hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-05 23:28:17 +02:00
Code Issues Packages Projects Releases Wiki Activity
86,449 Commits 1,732 Branches 164 Tags
codeql-cli/v2.25.1
Commit Graph

86449 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jami Cogswell
685f68d9d3 Java: support 'management.endpoints.web.expose' property 2025-07-18 17:50:17 -04:00
Jami Cogswell
8decc136c4 Java: add change note 2025-07-18 17:50:14 -04:00
Jami Cogswell
70d51504a7 Java: rename to align with 'java/spring-boot-exposed-actuators' query 2025-07-18 17:50:12 -04:00
Jami Cogswell
ea529b047b Java: adjust metadata and alert msg 2025-07-18 17:50:10 -04:00
Jami Cogswell
7d5e939a86 Java: minor refactoring 2025-07-18 17:50:09 -04:00
Jami Cogswell
ea35fbbe3b Java: support version 3.x 2025-07-18 17:50:07 -04:00
Jami Cogswell
afa6610cb9 Java: update qhelp 2025-07-18 17:49:54 -04:00
Anders Schack-Mulligen
46ebf503c7 Java: Improve join-order by controlling magic and breaking up TCs. 2025-07-18 16:13:11 +02:00
Anders Schack-Mulligen
ca8fe033d7 Java: Improve join by preventing ssa use-pair join. 2025-07-18 16:12:00 +02:00
Simon Friis Vindum
43b2977cb4 Shared, Rust: Reuse hasTypeConstraint in potentialInstantiationOf and factor out multipleConstraintImplementations 2025-07-18 15:33:17 +02:00
Simon Friis Vindum
bdcecdfc2c Shared, Rust: Ensure that the constraints in satisfiesConstraintType are in relevantConstraint 2025-07-18 15:33:16 +02:00
Simon Friis Vindum
475d872ffb Shared, Rust: Adjust type inference predicates to better match use sites 2025-07-18 15:32:42 +02:00
Anders Schack-Mulligen
d64a9368d2 Merge pull request #20088 from aschackmull/java/joinorders1 
Java: Improve several join-orders
 2025-07-18 14:54:26 +02:00
Anders Schack-Mulligen
bc2e7d4e0d Java: Fix accidental CP in CFG for asserts. 2025-07-18 13:53:15 +02:00
Anders Schack-Mulligen
f6975117fe Merge pull request #20083 from aschackmull/java/prune-csrf-unprotected-request-type 
Java: Prune PathGraph for CsrfUnprotectedRequestType.ql
 2025-07-18 13:25:00 +02:00
Anders Schack-Mulligen
d9f47bdec9 Java: Improve join-order by properly annotating haveIntersection. 2025-07-18 11:48:50 +02:00
Anders Schack-Mulligen
7883124abd Java: getSourceDeclaration() and getASourceSupertype*() commute and this yields much better join-order. 2025-07-18 11:47:14 +02:00
Anders Schack-Mulligen
12732525b5 Java: Allow 2-column join on delta to improve join-order. 2025-07-18 11:45:45 +02:00
Joe Farebrother
8ccb2ed059 Merge remote-tracking branch 'origin/python-qual-raise-not-implemented' into python-qual-raise-not-implemented 2025-07-18 10:05:40 +01:00
Michael Nebel
ededa3c006 Merge pull request #20087 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2025-07-18 08:34:04 +02:00
github-actions[bot]
2f84a4a5b5 Add changed framework coverage reports 2025-07-18 00:25:03 +00:00
Jami Cogswell
0d2a4222fd Java: add related location to alert message 2025-07-17 19:22:18 -04:00
Jami Cogswell
ae163a9f36 Java: add overlay annotations 2025-07-17 19:22:17 -04:00
Jami Cogswell
2bfc4b4ee2 Java: fix test case for version 1.4 
Need the existence of an ApplicationProperties File, not an ApplicationProperties ConfigPair
 2025-07-17 19:22:15 -04:00
Jami Cogswell
3823186dc6 Java: split tests by versions 
splitting is required to properly test each scenario
 2025-07-17 19:22:13 -04:00
Jami Cogswell
1b90a30d45 Java: move code to .qll file 2025-07-17 19:22:11 -04:00
Jami Cogswell
b479f5c8dc Java: fix integration tests 2025-07-17 19:22:10 -04:00
Jami Cogswell
ed8da5e151 Java: convert tests to inline expectations 2025-07-17 19:22:08 -04:00
