hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-01 00:27:24 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,643 Commits 1,673 Branches 157 Tags
alexet/avoid-path-node-java
Commit Graph

82643 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Paolo Tranquilli
b9ea78fb32 Rust: fix vector options 2024-11-08 13:06:22 +01:00
Geoffrey White
3805d0f958 Merge branch 'main' into unreachable4 2024-11-08 11:46:34 +00:00
Geoffrey White
0610c265e2 Merge pull request #17913 from geoffw0/unusedvar8 
Rust: Fix rust/unused-variable FPs
 2024-11-08 11:41:45 +00:00
Paolo Tranquilli
be45e3deed Rust: allow to specify more cargo configuration options 
This allows to tweak via extractor options some aspects of the cargo
configuration:
* the target architecture
* features (including `*` for all, which we must understand whether to
  set by default)
* cfg overrides

Integration tests will be added in a follow-up commit.
 2024-11-08 12:23:16 +01:00
Geoffrey White
7c2c5ee1fa Rust: Fix expected consistency results. 2024-11-08 11:22:35 +00:00
Geoffrey White
fc444f1f9a Merge branch 'main' into unusedvar8 2024-11-08 11:20:12 +00:00
Florin Coada
bee51091d6 Changedocs for 2.19.3 2024-11-08 10:43:42 +00:00
Geoffrey White
04926df6ea Rust: Add rust/diagnostics/unresolved-macro-calls diagnostic query. 2024-11-08 10:19:43 +00:00
Geoffrey White
0d1bd8a9cd Rust: Add 'order by' to the summary stats query (doesn't seem to affect the test, but affects VSCode runs). 2024-11-08 10:19:42 +00:00
Geoffrey White
7b265b2df3 Rust: Add a deliberately unresolvable macro call to the test. 2024-11-08 09:53:32 +00:00
Erik Krogh Kristensen
9b6c96730d Merge pull request #17912 from mbarbero/patch-1 
fix: add "actions" tag to ActionsArtifactLeak
 2024-11-08 10:50:43 +01:00
Geoffrey White
7279cc42f8 Rust: Add resolved macros to rust/summary/summary-stats. 2024-11-08 09:49:47 +00:00
Simon Friis Vindum
f2569c45a9 Merge pull request #17921 from paldepind/rust-df-enclosing-callable 
Rust: Implement enclosing callable
 2024-11-08 10:36:59 +01:00
Paolo Tranquilli
083394073a Rust: rename target_dir to cargo_target_dir, add to extraction options 
Also removed the now unused `extract_dependencies` one.
 2024-11-08 09:53:50 +01:00
Napalys
70cf1a57bc Now catches usage of RegExp. after matchAll usage. 2024-11-08 08:59:31 +01:00
Napalys
c2baf0bd6d Added test where RegExp. is used after matchAll but it not flagged as potential issue 2024-11-08 08:56:12 +01:00
dependabot[bot]
ccb92357a2 Bump golang.org/x/mod 
Bumps the extractor-dependencies group in /go/extractor with 1 update: [golang.org/x/mod](https://github.com/golang/mod).


