hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-13 06:24:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
69,431 Commits 1,681 Branches 158 Tags
e1801f3a297aaec8b3eaa585f128a279cdcbb419
Commit Graph

5338 Commits

Author SHA1 Message Date
Alexander Eyers-Taylor
ffd811a55d Merge pull request #17182 from github/post-release-prep/codeql-cli-2.18.2 
Post-release preparation for codeql-cli-2.18.2
 2024-08-08 16:28:03 +01:00
github-actions[bot]
cc6d87c276 Post-release preparation for codeql-cli-2.18.2 2024-08-08 12:56:21 +00:00
github-actions[bot]
019da8c287 Release preparation for version 2.18.2 2024-08-07 14:02:38 +00:00
Tamas Vajk
0263cc1609 Improve code quality 2024-08-07 15:27:14 +02:00
Alexander Eyers-Taylor
46577b585e Revert "Release preparation for version 2.18.2" 2024-08-07 14:24:37 +01:00
github-actions[bot]
c14ba0e4bd Release preparation for version 2.18.2 2024-08-06 12:46:15 +00:00
Andrew Eisenberg
6a49647a28 Merge pull request #17132 from github/aeisenberg-patch-1 
Update CHANGELOG.md
 2024-08-02 07:55:06 -07:00
Anders Schack-Mulligen
4d023f14a6 Merge pull request #17075 from RobbingDaHood/17052-second-try-do-not-expose-error-message 
Java: 17052 Second try: do not expose error message
 2024-08-02 12:44:27 +02:00
Andrew Eisenberg
c8994003c1 Update CHANGELOG.md 
Drive-by fix of a typo.
 2024-08-01 16:16:17 -07:00
Owen Mansel-Chan
6280ed2a6b Merge pull request #13555 from am0o0/amammad-java-bombs 
Java: Decompression Bombs
 2024-07-31 14:55:28 +01:00
Owen Mansel-Chan
8901b1fd14 Merge pull request #17100 from owen-mc/java/sensitive-log/ignore-tokenizer 
Java: whitelist variable names containing "tokenizer" for `java/sensitive-log`
 2024-07-31 12:16:03 +01:00
am0o0
40eef25133 use more specefic Classes instead of Call 2024-07-30 18:07:03 +02:00
Owen Mansel-Chan
1cb5f35c56 Add change note 2024-07-30 16:29:38 +01:00
Owen Mansel-Chan
cd0af0fc57 Ignore types with methods which have annotations 
The motivation is test classes in JUnit 4 and 5 are currently FPs for this. They have methods with `@Test`, so this should fix the FPs.
 2024-07-30 16:29:35 +01:00
Owen Mansel-Chan
44b6309e07 Add change note 2024-07-30 15:44:00 +01:00
am0o0
4dc1a10f71 update tests for zip4j, add aditional flow steps for zip4j, remove BombTypeInputStream class since we don't need it anymore, add a predicate which was for testing porpose and was junk 2024-07-29 18:10:04 +02:00
RobbingDaHood
1cb58922a2 Minor changes to formulations for java/error-message-exposure 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2024-07-29 16:48:15 +02:00
am0o0
c8749ff82e Merge branch 'amammad-java-bombs' of https://github.com/am0o0/codeql into amammad-java-bombs 2024-07-28 12:15:23 +02:00
am0o0
0593eaad52 we don't need ConstructorCall for ZipFile anymore since we have a more accurate sink for this 2024-07-28 12:12:07 +02:00
am0o0
cc752113af we don't need TypeInputStreamConstructorArgumentSink anymore 2024-07-28 12:09:52 +02:00
am0o0
7689db7d42 change apache commons sink 2024-07-28 12:09:33 +02:00
Daniel Winther Petersen
1c1ba7734f Now alerts about exposing exception.getMessage() in servlet responses are split out of java/stack-trace-exposure into its own alert java/error-message-exposure because this is a better fit. 2024-07-25 18:12:45 +02:00
