codeql

mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00

Author	SHA1	Message	Date
Tamas Vajk	538e05995a	Fix dataflow for `kotlin.Array.iterator()`	2022-05-12 22:37:03 +01:00
Tamas Vajk	776322bac2	Add foreach dataflow tests	2022-05-12 22:36:28 +01:00
Chris Smowton	22e48ca39a	Accept test changes	2022-05-12 22:36:28 +01:00
Chris Smowton	77056c9bff	Add test expectations	2022-05-12 22:36:28 +01:00
Chris Smowton	ce87a89009	Replace Map and similar functions with their Java cousins This didn't appear to be necessary because the Kotlin and Java versions of Map (for example) are designed to be compatible, but in certain cases their functions have the same erasure but not the same type (e.g. Map.getOrDefault(K, V) vs. Map.getOrDefault(Object, V). These have different erasures which was leading to callable-binding inconsistencies.	2022-05-12 22:36:28 +01:00
Tamas Vajk	fa0bd0366c	Fix extension property labels	2022-05-12 22:36:28 +01:00
Tamas Vajk	25fce5f6bb	Identify data classes during extraction	2022-05-12 22:36:28 +01:00
Chris Smowton	1e78f2893c	Add test for special method getters	2022-05-12 22:36:28 +01:00
Chris Smowton	134f88fe8e	Accept test results	2022-05-12 22:36:27 +01:00
github-actions[bot]	b7cbd8fd75	Post-release preparation for codeql-cli-2.9.2	2022-05-12 18:21:38 +00:00
Nick Rolfe	6c52831143	Java: sync spelling correction in shared qll	2022-05-12 16:11:29 +01:00
Nick Rolfe	1115227f9d	Merge remote-tracking branch 'origin/main' into nickrolfe/misspelling	2022-05-12 16:10:27 +01:00
Anders Schack-Mulligen	8c8440a58a	Merge pull request #9101 from hvitved/dataflow/include-hidden Data flow: Add `Configuration::includeHiddenNodes()`	2022-05-12 15:36:12 +02:00
Nick Rolfe	128fac4414	Java: fix typos in comments	2022-05-12 14:28:49 +01:00
Ian Lynagh	75ca116ef9	Kotlin: QLDoc tweaks from intrigus	2022-05-12 14:12:01 +01:00
Joe Farebrother	59e400d2e0	Merge pull request #7723 from joefarebrother/redos Java: Add ReDoS queries	2022-05-12 13:50:38 +01:00
Anders Schack-Mulligen	adb56dfa39	Dataflow: Improve standard order through easier type check elimination.	2022-05-12 14:31:38 +02:00
Nick Rolfe	234a36ff61	Merge pull request #9119 from github/nickrolfe/non-us-spelling-fixes Fix non-US spellings and the corresponding query	2022-05-12 12:29:14 +01:00
Mathias Vorreiter Pedersen	f76d52407d	Update java/ql/lib/change-notes/released/0.2.1.md	2022-05-12 11:47:01 +01:00
Mathias Vorreiter Pedersen	1143b48338	Update java/ql/lib/CHANGELOG.md	2022-05-12 11:46:53 +01:00
Mathias Vorreiter Pedersen	55ce069e30	Update java/ql/lib/change-notes/released/0.2.1.md	2022-05-12 11:43:55 +01:00
Mathias Vorreiter Pedersen	eb3a35eaea	Update java/ql/src/change-notes/released/0.1.2.md	2022-05-12 11:43:27 +01:00
Mathias Vorreiter Pedersen	11707f8522	Update java/ql/src/CHANGELOG.md	2022-05-12 11:43:19 +01:00
Mathias Vorreiter Pedersen	2ef976a152	Update java/ql/src/CHANGELOG.md	2022-05-12 11:43:08 +01:00
Mathias Vorreiter Pedersen	22bdde6eaa	Update java/ql/lib/change-notes/released/0.2.1.md	2022-05-12 11:43:01 +01:00
Mathias Vorreiter Pedersen	e9e8f3810b	Update java/ql/lib/CHANGELOG.md	2022-05-12 11:41:20 +01:00
