codeql

mirror of https://github.com/github/codeql.git synced 2026-06-13 08:51:20 +02:00

Author	SHA1	Message	Date
Owen Mansel-Chan	82bbecc9c4	Merge pull request #16307 from owen-mc/go/fix/incomplete-hostname-regex Go: fix flow through string concatenation in `go/incomplete-hostname-regex`	2024-04-25 09:43:51 +01:00
Tamas Vajk	15c1fd9425	C#: Improve log messages	2024-04-25 10:39:53 +02:00
Ben Ahmady	be9009d653	Use clearer filename	2024-04-25 08:16:48 +00:00
Ben Ahmady	037211c4a4	Add formatting fixes	2024-04-25 08:10:27 +00:00
Rasmus Wriedt Larsen	13ff9412a4	Merge pull request #16252 from RasmusWL/move-dataflow-tests Python: Move dataflow tests out of experimental	2024-04-25 10:05:06 +02:00
Jeroen Ketema	9d24b5afa6	Merge pull request #16319 from jketema/ir-comment-fix C++: Fix comment in IR test	2024-04-25 09:59:58 +02:00
Ben Ahmady	8cba276b87	Deprecate the CodeQL for VS Code docs in favour of docs.github.com version	2024-04-25 07:59:33 +00:00
Paolo Tranquilli	4ca8faa9c9	Go: introduce universal binaries on macOS	2024-04-25 09:27:59 +02:00
Paolo Tranquilli	393f6b7666	Go: add gazelle-generated `BUILD` files	2024-04-25 08:53:26 +02:00
Alvaro Muñoz	39308fd89f	Fix typo	2024-04-24 22:09:03 +02:00
Alvaro Muñoz	0ff967b102	Fix typo	2024-04-24 22:07:18 +02:00
Alvaro Muñoz	fbf03fa8e2	New expression is always true tests	2024-04-24 21:51:27 +02:00
Jeroen Ketema	95ec4e8d26	C++: Fix comment in IR test	2024-04-24 21:47:47 +02:00
Tom Hvitved	17e0cc5648	Merge pull request #16313 from hvitved/dataflow/fix-bad-join3 Data flow: Fix bad join	2024-04-24 17:09:14 +02:00
Paolo Tranquilli	196b6d7a1d	CI: simplify reporting	2024-04-24 16:43:38 +02:00
Paolo Tranquilli	9def57250d	CI: make reporting better	2024-04-24 16:35:50 +02:00
Paolo Tranquilli	9af9873e04	CI: add names to steps	2024-04-24 16:20:54 +02:00
Paolo Tranquilli	9f5782b67b	Bazel: introduce buildifier formatting This introduces tooling and enforcement for formatting bazel files. The tooling is provided as a bazel run target from [keith/buildifier-prebuilt](https://github.com/keith/buildifier-prebuilt). This is used in a [`pre-commit`](https://pre-commit.com/) hook for those having that installed. In turn this is used in a CI check. Relying on a `pre-commit` action gives us easy checking that buildifying did not change anything in the files and printing the diff, without having to hand-roll the check ourselves. This enforcement will make usage of gazelle easier, as gazelle itself might reformat files, even outside of `go`. Having them properly formatted will allow gazelle to leave them unchanged, without needing to configure awkward exclude directives.	2024-04-24 15:49:48 +02:00
Alex Ford	98a6d0fa26	Ruby: add another SQLi AR conditions test case	2024-04-24 14:46:53 +01:00
Alex Ford	6b0e7961fa	Ruby: prepare test case whitespace	2024-04-24 14:39:06 +01:00
Owen Mansel-Chan	c61177cf42	Add change note	2024-04-24 14:21:59 +01:00
Owen Mansel-Chan	4140942479	Update tests	2024-04-24 14:19:33 +01:00
Owen Mansel-Chan	fd306ed79b	Exclude constant names from sources to avoid duplicate results	2024-04-24 14:19:30 +01:00
Owen Mansel-Chan	8962307291	Add second good go file to tests	2024-04-24 14:19:29 +01:00
Owen Mansel-Chan	0000c72329	Remove attempt at avoiding duplicate alerts	2024-04-24 14:19:26 +01:00
Owen Mansel-Chan	3ef7a0932a	Add flow through string concatenation	2024-04-24 14:19:25 +01:00
Alvaro Muñoz	c9b2dac128	Update action.yml	2024-04-24 15:07:05 +02:00
Tamás Vajk	f29d2c21bd	Merge pull request #16312 from tamasvajk/fix/buildless/file-lookup C#: Fix `global.json` and `packages.config` lookup	2024-04-24 15:05:55 +02:00
Joe Farebrother	53f69d9966	Reduce query tests with cases covered by concept tests	2024-04-24 14:05:42 +01:00
Joe Farebrother	8fb2faa89b	Add additional info to concept tests	2024-04-24 14:05:41 +01:00
Joe Farebrother	2b935e575a	Add concept tests + fix typo	2024-04-24 14:05:41 +01:00
Joe Farebrother	ec4c820391	Fix deprecation	2024-04-24 14:05:41 +01:00
Joe Farebrother	1dce2eb325	Rename to response splitting	2024-04-24 14:05:40 +01:00
Joe Farebrother	49e5f8a1a5	Add tests for instances of the header write concept	2024-04-24 14:05:40 +01:00
Joe Farebrother	f3b27d611a	Add test case for validated wsgiref servers + fix typo	2024-04-24 14:05:40 +01:00
Joe Farebrother	f57ba3e642	Add change note	2024-04-24 14:05:40 +01:00
Joe Farebrother	d4a072818f	Add more tests	2024-04-24 14:05:40 +01:00
Joe Farebrother	eeef062f7c	Implement sinks for wsgiref + allow lists in bulk header updates + local flow	2024-04-24 14:05:39 +01:00
Joe Farebrother	9d56f3eb68	Fix qldoc formatting	2024-04-24 14:05:39 +01:00
Joe Farebrother	cf8db4e425	Update instances of experimental concept to the main one, and anotate missing experimental test results.	2024-04-24 14:05:39 +01:00
Joe Farebrother	daa31b5bb7	Add documentation	2024-04-24 14:05:38 +01:00
Joe Farebrother	8636a50190	Fix qldoc + remove deprecation from experimental concepts (as they are still used in another experimental query)	2024-04-24 14:05:38 +01:00
Joe Farebrother	fa28d94363	Added a sanitizer for replacing newlines.	2024-04-24 14:05:38 +01:00
Joe Farebrother	dbbc944f32	Correct spelling	2024-04-24 14:05:38 +01:00
Joe Farebrother	a88ad62c00	Implemented sinks for bulk header updates, and added corresponding tests.	2024-04-24 14:05:38 +01:00
Joe Farebrother	3e9341ff8a	Model class instantiation for werkzueg headers	2024-04-24 14:05:37 +01:00
Joe Farebrother	b9984beb16	Add test cases	2024-04-24 14:05:37 +01:00
Joe Farebrother	68d90918cf	Add to header write concept a specification of whether the name or value arg allows newlines. Ported sink defenitions from Flask and Werzeug from experimental to main. Removed experimental sink definitions for Django, as neither name nor value are vulnerable.	2024-04-24 14:05:37 +01:00
Joe Farebrother	25ffcb2fde	Split into customizations file	2024-04-24 14:05:37 +01:00
Joe Farebrother	6021d9238c	Move headers injection query and concept from experimental to main	2024-04-24 14:05:37 +01:00

... 385 386 387 388 389 ...

86439 Commits