hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-26 17:11:24 +02:00
Code Issues Packages Projects Releases Wiki Activity
75,809 Commits 1,760 Branches 168 Tags
efe01c151e53f901ed053da5fa004fed60a57f2d
Commit Graph

2945 Commits

Author SHA1 Message Date
Mathias Vorreiter Pedersen
712d8aa322 Java: Update file that was forgotten in the dataflow-stack PR. 2025-01-31 10:19:21 +00:00
Mathias Vorreiter Pedersen
d144c26c04 Java/C#: Add missing files. 2025-01-30 17:44:32 +00:00
Mathias Vorreiter Pedersen
e4378b26b8 All languages: Get rid of the Microsoft modifications to the GitHub dataflow files. 2025-01-30 15:40:52 +00:00
Dilan
25a46a882b Merge tag 'codeql-cli/latest' 
Compatible with the latest released version of the CodeQL CLI
 2025-01-28 19:01:55 +00:00
Owen Mansel-Chan
883301938b Merge pull request #18161 from owen-mc/java/weak-crypto-algo-more-informative 
Java: Make `java/weak-cryptographic-algorithm` give  a reason why the algo is insecure
 2025-01-13 23:43:04 +00:00
yoff
599411b440 Merge pull request #17787 from yoff/shared/add-location-to-typetracking-nodes 
shared: Add locations to type tracking nodes
 2025-01-13 23:06:09 +01:00
Tom Hvitved
303b11ec36 Merge pull request #18298 from hvitved/rust/mad-source-sink 
Rust: Add support for MaD sources and sinks with access paths
 2025-01-10 11:49:51 +01:00
Dilan
4fd7aec87f Merge tag 'codeql-cli/latest' 
Compatible with the latest released version of the CodeQL CLI
 2025-01-09 21:59:09 +00:00
yoff
21e7a0e828 Merge branch 'main' into shared/locations-in-range-analysis 2025-01-08 16:40:59 +01:00
Tom Hvitved
868caf948c Rename {Source,Sink}Node to {Source,Sink}Element 2025-01-08 15:21:43 +01:00
yoff
aca5a51a78 Merge branch 'main' into shared/add-location-to-typetracking-nodes 2025-01-08 12:47:05 +01:00
Owen Mansel-Chan
5959a736ac Only recommend GCM, and tighten wording 2025-01-07 16:55:10 +00:00
Tom Hvitved
1b31c90d26 Implement FlowSummaryImpl stubs 2025-01-06 13:26:51 +01:00
Owen Mansel-Chan
8703e21f62 Merge pull request #17996 from owen-mc/java/lightweight-IR-layer-classes 
Java: Make separate classes for different control flow node kinds
 2024-12-12 13:36:54 +00:00
Owen Mansel-Chan
8e11789186 Restore asStmt, asExpr and asCall to Node 
It doesn't really make sense to define them in terms of dispatch.
 2024-12-12 12:30:01 +00:00
Owen Mansel-Chan
066db766ef Merge pull request #18153 from owen-mc/java/resttemplate-getforobject 
Java: add SSRF sink model for the third parameter of `RestTemplate.getForObject`
 2024-12-11 16:37:35 +00:00
Jami
538dee81b6 Merge pull request #18214 from jcogs33/jcogs33/java/file-getname-path-sanitizer 
Java: add File.getName as a path injection sanitizer
 2024-12-11 10:18:02 -05:00
Owen Mansel-Chan
1420bce36a Move import statement in SpringWebClient.qll 2024-12-11 14:19:24 +00:00
Owen Mansel-Chan
aaa4361120 Rearrange member predicates in ControlFlow::Node 
Put all the ones which might need to be overrridden by subclasses
together for ease of reading.
 2024-12-11 10:34:18 +00:00
Owen Mansel-Chan
79f4f78fc2 Make separate classes for control flow node kinds 
This puts all the logic of a particular control flow node kind into one
place and makes it easier to add new kinds.
