hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-14 09:21:07 +02:00
Code Issues Packages Projects Releases Wiki Activity
86,439 Commits 1,785 Branches 169 Tags
codeql-cli-2.25.0
Commit Graph

86439 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Max Schaefer
d3e0a90ae5 Go: Mention raw string iterals in QHelp for go/incomplete-hostname-regexp. 2024-03-15 11:22:40 +00:00
Tom Hvitved
693c28a821 Merge pull request #15931 from hvitved/ql/remove-missing-override-query 
QL4QL: Remove `MissingOverride` query
 2024-03-15 11:28:41 +01:00
Alvaro Muñoz
ea135a60de Merge pull request #35 from GitHubSecurityLab/jorgectf-patch-2 
Fix tokens
 2024-03-15 11:25:08 +01:00
Jorge
5908d6c567 Fix tokens 2024-03-15 11:23:37 +01:00
Jorge
465700b2cd Merge pull request #33 from GitHubSecurityLab/jorgectf-patch-1 
Add `GITHUB_TOKEN`
 2024-03-15 11:19:41 +01:00
Alvaro Muñoz
188f9d5adc Merge pull request #34 from GitHubSecurityLab/refactor_queries 
Refactor queries
 2024-03-15 11:17:31 +01:00
Alvaro Muñoz
169e57e874 Refactor queries 2024-03-15 11:10:41 +01:00
Owen Mansel-Chan
8e52483beb Add df-manual models in manually modeled classes 2024-03-15 10:10:23 +00:00
Jorge
a36ae6a7e2 Add GITHUB_TOKEN 2024-03-15 11:07:01 +01:00
Tom Hvitved
80649786c3 QL4QL: Remove MissingOverride query 2024-03-15 11:06:15 +01:00
Tom Hvitved
e7b00a7b42 Ruby: Add post-update argument nodes for string constants 2024-03-15 10:47:39 +01:00
Rasmus Wriedt Larsen
7eb4419342 Python: Restrict type-tracking content to only be precise 
At least for now :)
 2024-03-15 10:24:57 +01:00
Rasmus Wriedt Larsen
6babb2ff90 Python: Accept .expected for typetracking-summaries 2024-03-15 10:24:33 +01:00
Alvaro Muñoz
92dbceb507 boost pack versions 2024-03-15 10:19:08 +01:00
Rasmus Wriedt Larsen
00f2a6a65e Python: Update ssa-compute test expectations 2024-03-15 10:14:45 +01:00
Asger F
711a08b0d4 JS: Add TODO about switching to the shared library 2024-03-15 09:26:19 +01:00
Tony Torralba
171ff4d161 Merge pull request #15928 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2024-03-15 09:24:57 +01:00
Ed Minnix
71cf948650 Classes extending SourceNode for local and stored source models 
Queries such as `cs/sql-injection` cast their source to a `SourceNode`
in order to describe them. For example:

```ql
import semmle.code.csharp.security.dataflow.flowsources.FlowSources

string getSourceType(DataFlow::Node source) {
   result = source.(SourceNode).getSourceType()
}
```

Models as data source models are not included in `SourceNode` by
default, they must be wrapped with a class extending `SourceNode`.

