hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-06 05:57:07 +02:00
Code Issues Packages Projects Releases Wiki Activity
87,807 Commits 1,777 Branches 169 Tags
cd2398aeea9a1ef5626445d886298b96fcf652ef
Commit Graph

4984 Commits

Author SHA1 Message Date
Sotiris Dragonas
d6892eaf0d Merge pull request #21900 from github/bazookamusic/range-analysis-bound-move-to-shared 
Bound.qll - Replace utility for range analysis duplicate across java and cs with shared file
 2026-06-04 12:45:11 +02:00
BazookaMusic
d2972cb53f Add back alias for module 2026-06-04 11:08:49 +02:00
Owen Mansel-Chan
52f2a5825a Merge pull request #21804 from github/copilot/add-tests-for-models 
Java: Update CWE-918 model coverage for Apache HttpClient `execute` sinks
 2026-06-03 12:55:56 +01:00
BazookaMusic
f34275636c No duplicate Ssa and remove release changenot 2026-06-03 11:54:24 +02:00
BazookaMusic
0a801440b9 review comments 2026-06-03 10:48:50 +02:00
Sotiris Dragonas
019a5c01ad Merge branch 'main' into bazookamusic/range-analysis-bound-move-to-shared 2026-06-01 18:10:02 +02:00
BazookaMusic
71a363545a formatting 2026-06-01 15:24:06 +02:00
github-actions[bot]
cfb18c2477 Post-release preparation for codeql-cli-2.25.6 2026-05-29 12:04:35 +00:00
github-actions[bot]
8b6f969cdb Release preparation for version 2.25.6 2026-05-29 11:27:54 +00:00
Henry Mercer
9bc0c1b1ab Revert "Release preparation for version 2.25.6" 2026-05-29 12:13:50 +01:00
Owen Mansel-Chan
8937e22735 Add summary models for org.apache.http.client.methods.RequestBuilder 
Generated by GPT 5.3-codex, verified by me.
 2026-05-28 10:56:37 +01:00
BazookaMusic
acb5c0e70f missed changes 2026-05-27 17:23:45 +02:00
BazookaMusic
6042adebae move identical java and cs bound.qll to shared library 2026-05-27 17:23:28 +02:00
github-actions[bot]
44a914e40f Release preparation for version 2.25.6 2026-05-25 10:23:26 +00:00
Óscar San José
996e79131e Merge branch 'main' into post-release-prep/codeql-cli-2.25.5 2026-05-22 16:32:30 +02:00
Owen Mansel-Chan
2070dafeb2 Java: add ForStmt wrapper class 2026-05-21 13:41:29 +01:00
Jack Nørskov Jørgensen
aa136a3282 Add change note entry 2026-05-19 16:09:05 +02:00
Jack Nørskov Jørgensen
3119ef6c1a Add MaDs for Apache Avro 2026-05-19 09:27:32 +02:00
github-actions[bot]
9f64000962 Post-release preparation for codeql-cli-2.25.5 2026-05-18 15:20:31 +00:00
github-actions[bot]
e38616a2ef Release preparation for version 2.25.5 2026-05-18 12:05:32 +00:00
Owen Mansel-Chan
36554d160c Merge pull request #21741 from MarkLee131/fix/path-injection-read-subkind 
Fix/path injection read subkind
 2026-05-08 12:38:16 +01:00
Anders Schack-Mulligen
81e1ab7aab Merge pull request #21808 from aschackmull/cfg/switch-pattern-eval 
Cfg: Rework CFG for switch case patterns.
 2026-05-08 12:48:44 +02:00
MarkLee131
26af52897d Merge branch 'main' into fix/path-injection-read-subkind 2026-05-07 23:48:42 +08:00
Owen Mansel-Chan
f9240e7058 Fix QL formatting 2026-05-07 15:57:33 +01:00
Anders Schack-Mulligen
072166ba88 C#/Java: Adjust Guards instantiations. 2026-05-07 13:46:52 +02:00
Anders Schack-Mulligen
48785a0a76 Cfg: Rework CFG for switch case patterns. 2026-05-07 13:07:07 +02:00
Owen Mansel-Chan
33035dbfc8 Fix yaml formatting 2026-05-07 11:06:43 +01:00
Owen Mansel-Chan
dc864762c3 Add change note 2026-05-07 10:23:50 +01:00
copilot-swe-agent[bot]
043ec857ab Replace fluent SSRF changes with Apache HttpClient execute model tests 
Agent-Logs-Url: https://github.com/github/codeql/sessions/3db201db-a1b5-4353-a94a-14a8d156dd3b

