6190 Commits

Author	SHA1	Message	Date
Tony Torralba	dd6257c757	Add security-severity	2022-09-12 11:59:01 +02:00
Tony Torralba	409a123490	Tainting the velocity context isn't exploitable	2022-09-12 11:38:29 +02:00
Tony Torralba	d748fb5648	Fix bad models, add tests for those	2022-09-09 10:08:52 +02:00
Tony Torralba	6413de6c20	Add change note	2022-09-08 17:38:26 +02:00
Tony Torralba	fb13e7f307	Docs changes	2022-09-08 17:38:25 +02:00
Tony Torralba	e311155acd	Use InlineExpectationsTest	2022-09-08 17:38:25 +02:00
Tony Torralba	b68e6669b8	Refactor TemplateInjection libraries	2022-09-08 17:38:25 +02:00
Tony Torralba	c9728098ef	Generate stubs, adapt tests	2022-09-08 17:38:21 +02:00
Tony Torralba	cd61bd0606	Move files from experimental	2022-09-07 13:13:40 +02:00
Tamás Vajk	b1e0d73de8	Merge pull request #10297 from tamasvajk/kotlin-fix-kotlin-to-java-fn-names ... Kotlin: Lookup getter methods based on special JVM method mapping	2022-09-07 08:56:19 +02:00
Tony Torralba	ff731f1d83	Merge pull request #10138 from atorralba/atorralba/contentresolver-summaries ... Java: Add summaries for ContentResolver and adjacent classes	2022-09-06 16:28:28 +02:00
Tony Torralba	c0dd9dd5d5	Merge pull request #10249 from atorralba/atorralba/regex-dot-bypass-docs ... Java: Documentation fixes in the "Permissive dot regex" experimental query	2022-09-06 16:18:35 +02:00
Anders Schack-Mulligen	b84dca92cf	Merge pull request #10240 from aschackmull/java/scc-typeflow ... Java: Support SCCs in TypeFlow.	2022-09-06 15:43:20 +02:00
Anders Schack-Mulligen	6ffaa6918a	Apply suggestions from code review	2022-09-06 14:11:48 +02:00
Anders Schack-Mulligen	bc57d87303	Java: Address comments.	2022-09-06 13:59:54 +02:00
Tony Torralba	b94e0d3e69	Merge pull request #10251 from atorralba/atorralba/implicit-pendingintent-sinks ... Java: Add new AlarmManager sinks to Use of implicit PendingIntents	2022-09-06 11:31:27 +02:00
Tamás Vajk	5f841f71db	Merge pull request #10291 from tamasvajk/kotlin-fix-array-set ... Kotlin: Fix array `set` operator extraction	2022-09-06 09:01:05 +02:00
Tamas Vajk	1c21ce0ec4	Kotlin: Lookup getter methods based on special JVM method mapping	2022-09-05 16:02:25 +02:00
Tamas Vajk	6a90db9b30	Kotlin: List diagnostics for special getter method extraction	2022-09-05 16:00:40 +02:00
Ian Lynagh	b38ad13f82	Merge pull request #10268 from tamasvajk/kotlin-local-function-comments ... Kotlin: fix doc comment extraction for local functions	2022-09-05 13:35:01 +01:00
Tamas Vajk	6f7f760682	Kotlin: Fix array set operator extraction	2022-09-05 10:20:07 +02:00
Tamas Vajk	608f99bd0d	Kotlin: Add test case for various array set operator overloads	2022-09-05 10:19:57 +02:00
Ian Lynagh	07b3b15528	Merge pull request #10221 from tamasvajk/kotlin-internal ... Kotlin: Change `Modifiable::isPublic` to not cover Kotlin `internal` members	2022-09-02 11:51:56 +01:00
Tamas Vajk	c77f573a8e	Kotlin: fix doc comment extraction for local functions	2022-09-02 10:47:08 +02:00
Tamas Vajk	46c52aeaae	Kotlin: Add test for doc comment on local functions	2022-09-02 10:45:08 +02:00
