hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-14 17:31:09 +02:00
Code Issues Packages Projects Releases Wiki Activity
86,439 Commits 1,785 Branches 169 Tags
codeql-cli-2.25.0
Commit Graph

86439 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Geoffrey White
92d57ab504 C++: Correct some existing cases that are in fact indirect. 2024-03-13 15:26:21 +00:00
Erik Krogh Kristensen
bd121b98ae Merge pull request #15893 from erik-krogh/more-filter-taint 
JS: allow more flow through .filter()
 2024-03-13 16:19:28 +01:00
Alvaro Muñoz
1bf2431c99 Improve UntrustedCheckout query 
Account for more events, more triggers and heuristics to detect git checkouts
 2024-03-13 15:41:57 +01:00
Rasmus Lerchedahl Petersen
533b63743b Python: test MaD syntax for keyword argument 
use the combined positional/keyword syntax as
that is what we will probably mostly use.
 2024-03-13 15:28:34 +01:00
Asger F
ddf6eb3a04 JS: Quick fix to make DeduplicatePathGraph compile 
There's an open PR for this where a real fix should be written
 2024-03-13 15:24:53 +01:00
Asger F
8ecdb5cefe Update VariableCapture.qll 2024-03-13 15:24:20 +01:00
Asger F
82abd867a0 JS: Update uses of AccessPathSyntax 
This doesn't yet migrate to the FlowSummaryImpl.qll in a qlpack, just trying to make things compile first
 2024-03-13 15:17:58 +01:00
Asger F
e5bc8db2f0 JS: Fix conflicting default for visbleImplInCallContext 2024-03-13 15:17:08 +01:00
Asger F
bb1f729a3f Update VariableCapture.qll 2024-03-13 15:16:37 +01:00
Asger F
97567f412e JS: Update VariableCapture.qll after changes to API 2024-03-13 14:53:00 +01:00
Tom Hvitved
6c0ed28e6b Python: Implement new data flow interface 2024-03-13 14:41:57 +01:00
Tom Hvitved
02ae2d1520 Java: Implement new data flow interface 2024-03-13 14:41:57 +01:00
Tom Hvitved
e4a4c18166 Go: Implement new data flow interface 2024-03-13 14:41:57 +01:00
Asger F
5e7d1d5c2c Merge branch 'main' into js/shared-dataflow-merged 2024-03-13 14:27:16 +01:00
Michael Nebel
560b355e0c C#: Remove hard-coded local sources from the uncontrolled-format-string query. 2024-03-13 14:26:30 +01:00
Erik Krogh Kristensen
53502a8662 Merge pull request #15510 from yoff/ts-54 
JS: Add support for TS 5.4
 2024-03-13 14:22:24 +01:00
Alvaro Muñoz
aa62603899 Merge pull request #29 from GitHubSecurityLab/clean 
fix: clean debug lefovers
 2024-03-13 13:50:11 +01:00
Alvaro Muñoz
0b71d02407 fix: clean debug lefovers 2024-03-13 13:49:50 +01:00
Jeroen Ketema
8d5eab401d C++: Introduce re-use expressions in the database scheme 2024-03-13 13:28:27 +01:00
Tom Hvitved
16cef92106 JS: Add DataFlow::Node.getLocation 2024-03-13 13:06:16 +01:00
Mathias Vorreiter Pedersen
8d504d8b32 Merge pull request #15899 from jketema/destructors10 
C++: Add IR tests for the destruction of temporaries
 2024-03-13 11:56:04 +00:00
Mathias Vorreiter Pedersen
465c3c18e3 C++: Add change note. 2024-03-13 11:49:26 +00:00
Asger F
c5a02dae2b Merge pull request #15768 from asgerf/js/amd-pseudo-deps 