Co-authored-by: owen-mc <62447351+owen-mc@users.noreply.github.com>
 2026-05-06 20:31:34 +00:00
github-actions[bot]
7610277199 Post-release preparation for codeql-cli-2.25.4 2026-05-05 10:10:06 +00:00
github-actions[bot]
88e1d86c27 Release preparation for version 2.25.4 2026-05-05 09:34:30 +00:00
MarkLee131
467394123c Merge branch 'main' into fix/path-injection-read-subkind 2026-05-04 18:56:12 +08:00
Anders Schack-Mulligen
f663eccf66 Merge pull request #21781 from aschackmull/java/rm-deprecated 
Java: Delete old deprecated code.
 2026-05-04 11:35:09 +02:00
Anders Schack-Mulligen
17fded4aa5 Java: Delete old deprecated code. 2026-05-04 10:52:27 +02:00
MarkLee131
49e5886a06 Update java/ql/lib/ext/org.apache.commons.io.model.yml 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2026-05-04 12:56:11 +08:00
MarkLee131
c10a05f26a Update java/ql/lib/ext/org.apache.commons.io.model.yml 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2026-05-03 14:14:48 +08:00
MarkLee131
8710e63011 Update java/ql/lib/ext/javax.servlet.model.yml 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2026-05-03 14:14:15 +08:00
MarkLee131
dbc9d0de4a Update java/ql/lib/ext/org.apache.commons.io.model.yml 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2026-05-03 14:14:07 +08:00
MarkLee131
9194cdad9c Update java/ql/lib/ext/java.nio.file.model.yml 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2026-05-03 14:08:31 +08:00
MarkLee131
7050241a54 Update java/ql/lib/ext/java.nio.file.model.yml 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2026-05-03 14:08:21 +08:00
MarkLee131
62a0a3e384 Update java/ql/lib/ext/java.nio.file.model.yml 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2026-05-03 14:08:12 +08:00
MarkLee131
3ad2d8ca3d Update java/ql/lib/ext/java.nio.file.model.yml 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2026-05-03 14:04:35 +08:00
MarkLee131
bafa892116 Merge branch 'main' into fix/path-injection-read-subkind 2026-05-01 16:06:35 +08:00
MarkLee131
119994b59f Java: move File inspection methods to path-injection[read] 
Per review feedback on #21741: File.canRead/canWrite/canExecute,
exists/isDirectory/isFile/isHidden only inspect a path, so move them
under the path-injection[read] sub-kind. Update TaintedPath.expected
and the experimental CWE-073 expected to match.
 2026-05-01 16:04:29 +08:00
Owen Mansel-Chan
87c35e6401 Merge pull request #21654 from MarkLee131/fix/sensitive-log-hash-sanitizer 
Java: treat hash/encrypt/digest methods as sensitive-log sanitizers
 2026-04-30 13:21:03 +01:00
MarkLee131
936f0c650c Address review comments on path-injection[read] sub-kind 
- shared/mad/codeql/mad/ModelValidation.qll: shorten the comment
  for `path-injection[%]` to `// Java-only currently`, matching the
  style of other language-scoped entries and dropping API examples
  and the java/zipslip reference.
- java/ql/lib/semmle/code/java/security/ZipSlipQuery.qll: replace
  the `File.exists` example in the QLDoc with `FileReader`, since
  `File.exists` is still labelled plain `path-injection`, not
  `path-injection[read]`.
 2026-04-30 19:06:04 +08:00
MarkLee131
90741b15e2 Merge branch 'main' into fix/path-injection-read-subkind 2026-04-30 18:37:12 +08:00
Tom Hvitved
a473fdb709 Merge pull request #21759 from hvitved/csharp/cfg-params 
C#: Include parameters and their defaults in the CFG
 2026-04-30 11:31:06 +02:00
MarkLee131
28a6ff208c Merge remote-tracking branch 'origin/main' into fix/sensitive-log-hash-sanitizer 
# Conflicts:
#	java/ql/test/query-tests/security/CWE-532/SensitiveLogInfo.expected
#	java/ql/test/query-tests/security/CWE-532/Test.java
 2026-04-29 20:59:59 +08:00
MarkLee131
51e2a5418b Java: move EncryptedSensitiveMethodCall into Sanitizers.qll 
Address review feedback by moving the shared method-name-based encryption/hash/digest
check into Sanitizers.qll, and reference it from both CleartextStorageQuery.qll and
SensitiveLoggingQuery.qll instead of duplicating the definition.
 2026-04-29 20:56:36 +08:00