hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-12 08:21:09 +02:00
Code Issues Packages Projects Releases Wiki Activity
86,439 Commits 1,785 Branches 169 Tags
codeql-cli-2.25.0
Commit Graph

86439 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
am0o0
f905ac10c4 add jsonWebToken library file to remove duplicate predicate declrations 2024-05-25 13:28:13 +02:00
am0o0
5d98ec33ab stash: add debug query 2024-05-25 13:06:41 +02:00
am0o0
d77513579f update tests 2024-05-25 12:15:25 +02:00
Am
2226f5126b Merge branch 'main' into amammad-js-hardcodedJWTKey 2024-05-25 13:40:46 +03:30
am0o0
4e365e242c fix conflict 2024-05-25 12:08:05 +02:00
am0o0
20c087ce39 update tests 2024-05-25 12:06:07 +02:00
am0o0
c299b5657a Revert "stash" 
This reverts commit bdee99ae88.
 2024-05-25 12:03:00 +02:00
am0o0
1860af075d fix conflict 2024-05-25 12:01:12 +02:00
Remco Vermeulen
6df4c8964b Rewrite recommendations 
- Replace segmentation fault with crash that is platform agnostic (I think segmentation fault is not really a thing on Windows).
- Replace security vulnerability with malicious code execution. This provides a range of issues, because a crash (previously segmentation fault) could also be considered a security vulnerability. Namely a DOS.
- Removed the additional note on stack allocated arrays which seem confusing because we are always talking about buffers allocated on the heap.
 2024-05-24 16:10:42 -07:00
Cornelius Riemenschneider
d30ed54bfd Merge branch 'main' into criemen/bazel-csharp 2024-05-24 18:02:20 +02:00
Paolo Tranquilli
5d4b61c365 Bazel: replace prebuilt ripunzip from workflow 2024-05-24 17:44:39 +02:00
Paolo Tranquilli
8d5fa9583e Add ripunzip build workflow 2024-05-24 17:37:59 +02:00
Cornelius Riemenschneider
b09f3c1c0d Don't build with cross any longer. 
We've removed cross from the internal build when converting to bazel,
mirror that here.
 2024-05-24 16:17:37 +02:00
Paolo Tranquilli
b9064c5446 Bazel: fail install on ripunzip failing 2024-05-24 15:50:16 +02:00
Cornelius Riemenschneider
8c46b61e85 Ruby: Change how we pull in shared/tree-sitter-extractor dependency 
Previously, we pulled in the shared tree-sitter extractor via a `git`
dependency in `Cargo.toml` to address a `rules_rust` limitation (no `path`
dependencies outside of the cargo workspace)). This was a problem,
as that means we're cloning `github/codeql` _again_ for the build, which is
quite slow.

I found another way that is faster, and still produces correct builds
for both `cargo`` and `rules_rust`:
* Cargo depends on a fake crate that has the same dependencies as the real crate (thanks to `sync-files.py`). Therefore, cargo pulls in the right dependencies into the lockfile, which bazel targets
* For local builds, we override the path to that dependency in a cargo config, so we're pulling in the correct code
* rules_rust only uses `path` dependencies for collecting transitive dependencies, it never pulls in the code from there. So far that, we manually provide a `BUILD.bazel` file for the shared extractor, and depend on that.
