hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-10 23:41:09 +02:00
Code Issues Packages Projects Releases Wiki Activity
85,654 Commits 1,777 Branches 169 Tags
codeql-cli-2.24.1
Commit Graph

85654 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Wriedt Larsen
c1da2c1d2f Python: Gracefully handle exceptions in diagnostics writing 2024-07-09 14:15:51 +02:00
Rasmus Wriedt Larsen
a8b976b389 Python: Always log errors before writing diagnostics 
So we have the info in the logs if the diagnostics processing fails
 2024-07-09 13:47:53 +02:00
Tom Hvitved
d41eae6fc3 SSA: Add data-flow integration layer 2024-07-09 12:49:22 +02:00
Mathias Vorreiter Pedersen
48edb77300 C++: Add 'cpp/iterator-to-expired-container' FP. 2024-07-09 11:24:18 +01:00
Mathias Vorreiter Pedersen
6359388cea Merge pull request #16915 from MathiasVP/fix-iterator-to-expired-container-fp-4 
C++: Fix `cpp/iterator-to-expired-container` FPs
 2024-07-09 11:23:46 +01:00
Owen Mansel-Chan
d4bfab4735 Accept minor copy-editing suggestions. 2024-07-09 07:00:01 +01:00
Mathias Vorreiter Pedersen
39ad4d4a89 Merge pull request #16930 from MathiasVP/promote-unsafe-strncat-to-code-scanning 2024-07-08 21:51:57 +01:00
Alvaro Muñoz
59fd8530a3 Bump qlpack versions 2024-07-08 22:39:58 +02:00
Alvaro Muñoz
a368b797fd fix(checks): Add repository control checks 2024-07-08 22:39:22 +02:00
Alvaro Muñoz
ee265c4879 fix(models): Slash-command-action 
Do not consider slash-command-action command-arguments as a remote flow source if it requires write or admin permissions
 2024-07-08 22:38:53 +02:00
Alvaro Muñoz
a2af3c654b Account for all npm and pnpm subcommands 
Exclude args such as `npm -v`
 2024-07-08 20:46:29 +02:00
Mathias Vorreiter Pedersen
2c5f007687 Merge pull request #16929 from MathiasVP/add-unsafe-strncat-fp 2024-07-08 18:54:58 +01:00
Cornelius Riemenschneider
f87e680185 Merge pull request #16928 from github/criemen/install-remove 
Install script: Windows-compatible cleanup path.
 2024-07-08 17:53:18 +02:00
Owen Mansel-Chan
496e76c1c5 Merge pull request #16931 from owen-mc/go/fix/clear-sanitizer 
Go: fix `clear` sanitizer
 2024-07-08 16:52:37 +01:00
Cornelius Riemenschneider
16660ab1df address review 2024-07-08 17:37:33 +02:00
Cornelius Riemenschneider
8df2e4952c address review 2024-07-08 17:27:17 +02:00
Owen Mansel-Chan
a774aacfa8 Add change note 2024-07-08 16:09:17 +01:00
Mathias Vorreiter Pedersen
9cfd06c761 C++: Increase the precision of 'cpp/unsafe-strncat' to high. 2024-07-08 16:06:58 +01:00
Owen Mansel-Chan
68929d1f73 Fix definition of ClearSanitizer 2024-07-08 16:05:17 +01:00
Owen Mansel-Chan
eec2aa82a6 Add failing tests for ClearSanitizer 2024-07-08 16:05:04 +01:00
Mathias Vorreiter Pedersen
962c73da16 C++: Promote 'cpp/unsafe-strncat' to Code Scanning. 2024-07-08 16:02:29 +01:00
Angela P Wen
80bd361607 Merge pull request #16926 from github/post-release-prep/codeql-cli-2.18.0 
Post-release preparation for codeql-cli-2.18.0
 2024-07-08 16:51:16 +02:00
Owen Mansel-Chan
b83147fa44 Add links on threat models to change note 2024-07-08 15:39:27 +01:00
Owen Mansel-Chan
8241d0b7ef Update QLDoc for ReverseDnsUserInput 2024-07-08 15:33:39 +01:00
Owen Mansel-Chan
07a25a233d Update threat model documentation 2024-07-08 15:32:47 +01:00
Cornelius Riemenschneider
bb78536804 Install script: Windows-compatible cleanup path. 
