hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
59,850 Commits 1,672 Branches 157 Tags
da44b13fd4e1535c627200134e17297e17e45d97
Commit Graph

10585 Commits

Author SHA1 Message Date
Tony Torralba
da44b13fd4 Merge pull request #14515 from atorralba/atorralba/java/spring-csrf-improv 
Java: Improve java/spring-disabled-csrf-protection
 2023-10-18 17:49:10 +02:00
Chris Smowton
70aa490bbd Merge pull request #14503 from smowton/smowton/admin/adapt-tests-to-jdk21 
Java: Adapt tests to JDK21
 2023-10-17 20:07:47 +01:00
Edward Minnix III
15afc3ed64 Merge pull request #14491 from egregius313/egregius313/java/mad/convert-iv 
Java: Refactor `java/static-initialization-vector` to use Models as Data
 2023-10-17 13:15:45 -04:00
Ed Minnix
8ed5bfb27d Remove reference to DataFlow2 2023-10-17 10:59:36 -04:00
Stephan Brandauer
9d719aa44e Merge pull request #13444 from github/java/update-mad-decls-after-triage-2023-06-13T14-50-57 
Java: Update MaD Declarations after Triage
 2023-10-17 13:54:10 +02:00
Tony Torralba
96d6e8e3f2 Update change note 2023-10-17 11:57:53 +02:00
Tony Torralba
3cd06b0026 More review suggestions 2023-10-17 11:54:32 +02:00
Tony Torralba
62a9ffd277 Apply suggestions from code review 2023-10-17 11:51:55 +02:00
Tony Torralba
4ecda9cccd Add consistency check exception 2023-10-17 10:18:19 +02:00
Chris Smowton
3145c53a19 Accept test changes for JDK21 2023-10-16 22:00:41 +01:00
Chris Smowton
bd77f572f1 Compile collections test for Java 11 2023-10-16 21:54:09 +01:00
Edward Minnix III
21bea38ec8 Merge pull request #14472 from egregius313/egregius313/sync-local-and-remote-queries 
Java: Synchronize `*Local` versions of queries with their remote counterpart
 2023-10-16 10:31:40 -04:00
Ed Minnix
c65d407937 Remove old DataFlow2 import 2023-10-16 10:30:00 -04:00
Tony Torralba
d08ee76b16 Java: Improve java/spring-disabled-csrf-protection 2023-10-16 16:01:14 +02:00
Tony Torralba
ae8e237f2c Merge pull request #14494 from atorralba/atorralba/remove-library 
Java/C/C#: Remove library annotations
 2023-10-16 09:01:40 +02:00
Owen Mansel-Chan
53561008a1 Merge pull request #14445 from owen-mc/go/automated-mad-coverage-report 
Go: automated mad coverage report
 2023-10-15 21:49:47 +01:00
Chris Smowton
7fbba3a659 Java: adapt stub to ExecutorService change in JDK19 2023-10-13 20:30:28 +01:00
Chris Smowton
8f985e0045 Java: restrict test to source classes 2023-10-13 20:30:28 +01:00
Chris Smowton
0510b0c825 Java: restrict test to source methods 
Otherwise it finds standard library methods that depend on stdlib internals as to what happens to get extracted. In particular the extractor bump to JDK21 led to MethodHandles being in scope and a new method being found; seems better to avoid considering the standard library at all.
 2023-10-13 20:30:28 +01:00
Ed Minnix
3356261031 Static IV refactor to MaD 2023-10-13 12:50:49 -04:00
Tony Torralba
0cea3f8531 Remove library annotations 2023-10-13 12:46:56 +02:00
Tony Torralba
5e921784fb Merge pull request #14399 from ebickle/fix/thread-resource-arithmetic 
Java: Flow taint through arithmetic expressions for java/thread-resource-abuse experimental query
 2023-10-13 10:06:33 +02:00
Ian Lynagh
ed9502fd0b Kotlin: Enhance the TRAP compression test 2023-10-12 18:13:07 +01:00
Ian Lynagh
adb47399c7 Kotlin: Improve support for TRAP compression options 
While you could control compression with
    CODEQL_EXTRACTOR_JAVA_OPTION_TRAP_COMPRESSION
before, most TRAP files used gzip regardless for compatibility with the
Java extractor. Now Java understands the option too we can use it for
shared TRAP files.