 2024-05-24 15:37:35 +02:00
Cornelius Riemenschneider
5fa1b57aaa Merge pull request #16586 from hvitved/rust-bump 
Python: Use Rust 1.74
 2024-05-24 15:30:15 +02:00
Paolo Tranquilli
f35f077c76 Swift: cleanup tools scripts in pack 2024-05-24 15:24:15 +02:00
Paolo Tranquilli
e990d75a8f Bazel: use codeql platform as arch zip filename 2024-05-24 15:23:51 +02:00
Paolo Tranquilli
ea01ae6534 Swift: fix integration test log upload 2024-05-24 14:29:22 +02:00
Paolo Tranquilli
fa2c626e49 Bazel: add fat macOS ripunzip binary 2024-05-24 14:29:02 +02:00
Paolo Tranquilli
dcbf42d29c Bazel: reorganize LFS files and add licensing information 2024-05-24 14:26:22 +02:00
Tom Hvitved
386bc1eb03 Bazel: repin 2024-05-24 13:53:55 +02:00
Tom Hvitved
7490472772 Update Python to use Rust 1.74 2024-05-24 13:05:39 +02:00
Michael Nebel
c59c7cf02a C#: Use manual sink callables as exclusion for extrapolated sinks. 2024-05-24 12:50:48 +02:00
Michael Nebel
d272d6a9ca C#: Assume that models should apply when a method is overridable except for the implicit methods on Object and ValueType. 2024-05-24 12:50:48 +02:00
Michael Nebel
ad55744877 C#: Add model generator test case for property. 2024-05-24 12:50:48 +02:00
Michael Nebel
057a420833 C#: Update expected test output. 2024-05-24 12:50:48 +02:00
Michael Nebel
a8feda2e2b C#: Introduce lifting of callables in the model generator. 2024-05-24 12:50:48 +02:00
Michael Nebel
0d397cea9f C#: Add some model generator tests related to lifting. 2024-05-24 12:50:48 +02:00
Michael Nebel
3ad29d843d C#: Re-factor model generator specific to align with Java. 2024-05-24 12:50:48 +02:00
Michael Nebel
95473c06fc Merge pull request #16520 from michaelnebel/csharp/fixsummarizedcallabledataflow 
C#: Make the flow summary filtering in the adapter.
 2024-05-24 12:48:03 +02:00
Paolo Tranquilli
e694968012 Fix change to .gitattributes done by mistake 2024-05-24 12:41:32 +02:00
Paolo Tranquilli
175f0dbb00 Swift: remove broken obsolete alias 2024-05-24 12:40:29 +02:00
Paolo Tranquilli
94d6feffed Swift: fix module 2024-05-24 12:35:41 +02:00
Paolo Tranquilli
8e132e90cc Bazel: add executable attribute to lfs_files 2024-05-24 12:35:17 +02:00
Paolo Tranquilli
1529b58089 Swift: add resource dir updater 2024-05-24 12:19:06 +02:00
Paolo Tranquilli
e8b857b79e Bazel/Swift: add zip imports to packs 2024-05-24 12:18:42 +02:00
Tom Hvitved
0dbce3d077 Merge pull request #16451 from hvitved/treesitter/codeql-verbosity 
Tree-sitter: Respect verbosity defined in `CODEQL_VERBOSITY`
 2024-05-24 11:24:01 +02:00
Paolo Tranquilli
4d93e8a732 Bazel: move codeql packaging rules away from some macros 2024-05-24 10:27:45 +02:00
Paolo Tranquilli
60cf77be7e Bazel: add codeql specific packaging library 
This encapsulate arch specific logic, local installation and separation
of zip files into generic and arch-specific parts as required by the
internal build.
 2024-05-24 10:27:44 +02:00
Alvaro Muñoz
c6e3bafe00 Bump qlpack versions 2024-05-24 09:35:06 +02:00
Alvaro Muñoz
1fc45eb296 Improve ControlCheck for untrusted checkouts 2024-05-24 09:33:35 +02:00
Tamás Vajk
8ae607cdce Merge pull request #16577 from tamasvajk/fix/adjust-compiler-arg-test 
C#: Adjust compiler argument integration test
 2024-05-24 09:24:21 +02:00
Erik Krogh Kristensen
c743abad54 Merge pull request #14294 from am0o0/amammad-js-CodeInjection_execa 
JS: provide command execution sinks for execa package
 2024-05-24 09:20:19 +02:00
Anders Schack-Mulligen
5a7174dcbb Merge pull request #16500 from aschackmull/java/static-field-side-effect 
Java: Add support for flow through side-effects on static fields.
 2024-05-24 09:19:31 +02:00
Michael Nebel
78d4745722 Merge pull request #16578 from michaelnebel/java/dontliftneutral 
Java: Do not lift neutrals in Model generation.
 2024-05-24 09:19:20 +02:00
Tamas Vajk
9aee2dc002 C#: Adjust compiler argument integration test 2024-05-24 08:39:08 +02:00
Michael Nebel
f5c654b669 Merge pull request #16579 from tamasvajk/fix/integration-test-2 
C#: Fix integration test expected file
 2024-05-24 08:16:37 +02:00
Dave Bartolomeo
6f67f9e887 Merge pull request #16564 from github/dbartol/v1 
Update all pack versions to `1.0.0`
 2024-05-23 17:32:27 -04:00
Dave Bartolomeo
f498e05099 Merge branch 'main' into dbartol/v1 2024-05-23 14:37:28 -04:00