hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
76,207 Commits 1,672 Branches 157 Tags
codeql-cli-2.20.5
Commit Graph

4666 Commits

Author SHA1 Message Date
Joe Farebrother
8c5fff2d11 Update names and qldoc for params taint predicates 2024-03-15 14:43:29 +00:00
Tom Hvitved
e7b00a7b42 Ruby: Add post-update argument nodes for string constants 2024-03-15 10:47:39 +01:00
Joe Farebrother
f464f1b94e Accept test output + fix qldoc typo 2024-03-14 22:25:37 +00:00
Joe Farebrother
b4ed77343b Add change note + fix qldoc 2024-03-14 22:25:36 +00:00
Joe Farebrother
3e61be1b6a Add test cases 2024-03-14 22:25:36 +00:00
Joe Farebrother
5333c75919 Model additional string attributes 2024-03-14 22:25:36 +00:00
Joe Farebrother
8c31b612ca Model UploadedFile original_filename and read 2024-03-14 22:25:35 +00:00
Tom Hvitved
4085c8ec8f Merge pull request #15866 from hvitved/ruby/orm-tracking-ap-limit 
Ruby: Lower access path limit to 1 for `OrmTracking`
 2024-03-13 10:57:09 +01:00
Harry Maclean
806f42ef72 Ruby: Update change note 2024-03-13 09:54:17 +00:00
Harry Maclean
dd5eb982ec Merge pull request #15524 from hmac/hmac-process-spawn 
Ruby: Add some more command injection sinks
 2024-03-13 09:53:10 +00:00
Tom Hvitved
695e728ed5 Ruby: Lower access path limit to 1 for OrmTracking 2024-03-12 14:58:29 +01:00
Tom Hvitved
dddba3228b Merge pull request #15867 from hvitved/dataflow/ap-limit 
Data flow: Add `ConfigSig::accessPathLimit`
 2024-03-12 14:57:51 +01:00
Tom Hvitved
4291290277 Ruby: Implement new data flow interface 2024-03-11 20:56:38 +01:00
Joe Farebrother
9c51514bd9 Merge pull request #15857 from joefarebrother/ruby-activerecord-from 
Ruby: Model second argument of `ActiveRecord` `from`
 2024-03-11 16:49:52 +00:00
Henry Mercer
c325ff8a23 Mark lines of code queries as telemetry queries 
The new file coverage metrics are available in all supported GHES
versions. This PR tags lines of code queries as telemetry queries. Lines
of code information will still be available in the SARIF file, but it
will no longer be displayed in the logging output of the CLI.

The one exception is the metric queries for Java/Kotlin that provides
separate lines of code information for Java and Kotlin. I've kept these
since separate file coverage information for languages like Java and
Kotlin is only available for GHES 3.12 and later.
 2024-03-11 16:40:31 +00:00
Tom Hvitved
da66281fef Sync files 2024-03-11 13:02:04 +01:00
Tom Hvitved
7a39f077d9 Data flow: Add ConfigSig::accessPathLimit 2024-03-11 13:01:58 +01:00
Joe Farebrother
dbd33d1cf0 Model Argument[1] of ActiveRecord from 2024-03-08 14:04:01 +00:00
Tom Hvitved
24e35f6f3d Update expected test output 2024-03-08 10:00:43 +01:00
Tom Hvitved
e793a1e9fe Ruby: Add variable capture spurious flow test 2024-03-08 10:00:42 +01:00
Tom Hvitved
85782ff1d4 Ruby: Exclude calls with arguments from OrmFieldAsSource 2024-03-07 17:34:01 +01:00
github-actions[bot]
dc9092c9ec Post-release preparation for codeql-cli-2.16.4 2024-03-06 22:19:33 +00:00
github-actions[bot]
2f058ffb4d Release preparation for version 2.16.4 2024-03-06 20:56:51 +00:00
Angela P Wen
ce31f8641a Revert "Release preparation for version 2.16.4" 2024-03-06 12:07:33 -08:00
Anders Schack-Mulligen
0dbe8c3d8a Merge pull request #15140 from hvitved/dataflow/pruned-ctx-sensitivity 
Data flow: prune context-sensitivity relations
 2024-03-06 10:04:48 +01:00
Harry Maclean
350dab4621 Merge pull request #15722 from hmac/mad-sinks 2024-03-06 08:18:19 +00:00
github-actions[bot]
661e68dab5 Release preparation for version 2.16.4 2024-03-05 18:13:58 +00:00
Joe Farebrother
dcc6f83d3b Merge pull request #15782 from joefarebrother/ruby-typhoeus 
Ruby: Model `Typhoeus::Request.new`
 2024-03-05 16:55:38 +00:00
Angela P Wen
967963a653 Revert "Release preparation for version 2.16.4" 2024-03-05 08:53:33 -08:00
Joe Farebrother
7027b7fe82 Apply review suggestions: Use getInstance and clarify predicate name/qldoc. Also fix changenote formatting. 2024-03-05 16:34:48 +00:00
Harry Maclean
148241183a Ruby: update changenote 2024-03-05 10:20:25 +00:00
Harry Maclean
91cb2a37fd Ruby: Model Process.exec 2024-03-05 10:19:22 +00:00
Tom Hvitved
bd7b2c4cc6 Update expected output 2024-03-05 10:44:13 +01:00
Harry Maclean
179aaa1342 Ruby: model Open4.popen4ext 2024-03-05 09:35:18 +00:00
Harry Maclean
87f3b43576 Ruby: remove deprecated private class 2024-03-05 08:28:16 +00:00
github-actions[bot]
a67218a027 Release preparation for version 2.16.4 2024-03-04 17:42:08 +00:00
Angela P Wen
2b2ea597ce Fix formatting on changenotes 2024-03-04 16:42:38 +00:00
Joe Farebrother
31687afd5d Fix performance 2024-03-04 09:47:12 +00:00
Joe Farebrother
5a1c0f60e6 Fix qldoc typo 2024-03-01 15:12:16 +00:00
Peter Stöckli
4adc373dfe Ruby: more test cases for code injection via method 2024-03-01 16:01:07 +01:00
Joe Farebrother
4b1626c83a Add change note 2024-03-01 14:59:24 +00:00
Peter Stöckli
3418ec8a81 Ruby: Update method code injection sinks change note 
Co-authored-by: Harry Maclean <hmac@github.com>
 2024-03-01 15:54:58 +01:00
Joe Farebrother
65b30c1dff Add tests and qldoc 2024-03-01 14:46:55 +00:00
Joe Farebrother
a08b292099 Add models for Typhoeus::Request 2024-03-01 14:23:24 +00:00
Peter Stöckli
e43c368222 Ruby: change note for methode code injection sinks 2024-03-01 15:20:32 +01:00
Peter Stöckli
a693c6d9b4 Ruby: sinks for code injection via calls to method 2024-03-01 14:42:22 +01:00
Joe Farebrother
abdae2c437 Apply reveiw suggestion - update change note 
Co-authored-by: Harry Maclean <hmac@github.com>
 2024-03-01 09:57:28 +00:00
Joe Farebrother
bf2174ffce Add change note 2024-03-01 09:57:28 +00:00
Joe Farebrother
0b7b7ea1b8 Add test cases and improve controller model 2024-03-01 09:57:24 +00:00
Joe Farebrother
ef0a1d2873 Implement models for translation methods 2024-03-01 09:52:53 +00:00