hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-19 09:24:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
66,447 Commits 1,679 Branches 158 Tags
codeql-cli/v2.17.2
Commit Graph

66447 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
d29d060706 Merge pull request #15401 from alexet/make-intended-join-order 
CPP: Fix join ordering hints to make them do what they intend.
 2024-01-23 11:30:20 +00:00
Chris Smowton
7e96eaa273 Log advice when a newer Go version is required under Actions 2024-01-23 10:49:52 +00:00
Tony Torralba
77e724b3ba Merge pull request #15188 from github/java/update-mad-decls-after-triage-2023-12-21T14-39-02 
Java: Update MaD Declarations after Triage
 2024-01-23 11:34:57 +01:00
Tony Torralba
fcd9a5ed71 Update java/ql/lib/change-notes/2023-12-21-new-models.md 2024-01-23 11:18:12 +01:00
Joe Farebrother
dedba1fc54 Address review comments - add barrierIn and fix a model for a PendingIntent sink 2024-01-23 09:51:42 +00:00
Joe Farebrother
0acb647e7d Fix tests and add notification sink kind to model verification 2024-01-23 09:51:41 +00:00
Joe Farebrother
b23bbf93d4 Reorder sink models 2024-01-23 09:51:41 +00:00
Joe Farebrother
69faafa194 Add change note 2024-01-23 09:51:40 +00:00
Joe Farebrother
1190352b67 Add qhelp 2024-01-23 09:51:40 +00:00
Joe Farebrother
d806fcae3d Remove sink models involving PendingIntent; as they do not carry sensitive data (including from the original intent they were created with) 2024-01-23 09:51:39 +00:00
Joe Farebrother
2ca164ce35 Generate androidx stubs and correct some models 2024-01-23 09:51:39 +00:00
Joe Farebrother
bafd65b1d2 Add tests to cover each modeled sink + some corrections to the models 2024-01-23 09:51:38 +00:00
Joe Farebrother
a1a2acd3ce Add additional test cases 2024-01-23 09:51:38 +00:00
Joe Farebrother
f9bb004618 Add sink models to notification builder setters 2024-01-23 09:51:38 +00:00
Joe Farebrother
cd19a91704 Add unit test 2024-01-23 09:51:37 +00:00
Joe Farebrother
3aa27148de Split existing tests under CWE-200 into separate folders 2024-01-23 09:51:37 +00:00
Joe Farebrother
143ce0b94a Add sensitive notification query 2024-01-23 09:51:37 +00:00
Stephan Brandauer
95b439bf31 Merge branch 'main' into java/update-mad-decls-after-triage-2023-12-21T14-39-02 2024-01-23 09:40:50 +01:00
Stephan Brandauer
cd765e7c19 work on review comments 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2024-01-23 09:35:36 +01:00
Stephan Brandauer
8b34407ab7 Java: java.awt.Desktop::browse is a url-redirection sink 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2024-01-23 09:28:13 +01:00
Michael Nebel
95a200453b Merge pull request #15404 from michaelnebel/csharp/inlinearraydummystats 
C#: Add dummy stats for inline_array_type.
 2024-01-23 09:17:18 +01:00
Michael Nebel
123e86e0e0 C#: Add dummy stats for inline_array_type. 2024-01-23 08:29:01 +01:00
Erik Krogh Kristensen
97071b0dc7 Merge pull request #15403 from github/dependabot/cargo/ql/chrono-0.4.32 
Bump chrono from 0.4.31 to 0.4.32 in /ql
 2024-01-23 08:20:28 +01:00
Ed Minnix
fcbee1994b Update change note 2024-01-22 23:57:31 -05:00
Ed Minnix
fb80c5ea84 Rename SimpleScalarSanitizer to SimpleTypeSanitizer 2024-01-22 23:55:29 -05:00
Ed Minnix
696788e5b2 Rename semmle.code.java.security.dataflow.CommonSanitizers to semmle.code.java.security.Sanitizers 2024-01-22 23:52:19 -05:00
Ed Minnix
bb44277090 Make import of dataflow private 2024-01-22 23:40:24 -05:00
Ed Minnix
ec3d683186 Change change note category to feature 2024-01-22 23:39:23 -05:00
Ed Minnix
38828672a9 Update change note 2024-01-22 23:38:33 -05:00
Ed Minnix
32fe8e02fb Change note 2024-01-22 23:38:31 -05:00
Ed Minnix
3311b3be8e Convert experimental queries' isBarrier to use instanceof SimpleScalarSanitizer 2024-01-22 23:38:29 -05:00
Ed Minnix
67dfca2e58 Convert libraries to use instanceof SimpleScalarSanitizer 2024-01-22 23:38:26 -05:00
Ed Minnix
7f7c49d6ce Add the SimpleScalarSanitizer class 
The `SimpleScalarSanitizer` class represents common scalar types which
cannot realistically carry taint (e.g. primitives/numbers, and
eventually UUIDs and Dates)
 2024-01-22 23:38:24 -05:00
dependabot[bot]
e9a1fa9592 Bump chrono from 0.4.31 to 0.4.32 in /ql 
Bumps [chrono](https://github.com/chronotope/chrono) from 0.4.31 to 0.4.32.
- [Release notes](https://github.com/chronotope/chrono/releases)
- [Changelog](https://github.com/chronotope/chrono/blob/main/CHANGELOG.md)
- [Commits](https://github.com/chronotope/chrono/compare/v0.4.31...v0.4.32)

---
updated-dependencies:
- dependency-name: chrono
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-23 03:12:14 +00:00
Taus
24b37ffd36 Merge pull request #15187 from github/max-schaefer/py-url-redirection 
Python: Add support for more URL redirect sanitisers.
 2024-01-22 23:19:36 +01:00
Henry Mercer
6724dea54d C#: Enable standalone extraction via --build-mode 2024-01-22 19:12:07 +00:00
Alex Eyers-Taylor
891d398c3f CPP: Fix join ordering hints 2024-01-22 19:00:18 +00:00
erik-krogh
865df920f9 add change-notes 2024-01-22 19:30:57 +01:00
Ed Minnix
a6c977c169 Use appropriate pack for test models 2024-01-22 12:24:21 -05:00
Max Schaefer
5c43a0b1e4 Merge pull request #15356 from github/max-schaefer/automodel-void-source-candidates 
Automodel: Switch tests to inline expectations
 2024-01-22 17:05:10 +00:00
Rasmus Wriedt Larsen
00dc55d825 Python: Add change-note 2024-01-22 17:32:33 +01:00
Rasmus Wriedt Larsen
cbed6e861d Python: Add html.escape as HTML sanitizer 2024-01-22 17:32:28 +01:00
Benjamin Rodes
da10e6ca5b Moving FlowAfterFree and UseAfterFree.qll as a general purpose lib. 2024-01-22 11:18:03 -05:00
Ed Minnix
ff6d4c6ae6 Deprecation message 2024-01-22 11:09:53 -05:00
Ed Minnix
0ff12c07c7 Convert existing mapped-property classes to directly extend DatabaseInputSource 2024-01-22 11:09:51 -05:00
Ed Minnix
975327648c Remove commented-out code 2024-01-22 11:09:50 -05:00
Ed Minnix
51564200a1 Documentation for FlowSources library 2024-01-22 11:09:48 -05:00
Ed Minnix
83e66136ce Change note 2024-01-22 11:09:46 -05:00
Ed Minnix
c530fbd9f8 C# Threat Modeling Tests 2024-01-22 11:09:45 -05:00
Ed Minnix
3c9c07ec40 Rename SourceNode.qll to FlowSources.qll 2024-01-22 11:09:43 -05:00