hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-11 09:49:26 +02:00
Code Issues Packages Projects Releases Wiki Activity
41,646 Commits 1,756 Branches 167 Tags
eb190907462feccee654deb7dd2aff65aee56a4a
Commit Graph

98 Commits

Author SHA1 Message Date
Joe Farebrother
abf894a64c Fix typos 2022-08-05 12:56:20 +01:00
Joe Farebrother
0d09484efc Add change note 2022-08-05 12:56:19 +01:00
Chris Smowton
af274354a0 Merge pull request #9956 from github/smowton/feature/tainted-path-query-mad 
Make java/path-injection recognise create-file MaD sinks
 2022-08-04 08:59:59 +01:00
Chris Smowton
977823bd76 Create 2022-08-03-tainted-path-mad.md 2022-08-03 10:54:35 +01:00
github-actions[bot]
212786ed91 Release preparation for version 2.10.2 2022-07-28 13:38:35 +00:00
Jeroen Ketema
fe1f1bb79d Fix issues with change notes 2022-07-14 11:06:14 +02:00
github-actions[bot]
d1aa0d7dd3 Release preparation for version 2.10.1 2022-07-14 08:56:03 +00:00
Andrew Eisenberg
fbeecd6c08 Merge pull request #9744 from github/aeisenberg/move-contextual-queries 2022-06-29 11:44:33 -07:00
Andrew Eisenberg
ddf06f8617 Add change notes and qldoc for moved files 2022-06-29 10:03:12 -07:00
Tony Torralba
12fa6967dc Merge pull request #8669 from joefarebrother/intent-verification 
Java: Add query for Improper Verification of Intent by Broadcast Receiver (CWE-925)
 2022-06-29 09:43:07 +02:00
github-actions[bot]
a74051c658 Release preparation for version 2.10.0 2022-06-23 11:17:46 +00:00
Chris Smowton
1f9f6d7c33 Java: Report log-injection at the source rather than the sink 
This should remove the problem of excessive grouping of different alerts that share a sink location, often due to wrapper functions that form the ultimate sink of all logging calls in a given codebase.
 2022-06-22 13:05:20 +01:00
github-actions[bot]
104ac05f49 Release preparation for version 2.9.4 2022-06-15 08:22:38 +00:00
Joe Farebrother
a6736a99e4 Apply doc review suggestions - 
fix typos and capitilisation; reword description.
 2022-06-14 14:56:24 +01:00
Joe Farebrother
9d048e78af Apply suggestions from code review - fix typos/style, make things private 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2022-06-14 14:56:23 +01:00
Joe Farebrother
d88d216388 Add change note 2022-06-14 14:56:23 +01:00
github-actions[bot]
1f1b364feb Release preparation for version 2.9.3 2022-05-25 07:46:48 +00:00
Mathias Vorreiter Pedersen
1280d43e36 Merge pull request #9141 from github/post-release-prep/codeql-cli-2.9.2 
Post-release preparation for codeql-cli-2.9.2
 2022-05-17 10:01:37 +01:00
Tony Torralba
168a184602 Merge pull request #9127 from atorralba/atorralba/sensitive-info-log-improvs 
Java: Sensitive Info Log query improvements
 2022-05-13 16:57:32 +02:00
Joe Farebrother
59e400d2e0 Merge pull request #7723 from joefarebrother/redos 
Java: Add ReDoS queries
 2022-05-12 13:50:38 +01:00
Mathias Vorreiter Pedersen
eb3a35eaea Update java/ql/src/change-notes/released/0.1.2.md 2022-05-12 11:43:27 +01:00
github-actions[bot]
ee9980b31c Release preparation for version 2.9.2 2022-05-12 10:17:28 +00:00
Tony Torralba
f0a0ac100b Add live literals as sanitizers for sensitive logging 2022-05-12 11:57:44 +02:00
