hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-14 09:21:07 +02:00
Code Issues Packages Projects Releases Wiki Activity
86,439 Commits 1,785 Branches 169 Tags
codeql-cli-2.25.0
Commit Graph

86439 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
dependabot[bot]
0c73340e47 Bump regex from 1.10.3 to 1.10.4 in /ql 
Bumps [regex](https://github.com/rust-lang/regex) from 1.10.3 to 1.10.4.
- [Release notes](https://github.com/rust-lang/regex/releases)
- [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/regex/compare/1.10.3...1.10.4)

---
updated-dependencies:
- dependency-name: regex
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-03-25 03:31:03 +00:00
Owen Mansel-Chan
ac6c4add14 Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2024-03-24 20:20:37 +00:00
Chris Smowton
d8686e02a8 Update test expectations 2024-03-24 17:57:27 +00:00
Owen Mansel-Chan
821f399193 Add change note 2024-03-23 23:51:52 +00:00
Owen Mansel-Chan
f4b3bae88b Add test for ParseException use of tokenImage 2024-03-23 23:48:16 +00:00
Owen Mansel-Chan
4832dc51ed Whitelist variable name tokenImage 2024-03-23 21:33:02 +00:00
Owen Mansel-Chan
63a04c056a Add test with tokenImage as used in JavaCC 2024-03-23 21:30:33 +00:00
Alvaro Muñoz
822e9bcaab env var injection query 2024-03-23 21:55:54 +01:00
Alvaro Muñoz
ff3759eca8 Merge pull request #40 from GitHubSecurityLab/refactor_source_checks 
feat(sources): Do not take triggers into consideration
 2024-03-23 21:42:19 +01:00
erik-krogh
051120e958 add qldoc for ReflectedXssSanitizers 2024-03-22 17:58:25 +01:00
erik-krogh
c60cec36d4 add calls to .html_safe? as a shared XSS sanitizer 2024-03-22 17:46:39 +01:00
Aditya Sharad
1a8932bc28 Merge pull request #16024 from github/changedocs/2.16.5 
Update CodeQL CLI to version 2.16.5
 2024-03-22 09:32:52 -07:00
Erik Krogh Kristensen
45ce988943 Merge pull request #16002 from erik-krogh/tarBlank 
JS: change the precision of the `js/unsafe-external-link` query to `low`
 2024-03-22 17:12:58 +01:00
Florin Coada
c653f1ce8c Add CodeQL 2.16.5 changelog 2024-03-22 15:28:54 +00:00
Joe Farebrother
592acb94d2 Add missing .s to qldoc 2024-03-22 15:28:34 +00:00
Max Schaefer
034ed17227 Apply suggestions from code review 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2024-03-22 15:24:29 +00:00
Jeroen Ketema
d9b0a5918c Merge pull request #16018 from jketema/tls-precision 
C++: Add precision to `cpp/boost/tls-settings-misconfiguration` and `cpp/boost/use-of-deprecated-hardcoded-security-protocol`
 2024-03-22 16:17:34 +01:00
Jeroen Ketema
453cdfa513 C++: Add change note 2024-03-22 15:52:52 +01:00
Joe Farebrother
a6ee19ca2d Fix query id 2024-03-22 14:36:47 +00:00
Ian Lynagh
63e34c4dec Kotlin 2: Accept more location changes 2024-03-22 14:09:20 +00:00
Joe Farebrother
01f712476b Add change note and update severity 2024-03-22 14:07:11 +00:00
Joe Farebrother
b74145349b Add test cases 2024-03-22 14:07:11 +00:00
Joe Farebrother
507a6102a2 Reorganise into Custimizations file + add some more sinks on ActiveRecord methods 2024-03-22 14:07:04 +00:00
Joe Farebrother
a8aac318d0 Add qhelp 2024-03-22 14:04:52 +00:00
Joe Farebrother
89838981b7 Add test cases 2024-03-22 14:04:52 +00:00
Joe Farebrother
0f45a53adc Add mass assignment query 2024-03-22 14:04:52 +00:00
Edward Minnix III
1785086ccb Merge pull request #15784 from egregius313/egregius313/csharp/dataflow/sources/file 
C#: Add source models for `file` threat model/source kind for .NET standard library
 2024-03-22 09:50:30 -04:00
Michael Nebel
a07ee8e961 C#: Update the AsList model to a value flow model. 2024-03-22 14:40:25 +01:00
Tamas Vajk
178a45af25 C#: Add high level diagnostic messages for buildless extraction (start, success) 2024-03-22 14:27:36 +01:00
Max Schaefer
bc9396e0e6 Address suggestions from review. 2024-03-22 13:19:36 +00:00
Michael B. Gale
f48e295f4a Merge pull request #16019 from p-/p--weak-enc-ecb-qhelp 
C#: add hint regarding ECB to weak encryption QHelp
 2024-03-22 13:09:08 +00:00
Michael Nebel
ca72b0583d C#: Update source and sink expected test output. 2024-03-22 13:59:47 +01:00
Erik Krogh Kristensen
7d968184fd improve the change-note 
Co-authored-by: Asger F <asgerf@github.com>
 2024-03-22 13:58:34 +01:00
Ed Minnix
4b13ad1310 Fix flow summary tests 2024-03-22 13:46:20 +01:00
Ed Minnix
9ed8ca27a1 Fix test and model 2024-03-22 13:46:19 +01:00
Ed Minnix
1f04229def Fix typo 2024-03-22 13:46:19 +01:00
Ed Minnix
73b4e8fe6a Add WithElement identifier to AsList method 2024-03-22 13:46:19 +01:00
Ed Minnix
9b23bfa038 Execute methods which return objects 
The `Execute` method returns `int` for "number of rows affected". But
some of the other `Execute*` methods return objects.
 2024-03-22 13:46:19 +01:00
Ed Minnix
5885938eaf Use wildcard signatures for Query methods 2024-03-22 13:46:19 +01:00
Ed Minnix
8223781978 Fix FlowSummaries tests 2024-03-22 13:46:19 +01:00
Ed Minnix
5ca6b40c34 Change note 2024-03-22 13:46:18 +01:00
Ed Minnix
23aeb1d878 Add tests 2024-03-22 13:46:18 +01:00
Ed Minnix
98285b5171 Add AsList summary 2024-03-22 13:46:18 +01:00
Ed Minnix
87ad170067 Dapper source models 2024-03-22 13:46:18 +01:00
Ian Lynagh
01475fd8ba Merge pull request #16011 from igfoo/igfoo/legacy_vars 
Java/Kotlin: Remove references to legacy ODASA_SNAPSHOT env var
 2024-03-22 12:38:37 +00:00
Alvaro Muñoz
2ed3aceddf feat(sources): Do not take triggers into consideration 2024-03-22 13:32:29 +01:00
Max Schaefer
4e4cd52f63 Go: Update query help for go/path-injection to include example fixes. 2024-03-22 11:45:59 +00:00
Peter Stöckli
d62d68a40b C#: add hint regarding ECB to weak encryption QHelp 2024-03-22 12:08:30 +01:00
Rasmus Wriedt Larsen
69f6e1e263 Merge pull request #16010 from RasmusWL/perf 
Python: Two small join-order fixes
 2024-03-22 11:36:17 +01:00
Jeroen Ketema
adfb3c3d50 C++: Simplify cpp/boost/tls-settings-misconfiguration 2024-03-22 11:22:11 +01:00