14321 Commits

Author	SHA1	Message	Date
Kaixuan Li	f5cfc5e282	Update java/ql/test/query-tests/security/CWE-190/semmle/tests/ArithmeticTainted.java ... Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>	2026-03-29 10:25:10 +08:00
MarkLee131	0c5e89a68e	Exclude bounds-check arithmetic from tainted-arithmetic sinks ... The java/tainted-arithmetic query now recognizes when an arithmetic expression appears directly as an operand of a comparison (e.g., `if (off + len > array.length)`). Such expressions are bounds checks, not vulnerable computations, and are excluded via the existing overflowIrrelevant predicate. Add test cases for bounds-checking patterns that should not be flagged.	2026-03-28 17:39:40 +08:00
Óscar San José	2139b97628	Merge branch 'main' into post-release-prep/codeql-cli-2.25.0	2026-03-19 13:07:00 +01:00
github-actions[bot]	e3dbf5b022	Post-release preparation for codeql-cli-2.25.0	2026-03-16 16:03:22 +00:00
github-actions[bot]	d6055754b6	Release preparation for version 2.25.0	2026-03-16 12:15:34 +00:00
Owen Mansel-Chan	52809133f5	Add change notes	2026-03-13 11:10:43 +00:00
Owen Mansel-Chan	056aa342fe	Change @security-severity for log injection queries from 7.8 to 6.1	2026-03-13 10:02:01 +00:00
Owen Mansel-Chan	f58a6e5d3a	Change @security-severity for XSS queries from 6.1 to 7.8	2026-03-13 10:01:02 +00:00
Anders Schack-Mulligen	6a6bb5ebf9	Merge pull request #21441 from aschackmull/cfg/switch-sharing ... Cfg: Share more code for switch statements.	2026-03-10 13:50:21 +01:00
Anders Schack-Mulligen	77d4f5a2dc	Cfg: Update fallsThrough default.	2026-03-10 11:10:24 +01:00
Anders Schack-Mulligen	edf88b34da	Cfg: Move Case.getBodyElement to shared code.	2026-03-10 11:02:58 +01:00
Anders Schack-Mulligen	35ac66d3aa	Cfg: Move getCaseControlFlowOrder to shared code.	2026-03-10 10:39:32 +01:00
Owen Mansel-Chan	d8007a85e6	Java: Make corresponding predicate private	2026-03-09 13:44:50 +00:00
Óscar San José	3b9eba2afc	Merge branch 'main' of https://github.com/github/codeql into oscarsj/merge-back-rc-3.21	2026-03-06 16:20:36 +01:00
Owen Mansel-Chan	e96ba4806b	Merge pull request #21415 from owen-mc/java/validate-constructor-summary-models ... Java: validate constructor summary models	2026-03-06 09:09:18 +00:00
Owen Mansel-Chan	92a719092a	Update models in test output	2026-03-05 13:32:52 +00:00
Anders Schack-Mulligen	8ef4be49aa	Merge pull request #21412 from aschackmull/java/binary-assignment ... Java: Make Assignment extend BinaryExpr.	2026-03-05 13:19:45 +01:00
Owen Mansel-Chan	579c871b69	Fix incorrect constructor summary models	2026-03-05 12:03:21 +00:00
Owen Mansel-Chan	63c71b418c	Add model validation for constructor summary models	2026-03-05 12:02:37 +00:00
Owen Mansel-Chan	c82f75604a	Add change notes	2026-03-05 10:34:30 +00:00
Anders Schack-Mulligen	ea77c0d86c	Java: Add change note.	2026-03-05 11:32:00 +01:00
Anders Schack-Mulligen	ec1d034ee0	Java: Make Assignment extend BinaryExpr.	2026-03-05 11:31:59 +01:00
Owen Mansel-Chan	2b3111441d	Add space before $ in xml test file	2026-03-04 15:03:24 +00:00
