hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
81,471 Commits 1,671 Branches 157 Tags
c78818d7dd533ea805110420f59676ae3d0b66ce
Commit Graph

13523 Commits

Author SHA1 Message Date
Ian Lynagh
c78818d7dd Kotlin: Remove *2.2.20-Beta1* jars 2025-07-30 14:12:43 +01:00
idrissrio
ac52a1b123 Java: Move extractorInformationSkipKey predicate to library pack 2025-07-29 09:45:18 +02:00
Ian Lynagh
604af65b02 Kotlin: Opt in to DeprecatedForRemovalCompilerApi 
We'll need a proper fix for this, but this will keep things working in
the meantime.
 2025-07-23 12:51:12 +01:00
Ian Lynagh
709c111522 Kotlin: Add getJvmModuleNameForDeserializedDescriptor wrapper 
It has been removed in 2.2.20.
 2025-07-23 12:51:12 +01:00
Ian Lynagh
8432f6e42e Kotlin: Add 2.2.20-Beta1 version 2025-07-23 11:52:48 +01:00
Ian Lynagh
965f1fc547 Kotlin: Add 2.2.20 deps 2025-07-23 11:51:45 +01:00
Ian Lynagh
f148f434e1 Kotlin: Add a changenote for the addition of 2.2.2x support 2025-07-23 11:49:38 +01:00
Ian Lynagh
ad391df03f Kotlin: Support 2.2.20 2025-07-23 11:47:52 +01:00
Ian Lynagh
09dd708086 Merge pull request #20031 from igfoo/igfoo/kotlin-tests-2.2.0 
Kotlin: Run the tests with 2.2.0
 2025-07-22 22:20:40 +01:00
Ian Lynagh
cd3143f106 Kotlin: Disable the custom plugin test for now 2025-07-22 17:38:14 +01:00
Ian Lynagh
9a03f2eb26 Kotlin: Accept test changes in 2.2.0 2025-07-22 17:38:14 +01:00
Ian Lynagh
65bd1aff83 Kotlin: Update default version to 2.2.0 
Changes the default version from 2.1.20 to 2.2.0 in the wrapper.py file.
 2025-07-22 17:38:14 +01:00
github-actions[bot]
37cc78255a Post-release preparation for codeql-cli-2.22.2 2025-07-22 14:22:20 +00:00
Nick Rolfe
43d14c28c2 Tweak changenotes 2025-07-22 15:06:09 +01:00
github-actions[bot]
997547b8ef Release preparation for version 2.22.2 2025-07-22 14:04:14 +00:00
Nick Rolfe
825c813095 Revert "Release preparation for version 2.22.2" 2025-07-22 14:33:45 +01:00
Nick Rolfe
74cd982aca Tweak changenotes 2025-07-22 09:51:52 +01:00
github-actions[bot]
c8632b70b7 Release preparation for version 2.22.2 2025-07-21 16:45:45 +00:00
Nick Rolfe
ad9b637bec Revert "Merge pull request #19994 from github/post-release-prep/codeql-cli-2.22.2" 
This reverts commit e5b4a15e35, reversing
changes made to 33e63109bb.
 2025-07-21 15:18:59 +01:00
Owen Mansel-Chan
472a6b5fe1 Merge pull request #20018 from owen-mc/java/snakeyaml-safe-unsafe-deserialization 
Java: Update qhelp: SnakeYaml is safe from version 2.0
 2025-07-21 12:22:36 +01:00
Anders Schack-Mulligen
d5cdfc673e Merge pull request #20092 from aschackmull/java/joinorder2 
Java: Improve more join-orders
 2025-07-21 11:27:14 +02:00
Nora Dimitrijević
fbee6bbe21 Merge pull request #20077 from d10c/d10c/diff-informed-phase-3-java 
Java: Diff-informed queries: phase 3 (non-trivial locations)
 2025-07-21 11:23:12 +02:00
Anders Schack-Mulligen
937e3dc469 Merge pull request #20091 from aschackmull/java/fix-cfg-cp-assert 
Java: Fix accidental CP in CFG for asserts.
