hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-29 07:06:43 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,643 Commits 1,673 Branches 157 Tags
alexet/avoid-path-node-java
Commit Graph

82643 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Joe Farebrother
c41c2adf38 Merge pull request #17922 from joefarebrother/python-promote-template-injection 
Python: Promote Template Injection query from experimental
 2024-12-10 11:12:23 +00:00
Cornelius Riemenschneider
53ca5083a9 Upgrade bazel to 8.0.0. 
Previously, we were using 8.0.0rc1.
In particular, this upgrade means we need to explicitly
import more rules, as they've been moved out of the core bazel repo.
 2024-12-10 12:05:37 +01:00
Asger F
77f8e8ef4e JS: Use FlowState::fromFlowLabel instead of Label::toFlowState 
This works better for other queries where we don't already have a module named Label
 2024-12-10 11:57:18 +01:00
Asger F
38c9023dd9 JS: FlowLabel -> FlowState in ZipSlip 2024-12-10 11:16:07 +01:00
Asger F
0cd01cb96f JS: Use node1,state1,node2,state2 naming convention in tainted path 2024-12-10 11:16:05 +01:00
Asger F
0802107d9a JS: Flow label -> flow state in TaintedPath 2024-12-10 11:16:04 +01:00
Michael Nebel
86c6df5cbd C#: Log warning when chain or certificate is not provided in the validation. 2024-12-10 10:35:48 +01:00
Michael Nebel
547af6c3c9 C#: Introduce null checks in the NugetPackageRestorer. 2024-12-10 10:31:12 +01:00
Michael Nebel
083533a673 C#: Update paket dependencies lock file. 2024-12-10 10:31:11 +01:00
Michael Nebel
37982f5854 C#: Update paket dotnet tool. 2024-12-10 10:31:09 +01:00
Michael Nebel
4275813b87 C#: Make the path tests independent. 2024-12-10 09:58:14 +01:00
Michael Nebel
0580ad060b Merge pull request #18255 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2024-12-10 09:12:10 +01:00
github-actions[bot]
8f5822e4c6 Add changed framework coverage reports 2024-12-10 00:22:53 +00:00
Alvaro Muñoz
d0c761bb23 Bump qlpack versions 2024-12-09 21:48:17 +01:00
Alvaro Muñoz
bee0668cd0 Add tests and update expected results 2024-12-09 21:47:28 +01:00
Alvaro Muñoz
b80d3d56a3 exclude Simple refereces from GitHub context 2024-12-09 21:47:09 +01:00
Joe Farebrother
f82fa20249 Update test outputs 2024-12-09 20:37:11 +00:00
Joe Farebrother
8a778da253 Apply suggestions from docs review 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2024-12-09 19:58:00 +00:00
Joe Farebrother
462be46be9 Update test output 2024-12-09 19:57:52 +00:00
Joe Farebrother
ef1d898b0d Add qldoc 2024-12-09 19:57:39 +00:00
Joe Farebrother
ebaab89933 Formatting updates 2024-12-09 19:57:25 +00:00
Joe Farebrother
dd8b7a4a8f Add additional test for safe case in documentation 2024-12-09 19:57:19 +00:00
Joe Farebrother
55557f8dd3 Use API graohs directly 2024-12-09 19:57:07 +00:00
Joe Farebrother
6e16ed52e8 Reveiw suggestions: Spelling/grammar fixes 
Co-authored-by: Taus <tausbn@github.com>
 2024-12-09 19:56:59 +00:00
Joe Farebrother
0f0c1e1609 Test update 2024-12-09 19:56:46 +00:00
Joe Farebrother
494d779541 Add changenote 2024-12-09 19:56:38 +00:00
Joe Farebrother
f0163894b6 fix link in qhelp refs 2024-12-09 19:56:25 +00:00
Joe Farebrother
4602c5c905 Remove experimental version + qhelp fixes 2024-12-09 19:56:18 +00:00
Joe Farebrother
e4e02ec674 Add security severity + fix qhelp 2024-12-09 19:56:03 +00:00
Joe Farebrother
02f395f5f8 Add qhelp 2024-12-09 19:55:57 +00:00
Joe Farebrother
cea196ec61 Add concepts tests + some fixes 2024-12-09 19:55:42 +00:00
Joe Farebrother
1cb01a286d Add tests for jinja 2024-12-09 19:55:36 +00:00
Joe Farebrother
71ab82dee0 Fix qldoc, formatting, and redundant import warnings 2024-12-09 19:55:21 +00:00
Joe Farebrother
b2c13fe351 Promote template injection sinks for each framework covered 
`Cheetah` was excluded as it was last updated 15 years ago and its documentation links are dead.
 2024-12-09 19:55:17 +00:00
Joe Farebrother
60d8a85a9c Promote jinja sinks 2024-12-09 19:54:57 +00:00
Joe Farebrother
8647073433 Copy template injection to standard pack + add jinja sinks 2024-12-09 19:47:06 +00:00
Alvaro Muñoz
f6d20195b1 When trigger event is not known, do not check context trigger maps 2024-12-09 17:33:13 +01:00
Alvaro Muñoz
f3ada4a92b Update CompositeActionSources expected file 2024-12-09 17:32:26 +01:00
Alvaro Muñoz
3591db9e9c Remove artifact source as a source of PR refs 2024-12-09 17:32:09 +01:00
Alvaro Muñoz
ef713ff13b Extract GitHub context access expression into its own class 2024-12-09 17:30:10 +01:00
Mathias Vorreiter Pedersen
1266b244f5 Merge pull request #18136 from MathiasVP/model-active-template-library 
C++: Model Microsoft's "Active Template Library"
 2024-12-09 16:05:19 +00:00
Mathias Vorreiter Pedersen
0f49ba848d C++: Accept test changes. Nothing exciting to see here. 2024-12-09 16:04:46 +00:00
Mathias Vorreiter Pedersen
9bcdfb6d01 C++: VariableAddressInstructions with array types are not single-object types. 2024-12-09 15:06:22 +00:00
Asger F
66eb458134 JS: Handle match/matchAll and unknown regexps 2024-12-09 15:38:36 +01:00
Mathias Vorreiter Pedersen
8bdd10c0c2 C++: Fix spurious columns in 'CRegKey'. 2024-12-09 14:31:17 +00:00
Mathias Vorreiter Pedersen
5f33733b6e C++: Fix 'QueryValue' model. 2024-12-09 14:27:24 +00:00
Asger F
6e7c5a3707 JS: Slightly more general getRoot() 2024-12-09 15:05:45 +01:00
Asger F
be617cee4a JS: More precise handling of .exec() 2024-12-09 15:03:51 +01:00
Asger F
703cad9e95 Expand test case 2024-12-09 15:00:56 +01:00
Asger F
2a2a4d2b67 JS: Add TaintedUrlSuffixCustomizations 
Importing TaintedUrlSuffix.qll causes the flow label to materialised in unrelated queries, so:

- Renames TaintedUrlSuffix.qll to TaintedUrlSuffixCustomizations.qll
- Make the flow label class abstract
- Adds a new TaintedUrlSuffix.qll that re-exports the above file and also materialises the flow label
- Import the *Customizations.qll file from contexts where we don't want to materialise the flow label
 2024-12-09 14:59:29 +01:00