hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-04 14:46:48 +01:00
Code Issues Packages Projects Releases Wiki Activity
74,465 Commits 1,699 Branches 161 Tags
d40c1bebbf8a97bd747a94976e911d48dc8e015f
Commit Graph

12750 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
da179705c3 Java: Accept expected file changes. 2024-12-10 14:52:06 +01:00
Cornelius Riemenschneider
53ca5083a9 Upgrade bazel to 8.0.0. 
Previously, we were using 8.0.0rc1.
In particular, this upgrade means we need to explicitly
import more rules, as they've been moved out of the core bazel repo.
 2024-12-10 12:05:37 +01:00
Jami Cogswell
214da9e9ad Java: add change note 2024-12-06 19:59:40 -05:00
Owen Mansel-Chan
347fd575a2 Refactor to avoid duplicated logic 2024-12-05 11:15:43 +00:00
Owen Mansel-Chan
b20b7c7572 Remove escaped "{" and "}" before counting placeholders 2024-12-05 10:43:13 +00:00
Anders Schack-Mulligen
4bf63fedc9 Merge pull request #18179 from aschackmull/dataflow/accesspath-notypes 
Dataflow: Remove tracked types from Access Paths, track tainted object type, and tweak type pruning.
 2024-12-05 09:58:36 +01:00
Jami Cogswell
121780c55a Java: add File.getName as a path injection sanitizer 2024-12-04 18:57:51 -05:00
github-actions[bot]
cf71a1525b Post-release preparation for codeql-cli-2.20.0 2024-12-04 18:36:17 +00:00
github-actions[bot]
96564b7128 Release preparation for version 2.20.0 2024-12-04 16:01:14 +00:00
Henry Mercer
963f084d87 Merge branch 'main' into henrymercer/merge-back-rc-3.16 2024-12-04 13:39:10 +00:00
Jeroen Ketema
10592bb1c4 Merge pull request #18192 from jketema/inline-rm 
Remove deprecated `InlineExpectationsTest` class-based API
 2024-12-04 11:34:39 +01:00
Anders Schack-Mulligen
03fdceb0fd Merge pull request #18191 from aschackmull/dataflow/remove-deprecated-lib 
Dataflow: Delete the old configuration-class based api.
 2024-12-04 11:31:46 +01:00
Anders Schack-Mulligen
5042753b29 C#/Java: Add change notes. 2024-12-04 10:20:43 +01:00
Anders Schack-Mulligen
f38602e9fe Java: Update references to deleted aliases. 2024-12-03 20:08:45 +01:00
Anders Schack-Mulligen
b12a1c078c Java: Delete deprecated extension points referencing deleted api. 2024-12-03 20:08:44 +01:00
Anders Schack-Mulligen
cca27e4c77 Add change notes for all languages. 2024-12-03 19:42:33 +01:00
Jeroen Ketema
89d20fd086 Java: Update expected test results 2024-12-03 19:18:59 +01:00
Anders Schack-Mulligen
2c0baff76a Java: Delete deprecated data flow api. 2024-12-03 14:13:03 +01:00
Anders Schack-Mulligen
9734cff15b Java/C#: Update expected files. 2024-12-03 12:57:44 +01:00
Tom Hvitved
fbeb6f3940 Shared: Move shared logic into FlowSummaryImpl.qll 2024-12-03 09:11:11 +01:00
Owen Mansel-Chan
2c061b0d56 Add QLDoc for HostnameSanitizingPrefix 2024-11-29 09:46:44 +00:00
Owen Mansel-Chan
7f8a1ae941 Add change note 2024-11-29 09:46:42 +00:00
Owen Mansel-Chan
7648d397f8 Improve model to remove some false positives 2024-11-29 09:46:41 +00:00
Owen Mansel-Chan
617f4f140e Make HostnameSanitizingPrefix public 2024-11-29 09:46:39 +00:00
Owen Mansel-Chan
ba3f9d6134 Convert model to QL 2024-11-29 09:46:38 +00:00
Owen Mansel-Chan
b5fbf2e944 Add models for third arg of getForObject 
No attempt to stop FPs.
