hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
80,404 Commits 1,672 Branches 157 Tags
codeql-cli-2.22.1
Commit Graph

4694 Commits

Author SHA1 Message Date
Arthur Baars
035ad65e43 AlertSuppression: move library into util folder 2022-12-21 10:39:57 +01:00
Arthur Baars
a8be5d7274 AlertSuppression: add change notes 2022-12-19 17:02:52 +01:00
Arthur Baars
c176606be5 AlertSuppression: allow //lgtm comments to scope over the next line 2022-12-19 16:10:26 +01:00
Arthur Baars
016c7a8ca7 Merge pull request #11719 from aibaars/alert-suppression-shared 
Shared AlertSuppression library
 2022-12-19 16:04:44 +01:00
Arthur Baars
f68e18cd9c Python: move AlertSuppression.ql 2022-12-19 12:39:01 +01:00
Arthur Baars
acb5d6e163 Python: use shared AlertSuppression.qll 2022-12-19 12:26:12 +01:00
turbo
1e5426fca2 Create security-experimental suite helper and all language suite implementations 2022-12-18 15:44:08 +01:00
erik-krogh
f67d0bc8c0 put the shared HostnameRegexp code in the shared regex pack 2022-12-17 17:26:18 +01:00
Henry Mercer
30451ee950 Merge pull request #11681 from github/henrymercer/mergeback-3.8 
Merge `rc/3.8` back to `main`
 2022-12-16 17:43:12 +00:00
Sim4n6
4376870a51 An uploded file is considered a source 2022-12-15 23:39:02 +01:00
turbo
4ec401a3f6 Tag all security queries in supported languages' experimental directories with an experimental tag 2022-12-14 17:15:50 +01:00
Henry Mercer
a3933fbf4f Bump minor versions of packs we regularly release 2022-12-13 18:59:24 +00:00
Henry Mercer
7167f078be Merge branch 'main' into henrymercer/mergeback-3.8 2022-12-13 18:40:53 +00:00
ALJI Mohamed
54109b8ea7 Add source wget.download 2022-12-13 15:34:01 +01:00
ALJI Mohamed
2f68b54b27 A simple download_file() call from maybe boto3 2022-12-12 19:46:34 +01:00
erik-krogh
b3a9c1ca06 Py/JS/RB: Use instanceof in more places 2022-12-12 16:06:57 +01:00
github-actions[bot]
343b7b1c8b Post-release preparation for codeql-cli-2.11.6 2022-12-11 18:15:04 +00:00
ALJI Mohamed
b19452467d read by chunks as additional step 2022-12-10 21:59:14 +01:00
github-actions[bot]
0b2fb4f70a Release preparation for version 2.11.6 2022-12-10 15:49:35 +00:00
ALJI Mohamed
eff132512c Copying the response data to the archive 2022-12-10 08:15:42 +01:00
ALJI Mohamed
545aab0e07 tarball path provided using CLI argument (source) 2022-12-09 15:54:43 +01:00
Henry Mercer
3036b15af2 Merge branch 'main' into henrymercer/check-query-ids 2022-12-08 13:05:46 +00:00
Henry Mercer
5674251839 Python: Disable TarSlipImprov qhelp 2022-12-08 13:03:31 +00:00
Chris Smowton
81110b19e7 Merge pull request #11612 from smowton/smowton/admin/merge-rc38-into-main 
Merge rc/3.8 into main
 2022-12-08 12:25:59 +00:00
ALJI Mohamed
9336f4f1a2 Considering the use of contextlib.closing() method 2022-12-08 12:26:59 +01:00
Chris Smowton
49bc524fd0 Merge remote-tracking branch 'origin/rc/3.8' into smowton/admin/merge-rc38-into-main 2022-12-08 11:12:30 +00:00
Rasmus Wriedt Larsen
d684dbdf5c Merge pull request #10656 from porcupineyhairs/PyPamImprove 
Python: Improve the PAM authentication bypass query
 2022-12-08 11:59:10 +01:00
Rasmus Wriedt Larsen
a826c4f48b Merge branch 'main' into call-graph-code 2022-12-08 11:39:30 +01:00
Jami
5e694b5983 Merge pull request #11192 from jcogs33/jcogs33/share-key-sizes 
Share encryption key sizes between Java and Python
 2022-12-07 08:08:24 -05:00
ALJI Mohamed
2801b8495a A fix of the tag name 2022-12-06 14:50:47 +01:00
ALJI Mohamed
4896e62117 Use of more generic terms 2022-12-06 14:44:52 +01:00
Sim4n6
58570b4d2c Update python/ql/src/experimental/Security/CWE-022bis/UnsafeUnpack.ql 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2022-12-06 14:40:48 +01:00
Sim4n6
9a60202de6 Update python/ql/src/experimental/Security/CWE-022bis/UnsafeUnpack.qhelp 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2022-12-06 14:40:35 +01:00
Sim4n6
c22c0b5029 Update python/ql/src/experimental/Security/CWE-022bis/UnsafeUnpack.qhelp 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2022-12-06 14:39:16 +01:00
ALJI Mohamed
a5849eb9b0 Improved the additional taint step using InstanceSource 2022-12-06 14:00:08 +01:00
ALJI Mohamed
054c06be65 Update UnsafeUnpack.ql 2022-12-06 02:51:07 +01:00
Henry Mercer
5b040a9476 Python: Fix duplicate query IDs 2022-12-05 19:04:10 +00:00
ALJI Mohamed
68fd75ca34 UnpackUnsafe query and tests 2022-12-05 17:20:22 +01:00
github-actions[bot]
5e35785fd0 Post-release preparation for codeql-cli-2.11.5 2022-12-02 11:37:44 +00:00
github-actions[bot]
31ab22e3a0 Release preparation for version 2.11.5 2022-12-01 20:05:14 +00:00
Rasmus Wriedt Larsen
315ceb57e9 Python: Add change-note 2022-12-01 11:56:44 -05:00
Jami Cogswell
4d99cd1b7a update EC key size in help file 2022-12-01 11:56:44 -05:00
Rasmus Wriedt Larsen
d47b3265c4 Python: Fix py/meta/points-to-call-graph 2022-12-01 14:56:10 +01:00
Rasmus Lerchedahl Petersen
820d94098f python: port py/comparison-using-is 
see triage [here](https://github.com/github/codeql-python-team/issues/628#issuecomment-1328933001)
- no longer try to interpret the class of operands
- simply alert in clear bad cases of uninterned literals
- surprisingly(?), all tests still pass
 2022-12-01 09:56:51 +01:00
Rasmus Wriedt Larsen
607639c100 Python: restrict py/meta/points-to-call-graph to non-ignored files 2022-11-29 15:10:45 +01:00
Rasmus Wriedt Larsen
d7aea228ce Python: Add taint-sinks meta query 
Inspired by the one they have in JS:
097d5189e9/javascript/ql/src/meta/alerts/TaintSinks.ql
 2022-11-29 15:10:09 +01:00
Rasmus Wriedt Larsen
544de5232c Python: Use ' instead of ` in select text 2022-11-29 14:47:45 +01:00
Arthur Baars
cf7ebe2fa8 Merge pull request #11471 from github/rc/3.8 
Merge rc/3.8 into main
 2022-11-29 12:57:34 +01:00
Rasmus Wriedt Larsen
4e67ec19d0 Python: Adjust alert text of py/pam-auth-bypass 2022-11-28 16:14:38 +01:00
Rasmus Wriedt Larsen
3d9556e5a3 Python: Use proper Query suffix 2022-11-28 16:03:17 +01:00