5 ...

75687 Commits