 2024-11-28 16:51:13 +00:00
Owen Mansel-Chan
65fb895ed5 (Unrelated) Fix typo in class name 2024-11-28 16:51:09 +00:00
Anders Schack-Mulligen
df2e2e503a Merge pull request #17901 from aschackmull/java/allowlist-sanitizer 
Java: Add a default taint sanitizer for contains-checks on lists of constants
 2024-11-27 11:09:05 +01:00
Anders Schack-Mulligen
5ef496dd1b Java: Add more qldoc. 2024-11-27 09:07:35 +01:00
Anders Schack-Mulligen
85778f7fea Java: Fix semantic merge conflict in expected file. 2024-11-27 08:53:41 +01:00
Jami
36acfeb305 Merge pull request #18087 from jcogs33/jcogs33/java-sha2 
Java: add SHA-384 to list of secure crypto algorithms
 2024-11-26 08:51:58 -05:00
yoff
6d6f269e6c Merge pull request #17997 from yoff/java/inline-range-tests 2024-11-26 14:48:07 +01:00
Anders Schack-Mulligen
a6fc41ec4b Java: Accept consistency failure. 2024-11-26 13:25:44 +01:00
Anders Schack-Mulligen
38eb3e4952 Java: Adjust expected output. 2024-11-26 13:25:44 +01:00
Anders Schack-Mulligen
2ff2d25784 Java: Cherry-pick test from https://github.com/github/codeql/pull/17051 2024-11-26 13:25:43 +01:00
Anders Schack-Mulligen
408a38d9fb Java: Address review comment, include addFirst,addLast. 2024-11-26 13:25:43 +01:00
Anders Schack-Mulligen
0d45f0efb2 Java: Accept consistency check result. 2024-11-26 13:25:43 +01:00
Anders Schack-Mulligen
2b1caa8a35 Java: Add test. 2024-11-26 13:25:42 +01:00
Anders Schack-Mulligen
5a4b720322 Java: Add change note. 2024-11-26 13:25:42 +01:00
Anders Schack-Mulligen
6f32c4129d Java: Add a default taint sanitizer for contains-checks on lists of constants. 2024-11-26 13:25:41 +01:00
Anders Schack-Mulligen
7f86f8cac7 Java: Prepare TypeFlow for separate instantiation of universal flow. 2024-11-26 13:25:41 +01:00
Rasmus Lerchedahl Petersen
f508f8eb83 Java: address review comments 2024-11-26 11:44:16 +01:00
Jami Cogswell
05b6700607 Java: add SHA384 to list of secure algorithms 2024-11-25 09:27:53 -05:00
Arthur Baars
c2b342f1a0 Merge pull request #18084 from github/aibaars/java-sha3 
Java: add SHA3 family to list of secure crypto algorithms
 2024-11-25 15:07:43 +01:00
Rasmus Lerchedahl Petersen
25664d0e53 Java: Add support for non-integer bounds in inline expectations 2024-11-25 14:48:17 +01:00
Rasmus Lerchedahl Petersen
37935eea3b java: separate bounds onto different lines 2024-11-25 12:32:11 +01:00
Arthur Baars
5eb91fd516 Drop SHA3-224 
Drop the 224bits variant as it looks like SHA3-224 may be deprecated soon based on NIST's most recent draft revision of Transitioning the Use of Cryptographic Algorithms and Key Lengths
 2024-11-25 11:25:45 +01:00
Jami
f0045692a7 Merge pull request #17869 from jcogs33/jcogs33/improve-weak-crypto 
Java: Improve weak crypto query
 2024-11-24 12:04:00 -05:00
Arthur Baars
c6eaed343d Java: add SHA3 family to list of secure crypto algorithms 2024-11-22 19:03:00 +01:00
Arthur Baars
7f84cf6d72 Add test case 2024-11-22 19:02:11 +01:00