Tony Torralba
5db8306fef Stop considering usernames sensitive info 
Require variables to be static to be considered constants
 2022-05-12 11:46:52 +02:00
Chris Smowton
0044326884 Add change note 2022-05-11 12:06:27 +01:00
Tony Torralba
43b425d0e4 Merge pull request #9002 from atorralba/atorralba/https-urls-improvs 
Java: Add OkHttp and Retrofit models
 2022-05-11 10:48:08 +02:00
Mathias Vorreiter Pedersen
176e40f139 Merge pull request #9052 from github/post-release-prep/codeql-cli-2.9.1 
Post-release preparation for codeql-cli-2.9.1
 2022-05-06 13:15:17 +01:00
Tony Torralba
ca2959cf37 Merge pull request #8537 from atorralba/atorralba/unsafe_android_access_improvs 
Java: Improvements to UnsafeAndroidAccess
 2022-05-05 16:46:54 +02:00
Joe Farebrother
2d963176bf Fix change note 2022-05-04 15:41:37 +01:00
Tony Torralba
192017635a Update java/ql/src/change-notes/2022-03-24-unsafe-android-access-improvements.md 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-05-04 10:53:31 +02:00
Tony Torralba
b9859fe165 Add change note 2022-05-04 10:53:29 +02:00
Joe Farebrother
61f13817cf Add change note 2022-05-03 14:27:47 +01:00
Tony Torralba
9a35aba465 Add change notes 2022-05-02 15:45:44 +02:00
Jeroen Ketema
2e6addab03 Fix one more change note 2022-04-28 14:22:41 +02:00
github-actions[bot]
8e4cf190e9 Release preparation for version 2.9.1 2022-04-28 11:59:05 +00:00
Chris Smowton
8d7098245b Add change note 2022-04-26 10:38:20 +01:00
Dave Bartolomeo
033694d7f7 Fix formatting in change log 2022-04-21 11:00:38 -04:00
github-actions[bot]
eeaf233c29 Release preparation for version 2.9.0 2022-04-21 14:49:00 +00:00
Edoardo Pirovano
ce82c54b94 Merge branch 'main' into edoardo/3.5-mergeback 2022-04-08 15:30:58 +01:00
Jonathan Leitschuh
2753521650 Java: Fix Local Temp File/Dir Incorrect Guard Logic 
Resolves https://github.com/github/codeql/pull/8032#discussion_r841723906
 2022-04-06 12:16:09 -04:00
Anders Schack-Mulligen
d0b5b99e74 Merge pull request #8611 from github/smowton/doc/switch-expr-accessors 
Java: make SwitchCase.getRuleExpression/Statement more consistent
 2022-04-06 11:16:40 +02:00
github-actions[bot]
ee746d20df Release preparation for version 2.8.5 2022-04-01 10:39:31 +00:00
Chris Smowton
81e60eb145 Add change note 2022-04-01 11:20:03 +01:00
Anders Schack-Mulligen
f1ec2e3260 Merge pull request #8426 from atorralba/atorralba/missing-severities 
Java: Add missing security-severity scores
 2022-03-31 14:53:47 +02:00
Ian Lynagh
1f8ce3a868 Java: Tweak release notes 2022-03-21 15:14:45 +00:00
github-actions[bot]
dedc8c2254 Release preparation for version 2.8.4 2022-03-21 13:25:49 +00:00
Chris Smowton
767453520e Merge pull request #8032 from JLLeitschuh/feat/JLL/check_os 
Java: Add Guard Classes for checking OS & unify System Property Access
 2022-03-18 11:20:36 +00:00
Chris Smowton
b11340c829 Change note tense and detail level 2022-03-16 10:34:25 +00:00
Arthur Baars
6a74e761c8 Merge pull request #8398 from github/post-release-prep/codeql-cli-2.8.3 
Post-release preparation for codeql-cli-2.8.3
 2022-03-14 21:05:09 +01:00
Tony Torralba
1f4f4207b5 Add missing security-severity scores 2022-03-14 09:50:14 +01:00