Owen Mansel-Chan
4c8da54b64 Merge pull request #17036 from chmodxxx/sbaddou/fix 
Java: Move SensitiveLoggerConfig source to extensible format
 2024-07-23 14:55:26 +01:00
Salah Baddou
092de640fe add change-notes 2024-07-23 11:04:56 +01:00
github-actions[bot]
49cc8f8ff8 Post-release preparation for codeql-cli-2.18.1 2024-07-22 22:00:48 +00:00
github-actions[bot]
368bcb684a Release preparation for version 2.18.1 2024-07-22 21:30:50 +00:00
Chuan-kai Lin
23320b6e5e Revert "Release preparation for version 2.18.1" 2024-07-22 13:22:49 -07:00
github-actions[bot]
55935fc123 Release preparation for version 2.18.1 2024-07-22 14:56:15 +00:00
Owen Mansel-Chan
9a66e66d66 Merge branch 'main' into amammad-java-bombs 2024-07-18 21:28:23 +01:00
am0o0
7bb7d83b26 remove duplicate sinks 
replace some RefType with DecompressionBomb::BombTypeInputStream
 2024-07-18 20:55:59 +02:00
Owen Mansel-Chan
e6c1ff573a Merge branch 'main' into max-schaefer-patch-1 2024-07-18 10:39:42 +01:00
Owen Mansel-Chan
e2356d9820 Merge pull request #16914 from owen-mc/java/android-app-detection 
Java: Improve Android app detection
 2024-07-16 21:52:43 +01:00
am0o0
025aa77e79 add the snappy missed sink 2024-07-13 11:15:45 +02:00
am0o0
8c106964ec remove duplicate parts thanks to @owen-mc 2024-07-13 11:11:07 +02:00
am0o0
8ba48e801a fix examples 2024-07-13 10:28:19 +02:00
am0o0
dd3cc33298 move DecompressionBombsFlow::PathGraph to DecompressionBomb.ql 2024-07-13 10:24:07 +02:00
Am
a3b5d2a28d Update java/ql/src/experimental/Security/CWE/CWE-522-DecompressionBombs/DecompressionBomb.qhelp 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2024-07-13 10:20:43 +02:00
Am
4fbf76008e Update java/ql/src/experimental/Security/CWE/CWE-522-DecompressionBombs/DecompressionBomb.qhelp 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2024-07-13 10:20:25 +02:00
Max Schaefer
d5d0cf5d90 Java: Tag java/non-https-url with CWE-345 2024-07-11 13:37:09 +01:00
am0o0
7a5838f1a2 MethodAccess => MethodCall 2024-07-09 19:43:22 +02:00
am0o0
e87d2fe922 remove redundent imports 2024-07-09 19:41:06 +02:00
github-actions[bot]
ae3aba061b Post-release preparation for codeql-cli-2.18.0 2024-07-08 13:30:13 +00:00
Angela P Wen
dc20b0d19e Merge pull request #16921 from github/release-prep/2.18.0 
Release preparation for version 2.18.0
 2024-07-08 13:12:57 +02:00
Chris Smowton
d9573596c7 Merge pull request #16810 from smowton/smowton/feature/java-low-db-quality-query 
Java: add diagnostic query indicating low database quality
 2024-07-08 12:06:42 +01:00
github-actions[bot]
b0d6778652 Release preparation for version 2.18.0 2024-07-08 09:10:51 +00:00
Owen Mansel-Chan
de5fc4e609 Add change notes 2024-07-07 00:24:27 +01:00
am0o0
fe1103d997 add stubs, upgrade test to inline test, update test files 2024-07-04 15:25:36 +02:00
Michael Nebel
25b20186af Merge pull request #16861 from michaelnebel/modelgen/sourcesinklift 
C#/Java: Do not lift source and sink models.
 2024-07-02 08:50:31 +02:00
am0o0
a6833945c1 remove additional taint steps and flow states 2024-07-01 16:07:44 +02:00
am0o0
d31711bd89 merge all ne flow sources into one by extending current abstract class 2024-07-01 15:16:44 +02:00