hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
50,611 Commits 1,672 Branches 157 Tags
ea4c2e432100cb15e4ad5448d02c36153a6f9f95
Commit Graph

8768 Commits

Author SHA1 Message Date
Chris Smowton
d5f7ef08b7 Update stats 2023-02-14 17:21:24 +00:00
Chris Smowton
7f76d8ae55 Replace redundant use of Class or Interface 2023-02-14 17:21:24 +00:00
Chris Smowton
82a2f4349a Resolve a newly-introduced ambiguity 
Also fix a simple redundancy noticed while debugging
 2023-02-14 17:21:24 +00:00
Chris Smowton
f48d87ba55 Add deletions for removed tables 2023-02-14 17:21:24 +00:00
Chris Smowton
3514dd1e4d Java: merge the @class and @interface database types and tables 
This will allow the extractor to emit class(id, ...) when all it knows about a class is its name, due to not having it available on the classpath. Previously it would have had to guess whether it belonged to @class or @interface, possibly introducing an inconsistency.
 2023-02-14 17:21:23 +00:00
Jami
029e1d47fe Merge pull request #12081 from jcogs33/jcogs33/update-some-Files-sinks 
Java: update `createTempDirectory` and `copy` "create-file" sinks
 2023-02-14 10:53:17 -05:00
Joe Farebrother
f68083872d Merge pull request #12174 from joefarebrother/stubgen-name-conflicts 
Java: Stub generator: Use fully qualified names to avoid conflicts
 2023-02-14 10:10:24 +00:00
Anders Schack-Mulligen
0600a2ba96 Merge pull request #12138 from aschackmull/java/gen-file-mark-perf 
Java: Improve performance of GeneratedFileMarker.
 2023-02-14 09:57:09 +01:00
Tony Torralba
935e22d10d Merge pull request #12139 from atorralba/atorralba/java/xxe-local-query 
Java: Add local version of the XXE query
 2023-02-14 09:54:36 +01:00
Michael Nebel
781aab3eb7 Merge pull request #11634 from michaelnebel/java/excludeinterfacemembers 
Java: Exclude interface members from model generation.
 2023-02-14 09:35:56 +01:00
Chad Bentz
b0c8992eef Adding CWE-798 MSSQL Tests 2023-02-13 19:44:02 -05:00
Chad Bentz
cfe169a4f9 Adding MSSQL to SensitiveAPI 2023-02-13 19:42:28 -05:00
Joe Farebrother
0b722bfe30 Stub generator: Use fully qualified names to avoid conflicts 2023-02-13 17:09:32 +00:00
Jami Cogswell
e4c8387815 Java: update CaptureSinkModels.expected with read-file sink 2023-02-13 11:29:30 -05:00
Tony Torralba
1c57aa0456 Fix import locations 2023-02-13 17:13:01 +01:00
Jami Cogswell
1c3d4b98c8 Java: move change note 2023-02-13 09:15:31 -05:00
Anders Schack-Mulligen
e877b161d8 Merge pull request #12124 from hvitved/dataflow/stage1-dispatch 
Data flow: Call context virtual dispatch pruning in stage 1
 2023-02-13 13:13:43 +01:00
Michael Nebel
2ce6d5f920 Java: Update negative models test to not produce a negative summary for interface member. 2023-02-13 10:45:54 +01:00
Michael Nebel
80628596dd Java: Exclude interface members from model generation. 2023-02-13 10:21:32 +01:00
Tony Torralba
4fad01a739 Further refactoring 
Avoid having two taint tracking configurations in the same file
 2023-02-13 09:18:05 +01:00
Tony Torralba
f3e0b6e62c PathGraph shouldn't be imported in a QLL library 2023-02-13 09:18:05 +01:00
Tony Torralba
422eb0d1bb Add change note 2023-02-13 09:18:05 +01:00
Tony Torralba
5555b5cd19 Add local version of the XXE query 2023-02-13 09:18:05 +01:00
Tom Hvitved
f7a5a33474 Address review comment 2023-02-13 09:01:15 +01:00
Jami Cogswell
ad8849c6b8 Java: fix typo 2023-02-12 16:33:26 -05:00
Jami Cogswell
ce1c814daa Java: update path-injection query to use new 'read-file' sink kind 2023-02-11 17:10:58 -05:00
Jami Cogswell
c87c3e30c7 Java: update getInvalidModelKind with 'read-file' kind 2023-02-11 17:07:25 -05:00
Anders Schack-Mulligen
770f3c24bb Java: Improve performance of GeneratedFileMarker. 2023-02-09 15:08:32 +01:00
Ian Lynagh
968f588893 Merge pull request #12090 from igfoo/igfoo/kotlin-1.8.10 
Kotlin: 1.8.10 and 1.8.20 are supported, and use 1.8.10 for CI
 2023-02-09 12:06:42 +00:00
Ian Lynagh
844e372651 Kotlin: Add a changenote for 1.8.20 support 2023-02-08 11:35:23 +00:00
Ian Lynagh
6255298876 Kotlin: Use 1.8.10 for CI 
I don't think there's any need for the CI version to be one of the
versions we build extractors for, so I've removed that check.
