codeql

mirror of https://github.com/github/codeql.git synced 2026-06-10 15:31:12 +02:00

Author	SHA1	Message	Date
Rasmus Lerchedahl Petersen	f0e68887d4	Python: autoformat	2024-06-20 10:59:39 +02:00
yoff	b4fdf3c342	Apply suggestions from code review Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>	2024-06-20 10:57:54 +02:00
Rasmus Wriedt Larsen	596102d3fb	Update javascript/ql/lib/change-notes/2024-06-14-type-tracking-array-steps.md Co-authored-by: Asger F <asgerf@github.com>	2024-06-20 10:07:49 +02:00
Alvaro Muñoz	1e4df62a39	Merge pull request #45 from github/change_packages Move from githubsecuritylab packages to github	2024-06-20 09:51:17 +02:00
Alvaro Muñoz	4619128c11	Move from githubsecuritylab packages to github	2024-06-20 09:50:36 +02:00
Owen Mansel-Chan	754fd8e84c	Drop leading . from `getQualifiedName` for built-in functions So it will be "panic" instead of ".panic".	2024-06-19 22:04:21 +01:00
Owen Mansel-Chan	68a661f3c7	Write out whole function names	2024-06-19 21:58:31 +01:00
Owen Mansel-Chan	b79711b17e	Move deprecated notice to top of comment	2024-06-19 21:58:28 +01:00
aegilops	1ecd72727d	Renamed README to CUSTOMIZING, removed details from qhelp and referenced md doc instead	2024-06-19 17:59:43 +01:00
aegilops	a07639f4f6	Set severity to 7.0, in line with other configuration queries	2024-06-19 17:43:41 +01:00
aegilops	26f1b36736	Fixed formatting	2024-06-19 17:41:58 +01:00
aegilops	252c9e9416	Added data extension to set defaults, updated help, added README to explain customization	2024-06-19 17:27:17 +01:00
Max Schaefer	2be171746b	JavaScript: Fix CodeQL alert in extractor This doesn't make a difference in practice because we only run the method on arrays of even length, but we might as well fix it.	2024-06-19 17:13:01 +01:00
Rasmus Lerchedahl Petersen	5cb37f5c4c	python: Document MaD format - add a few tests reflecting the documentation - make the mentioned sink-kinds have an effect on relevant queries	2024-06-19 17:00:15 +02:00
Mathias Vorreiter Pedersen	901fac4282	C++: Support 'Element' content in flow summaries.	2024-06-19 13:40:06 +01:00
Mathias Vorreiter Pedersen	013ee9c15e	C++: Add support for 'Element' content in dataflow.	2024-06-19 13:39:39 +01:00
Mathias Vorreiter Pedersen	c158f8054e	C++: Get rid of all the 'StdContainer' taint models.	2024-06-19 13:36:19 +01:00
Michael Nebel	aa962f9b03	Java: Update expected output of model generation.	2024-06-19 14:10:59 +02:00
Michael Nebel	1185e28ea2	Java: Add some spurious source and sink model generation examples.	2024-06-19 14:10:56 +02:00
Michael Nebel	ed3f1e40db	Java: Sync changes and make dummy language specific implementation.	2024-06-19 14:10:54 +02:00
Michael Nebel	99907471b2	C#: Update model generator expected output.	2024-06-19 14:10:52 +02:00
Michael Nebel	40204911bc	C#: Only allow source propgatation upwards in the call stack if the call path consists of unique call targets (to avoid unwanted virtual dispatch). This severely tightens the generation of extrapolated sources.	2024-06-19 14:10:49 +02:00
Paul Hodgkinson	3a98edb60b	Merge branch 'main' into aegilops/js/insecure-helmet-middleware	2024-06-19 12:53:32 +01:00
Tom Hvitved	6dbdc9e17f	Merge pull request #16784 from github/redsun82/fix-warnings-in-ql-tests C++/Java: Accept new warning format in ql tests	2024-06-19 13:05:50 +02:00
aegilops	d142f830da	Change note and changed name of query in `.ql` file	2024-06-19 12:04:32 +01:00
aegilops	8a3cec4977	Fix formatting for check	2024-06-19 11:38:20 +01:00
Paolo Tranquilli	b7a2ea8981	CI: accept other diagnostic format related test changes	2024-06-19 11:33:50 +02:00
Paolo Tranquilli	59f8f8a394	Merge branch 'main' into redsun82/fix-warnings-in-ql-tests	2024-06-19 11:21:36 +02:00
aegilops	de96d3951d	Renamed to helmetProperty everywhere	2024-06-19 10:15:06 +01:00
aegilops	f4691b1919	Changed to more-modern Dataflow libraries	2024-06-19 10:11:06 +01:00
aegilops	81ef255a87	Change to helmetProperty from helmetSetting variable name	2024-06-19 10:09:50 +01:00
Tamás Vajk	45ece48b6f	Merge pull request #16776 from tamasvajk/fix/source-generator-folder C#: Make sure no file is added twice to the compilation	2024-06-19 10:09:50 +02:00
Paolo Tranquilli	919ddccfdb	C++/Java: Accept new warning format in ql tests	2024-06-19 09:13:18 +02:00
aegilops	da9e1e61a4	Moved examples into separate files	2024-06-18 19:50:06 +01:00
Edward Minnix III	7adfa6bbed	Merge pull request #16709 from egregius313/egregius313/go/df/threat-models/refactor-queries Go: Refactor queries to use `ThreatModelFlowSource` instead of `RemoteFlowSource`	2024-06-18 13:56:00 -04:00
Alex Ford	51f3f15e42	Ruby: remove outdated test comment	2024-06-18 17:51:49 +01:00
Alex Ford	d79a253c20	Ruby: remove unused import	2024-06-18 17:49:14 +01:00
Alex Ford	7380e29774	Ruby: changenote for rb/weak-sensitive-data-hashing	2024-06-18 17:48:51 +01:00
Alex Ford	d994959720	Ruby: add tests for rb/weak-sensitive-data-hashing	2024-06-18 17:47:32 +01:00
Alex Ford	81ec6861f9	Ruby: fix some SensitiveDataSource definitions	2024-06-18 17:46:52 +01:00
am0o0	eb1999f8b3	revert .vscode/settings.json :((	2024-06-18 18:43:20 +02:00
am0o0	ccb923a436	fix formatting	2024-06-18 18:31:29 +02:00
Ed Minnix	5bbd003dfc	Reword change note	2024-06-18 12:27:21 -04:00
Ed Minnix	b53712cae0	Change note	2024-06-18 12:27:19 -04:00
Ed Minnix	6a0be6ad09	ExternalAPIs	2024-06-18 12:27:18 -04:00
Ed Minnix	46e16b88bb	Refactor experimental queries to use ThreadModelFlowSource	2024-06-18 12:27:17 -04:00
Ed Minnix	cfd5f53eb0	Refactor Customizations libraries to use `ThreatModelFlowSource`	2024-06-18 12:27:15 -04:00
Edward Minnix III	8997f2cdf2	Merge pull request #16697 from egregius313/egregius313/go/dataflow/threat-modeling Go: Introduce Threat Modeling	2024-06-18 12:25:33 -04:00
Alex Ford	f217de9623	Ruby: Move SensitiveDataSource logic into a private module	2024-06-18 16:58:30 +01:00
am0o0	1f99559e9f	Revert "update id of the query file" This reverts commit `1f112467ce`.	2024-06-18 17:33:07 +02:00

... 351 352 353 354 355 ...

86439 Commits