JS: Do not treat AMD pseudo-dependencies as imports
 2024-03-13 12:49:17 +01:00
Mathias Vorreiter Pedersen
3ea39a2553 C++: Add some query tests. 2024-03-13 11:39:34 +00:00
Mathias Vorreiter Pedersen
bcd36b1994 C++: Recognize glib allocations and deallocations. 2024-03-13 11:39:15 +00:00
Geoffrey White
9aad43f649 C++: Add indirect test models. 2024-03-13 11:34:36 +00:00
Ian Lynagh
adefdfd59f Merge pull request #15889 from igfoo/igfoo/k2exprs 
Kotlin 2: Accept more changes in the exprs test
 2024-03-13 11:34:10 +00:00
Asger F
fa8933eb41 JS: Reduce duplication in UnsafeDynamicMethodAccessQuery 2024-03-13 12:30:05 +01:00
Asger F
ea4bc9cdbb JS: Comment about manually applying taint steps 2024-03-13 12:30:05 +01:00
erik-krogh
129286aa1c allow more flow through .filter() 2024-03-13 12:03:00 +01:00
Jeroen Ketema
3ef1ab49ea C++: Add IR tests for the destruction of temporaries 2024-03-13 12:00:02 +01:00
erik-krogh
013ed7adb3 Java: update the url-redirection in the same style as the C# qhelp 2024-03-13 11:58:16 +01:00
Asger F
406b080ce3 JS: Add comment about allowImplicitRead in PostMessageStar 2024-03-13 11:30:52 +01:00
Asger F
0a2050bc42 JS: Deduplicate predicate in HostHeaderPoisoningQuery 2024-03-13 11:27:18 +01:00
Asger F
11983faccf JS: Remove out-commented code 2024-03-13 11:26:56 +01:00
yoff
b5c0fbb827 Merge pull request #15776 from RasmusWL/tt-consistency 
Python: Add type-tracking consistency query
 2024-03-13 11:11:07 +01:00
Asger F
b31f20a64e JS: Explain why ObjetWrapperFlowLabel is deprecated 2024-03-13 11:08:25 +01:00
Asger F
e0aae53ac7 JS: Remove unnecessary BarrierGuardLegacy class 2024-03-13 11:05:23 +01:00
Asger F
fce2be0af3 JS: Use BarrierGuardLegacy in TaintedPath 2024-03-13 11:02:09 +01:00
Tom Hvitved
4085c8ec8f Merge pull request #15866 from hvitved/ruby/orm-tracking-ap-limit 
Ruby: Lower access path limit to 1 for `OrmTracking`
 2024-03-13 10:57:09 +01:00
Harry Maclean
806f42ef72 Ruby: Update change note 2024-03-13 09:54:17 +00:00
Asger F
e640154048 JS: Be backwards compatible with AdditionalBarrierGuardNode 
I've confirmed that the 'legacyBarrier' predicate does not occur in the DIL
 2024-03-13 10:54:02 +01:00
Harry Maclean
dd5eb982ec Merge pull request #15524 from hmac/hmac-process-spawn 
Ruby: Add some more command injection sinks
 2024-03-13 09:53:10 +00:00
Tony Torralba
2fd2b4c874 Merge pull request #15891 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2024-03-13 09:51:22 +01:00
Asger F
14e75be510 JS: Expand comments and synthetic node name in ForOfLoops 2024-03-13 09:27:00 +01:00
Asger F
e66f27cfe3 JS: Move hasWildcardReplaceRegExp to a shared place 2024-03-13 09:19:26 +01:00
Asger F
4043bc13ab JS: Explicit mark comment as a TODO 2024-03-13 09:19:03 +01:00
Asger F
858c79e395 JS: Add plain taint step through Promise.all() 2024-03-13 08:57:42 +01:00
Asger F
13a8e0fbf0 JS: Add failing test for Promise.all() 2024-03-13 08:54:06 +01:00
github-actions[bot]
cff2cdb9e4 Add changed framework coverage reports 2024-03-13 00:15:53 +00:00