Updates `golang.org/x/mod` from 0.21.0 to 0.22.0
- [Commits](https://github.com/golang/mod/compare/v0.21.0...v0.22.0)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-11-08 04:00:30 +00:00
Kylie Stradley
e8ee798ffa add temporary immutable actions doc page 2024-11-07 15:29:28 -05:00
Dave Bartolomeo
1f3bab2b65 Move data extensions to use codeql org 2024-11-07 11:15:52 -05:00
Dave Bartolomeo
b2100d00aa Add security-and-quality suite 2024-11-07 11:15:34 -05:00
Dave Bartolomeo
99a49fb27f Move packs to codeql org 2024-11-07 10:43:05 -05:00
Calum Grant
39b2d2c3d8 Merge pull request #17906 from github/calumgrant/bmn/wrong-number-format-args 
C++: Fix FPs in cpp/wrong-number-format-arguments
 2024-11-07 15:05:39 +00:00
Anders Schack-Mulligen
5602570e18 Kotlin: Support NotNullExpr in TypeFlow. 2024-11-07 15:25:23 +01:00
Simon Friis Vindum
22835c28ff Rust: Make a return node the last node before function exit 2024-11-07 15:21:11 +01:00
Tom Hvitved
a35a4b2d98 Merge pull request #17887 from hvitved/dataflow/provenance-order 
Data flow: Order provenance output by textual representation
 2024-11-07 14:19:18 +01:00
Napalys
dbd57e3870 Fixed issue where TaintTracking was not catching matchAll vulnerability 2024-11-07 13:40:10 +01:00
Napalys
a4fe728af2 Added matchAll test which is not marked as vulnurability by CodeQL 2024-11-07 13:35:09 +01:00
Simon Friis Vindum
1a000ecb46 Rust: Make minor data flow changes based on PR feedback 2024-11-07 13:04:54 +01:00
Napalys
514375dbf9 Fixes false positives from commit 42600c93ff 2024-11-07 13:00:54 +01:00
Paolo Tranquilli
4f6fda0100 Rust: allow to specify the target directory 2024-11-07 12:45:20 +01:00
Michael Nebel
b45b40ea4f C#: Add change note. 2024-11-07 11:55:55 +01:00
Napalys
42600c93ff Added tests which shows false positive SSRF via matchAll 2024-11-07 11:40:20 +01:00
Michael Nebel
71bf900c6c C#: Update FlowSummaries expected tests. 2024-11-07 11:14:02 +01:00
Michael Nebel
a60d9c2ca2 C#: Update .NET8 Runtime models to include generated models for higher order methods. 2024-11-07 11:14:01 +01:00
Michael Nebel
fc8d8bbbb1 Merge pull request #17742 from michaelnebel/csharp/higherordermodels 
C#: Models for higher order methods.
 2024-11-07 11:12:46 +01:00
Paolo Tranquilli
3488b9fbca Merge pull request #17920 from github/redsun82/rust-files 
Rust: exclude uncompiled files from semantics and surface semantic-less reason
 2024-11-07 11:04:12 +01:00
Geoffrey White
df7bcfd116 Rust: Accept dataflow consistency check changes. 2024-11-07 09:54:39 +00:00
Tom Hvitved
26b048a645 Address review comment 2024-11-07 10:40:03 +01:00
Napalys
449cee91c8 Fixes false positives from commit 445552d3b53ec9592e8e3892cb337d1004b6a432 2024-11-07 10:33:13 +01:00
Napalys
4106663d89 Added tests for regex sanitization to identify false positives matchAll 2024-11-07 10:27:58 +01:00
Paolo Tranquilli
147d66b587 Merge branch 'main' into redsun82/python-match-fps 2024-11-07 09:46:32 +01:00
Paolo Tranquilli
64d522e447 Rust: address review 2024-11-07 09:39:44 +01:00
Michael Nebel
8041f00bf5 C#: Address more review comments. 2024-11-07 09:24:26 +01:00
Jami
07bb60da92 Merge pull request #17925 from jcogs33/jcogs33/vscode-setting-matchOnWordStartOnly-false 
VSCode setting: turn off `editor.suggest.matchOnWordStartOnly`
 2024-11-06 18:05:26 -05:00
Jami Cogswell
8e4a312ac7 Turn off editor.suggest.matchOnWordStartOnly 2024-11-06 16:41:20 -05:00
Brandon Stewart
6a1e814cde Merge pull request #106 from github/advanced-config 
Add rule to detect cases where CodeQL default setup could be used instead of advanced setup
 2024-11-06 15:21:31 -05:00
Brandon Stewart
686e30a52a add qlhelp 2024-11-06 20:20:26 +00:00
Geoffrey White
b3f7a8a46f Merge pull request #17908 from geoffw0/dfcons 
Rust: Expose counts of data flow inconsistencies
 2024-11-06 19:11:04 +00:00
Geoffrey White
18ce8be302 Update rust/ql/lib/codeql/rust/elements/internal/VariableImpl.qll 
Co-authored-by: Simon Friis Vindum <paldepind@github.com>
 2024-11-06 19:00:10 +00:00
Geoffrey White
fbfdd57383 Rust: Additional test cases for rust/dead-code. 2024-11-06 17:43:04 +00:00