Windows might need some retrying around deleting
the target directory.
 2024-07-08 16:21:29 +02:00
Owen Mansel-Chan
64432215a9 Make "reverse-dns" pass validation 2024-07-08 15:16:14 +01:00
Owen Mansel-Chan
8526510783 Add ungrouped threat models to threat-model-grouping.model.yml 2024-07-08 15:15:40 +01:00
Mathias Vorreiter Pedersen
d5d04f2f4c C++: Add a 'cpp/unsafe-strncat' FP. 2024-07-08 15:13:00 +01:00
Geoffrey White
8818f63ca7 C++: Add some practical details to the examples. 2024-07-08 14:32:05 +01:00
Geoffrey White
80af5b7725 C++: Add a third example for cpp/world-writable-file-creation. 2024-07-08 14:32:04 +01:00
Geoffrey White
4f0d725acd C++: Add a 'good' example as well. 2024-07-08 14:32:03 +01:00
Geoffrey White
d52210d565 C++: Improve the example for cpp/return-stack-allocated-memory. 2024-07-08 14:32:01 +01:00
Geoffrey White
3c70583aa2 C++: Add close calls to examples for cpp/toctou-race-condition. 2024-07-08 14:32:00 +01:00
Geoffrey White
0288499801 C++: Rephrase the alert message for cpp/wrong-type-format-argument to be less prescriptive. 2024-07-08 14:31:59 +01:00
github-actions[bot]
ae3aba061b Post-release preparation for codeql-cli-2.18.0 2024-07-08 13:30:13 +00:00
Michael B. Gale
7ca57e114f Go: Add CODEQL_EXTRACTOR_GO_EXTRACT_VENDOR_DIRS env var 
If set to `true`, this allows `vendor` directories to be extracted
 2024-07-08 14:08:19 +01:00
Michael B. Gale
bc61a58000 Go: Add integration test for extracting vendored dependencies 2024-07-08 14:05:06 +01:00
Tamas Vajk
7387c565e4 C#: Restore Windows dependencies when Windows Forms or WPF usage is detected 2024-07-08 14:44:20 +02:00
Tamas Vajk
7fc1e13672 C#: Add buildless integration test with Windows Forms application 2024-07-08 14:08:15 +02:00
Paolo Tranquilli
0421ceff93 Merge pull request #16922 from github/redsun82/kotlin-wrapper 
Kotlin: make wrapper cache downloaded zips
 2024-07-08 13:53:35 +02:00
Paolo Tranquilli
a30e7d2cfd Kotlin: add all .kotlin_* in dev to .gitignore 2024-07-08 13:18:56 +02:00
Angela P Wen
dc20b0d19e Merge pull request #16921 from github/release-prep/2.18.0 
Release preparation for version 2.18.0
codeql-cli/v2.18.0 		2024-07-08 13:12:57 +02:00
Chris Smowton
d9573596c7 Merge pull request #16810 from smowton/smowton/feature/java-low-db-quality-query 
Java: add diagnostic query indicating low database quality
 2024-07-08 12:06:42 +01:00
Alvaro Muñoz
1657af60df Model get-workflow-origin action 2024-07-08 12:59:36 +02:00
Alvaro Muñoz
20ce5d5344 Add JS local imports as Poisonable steps 2024-07-08 12:59:16 +02:00
aegilops
5a3328b07a Merge branch 'aegilops/js/insecure-helmet-middleware' of https://github.com/aegilops/codeql into aegilops/js/insecure-helmet-middleware 2024-07-08 11:31:15 +01:00
aegilops
2aff2a7385 Fixed code markup 2024-07-08 11:31:06 +01:00
Paul Hodgkinson
d896fdf9fa Merge branch 'main' into aegilops/js/insecure-helmet-middleware 2024-07-08 11:25:47 +01:00
Rasmus Wriedt Larsen
173cd13ded Python: Add test for impossible isinstance flow 2024-07-08 12:06:53 +02:00