hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-23 12:16:33 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,643 Commits 1,672 Branches 157 Tags
alexet/avoid-path-node-java
Commit Graph

82643 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Owen Mansel-Chan
89e853b4be Don't use non-existent dependency 
This makes some go tooling, like `go mod tidy`, not work.
 2025-04-02 14:17:31 +01:00
Owen Mansel-Chan
88b061e27e Add change note 2025-04-02 14:17:30 +01:00
Michael Nebel
93d0f364d6 C#: Add ConstantConditionBad file. 2025-04-02 15:00:05 +02:00
Nicolas Will
10564fac4d Add @ps-codeql to CODEOWNERS for experimental cryptography 
This pull request adds @github/ps-codeql as a code owner of `**/experimental/quantum/` to support the development of post-quantum cryptography-related libraries and queries.

We’ll be committing stable but experimental work to these directories as it becomes ready for public use, with a near-term goal of moving it out of experimental.

To get started, we’d also need write access to `github/codeql`.

cc @adityasharad @lcartey
 2025-04-02 14:20:24 +02:00
Asger F
6c3bc941c5 Merge branch 'main' into js/name-resolution-independent-fixes 2025-04-02 14:15:44 +02:00
Asger F
2c40359143 JS: Change note 2025-04-02 14:12:07 +02:00
Asger F
30a9cd7c8a JS: Include document as a DOM value 2025-04-02 14:09:52 +02:00
Michael Nebel
6820cbabc8 C#: Accept file sync mismatch for C# testfiles if they are identical modulo comments. 2025-04-02 14:01:00 +02:00
Asger F
9ebaac82cf JS: Add tests for Response object sink 2025-04-02 13:47:18 +02:00
Geoffrey White
fbde235253 Rust: Rename the test as well. 2025-04-02 12:16:10 +01:00
Geoffrey White
02245af3ca Rust: Rename the query file. 2025-04-02 12:11:55 +01:00
Geoffrey White
9fc0ee185b Rust: Change the query ID to rust/summary/summary-statistics-reduced. 2025-04-02 12:03:20 +01:00
Taus
f461763938 Merge pull request #19186 from github/tausbn/actions-fix-gettargetpath-performance 
Actions: Fix bad performance in `getTargetPath`
 2025-04-02 12:53:56 +02:00
Napalys
390d9ffe66 Added change note 2025-04-02 12:50:53 +02:00
Napalys
b16b407f89 Add rimraf model and update tests for path injection vulnerabilities 2025-04-02 12:49:48 +02:00
Napalys
14999c19da Added test cases for rimraf library. 2025-04-02 12:46:48 +02:00
Tom Hvitved
8663f3b8b2 Rust: Add another disjunct to postWithInFlowExclude 2025-04-02 12:32:28 +02:00
Geoffrey White
c737ee9b52 Rust: Accept another consistency check failure. 2025-04-02 10:58:56 +01:00
Michael Nebel
22c943657a C#: Update change note. 2025-04-02 11:21:11 +02:00
Michael Nebel
d7f5ce2492 C#: Update log forging expected test output. 2025-04-02 11:21:07 +02:00
Michael Nebel
cf75493fe9 C#: Consider Enums and System.DateTimeOffset as having a sanitizing effect. 2025-04-02 11:21:05 +02:00
Michael Nebel
08159896f3 C#: Convert cs/log-forging tests to inline expectations. 2025-04-02 11:21:03 +02:00
Michael Nebel
60e3b4351a C#: Fix simple types testcases. 2025-04-02 11:21:01 +02:00
Michael Nebel
024712c073 C#: Temporarily comment out considering Enums as having a sanitizing effect. 2025-04-02 11:20:59 +02:00
Chris Smowton
77e4d9e692 Fix stray references to the javax package name 
Co-authored-by: Jami <57204504+jcogs33@users.noreply.github.com>
 2025-04-02 10:03:49 +01:00
Joe Farebrother
c37809a187 Reduce scope of allowImplicitRead to avoid cartesian product. 2025-04-02 09:35:50 +01:00
Joe Farebrother
2d6476ad21 Update names and alert message 2025-04-02 09:35:43 +01:00
Joe Farebrother
11830bf661 Move to separate folder 2025-04-02 09:35:39 +01:00
Joe Farebrother
5b7200a041 Use flow path in alerts 2025-04-02 09:35:32 +01:00
Joe Farebrother
08b4281187 Update query message and remove field case 2025-04-02 09:35:25 +01:00
Joe Farebrother
efdb4a6d82 Use global dataflow for loop variable capture 2025-04-02 09:35:17 +01:00
Anders Schack-Mulligen
e6cf737f99 Merge pull request #19178 from aschackmull/csharp/pressa-useuse 
C#: Update PreSSA to reference the new use-use predicates.
 2025-04-02 10:30:36 +02:00
Anders Schack-Mulligen
47b1c3d3ce Merge pull request #19154 from aschackmull/ssa/variablecapture 
Ssa: Replace phi-read references in VariableCapture with default use-use flow
 2025-04-02 10:16:17 +02:00
Asger F
78b25388ca JS: Protect against bad join in BadRandomness 
This code resulted in bad join orders in response to certain library
changes. The actual library changes have to be split into smaller pieces
but I'd like to ensure I don't run into the bad join again.
 2025-04-02 10:14:07 +02:00
Asger F
46f88e7ce7 JS: Updates to DOM model 2025-04-02 10:14:03 +02:00
Asger F
48db2b9315 JS: Add test 2025-04-02 10:12:36 +02:00
Ian Roof
1d81c77fcd C#: Enhanced LogForgingQuery to treat C# Enums as simple types. 2025-04-02 09:40:10 +02:00
yoff
c18529086a actions: add change note 2025-04-02 08:50:05 +02:00
yoff
7bf4a47549 Apply suggestions from code review 
Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>
 2025-04-02 08:43:29 +02:00
Michael Nebel
45b55c05ae Merge pull request #19191 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2025-04-02 08:02:39 +02:00
Aditya Sharad
3b8c4d970f Docs: Remove spurious predicate reference 2025-04-01 19:07:34 -07:00
Aditya Sharad
9db5cdf957 Docs: Add query help page placeholders for Actions 2025-04-01 19:03:59 -07:00
Aditya Sharad
a1ceaa0aa3 Docs: Add initial library docs for Actions 
Create the basic structure, state the key importable libraries.
Describe a workflow.
State the extensible predicates available.
Other elements are to be filled in later.
 2025-04-01 19:02:49 -07:00
github-actions[bot]
f379f23216 Add changed framework coverage reports 2025-04-02 00:22:37 +00:00
Aditya Sharad
f6442d20db Docs: Add Actions pages for CWE coverage 2025-04-01 17:09:03 -07:00
Aditya Sharad
09de7cfe4d Docs: Add GitHub Actions as a supported language 
Include GitHub Actions (identifier `actions`) everywhere we list
supported languages, query packs, and library packs.

Query and library documentation link targets do not exist yet.
 2025-04-01 17:01:47 -07:00
Jon Janego
74587f0d64 Update ExprHasNoEffect.ql 
adding quality tags per metadata styleguide
 2025-04-01 18:47:52 -05:00
Jon Janego
fa02f82ef6 Updating the metadata style guide 
Update query-metadata-style-guide.md
 2025-04-01 15:50:23 -05:00
Jon Janego
dcdc3b8939 Merge branch 'main' into jonjanego-patch-1 2025-04-01 15:42:51 -05:00
Jon Janego
00bb9056c2 Update query-metadata-style-guide.md 2025-04-01 15:42:36 -05:00