Owen Mansel-Chan	aa28c94562	Remove double space after $ in inline expectations tests	2026-03-04 14:12:42 +00:00
Owen Mansel-Chan	f41c30e335	java: Inline expectation should have space before $	2026-03-04 13:11:33 +00:00
Anders Schack-Mulligen	3c129fcd23	Java: Align BinaryExpr.getOp() with AssignOp.getOp().	2026-03-04 13:46:04 +01:00
Owen Mansel-Chan	05a77a2005	Java: Update test expectations	2026-03-04 12:44:56 +00:00
Owen Mansel-Chan	ef345a3279	Java: Inline expectation should have space after $ ... This was a regex-find-replace from `// \$(?! )` (using a negative lookahead) to `// $ `.	2026-03-04 12:44:54 +00:00
Anders Schack-Mulligen	fe032a5834	Java: Update dbscheme to make @assignment a @binaryexpr.	2026-03-03 15:15:35 +01:00
Anders Schack-Mulligen	daefd5988e	Java: Accept CFG diff.	2026-03-03 14:18:10 +01:00
github-actions[bot]	e152f08468	Post-release preparation for codeql-cli-2.24.3	2026-03-02 22:51:27 +00:00
github-actions[bot]	7795badd18	Release preparation for version 2.24.3	2026-03-02 13:23:40 +00:00
Anders Schack-Mulligen	ab94524328	Cfg: Address review comments.	2026-02-27 16:35:25 +01:00
Anders Schack-Mulligen	2b8e719034	Java: Add nullness test covering known FP.	2026-02-23 15:10:03 +01:00
Anders Schack-Mulligen	bdbbd45909	Java: Handle missing throws clauses.	2026-02-23 15:10:02 +01:00
Anders Schack-Mulligen	0d0711f2a7	Java: Add change note.	2026-02-23 15:10:02 +01:00
Anders Schack-Mulligen	d4873dd35e	Java: Adjust switch case guards test.	2026-02-23 15:10:01 +01:00
Anders Schack-Mulligen	f7317b6a2b	Java: Enable Cfg consistency checks.	2026-02-23 15:10:01 +01:00
Anders Schack-Mulligen	352b3711f6	Java: Remove obsolete tests - false successors are no longer special.	2026-02-23 15:10:00 +01:00
Anders Schack-Mulligen	eb37c413f2	Java: Accept revised CFG.	2026-02-23 15:10:00 +01:00
Anders Schack-Mulligen	106a9d479f	Java: Accept reduced precision from no longer nesting completions in YieldCompletions.	2026-02-23 15:09:59 +01:00
Anders Schack-Mulligen	d84e0e262d	Java: Accept removal of spurious reason (the alert stays).	2026-02-23 15:09:59 +01:00
Anders Schack-Mulligen	8b0dd7b866	Java: Accept new TP in NullMaybe.	2026-02-23 15:09:58 +01:00
Anders Schack-Mulligen	b798bc2c8f	Java: Fix enhancedForEarlyExit implementation.	2026-02-23 15:09:58 +01:00
Anders Schack-Mulligen	a72cf56a05	Java: Accept dispatch precision improvement.	2026-02-23 15:09:57 +01:00
Anders Schack-Mulligen	4d9c0e0c26	Java: Accept new locations for SSA definitions.	2026-02-23 15:09:57 +01:00
Anders Schack-Mulligen	a6ee1df567	Java: Remove test. Flexible constructors need AST-based tests, which are already in place, not CFG tests.	2026-02-23 15:09:56 +01:00
Anders Schack-Mulligen	581679d27d	Java: Fix reference to entry node.	2026-02-23 15:09:56 +01:00
Anders Schack-Mulligen	fc8b7c04cf	Java: Exclude ExprStmt consistent with SwitchCase.getRuleExpression().	2026-02-23 15:09:55 +01:00
Anders Schack-Mulligen	ccd28ff66a	Java: Fix instanceof-disjunction.	2026-02-23 15:09:55 +01:00