 2025-07-21 09:07:19 +02:00
Anders Schack-Mulligen
46ebf503c7 Java: Improve join-order by controlling magic and breaking up TCs. 2025-07-18 16:13:11 +02:00
Anders Schack-Mulligen
ca8fe033d7 Java: Improve join by preventing ssa use-pair join. 2025-07-18 16:12:00 +02:00
Anders Schack-Mulligen
d64a9368d2 Merge pull request #20088 from aschackmull/java/joinorders1 
Java: Improve several join-orders
 2025-07-18 14:54:26 +02:00
Anders Schack-Mulligen
bc2e7d4e0d Java: Fix accidental CP in CFG for asserts. 2025-07-18 13:53:15 +02:00
Anders Schack-Mulligen
f6975117fe Merge pull request #20083 from aschackmull/java/prune-csrf-unprotected-request-type 
Java: Prune PathGraph for CsrfUnprotectedRequestType.ql
 2025-07-18 13:25:00 +02:00
Anders Schack-Mulligen
d9f47bdec9 Java: Improve join-order by properly annotating haveIntersection. 2025-07-18 11:48:50 +02:00
Anders Schack-Mulligen
7883124abd Java: getSourceDeclaration() and getASourceSupertype*() commute and this yields much better join-order. 2025-07-18 11:47:14 +02:00
Anders Schack-Mulligen
12732525b5 Java: Allow 2-column join on delta to improve join-order. 2025-07-18 11:45:45 +02:00
github-actions[bot]
2f84a4a5b5 Add changed framework coverage reports 2025-07-18 00:25:03 +00:00
Nora Dimitrijević
05df1d3cb9 [DIFF-INFORMED] Java: AndroidWebViewSettingsAllowsContentAccess 2025-07-17 19:02:15 +02:00
Nora Dimitrijević
24c28ed873 [DIFF-INFORMED] Java: UnsafeCertTrust 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-273/UnsafeCertTrust.ql#L21
 2025-07-17 19:02:13 +02:00
Nora Dimitrijević
ea4af8323c [DIFF-INFORMED] Java: TrustBoundaryViolation 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-501/TrustBoundaryViolation.ql#L18
 2025-07-17 19:02:09 +02:00
Nora Dimitrijević
7888dcbce2 [DIFF-INFORMED] Java: TempDirLocalInformationDisclosure 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql#L56
 2025-07-17 19:02:07 +02:00
Nora Dimitrijević
3785dbec9e [DIFF-INFORMED] Java: TaintedEnvironmentVariable 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-078/ExecTaintedEnvironment.ql#L22
 2025-07-17 19:02:05 +02:00
Nora Dimitrijević
b3b139bb02 [DIFF-INFORMED] Java: SqlConcatenated 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-089/SqlConcatenated.ql#L27
 2025-07-17 19:02:04 +02:00
Nora Dimitrijević
45b627df1d [DIFF-INFORMED] Java: SensitiveLogging 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-532/SensitiveInfoLog.ql#L20
 2025-07-17 19:02:02 +02:00
Nora Dimitrijević
bc0b383595 [DIFF-INFORMED] Java: MaybeBrokenCryptoAlgorithm 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql#L25
 2025-07-17 19:02:00 +02:00
Nora Dimitrijević
b688df9dec [DIFF-INFORMED] Java: LogInjection 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-117/LogInjection.ql#L20
 2025-07-17 19:01:58 +02:00
Nora Dimitrijević
2d734056b1 [DIFF-INFORMED] Java: InsecureLdapAuth 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-522/InsecureLdapAuth.ql#L21
 2025-07-17 19:01:56 +02:00
Nora Dimitrijević
74b37e71a0 [DIFF-INFORMED] Java: InsecureCookie 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql#L21
 2025-07-17 19:01:52 +02:00
Nora Dimitrijević
19e5c3d805 [DIFF-INFORMED] Java: ImproperValidationOfArray… 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndexCodeSpecified.ql#L48
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstructionCodeSpecified.ql#L28
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstruction.ql#L26
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndex.ql#L24
 2025-07-17 19:01:50 +02:00
Nora Dimitrijević
1c6ecf1216 [DIFF-INFORMED] Java: UntrustedDataToExternalAPI 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-020/UntrustedDataToExternalAPI.ql#L20
 2025-07-17 18:59:15 +02:00
Nora Dimitrijević
0cf1195678 [DIFF-INFORMED] Java: ConditionalBypass 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-807/ConditionalBypass.ql#L26
 2025-07-17 18:59:14 +02:00
Nora Dimitrijević
0bcdb421ed [DIFF-INFORMED] Java: ArithmeticUncontrolled 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql#L36
 2025-07-17 18:59:11 +02:00
Nora Dimitrijević
54546f6e99 [DIFF-INFORMED] Java: ArithmeticTainted 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql#L35
 2025-07-17 18:59:09 +02:00
Nora Dimitrijević
8353fdd041 [DIFF-INFORMED] Java: (Android)SensitiveCommunication 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-927/SensitiveCommunication.ql#L20
 2025-07-17 18:59:06 +02:00
Nora Dimitrijević
b33058c967 [TEST] Java: SensitiveCommunication: convert to qlref 2025-07-17 18:59:05 +02:00