This adds such classes, which wrap the
`sourceNode(DataFlow::Node,string)` predicate and assigns a
`getSourceType`.
 2024-03-14 22:23:54 -04:00
github-actions[bot]
7f05743212 Add changed framework coverage reports 2024-03-15 00:16:16 +00:00
Joe Farebrother
f464f1b94e Accept test output + fix qldoc typo 2024-03-14 22:25:37 +00:00
Joe Farebrother
b4ed77343b Add change note + fix qldoc 2024-03-14 22:25:36 +00:00
Joe Farebrother
3e61be1b6a Add test cases 2024-03-14 22:25:36 +00:00
Joe Farebrother
5333c75919 Model additional string attributes 2024-03-14 22:25:36 +00:00
Joe Farebrother
8c31b612ca Model UploadedFile original_filename and read 2024-03-14 22:25:35 +00:00
Alvaro Muñoz
12af3bdf08 resolve conflicts 2024-03-14 22:42:57 +01:00
Alvaro Muñoz
46afa9c1f3 Add new tests 2024-03-14 22:41:01 +01:00
Alvaro Muñoz
f251783c26 Apply suggestions from code review 
Co-authored-by: Jorge <46056498+jorgectf@users.noreply.github.com>
 2024-03-14 21:52:22 +01:00
Alvaro Muñoz
d21d453d1c Split queries 2024-03-14 21:52:22 +01:00
jorgectf
d26ead7c3b Add security sinks 2024-03-14 21:52:22 +01:00
Mathias Vorreiter Pedersen
6dddae0154 Merge pull request #15925 from MathiasVP/rename-dataflowutil-class 
C++: Follow-up to #15918
 2024-03-14 18:15:14 +00:00
Jorge
4fcd68ba5a Merge pull request #31 from GitHubSecurityLab/new_sinks 
Add security sinks
 2024-03-14 19:11:27 +01:00
Jorge
1e64b18212 Add suite that runs all queries 2024-03-14 19:09:22 +01:00
Alvaro Muñoz
70dd7fe18f Apply suggestions from code review 
Co-authored-by: Jorge <46056498+jorgectf@users.noreply.github.com>
 2024-03-14 17:47:20 +01:00
Alvaro Muñoz
d011269bf8 Merge pull request #32 from GitHubSecurityLab/choose-suite 2024-03-14 17:42:55 +01:00
Jorge
53209a26b1 build 2024-03-14 16:22:34 +00:00
Jorge
a9aba88bc5 Add alternate value 2024-03-14 17:21:26 +01:00
Jorge
678f99b6be build 2024-03-14 16:14:33 +00:00
Jorge
a9057a7386 Add suite input 2024-03-14 17:10:35 +01:00
Tony Torralba
ee3efbadae Merge pull request #15924 from atorralba/atorralba/go/hardcoded-credentials-fix 
Go: Consider more strings as hardcoded credentials
 2024-03-14 16:52:34 +01:00
Alvaro Muñoz
cfed2d4ce0 Split queries 2024-03-14 16:30:23 +01:00
Tamás Vajk
945121de1b Merge pull request #15922 from tamasvajk/buildless/namespace-extraction 
C#: Handle namespace resolution error more gracefully
 2024-03-14 16:19:48 +01:00
Alvaro Muñoz
8e5eeb2ea3 Merge branch 'untrusted_co' 2024-03-14 16:15:53 +01:00
Alvaro Muñoz
5130135df0 fix(stepsExpression): allow steps from a composite action to communicate 2024-03-14 16:14:55 +01:00
Michael Nebel
2280469564 Merge pull request #15902 from michaelnebel/csharp/uncontrolledformatstring 
C#: Remove hard-coded local sources from the uncontrolled-format-string query.
 2024-03-14 15:21:31 +01:00
Alvaro Muñoz
a3ccc2eba3 Merge pull request #30 from GitHubSecurityLab/untrusted_co 
Improve UntrustedCheckout query
 2024-03-14 14:52:39 +01:00
Alvaro Muñoz
778d8978b0 DF support for untrusted checkout query 2024-03-14 13:55:10 +01:00
Alvaro Muñoz
22d0600da8 Support more PR head checkouts 2024-03-14 13:28:39 +01:00
Alvaro Muñoz
d12b24886f Merge branch 'untrusted_co' of https://github.com/GitHubSecurityLab/codeql-actions into untrusted_co 2024-03-14 12:58:56 +01:00
Alvaro Muñoz
35df9519e1 Support more untrusted checkout cases 2024-03-14 12:58:47 +01:00
Alvaro Muñoz
9ca1ac5bb9 Fix expression regexp 2024-03-14 12:58:02 +01:00