 2023-10-12 18:13:06 +01:00
Ed Minnix
31c04b50f7 Change note 2023-10-12 09:58:09 -04:00
Ed Minnix
4eeaf84133 Sync NumericCastTaintedQuery 2023-10-12 09:58:08 -04:00
Ed Minnix
ec84f072eb Sync ArithmeticTaintedLocalQuery 2023-10-12 09:58:08 -04:00
Ed Minnix
da933fb77a Sync ExternallyControlledFormatStringLocalQuery 2023-10-12 09:58:08 -04:00
Ed Minnix
f1886320e5 Sync ImproperValidationOfArrayIndexLocalQuery 2023-10-12 09:58:08 -04:00
Ed Minnix
69531b9f7c Sync ResponseSplittingLocalQuery 2023-10-12 09:58:08 -04:00
Ed Minnix
ef282955fd Sync SqlTaintedLocalQuery with SqlInjectionQuery 2023-10-12 09:58:08 -04:00
Ed Minnix
e4f567979a Sync XSS Local 2023-10-12 09:58:08 -04:00
Owen Mansel-Chan
286271340e Merge branch 'main' into go/automated-mad-coverage-report 2023-10-11 21:31:25 +01:00
Owen Mansel-Chan
dfcdb4ace8 Update CSV to MaD in description for java and C# 2023-10-11 21:09:59 +01:00
Eric Bickle
ee2d8f84de Merge branch 'main' into fix/thread-resource-arithmetic 2023-10-11 13:09:57 -07:00
Eric Bickle
f018d83951 Merge branch 'fix/thread-resource-arithmetic' of https://github.com/ebickle/codeql into fix/thread-resource-arithmetic 2023-10-11 13:09:39 -07:00
Eric Bickle
4cb78ab3c7 Remove change notes 2023-10-11 13:08:56 -07:00
Henry Mercer
1a370bfbbe Merge pull request #14443 from github/post-release-prep/codeql-cli-2.15.0 
Post-release preparation for codeql-cli-2.15.0
 2023-10-11 17:39:04 +01:00
github-actions[bot]
ae6af17c74 Post-release preparation for codeql-cli-2.15.0 2023-10-11 14:19:20 +00:00
Jean Helie
6260768e6a update query message to incoude extensibleType 2023-10-11 14:02:24 +02:00
Jean Helie
c41676a21a update query message to incoude extensibleType 2023-10-11 14:02:12 +02:00
Eric Bickle
7a4382fb69 Merge branch 'main' into fix/thread-resource-arithmetic 2023-10-10 09:38:16 -07:00
Eric Bickle
80c8259e34 Remove unnecessary AdditionalValueStep check 2023-10-10 09:35:45 -07:00
Michael Nebel
5c44f8bbad Merge pull request #14370 from michaelnebel/java/enablethreatmodels 
Java: Enable threat models for most Java queries.
 2023-10-10 09:25:47 +02:00
Erik Krogh Kristensen
4489e2bf28 Merge pull request #14403 from erik-krogh/dDEps 
All: delete outdated deprecations
 2023-10-09 21:04:55 +02:00
Michael Nebel
cf3a62d201 Java: Address review comments. 2023-10-09 13:06:59 +02:00
Anders Schack-Mulligen
4a0ab4a050 Merge pull request #14402 from Marcono1234/marcono1234/MemberRefExpr-getReceiverExpr 
Java: Add predicate `MemberRefExpr::getReceiverExpr`
 2023-10-09 13:01:36 +02:00
Anders Schack-Mulligen
8c6a1be070 Merge pull request #14401 from Marcono1234/marcono1234/ClassInstanceExpr-type-argument-doc 
Java: Adjust `ClassInstanceExpr` type argument predicates docs
 2023-10-09 13:01:18 +02:00
erik-krogh
a7ab9fd93b add change-notes 2023-10-09 09:43:06 +02:00
erik-krogh
e3e8f3d7c4 Java: delete various outdated deprecations 2023-10-09 09:14:54 +02:00