hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
76,612 Commits 1,672 Branches 157 Tags
codeql-cli-2.20.7
Commit Graph

3348 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
ff25451699 rename query to overly-large-range, and rewrite the @description 2022-07-12 16:02:46 +02:00
Nick Rolfe
217c9a8aaf Fix typo in changenote 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2022-07-12 08:50:58 +01:00
Nick Rolfe
a3628b06f1 Ruby: fix markup in changenote 2022-07-11 17:23:45 +01:00
Nick Rolfe
032aa56dc3 Ruby: add change note for system command execution sink bug 2022-07-11 17:00:07 +01:00
Nick Rolfe
6632dfaf88 Ruby: fix another SystemCommandExecution::isShellInterpreted implementation 2022-07-11 16:53:30 +01:00
Nick Rolfe
348ad95fc0 Ruby: fix defining every dataflow node as a command execution sink 2022-07-11 15:06:27 +01:00
thiggy1342
bd50fd7f1e format fix 2022-07-08 17:20:41 +00:00
thiggy1342
11e39aa030 Add changelog 2022-07-07 21:40:16 +00:00
thiggy1342
b4869158f2 expand query tests for cwe-089 2022-07-07 19:23:57 +00:00
Nick Rolfe
02dd933e5f Ruby: move Pathname from core to stdlib 2022-06-30 10:08:25 +01:00
Andrew Eisenberg
fbeecd6c08 Merge pull request #9744 from github/aeisenberg/move-contextual-queries 2022-06-29 11:44:33 -07:00
Andrew Eisenberg
a3f4d1bf66 Move contextual queries from src to lib 
With this change, users are now able to run View AST command in
vscode within vscode workspaces that do not include the core libraries.
The relevant core library only needs to be installed in the package
cache.
 2022-06-29 07:51:26 -07:00
Brandon Stewart
5888325549 Merge branch 'main' into patch-1 2022-06-29 08:42:24 -04:00
Nick Rolfe
5db2f9a768 Merge remote-tracking branch 'origin/main' into nickrolfe/pathname 2022-06-29 13:16:49 +01:00
Nick Rolfe
c1302a90e0 Ruby: use MaD for more precise Pathname flow summaries 2022-06-29 13:16:18 +01:00
Jeroen Ketema
55e052af26 Merge pull request #9686 from aschackmull/dataflow/no-node-scan 
Dataflow performance: Avoid node scans
 2022-06-29 10:38:56 +02:00
Brandon Stewart
c7b4133fbe Merge branch 'main' into patch-1 2022-06-28 09:46:46 -04:00
Brandon Stewart
33d1aae92a Update ruby/ql/lib/codeql/ruby/frameworks/ActiveRecord.qll 
Co-authored-by: Harry Maclean <hmac@github.com>
 2022-06-28 08:51:01 -04:00
Brandon Stewart
1dc26a0ca3 Update ruby/ql/lib/codeql/ruby/frameworks/ActiveRecord.qll 
Co-authored-by: Harry Maclean <hmac@github.com>
 2022-06-28 08:50:54 -04:00
Erik Krogh Kristensen
a343ceaf8b add suspicious-regexp-range query 2022-06-28 09:49:27 +02:00
Asger F
cc57cb8af5 Merge branch 'main' into post-release-prep/codeql-cli-2.10.0 2022-06-27 20:37:25 +02:00
Brandon Stewart
99ae1b3f0d Merge branch 'main' into patch-1 2022-06-27 10:12:26 -04:00
Brandon Stewart
52290fd4ae run codeql query format 2022-06-27 10:01:40 -04:00
Nick Rolfe
280c959dc8 Merge branch 'main' into nickrolfe/pathname 2022-06-27 11:11:17 +01:00
Asger F
09476d1c13 Ruby: fix deprecation warning 2022-06-27 10:01:37 +02:00
Harry Maclean
101111bd2f Merge pull request #9574 from hmac/hmac/action-cable-logger 
Ruby: More Rails modeling
 2022-06-27 19:56:54 +12:00
Asger F
d6fd43fe12 Merge pull request #9364 from asgerf/ruby/api-graph-api 
Ruby: API graph renaming an documentation
 2022-06-27 08:54:24 +02:00
Brandon Stewart
29e73e1a04 Update ActiveRecord.qll 2022-06-24 15:35:36 -04:00
Brandon Stewart
463c096d4c Update ActiveRecord.qll 2022-06-24 15:33:02 -04:00
Brandon Stewart
2047954013 Merge branch 'main' into patch-1 2022-06-24 15:30:11 -04:00
Brandon Stewart
ff9a7244c2 Update ActiveRecord.qll 2022-06-24 15:28:09 -04:00
Nick Rolfe
c1515db09c Ruby: modeling of some file-related concepts for the Pathname class 2022-06-24 14:14:07 +01:00
Nick Rolfe
03d0f66247 Ruby: add flow summaries for Pathname class 2022-06-24 14:14:06 +01:00
Erik Krogh Kristensen
9bc12ed8fd sync review changes to other languages 2022-06-24 13:12:15 +02:00
Erik Krogh Kristensen
28ac47689f changes based on reviews 2022-06-24 13:11:46 +02:00
github-actions[bot]
d506f448ef Post-release preparation for codeql-cli-2.10.0 2022-06-24 07:36:33 +00:00
Brandon Stewart
caeef68bde Update ActiveRecord.qll 2022-06-23 12:31:05 -04:00
Brandon Stewart
173bea2579 Update ActiveRecord.qll 2022-06-23 12:18:26 -04:00
Brandon Stewart
fa622f551a Update ruby/ql/lib/codeql/ruby/frameworks/ActiveRecord.qll 
Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>
 2022-06-23 12:16:50 -04:00
Anders Schack-Mulligen
dc517a758e Autoformat 2022-06-23 14:44:40 +02:00
Erik Krogh Kristensen
724721c5c8 fix typo 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
22871138c6 simplify the recursion between TTrace and isReachableFromStartTuple 
similar to the fix made by Shack in `ExponentialBackTracking.qll`
 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
be37763125 improve performance of process() by pruning accept states early 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
bf20b7dfc5 add change note for the ReDoS renamings 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
14204be2f9 add missing qldoc 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
3bea7df45d add deprecated aliases in the old locations, and use the Query.qll pattern for js/polynomial-redos 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
13482fc97b rename ReDoSUtil to NfaUtils, and rename the "performance" folder to "regexp" 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
6b0df9bdfb refactor the concretize algorithm 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
dbeae9aefb make a parameterized module out of the RegexpMatching implementation 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
7fb3d81d2f add further normalization of char classses 2022-06-23 14:36:25 +02:00