hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
57,315 Commits 1,672 Branches 157 Tags
e1a5eba61b8558f55f230d6969027fb33acb51b2
Commit Graph

10164 Commits

Author SHA1 Message Date
Ed Minnix
c319ee4c0d Add TempDirLocalInformationDisclosureQuery 2023-05-04 10:25:16 -04:00
Ed Minnix
b087cf9a0a Add Arithmetic query libraries 2023-05-04 10:25:16 -04:00
Ed Minnix
b6361cdd3d Move CWE-190/ArithmeticCommon.qll to semmle.code.java.security 2023-05-04 10:25:16 -04:00
Ed Minnix
77ee80fd81 Add missing change notes 2023-05-04 10:25:16 -04:00
Ed Minnix
24b00bac11 Add UnsafeHostnameVerificationQuery 2023-05-04 10:25:16 -04:00
Ed Minnix
f4a6f555b4 Add NumericCastTaintedQuery 2023-05-04 10:25:13 -04:00
Ed Minnix
e65a54b85f Add BrokenCryptoAlgorithmQuery 2023-05-04 10:19:12 -04:00
Ed Minnix
4b76564911 Add MaybeBrokenCryptoAlgorithmQuery 2023-05-04 10:15:00 -04:00
Ed Minnix
e4f47ece43 Add ResponseSplittingLocalQuery 2023-05-04 10:15:00 -04:00
Ed Minnix
91b3533035 Add SqlTaintedLocalQuery 2023-05-04 10:14:59 -04:00
Ed Minnix
a0f7575b34 Add StackTraceExposureQuery 2023-05-04 10:14:59 -04:00
Ed Minnix
aff299eafd Add ExecTaintedLocal 2023-05-04 10:14:59 -04:00
Ed Minnix
b39d5088de Add InsecureCookieQuery 2023-05-04 10:14:59 -04:00
Ed Minnix
be24b29e7a Add UrlRedirectLocalQuery.qll 2023-05-04 10:14:59 -04:00
Ed Minnix
0249187282 Add ExternallyControlledFormatStringLocalQuery.qll 2023-05-04 10:14:59 -04:00
Ed Minnix
5834e4ac52 Add UrlRedirectQuery.qll 2023-05-04 10:14:59 -04:00
Ed Minnix
cc22a7d4b4 Add XssLocalQuery 2023-05-04 10:14:59 -04:00
Ed Minnix
c2b6a3f4e0 Add XPathInjectionQuery 2023-05-04 10:14:59 -04:00
Ed Minnix
c15ce27957 Add SqlConcatenatedQuery 2023-05-04 10:14:59 -04:00
Ed Minnix
1af6d5f7b3 Add TaintedPermissionsCheckQuery 2023-05-04 10:14:59 -04:00
Kasper Svendsen
4035b16ac1 Merge pull request #13008 from kaspersv/kaspersv/explicit-this-receivers-shared1 
Java, C#: Make implicit this receivers explicit
 2023-05-04 15:38:45 +02:00
Anders Schack-Mulligen
1185bfc90f Merge pull request #12986 from aschackmull/java/mapvalue-precision 
Java: Force high precision for MapValueContent.
 2023-05-04 14:52:41 +02:00
Anders Schack-Mulligen
3b004b06b0 Java: Minor perf fix for typePrefixContainsAux1. 2023-05-04 14:21:36 +02:00
Kasper Svendsen
29239939c7 Merge pull request #13010 from kaspersv/kaspersv/java-explicit-this-receivers 
Java: Make implicit this receivers explicit
 2023-05-04 13:06:41 +02:00
Mathias Vorreiter Pedersen
77001a070b Merge branch 'main' into identity-consistency-check 2023-05-03 22:01:06 +01:00
Jami Cogswell
78661f4ec9 Java: remove hardcoded-jwt-key summaries 2023-05-03 16:09:30 -04:00
Jami Cogswell
2e683b3dd2 Java: add change note 2023-05-03 10:43:50 -04:00
Jami Cogswell
1d39402c98 Java: remove url-open-stream from cwe-sink csv; this removes CWE-036 from the framework coverage report 2023-05-03 10:12:12 -04:00
Jami Cogswell
2224c5d9be Java: remove url-open-stream kind from getInvalidModelKind 2023-05-03 10:08:50 -04:00
Stephan Brandauer
32f2614fe0 add typecheckable mechanism to enforce minimal set of metadata 2023-05-03 16:00:50 +02:00
Jami Cogswell
917268e7e6 Java: activate the models in openstream query 2023-05-03 09:57:45 -04:00
Jami Cogswell
f8b39fda2e Java: switch url-open-stream models to experimentalSinkModel 2023-05-03 09:11:24 -04:00
Stephan Brandauer
6d29273c43 make framework mode explicit in file/module names 2023-05-03 14:36:42 +02:00
Stephan Brandauer
dfb9d88198 fix ql-for-ql errors 2023-05-03 14:17:11 +02:00
Ian Lynagh
b56b843d13 Merge pull request #12987 from github/post-release-prep/codeql-cli-2.13.1 
Post-release preparation for codeql-cli-2.13.1
 2023-05-03 13:12:10 +01:00
Kasper Svendsen
081085e128 Java: Make implicit this receivers explicit 2023-05-03 13:37:35 +02:00
Kasper Svendsen
e071a25653 Java, C#: Make implicit this receivers explicit 2023-05-03 13:09:00 +02:00
Stephan Brandauer
05bf13b020 use getCallable predicate 2023-05-03 11:27:14 +02:00
Stephan Brandauer
09f3296134 export related locations using notation 2023-05-03 10:27:46 +02:00
Edward Minnix III
733a00039e Merge pull request #12864 from egregius313/egregius313/java/mad/update-typeAsModel 
Java: Erase generics in `typeAsModel` predicate used in model generator
 2023-05-02 15:28:51 -04:00
Tony Torralba
ec44aa2597 Add change note 2023-05-02 15:31:20 +02:00
Tony Torralba
34f978ed26 Move manual models out of the generated directory 2023-05-02 15:29:28 +02:00
Anders Schack-Mulligen
353d5f82a6 Merge pull request #12984 from aschackmull/dataflow/instanceof-node 
Dataflow: Replace "extends Node" with "instanceof Node".
 2023-05-02 13:52:33 +02:00
Stephan Brandauer
f1644adca9 add internal tag to extraction queries; use 'ml' in query ids, instead of 'ml-powered' 2023-05-02 13:30:22 +02:00
Stephan Brandauer
bb7e473cbf use the name callable, instead of callee for methods, functions 2023-05-02 13:22:31 +02:00
Stephan Brandauer
f7f6f104d0 use NegativeEndpointType class; replace link to slack discussion 2023-05-02 13:15:30 +02:00
github-actions[bot]
18d4af994d Post-release preparation for codeql-cli-2.13.1 2023-05-02 10:50:20 +00:00
Tony Torralba
564bb1ccb0 Manual fixes 2023-05-02 11:27:48 +02:00
Anders Schack-Mulligen
97cd3b8576 Java: Force high precision for MapValueContent. 2023-05-02 11:19:21 +02:00
Anders Schack-Mulligen
ca09649679 Dataflow: Forward hasLocationInfo. 2023-05-02 10:48:32 +02:00