Mathias Vorreiter Pedersen	1f7eefe95c	Update java/ql/lib/CHANGELOG.md	2022-05-12 11:41:13 +01:00
github-actions[bot]	ee9980b31c	Release preparation for version 2.9.2	2022-05-12 10:17:28 +00:00
Tony Torralba	f0a0ac100b	Add live literals as sanitizers for sensitive logging	2022-05-12 11:57:44 +02:00
Tom Hvitved	0a7892797e	Merge pull request #8938 from hvitved/ruby/with-without-mad-tokens Ruby: Introduce `With(out)Element` MaD input tokens	2022-05-12 11:49:51 +02:00
Tony Torralba	5db8306fef	Stop considering usernames sensitive info Require variables to be static to be considered constants	2022-05-12 11:46:52 +02:00
Anders Schack-Mulligen	fad7d9ae72	Merge pull request #9120 from igfoo/igfoo/fixes Kotlin: Fix some alerts	2022-05-12 08:29:34 +02:00
Chris Smowton	85dc1090fe	Merge pull request #9116 from smowton/smowton/feature/accept-conditional-cookie-security Java: tolerate `cookie.setSecure(request.isSecure())`	2022-05-11 21:29:14 +01:00
Tom Hvitved	46ab25b61e	Merge pull request #9098 from aschackmull/dataflow/perf Dataflow: Performance fixes	2022-05-11 20:41:48 +02:00
Ian Lynagh	33e17f1665	Kotlin: Fix some alerts	2022-05-11 17:58:50 +01:00
Nick Rolfe	e1b277386a	Fix non-US spellings: s/analyse/analyze	2022-05-11 17:48:27 +01:00
Ian Lynagh	cfde0a1491	Merge pull request #9109 from igfoo/igfoo/kotlin_merge Initial Kotlin support	2022-05-11 16:16:22 +01:00
Tony Torralba	5be30209c1	Merge pull request #9036 from luchua-bc/java/hardcoded-jwt-key Java: CWE-321 Query to detect hardcoded JWT secret keys	2022-05-11 16:31:34 +02:00
Henry Mercer	6ecc542ca3	Merge pull request #9117 from github/henrymercer/java/tag-telemetry Java: Tag telemetry queries with `telemetry`	2022-05-11 15:13:35 +01:00
Anders Schack-Mulligen	4884520ee1	Dataflow: Review fix.	2022-05-11 15:40:49 +02:00
Chris Smowton	f7e1f3e1a5	Remove URL fragment from Google search	2022-05-11 14:38:09 +01:00
Tom Hvitved	5df87d526c	Sync files	2022-05-11 15:17:27 +02:00
Tom Hvitved	333780e635	Merge pull request #8898 from hvitved/dataflow/clear-expect-summary-components Data flow: Introduce 'with/without content' summary components	2022-05-11 15:16:42 +02:00
Ian Lynagh	c0a755e061	Merge remote-tracking branch 'upstream/main' into igfoo/kotlin_merge Resolving conflicts: java/ql/lib/semmle/code/java/Expr.qll	2022-05-11 14:13:09 +01:00
Henry Mercer	b6f1ddcdab	Java: Tag telemetry queries with `telemetry` This will exclude the results of these queries from the summary tables produced by `codeql database analyze` in a future version of the CodeQL CLI.	2022-05-11 13:29:25 +01:00
Anders Schack-Mulligen	9a4d86e9b4	Merge pull request #8571 from Marcono1234/marcono1234/statement-expression Java: Add `ValueDiscardingExpr`	2022-05-11 13:37:24 +02:00
Chris Smowton	0044326884	Add change note	2022-05-11 12:06:27 +01:00
Chris Smowton	c17ef42cc7	Insecure cookie query: accept `ServletRequest.isSecure()`, and allow more than one possible input to a `setSecure(...)` call.	2022-05-11 11:59:37 +01:00
luchua-bc	f85c01c975	Correct string source	2022-05-11 10:37:22 +00:00
Chris Smowton	1af0e9b619	Servlets.qll: don't use deprecated `library` visiblity modifier.	2022-05-11 11:31:14 +01:00

... 2 3 4 5 6 ...

5564 Commits