 2023-02-08 11:35:23 +00:00
Michael Nebel
02364d072e Java: Fix bad join in TestLibrary characteristic predicate. 2023-02-08 11:59:59 +01:00
Michael Nebel
f8dbbe006e C#/Java: Materialize sink/source/summary predicates to avoid join on input/output before filtering. 2023-02-08 10:04:43 +01:00
Tom Hvitved
8e8897b08b Data flow: Sync files 2023-02-07 15:15:04 +01:00
Anders Schack-Mulligen
3c580896dc Merge pull request #11712 from aschackmull/java/constant-guards 
Java: Apply deadcode guard to data flow nodes.
 2023-02-07 09:14:20 +01:00
Anders Schack-Mulligen
b4607d3fab Java: Add change notes. 2023-02-06 13:55:34 +01:00
Mathias Vorreiter Pedersen
00fe448e3a Merge pull request #12072 from aschackmull/dataflow/stage3-perf 
Dataflow: Fix join in `fwdFlowRead` (take 2)
 2023-02-06 10:43:11 +00:00
Jami Cogswell
2d7e71dfce Java: add read-file sink kind for first arg of copy 2023-02-03 17:28:46 -05:00
Jami
b6805c6913 Merge pull request #11863 from jcogs33/jcogs33/update-paramsString 
Java: update paramsString
 2023-02-03 15:47:38 -05:00
Anders Schack-Mulligen
2d6d8aaa74 Java: Account for additional constants in ArrayIndexOutOfBounds query. 2023-02-03 16:16:39 +01:00
Anders Schack-Mulligen
a1aeb995e6 Java: Apply deadcode guard to data flow nodes. 2023-02-03 16:16:39 +01:00
Anders Schack-Mulligen
e8dbd65d77 Java: Refactor compile-time constant calculation and apply to ConstantIntegerExpr. 2023-02-03 16:16:27 +01:00
github-actions[bot]
faf21f3edb Post-release preparation for codeql-cli-2.12.2 2023-02-02 23:01:04 +00:00
Jami Cogswell
30b1a2edbc Java: add first argument to copy sink 2023-02-02 16:20:54 -05:00
Jami Cogswell
61a8f5e425 Java: add signature to createTempDirectory sink 2023-02-02 16:19:20 -05:00
Anders Schack-Mulligen
67d4ed53b9 Dataflow: Sync. 2023-02-02 16:33:00 +01:00
Anders Schack-Mulligen
8cb233df1a Dataflow: A proper perf fix for the stage-dependent fanout direction of the Content-to-Ap relation. 2023-02-02 16:31:07 +01:00
github-actions[bot]
a4fa984792 Release preparation for version 2.12.2 2023-02-02 14:34:55 +00:00
Joe Farebrother
97b2e852c9 Merge pull request #11713 from joefarebrother/sensitive-result-receiver 
Java: Add query for leaking sensitive data through a ResultReceiver
 2023-02-01 16:34:17 +00:00
Tony Torralba
834fc51a3a Update java/ql/src/Security/CWE/CWE-927/SensitiveResultReceiver.ql 2023-02-01 15:26:26 +01:00