Tamas Vajk	bea0ce9ff9	Fix review findings	2022-09-02 09:20:20 +02:00
Erik Krogh Kristensen	6cee635cb5	Merge pull request #10180 from erik-krogh/fixTags ... Add missing security tags	2022-09-02 08:04:57 +02:00
Ian Lynagh	710ba3cb14	Merge pull request #10257 from igfoo/igfoo/hasModifier ... Java: Correct hasModifier documentation	2022-09-01 15:49:06 +01:00
Edoardo Pirovano	8f332714f4	Merge pull request #10260 from github/edoardo/3.7-mergeback ... Merge `rc/3.7` into `main`	2022-09-01 15:44:17 +01:00
Tamas Vajk	e66d2dddb6	Fix review findings	2022-09-01 14:07:27 +02:00
Ian Lynagh	7ed18f1b32	Java: Correct hasModifier documentation	2022-09-01 11:52:07 +01:00
Tamas Vajk	a5415c9c8a	Kotlin: Fix array indexer extraction	2022-09-01 11:12:14 +02:00
Tamas Vajk	afeea64078	Kotlin: Add test case for overloaded array get	2022-09-01 11:09:44 +02:00
Tony Torralba	04c230b128	Docs fixes	2022-09-01 09:57:32 +02:00
Tony Torralba	5d9f366ac5	Add change note	2022-09-01 09:53:46 +02:00
Tony Torralba	bee4e4b40a	Add new AlarmManager sinks	2022-09-01 09:47:58 +02:00
Ian Lynagh	7dc5bdafe3	Merge pull request #10186 from github/post-release-prep/codeql-cli-2.10.4 ... Post-release preparation for codeql-cli-2.10.4	2022-08-31 17:29:57 +01:00
Tamás Vajk	bf7437fd2e	Merge pull request #10224 from tamasvajk/kotlin-comment-fixes ... Kotlin: Fix issues in comment extraction	2022-08-31 14:22:09 +02:00
Anders Schack-Mulligen	784eef3f2c	Java: Support SCCs in TypeFlow.	2022-08-31 13:20:00 +02:00
Michael Nebel	1cb6d78d35	Merge pull request #10170 from michaelnebel/java/models-io ... Java: Update models for commons-io and add negative models.	2022-08-31 11:05:09 +02:00
Tony Torralba	2ec53bf78c	Merge pull request #9873 from luchua-bc/java/permissive-dot-regex ... Java: CWE-625 Query to detect regex dot bypass	2022-08-31 10:24:18 +02:00
luchua-bc	e2e87980cc	Move pattern check to MatchRegexConfiguration::isSink	2022-08-30 22:48:12 +00:00
Erik Krogh Kristensen	72942afe3e	Merge pull request #10220 from erik-krogh/overlapsWithNothing ... print a correct range for ranges that doesn't contain any alpha-numeric chars	2022-08-30 15:38:34 +02:00
Tamas Vajk	9ced14672d	Kotlin: Assign container class as the owner of init block comments	2022-08-30 15:37:55 +02:00
Tamas Vajk	d9b3726ee8	Kotlin: Add test case for doc comment on init block	2022-08-30 15:37:00 +02:00
Anders Schack-Mulligen	4070860d2b	Merge pull request #10208 from aschackmull/java/dispatch-fixes ... Java: A couple of small virtual dispatch fixes	2022-08-30 15:03:48 +02:00
Tamas Vajk	3513bb8eed	Kotlin: Change Modifiable::isPublic to not cover Kotlin internal members	2022-08-30 14:37:27 +02:00
Tamas Vajk	d9086e6328	Kotlin: Add test case for internal member accessed from java	2022-08-30 14:26:12 +02:00
Michael Nebel	e020ae77e0	Merge pull request #10158 from michaelnebel/csharp/narrowcollectiontypes ... C#: Narrow collection like types in model generation.	2022-08-30 14:20:57 +02:00
erik-krogh	7fd426e748	print a correct range for ranges that doesn't contain any alpha-numeric chars	2022-08-30 13:57:11 +02:00