hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,643 Commits 1,671 Branches 157 Tags
alexet/avoid-path-node-java
Commit Graph

82643 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tom Hvitved
1af6ddd8e3 Rust: Remove TC from ImplTraitTypeRepr.isInReturnPos 2025-08-15 12:45:13 +02:00
Ian Lynagh
bfd4c41ed9 C++: SloppyGlobal: Accept test changes 
We no longer alert on template instantiations, just the template.
 2025-08-15 11:24:19 +01:00
Nora Dimitrijević
0512940c0c Merge pull request #20075 from d10c/d10c/diff-informed-phase-3-go 
Go: Diff-informed queries: phase 3 (non-trivial locations)
 2025-08-15 12:23:53 +02:00
Ian Lynagh
4b786061d6 C++: SloppyGlobal: Don't alert on template instantiations, only the template 2025-08-15 11:23:48 +01:00
Ian Lynagh
0b68c1c974 C++: Add some more tests for SloppyGlobal 2025-08-15 11:20:31 +01:00
Nora Dimitrijević
8000e7c442 Merge pull request #20074 from d10c/d10c/diff-informed-phase-3-csharp 
C#: Diff-informed queries: phase 3 (non-trivial locations)
 2025-08-15 12:07:47 +02:00
Nora Dimitrijević
89788206d1 [DIFF-INFORMED] C++: TypeConfusion 2025-08-15 12:01:30 +02:00
Nora Dimitrijević
5b9e37cd8f [DIFF-INFORMED] C++: TaintedCondition 2025-08-15 12:01:28 +02:00
Nora Dimitrijević
0c636dd400 [DIFF-INFORMED] C++: UnsafeDaclSecurityDescriptor 2025-08-15 12:01:25 +02:00
Nora Dimitrijević
194d9a9f44 [DIFF-INFORMED] C++: UnsafeCreateProcessCall 2025-08-15 12:01:23 +02:00
Nora Dimitrijević
39b430aa7e [DIFF-INFORMED] C++: IteratorToExpiredContainer 2025-08-15 12:01:21 +02:00
Nora Dimitrijević
ec85e55069 [DIFF-INFORMED] C++: InsufficientKeySize 2025-08-15 12:01:19 +02:00
Nora Dimitrijević
c0c96eaf5b [DIFF-INFORMED] C++: UseOfHttp 2025-08-15 12:01:17 +02:00
Nora Dimitrijević
8560868e95 [DIFF-INFORMED] C++: CleartextSqliteDatabase 2025-08-15 12:01:15 +02:00
Nora Dimitrijević
05df2f2216 [DIFF-INFORMED] C++: CWE-311/Cleartext… 2025-08-15 12:01:13 +02:00
Nora Dimitrijević
21914030e8 [DIFF-INFORMED] C++: SSLResultConflation (has secondary config but passes test) 2025-08-15 12:01:11 +02:00
Nora Dimitrijević
87016f399c [DIFF-INFORMED] C++: AuthenticationBypass 2025-08-15 12:01:09 +02:00
Nora Dimitrijević
861a768b2c [DIFF-INFORMED] C++: CWE-190/ArithmeticTainted,etc. 2025-08-15 12:01:07 +02:00
Nora Dimitrijević
62fa7301c3 [DIFF-INFORMED] C++: ImproperNullTerminationTainted 2025-08-15 12:01:05 +02:00
Nora Dimitrijević
f3098e7695 [DIFF-INFORMED] C++: UnboundedWrite 2025-08-15 12:01:03 +02:00
Nora Dimitrijević
7df09f369f [DIFF-INFORMED] C++: SqlTainted 2025-08-15 12:01:01 +02:00
Nora Dimitrijević
36d43a4830 [DIFF-INFORMED] C++: CgiXss 2025-08-15 12:00:59 +02:00
Nora Dimitrijević
80da00b599 [DIFF-INFORMED] C++: ExecTainted 2025-08-15 12:00:57 +02:00
Nora Dimitrijević
a77cab6981 [DIFF-INFORMED] C++: TaintedPath 2025-08-15 12:00:54 +02:00
Nora Dimitrijević
91b9c3e647 [DIFF-INFORMED] C++: LeapYear 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/cpp/ql/src/Likely%20Bugs/Leap%20Year/UncheckedLeapYearAfterYearModification.ql#L57
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/cpp/ql/src/Likely%20Bugs/Leap%20Year/Adding365DaysPerYear.ql#L21
 2025-08-15 12:00:52 +02:00
Nora Dimitrijević
2f56baace2 [DIFF-INFORMED] C++: NonConstantFormat 2025-08-15 12:00:50 +02:00
Nora Dimitrijević
e382cb5696 [DIFF-INFORMED] C++: DecompressionBombs 2025-08-15 12:00:48 +02:00
Nora Dimitrijević
fabdf9923c [DIFF-INFORMED] C++: ConstantSizeArrayOffByOne 2025-08-15 12:00:46 +02:00
Nora Dimitrijević
448a1ea87a [DIFF-INFORMED] C++: OverflowDestination 2025-08-15 12:00:39 +02:00
Nora Dimitrijević
