hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
63,085 Commits 1,671 Branches 157 Tags
codeql-cli/v2.16.1
Commit Graph

11264 Commits

Author SHA1 Message Date
github-actions[bot]
7ef611e6dc Release preparation for version 2.16.1 2024-01-23 19:45:16 +00:00
Edward Minnix III
3c8b09307d Merge pull request #15291 from egregius313/egregius313/java/dataflow/default-sanitizers 
Java: Introduce a common sanitizer type for types which cannot realistically carry taint.
 2024-01-23 13:28:03 -05:00
Erik Krogh Kristensen
f1d6f56621 Merge pull request #15393 from erik-krogh/deps-jan-2024 
All: delete outdated deprecations
 2024-01-23 13:52:38 +01:00
Tony Torralba
fcd9a5ed71 Update java/ql/lib/change-notes/2023-12-21-new-models.md 2024-01-23 11:18:12 +01:00
Stephan Brandauer
95b439bf31 Merge branch 'main' into java/update-mad-decls-after-triage-2023-12-21T14-39-02 2024-01-23 09:40:50 +01:00
Stephan Brandauer
cd765e7c19 work on review comments 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2024-01-23 09:35:36 +01:00
Stephan Brandauer
8b34407ab7 Java: java.awt.Desktop::browse is a url-redirection sink 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2024-01-23 09:28:13 +01:00
Ed Minnix
fcbee1994b Update change note 2024-01-22 23:57:31 -05:00
Ed Minnix
fb80c5ea84 Rename SimpleScalarSanitizer to SimpleTypeSanitizer 2024-01-22 23:55:29 -05:00
Ed Minnix
696788e5b2 Rename semmle.code.java.security.dataflow.CommonSanitizers to semmle.code.java.security.Sanitizers 2024-01-22 23:52:19 -05:00
Ed Minnix
bb44277090 Make import of dataflow private 2024-01-22 23:40:24 -05:00
Ed Minnix
ec3d683186 Change change note category to feature 2024-01-22 23:39:23 -05:00
Ed Minnix
38828672a9 Update change note 2024-01-22 23:38:33 -05:00
Ed Minnix
32fe8e02fb Change note 2024-01-22 23:38:31 -05:00
Ed Minnix
3311b3be8e Convert experimental queries' isBarrier to use instanceof SimpleScalarSanitizer 2024-01-22 23:38:29 -05:00
Ed Minnix
67dfca2e58 Convert libraries to use instanceof SimpleScalarSanitizer 2024-01-22 23:38:26 -05:00
Ed Minnix
7f7c49d6ce Add the SimpleScalarSanitizer class 
The `SimpleScalarSanitizer` class represents common scalar types which
cannot realistically carry taint (e.g. primitives/numbers, and
eventually UUIDs and Dates)
 2024-01-22 23:38:24 -05:00
erik-krogh
865df920f9 add change-notes 2024-01-22 19:30:57 +01:00
Max Schaefer
5c43a0b1e4 Merge pull request #15356 from github/max-schaefer/automodel-void-source-candidates 
Automodel: Switch tests to inline expectations
 2024-01-22 17:05:10 +00:00
Max Schaefer
99c99145a2 Rename {source,sink}Model to {source,sink}ModelCandidate. 2024-01-22 13:10:51 +00:00
Max Schaefer
a3816d75b3 Remove redundant imports. 2024-01-22 10:54:01 +00:00
Max Schaefer
78e5a1a546 Autoformat. 2024-01-22 10:45:33 +00:00
erik-krogh
8be7eadace delete outdated deprecations 2024-01-22 09:11:35 +01:00
Max Schaefer
7bc03040ec Make tags for positive and negative examples more precise. 2024-01-17 15:57:27 +00:00
Max Schaefer
3ae484868a Merge pull request #15326 from github/max-schaefer/automodel-negative-sink-models 
Automodel: Apply negative characteristics only to endpoints of the right kind.
 2024-01-17 15:54:28 +00:00
Max Schaefer
ae23920a6d Fix spurious source models for primitive types in framework mode. 2024-01-17 15:36:31 +00:00
Max Schaefer
9975f974ee Autoformat. 2024-01-17 14:53:09 +00:00
Max Schaefer
6d2bf68a86 Use inline expectations for all framework-mode tests. 2024-01-17 14:52:42 +00:00
Max Schaefer
6c47a5d5f9 Refactor framework-mode queries to make them more easily testable. 2024-01-17 14:51:58 +00:00
Max Schaefer
adea805546 Refactor application-mode tests so we can reuse most of it for framework mode. 2024-01-17 14:49:19 +00:00
Max Schaefer
312dd16956 Consolidate application mode tests. 2024-01-17 14:48:27 +00:00
Max Schaefer
692d5e55a2 Use inline expectations for positive examples. 2024-01-17 14:48:22 +00:00
Max Schaefer
83c567385f Use inline expectations for negative-example tests as well. 2024-01-17 14:47:39 +00:00
Max Schaefer
1ebd0747a8 Fix treatment of void method calls. 2024-01-17 14:40:47 +00:00
Max Schaefer
18e44b6f5c Turn AutomodelApplicationModeExtractCandidates into an inline-expectations test. 2024-01-17 14:40:46 +00:00
Max Schaefer
587d69e88c Refactor application-mode candidate-extraction query so we can test its results before sampling. 2024-01-17 14:40:46 +00:00
Max Schaefer
800a78d258 Treat unexploitable types more centrally. 
The apparently missing test result is due to sampling.
 2024-01-17 14:40:37 +00:00
Max Schaefer
8614d7bddb Address review feedback. 2024-01-17 14:29:52 +00:00
Alexander Eyers-Taylor
934474681d Merge pull request #15254 from github/post-release-prep/codeql-cli-2.16.0 
Post-release preparation for codeql-cli-2.16.0
 2024-01-16 14:50:40 +00:00
Tony Torralba
2246c969a3 Merge pull request #15244 from Marcono1234/marcono1234/regex-flags 
Java: Improve Regex flag parsing
 2024-01-16 08:25:49 +01:00
github-actions[bot]
57df8b92df Post-release preparation for codeql-cli-2.16.0 2024-01-15 15:00:50 +00:00
Max Schaefer
90a4552c4f Fix omittable exists. 2024-01-15 13:45:03 +00:00
Max Schaefer
fee44074f7 Autoformat. 2024-01-15 13:44:45 +00:00
Max Schaefer
3befce98b3 When checking whether an endpoint has already been modelled, make sure to take the extensibleType into account. 2024-01-15 12:09:39 +00:00
Max Schaefer
68cf9aca12 Remove a few getExtensibleType checks which are now unnecessary. 2024-01-15 11:50:59 +00:00
Max Schaefer
919330fb53 Some more performance refactoring. 2024-01-12 17:38:58 +00:00
Max Schaefer
bb63fcde43 Refactor to avoid bad join order. 2024-01-12 15:24:24 +00:00
Michael Nebel
9becd0876f Merge pull request #15179 from michaelnebel/modelgenrespectmanual 
C#/Java: Increase precision of model generation.
 2024-01-12 15:12:21 +01:00
Max Schaefer
45ca301593 Rename a predicate. 2024-01-12 13:18:05 +00:00
Michael Nebel
37a21ec548 Java: Address review comments. 2024-01-12 13:36:23 +01:00