hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-06 07:36:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,652 Commits 1,703 Branches 162 Tags
cf614a596d965f2584bfc568a9ec3dbd370ddbf6
Commit Graph

5596 Commits

Author SHA1 Message Date
Lukas Abfalterer
a3749530d6 The query should only report cases when the method is not empty. 2025-03-03 10:20:46 +01:00
Jami Cogswell
b0b95965f6 Java: add change note 2025-03-02 17:13:37 -05:00
Jami Cogswell
fbf7513f37 Java: handle lock state check stored in variable 2025-03-02 17:01:18 -05:00
Owen Mansel-Chan
74a249597a Merge pull request #18607 from owen-mc/java/xss-content-type-sanitizer 
Java: Add XSS Sanitizer for `HttpServletResponse.setContentType` with safe values
 2025-02-24 23:39:18 +00:00
Jami Cogswell
c2e859c756 Java: add change note 2025-02-24 18:33:45 -05:00
Jami Cogswell
26e396732a Java: edit qhelp 2025-02-24 18:33:43 -05:00
Jami Cogswell
53cb30dcd0 Java: update metadata, move from CWE-016 to CWE-200 2025-02-24 18:33:41 -05:00
Jami Cogswell
8dfb920e05 Java: refactor QL, move code to libraries 2025-02-24 18:24:48 -05:00
Jami Cogswell
8064e8f1f9 Java: convert tests to inline expectations 2025-02-24 18:24:26 -05:00
Jami Cogswell
5e5bc2afe9 Java: remove experimental files 2025-02-24 18:24:19 -05:00
Jami Cogswell
978834bd9c Java: remove deprecations 2025-02-24 18:24:14 -05:00
Jami Cogswell
2ce5920c5e Java: copy out of experimental 2025-02-24 18:24:12 -05:00
Jami
485ee5c5ed Merge pull request #18692 from jcogs33/jcogs33/spring-csrf-qhelp-update 
Java: update `java/spring-disabled-csrf-protection` QHelp
 2025-02-19 11:39:11 -05:00
Remco Vermeulen
2d991fc387 Updata Java CCR suite 2025-02-18 20:25:22 +00:00
github-actions[bot]
ad24f94a77 Post-release preparation for codeql-cli-2.20.5 2025-02-17 17:58:24 +00:00
github-actions[bot]
6f4562f3bd Release preparation for version 2.20.5 2025-02-17 16:55:54 +00:00
Owen Mansel-Chan
dd102c4cea Merge pull request #18645 from fabienpe/main 
Added missing "GOOD" and "BAD" to some examples
 2025-02-13 10:37:39 +00:00
Jami
2a8cc00284 Merge pull request #18288 from jcogs33/jcogs33/csrf-unprotected-request-type 
Java: add CSRF query
 2025-02-11 15:32:56 -05:00
Tom Hvitved
75137a0f4c Java: Adopt shared SSA library 2025-02-11 10:06:43 +01:00
Tom Hvitved
614b3cea66 Merge pull request #18697 from hvitved/rust/telemetry 
Rust: Implement database quality telemetry query
 2025-02-07 17:43:23 +01:00
Tom Hvitved
89502d63e5 Rust: Implement database quality telemetry query 2025-02-06 10:46:48 +01:00
Jami Cogswell
dce89c5419 Java: update qhelp to align with other csrf queries 2025-02-05 10:57:47 -05:00
Jami Cogswell
c6a71cd3fd Java: minor qhelp updates 2025-02-05 10:20:57 -05:00
Remco Vermeulen
9894e9ef9f Add CCR suites 2025-02-05 01:58:34 +00:00
Jami Cogswell
0367846333 Java: remove token section from qhelp overview 
discussing tokens is not directly relevant to this query's recommendation and examples
 2025-02-04 13:36:15 -05:00
Jami Cogswell
f438282674 Java: rewrite qhelp overview section; aligns with overview section used by Python and Ruby 2025-02-04 13:21:43 -05:00
Jami Cogswell
283c3b1e44 Java: minor qhelp updates 2025-02-04 12:47:19 -05:00
fabienpe
9a37682851 Moved comment to previous line if resulting in long line 2025-02-04 09:48:34 +00:00
github-actions[bot]
f1b05a79a4 Post-release preparation for codeql-cli-2.20.4 2025-02-04 09:25:09 +00:00
Jami Cogswell
516df3b4be Java: qhelp wording updates 2025-02-03 14:52:57 -05:00
github-actions[bot]
573e53e454 Release preparation for version 2.20.4 2025-02-03 15:19:35 +00:00
fabienpe
a9f107ce06 Added missing "GOOD" and "BAD" to some examples 2025-01-31 15:47:25 +00:00
Jami Cogswell
0071e1acc2 Java: resolve merge conflict 
remove import no longer needed since contents of MyBatisMapperXML.qll have been moved to MyBatis.qll
 2025-01-30 10:19:21 -05:00
Jami Cogswell
577152e20f Java: minor qhelp update 2025-01-30 10:14:33 -05:00
Jami Cogswell
ead224c7b2 Java: expand qhelp, include Stapler examples 2025-01-30 10:14:29 -05:00
Jami Cogswell
096f6f88b2 Java: precision to medium 2025-01-30 10:14:27 -05:00
Jami Cogswell
27aa9c97a4 Java: add change note 2025-01-30 10:14:07 -05:00
Jami Cogswell
39ccde0c9d Java: add name-based heuristic 2025-01-30 10:13:54 -05:00
Jami Cogswell
0f39011122 Java: add taint-tracking config for execute to exclude FPs from non-update queries like select 2025-01-30 10:13:50 -05:00
Jami Cogswell
df77d4914f Java: initial tests 2025-01-30 10:13:45 -05:00
Jami Cogswell
178b032453 Java: add query 2025-01-30 10:13:43 -05:00
Jami Cogswell
b88731df80 Java: move contents of MyBatisMapperXML.qll in src to MyBatis.qll in lib so importable, and fix experimental files broken by the move 2025-01-30 10:13:27 -05:00
Jami Cogswell
0c6925399d Java: add qhelp 2025-01-30 10:01:39 -05:00
Simon Friis Vindum
e141b4ee95 Merge pull request #18612 from paldepind/shared-model-generation-row 
Shared: Generalize the number of columns in a generated MaD row
 2025-01-29 12:56:07 +01:00
Michael Nebel
ee5416f0b1 Merge pull request #18299 from michaelnebel/java/deprecateexperimental 
Java: Deprecate experimental queries.
 2025-01-29 10:41:25 +01:00
Simon Friis Vindum
70550950d8 Java, C#: Ensure variable is used in all disjuncts 2025-01-29 10:30:26 +01:00
Owen Mansel-Chan
2d76466405 Add change note 2025-01-28 15:35:28 +00:00
Simon Friis Vindum
13e0829d19 Shared: Generalize the number of columns in a generated MaD row 2025-01-28 15:36:09 +01:00
erik-krogh
34f5f61a10 all: use my script to delete outdated deprecations 2025-01-27 22:16:48 +01:00
Michael Nebel
c27b611c76 Java: Deprecate MyBatisMapperXML as it is only used by experimental queries. 2025-01-27 10:22:22 +01:00