Jami Cogswell
fc930d9184 Java: update tests for non-experimental directory 2025-07-17 19:22:06 -04:00
Jami Cogswell
38260e76bf Java: remove deprecation 2025-07-17 19:22:05 -04:00
Jami Cogswell
0dbddbdf0f Java: remove experimental files 2025-07-17 19:22:03 -04:00
Jami Cogswell
a39cb40177 Java: copy out of experimental 2025-07-17 19:22:01 -04:00
Joe Farebrother
6d33a7ec70 Update test output 2025-07-17 22:25:18 +01:00
Joe Farebrother
f2dd96ecf4 Update python/ql/src/Exceptions/NotImplementedIsNotAnException.qhelp 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-07-17 22:08:01 +01:00
Joe Farebrother
57f1d07b2b Undo module deprecation (used by another quality query) 2025-07-17 21:54:55 +01:00
Nora Dimitrijević
05df1d3cb9 [DIFF-INFORMED] Java: AndroidWebViewSettingsAllowsContentAccess 2025-07-17 19:02:15 +02:00
Nora Dimitrijević
24c28ed873 [DIFF-INFORMED] Java: UnsafeCertTrust 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-273/UnsafeCertTrust.ql#L21
 2025-07-17 19:02:13 +02:00
Nora Dimitrijević
ea4af8323c [DIFF-INFORMED] Java: TrustBoundaryViolation 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-501/TrustBoundaryViolation.ql#L18
 2025-07-17 19:02:09 +02:00
Nora Dimitrijević
7888dcbce2 [DIFF-INFORMED] Java: TempDirLocalInformationDisclosure 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql#L56
 2025-07-17 19:02:07 +02:00
Nora Dimitrijević
3785dbec9e [DIFF-INFORMED] Java: TaintedEnvironmentVariable 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-078/ExecTaintedEnvironment.ql#L22
 2025-07-17 19:02:05 +02:00
Nora Dimitrijević
b3b139bb02 [DIFF-INFORMED] Java: SqlConcatenated 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-089/SqlConcatenated.ql#L27
 2025-07-17 19:02:04 +02:00
Nora Dimitrijević
45b627df1d [DIFF-INFORMED] Java: SensitiveLogging 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-532/SensitiveInfoLog.ql#L20
 2025-07-17 19:02:02 +02:00
Nora Dimitrijević
bc0b383595 [DIFF-INFORMED] Java: MaybeBrokenCryptoAlgorithm 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql#L25
 2025-07-17 19:02:00 +02:00
Nora Dimitrijević
b688df9dec [DIFF-INFORMED] Java: LogInjection 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-117/LogInjection.ql#L20
 2025-07-17 19:01:58 +02:00
Nora Dimitrijević
2d734056b1 [DIFF-INFORMED] Java: InsecureLdapAuth 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-522/InsecureLdapAuth.ql#L21
 2025-07-17 19:01:56 +02:00
Nora Dimitrijević
74b37e71a0 [DIFF-INFORMED] Java: InsecureCookie 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql#L21
 2025-07-17 19:01:52 +02:00
Nora Dimitrijević
19e5c3d805 [DIFF-INFORMED] Java: ImproperValidationOfArray… 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndexCodeSpecified.ql#L48
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstructionCodeSpecified.ql#L28
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstruction.ql#L26
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndex.ql#L24
 2025-07-17 19:01:50 +02:00
Nora Dimitrijević
919fea53f0 [DIFF-INFORMED] Java: ExternallyControlledFormatString 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql#L24
 2025-07-17 19:01:34 +02:00
Nora Dimitrijević
1c6ecf1216 [DIFF-INFORMED] Java: UntrustedDataToExternalAPI 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-020/UntrustedDataToExternalAPI.ql#L20
 2025-07-17 18:59:15 +02:00
Nora Dimitrijević
0cf1195678 [DIFF-INFORMED] Java: ConditionalBypass 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-807/ConditionalBypass.ql#L26
 2025-07-17 18:59:14 +02:00