 2024-12-11 10:34:16 +00:00
Dilan
2e6d9e7ca5 Merge tag 'codeql-cli/latest' 
Compatible with the latest released version of the CodeQL CLI
 2024-12-10 18:26:05 +00:00
Owen Mansel-Chan
3f5886ef7a Accept another review suggestion 2024-12-10 15:26:17 +00:00
Owen Mansel-Chan
2da9bfb1a6 Finish renaming getCFGNode to getCfgNode 2024-12-10 15:26:16 +00:00
Owen Mansel-Chan
274281f61e Apply all suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2024-12-10 15:26:14 +00:00
Owen Mansel-Chan
0f3dd6d8f1 Java: IPA the CFG 2024-12-10 15:26:11 +00:00
Owen Mansel-Chan
347fd575a2 Refactor to avoid duplicated logic 2024-12-05 11:15:43 +00:00
Owen Mansel-Chan
b20b7c7572 Remove escaped "{" and "}" before counting placeholders 2024-12-05 10:43:13 +00:00
Jami Cogswell
121780c55a Java: add File.getName as a path injection sanitizer 2024-12-04 18:57:51 -05:00
Anders Schack-Mulligen
03fdceb0fd Merge pull request #18191 from aschackmull/dataflow/remove-deprecated-lib 
Dataflow: Delete the old configuration-class based api.
 2024-12-04 11:31:46 +01:00
Owen Mansel-Chan
5351f5b69d Update wording of alert (accepting review suggestion) 
Co-authored-by: Chris Smowton <smowton@github.com>
 2024-12-04 10:31:14 +00:00
Owen Mansel-Chan
95116eec51 Update recommendations 2024-12-04 00:42:23 +00:00
Anders Schack-Mulligen
b12a1c078c Java: Delete deprecated extension points referencing deleted api. 2024-12-03 20:08:44 +01:00
Anders Schack-Mulligen
2c0baff76a Java: Delete deprecated data flow api. 2024-12-03 14:13:03 +01:00
Tom Hvitved
fbeb6f3940 Shared: Move shared logic into FlowSummaryImpl.qll 2024-12-03 09:11:11 +01:00
Dilan
0e25de1af0 Merge tag 'codeql-cli/latest' 
Compatible with the latest released version of the CodeQL CLI
 2024-12-02 13:59:17 +00:00
Owen Mansel-Chan
5c99c8cc37 Improve suggestion for ECB 2024-11-29 14:05:07 +00:00
Owen Mansel-Chan
09240e46f2 Refactor: use concat instead of hand-written version 
This changes the order of the algorithms in the regex, but I don't think
that makes any difference.
 2024-11-29 11:54:29 +00:00
Owen Mansel-Chan
e6409e159f Give reason why crypto algorithm is insecure 2024-11-29 11:54:27 +00:00
Owen Mansel-Chan
2c061b0d56 Add QLDoc for HostnameSanitizingPrefix 2024-11-29 09:46:44 +00:00
Owen Mansel-Chan
7648d397f8 Improve model to remove some false positives 2024-11-29 09:46:41 +00:00
Owen Mansel-Chan
617f4f140e Make HostnameSanitizingPrefix public 2024-11-29 09:46:39 +00:00
Owen Mansel-Chan
ba3f9d6134 Convert model to QL 2024-11-29 09:46:38 +00:00
Owen Mansel-Chan
65fb895ed5 (Unrelated) Fix typo in class name 2024-11-28 16:51:09 +00:00
Anders Schack-Mulligen
df2e2e503a Merge pull request #17901 from aschackmull/java/allowlist-sanitizer 
Java: Add a default taint sanitizer for contains-checks on lists of constants
 2024-11-27 11:09:05 +01:00
Anders Schack-Mulligen
5ef496dd1b Java: Add more qldoc. 2024-11-27 09:07:35 +01:00
Anders Schack-Mulligen
408a38d9fb Java: Address review comment, include addFirst,addLast. 2024-11-26 13:25:43 +01:00
Anders Schack-Mulligen
6f32c4129d Java: Add a default taint sanitizer for contains-checks on lists of constants. 2024-11-26 13:25:41 +01:00
Anders Schack-Mulligen
7f86f8cac7 Java: Prepare TypeFlow for separate instantiation of universal flow. 2024-11-26 13:25:41 +01:00
Jami Cogswell
05b6700607 Java: add SHA384 to list of secure algorithms 2024-11-25 09:27:53 -05:00
Arthur Baars
c2b342f1a0 Merge pull request #18084 from github/aibaars/java-sha3 
Java: add SHA3 family to list of secure crypto algorithms
 2024-11-25 15:07:43 +01:00