43e99d0872 [TEST] C++: CleartextSqliteDatabase: add new test 2025-08-15 12:00:26 +02:00
Nora Dimitrijević
126d24a522 [DIFF-INFORMED] Actions: EnvVarInjection 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/actions/ql/src/Security/CWE-077/EnvVarInjectionMedium.ql#L35
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/actions/ql/src/Security/CWE-077/EnvVarInjectionCritical.ql#L46
 2025-08-15 11:11:12 +02:00
Nora Dimitrijević
f1445eb52f [DIFF-INFORMED] Actions: EnvPathInjection 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/actions/ql/src/Security/CWE-077/EnvPathInjectionMedium.ql#L30
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/actions/ql/src/Security/CWE-077/EnvPathInjectionCritical.ql#L37
 2025-08-15 11:11:07 +02:00
Nora Dimitrijević
f1b995a736 [DIFF-INFORMED] Actions: CommandInjection 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/actions/ql/src/experimental/Security/CWE-078/CommandInjectionMedium.ql#L24
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/actions/ql/src/experimental/Security/CWE-078/CommandInjectionCritical.ql#L28
 2025-08-15 11:11:03 +02:00
Nora Dimitrijević
418e4b4a3a [DIFF-INFORMED] Actions: CodeInjection 
Query: https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/actions/ql/src/Security/CWE-349/CachePoisoningViaCodeInjection.ql#L46
 2025-08-15 11:10:58 +02:00
Nora Dimitrijević
bbda2902be [DIFF-INFORMED] Actions: ArtifactPoisoning 
Queries:
- https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/actions/ql/src/Security/CWE-829/ArtifactPoisoningMedium.ql#L23
- https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/actions/ql/src/Security/CWE-829/ArtifactPoisoningCritical.ql#L26
 2025-08-15 11:10:42 +02:00
Nora Dimitrijević
896819fdf3 [DIFF-INFORMED] Actions: ArgumentInjection 
Query:
- https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/actions/ql/src/experimental/Security/CWE-088/ArgumentInjectionMedium.ql#L23
- https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/actions/ql/src/experimental/Security/CWE-088/ArgumentInjectionCritical.ql#L27
 2025-08-15 11:10:14 +02:00
Tom Hvitved
7501e621d1 Shared: Skip non-CFG children in StandardTree 2025-08-15 10:30:47 +02:00
Michael B. Gale
ec605b2c95 Merge pull request #20229 from github/mbg/ci/fix/csharp-create-extractor-pack 
C#: Replace input interpolation with environment variable
 2025-08-15 09:19:41 +01:00
Paolo Tranquilli
71edc48c0e Merge branch 'main' into redsun82/cargo-upgrade-2 2025-08-15 10:15:26 +02:00
Paolo Tranquilli
0924d795b4 Rust: accept test changes 2025-08-15 10:12:12 +02:00
Michael B. Gale
e1ffb323a0 C#: Replace input interpolation with environment variable 2025-08-15 09:00:28 +01:00
Sid Gawri
a8889ff056 add extensions for remote sources 2025-08-14 16:10:49 -04:00
Tom Hvitved
a07e357e67 Rust: Distinguish internal/external items in path resolution 2025-08-14 20:42:47 +02:00
Tom Hvitved
f1bff93bc5 Merge pull request #20203 from hvitved/rust/if-let-chain-test 
Rust: Handle chained `let` expressions
 2025-08-14 19:51:43 +02:00
Geoffrey White
f05d815af9 Rust: Update the security-severity tag. 2025-08-14 17:59:54 +01:00
Geoffrey White
bc0d327278 Rust: Add log injection sinks to stats. 2025-08-14 17:42:04 +01:00
Geoffrey White
9e4f59ce30 Rust: Accept consistency check failures. 2025-08-14 17:39:06 +01:00
Geoffrey White
4328ed8fcb Rust: Update suite lists. 2025-08-14 17:39:04 +01:00
Geoffrey White
9836592278 Rust: Fix compilation errors in example code. 2025-08-14 17:39:02 +01:00
Paolo Tranquilli
6ca1c587f6 Merge branch 'main' into redsun82/cargo-upgrade-2 2025-08-14 17:55:17 +02:00