hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-10 15:31:12 +02:00
Code Issues Packages Projects Releases Wiki Activity
87,274 Commits 1,777 Branches 169 Tags
codeql-cli-2.25.4
Commit Graph

87274 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Geoffrey White
0344381120 Merge remote-tracking branch 'upstream/main' into docsforautofix 2024-07-10 11:17:52 +01:00
Geoffrey White
74384625f6 C++: Autoformat. 2024-07-10 11:17:44 +01:00
Alvaro Muñoz
53b88627e5 feat(core): Exclude worflow_run#branches#default branch from externally triggerable events 2024-07-10 12:15:49 +02:00
Alvaro Muñoz
f1d1c1e55a Bump QL versions 2024-07-10 11:49:37 +02:00
Alvaro Muñoz
f4dd771d1c feat(models): Add models for ssh-action 2024-07-10 11:49:18 +02:00
Alvaro Muñoz
e23054292b feat(tests): Add new tests 
Add new tests to verify that even if a job is privileged, if the vulnerability takes place in a different one, it should be considered as non-priveleged and reported as Cache Poisoning instead of Untrusted Checkout
 2024-07-10 11:49:02 +02:00
Tom Hvitved
8979bac4d8 Update shared/ssa/codeql/ssa/Ssa.qll 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2024-07-10 10:55:13 +02:00
Tamas Vajk
ccf56a21c2 C#: Order files in buildless extraction 2024-07-10 10:53:53 +02:00
Tom Hvitved
7928d751d1 Address review comment 2024-07-10 09:52:09 +02:00
aegilops
01ec7c22df Fixed test 2024-07-09 19:19:06 +01:00
am0o0
dd4bce8e30 finilize tests 2024-07-09 19:48:58 +02:00
am0o0
7a5838f1a2 MethodAccess => MethodCall 2024-07-09 19:43:22 +02:00
am0o0
e87d2fe922 remove redundent imports 2024-07-09 19:41:06 +02:00
aegilops
0aab2aef3b Formatting of QLL 2024-07-09 18:16:37 +01:00
aegilops
dae2aeb7d3 QLDoc 2024-07-09 18:16:02 +01:00
Mathias Vorreiter Pedersen
81593ece5a Merge pull request #16935 from MathiasVP/iterator-to-expired-container-fp-5 
C++: Add `cpp/iterator-to-expired-container` FP
 2024-07-09 17:07:19 +01:00
aegilops
86afd54a9b Moved new query to 'experimental' 
Moved lists of domains to data extensions, including adding those to the overall qlpack.yml

Expanded scope of new query to further domains operated by the untrusted owners of polyfill.io
 2024-07-09 16:38:01 +01:00
Alvaro Muñoz
8231261ccf New poisonable steps 2024-07-09 17:28:04 +02:00
Rasmus Wriedt Larsen
60d1dc8af8 Python: Bump extractor version 2024-07-09 14:15:52 +02:00
Rasmus Wriedt Larsen
6b3625e24e Python: Handle diagnostics writing for BuiltinModuleExtractable 2024-07-09 14:15:52 +02:00
Rasmus Wriedt Larsen
c1da2c1d2f Python: Gracefully handle exceptions in diagnostics writing 2024-07-09 14:15:51 +02:00
Rasmus Wriedt Larsen
a8b976b389 Python: Always log errors before writing diagnostics 
So we have the info in the logs if the diagnostics processing fails
 2024-07-09 13:47:53 +02:00
Tom Hvitved
d41eae6fc3 SSA: Add data-flow integration layer 2024-07-09 12:49:22 +02:00
Mathias Vorreiter Pedersen
48edb77300 C++: Add 'cpp/iterator-to-expired-container' FP. 2024-07-09 11:24:18 +01:00
Mathias Vorreiter Pedersen
6359388cea Merge pull request #16915 from MathiasVP/fix-iterator-to-expired-container-fp-4 
C++: Fix `cpp/iterator-to-expired-container` FPs
 2024-07-09 11:23:46 +01:00
Owen Mansel-Chan
d4bfab4735 Accept minor copy-editing suggestions. 2024-07-09 07:00:01 +01:00
Mathias Vorreiter Pedersen
39ad4d4a89 Merge pull request #16930 from MathiasVP/promote-unsafe-strncat-to-code-scanning 2024-07-08 21:51:57 +01:00
Alvaro Muñoz
59fd8530a3 Bump qlpack versions 2024-07-08 22:39:58 +02:00
Alvaro Muñoz
a368b797fd fix(checks): Add repository control checks 2024-07-08 22:39:22 +02:00
Alvaro Muñoz
ee265c4879 fix(models): Slash-command-action 
Do not consider slash-command-action command-arguments as a remote flow source if it requires write or admin permissions
 2024-07-08 22:38:53 +02:00
Alvaro Muñoz
a2af3c654b Account for all npm and pnpm subcommands 
Exclude args such as `npm -v`
 2024-07-08 20:46:29 +02:00
Mathias Vorreiter Pedersen
2c5f007687 Merge pull request #16929 from MathiasVP/add-unsafe-strncat-fp 2024-07-08 18:54:58 +01:00
Cornelius Riemenschneider
f87e680185 Merge pull request #16928 from github/criemen/install-remove 
Install script: Windows-compatible cleanup path.
 2024-07-08 17:53:18 +02:00
Owen Mansel-Chan
496e76c1c5 Merge pull request #16931 from owen-mc/go/fix/clear-sanitizer 
Go: fix `clear` sanitizer
 2024-07-08 16:52:37 +01:00
Cornelius Riemenschneider
16660ab1df address review 2024-07-08 17:37:33 +02:00
Cornelius Riemenschneider
8df2e4952c address review 2024-07-08 17:27:17 +02:00
Owen Mansel-Chan
a774aacfa8 Add change note 2024-07-08 16:09:17 +01:00
Mathias Vorreiter Pedersen
9cfd06c761 C++: Increase the precision of 'cpp/unsafe-strncat' to high. 2024-07-08 16:06:58 +01:00
Owen Mansel-Chan
68929d1f73 Fix definition of ClearSanitizer 2024-07-08 16:05:17 +01:00
Owen Mansel-Chan
eec2aa82a6 Add failing tests for ClearSanitizer 2024-07-08 16:05:04 +01:00
Mathias Vorreiter Pedersen
962c73da16 C++: Promote 'cpp/unsafe-strncat' to Code Scanning. 2024-07-08 16:02:29 +01:00
Angela P Wen
80bd361607 Merge pull request #16926 from github/post-release-prep/codeql-cli-2.18.0 
Post-release preparation for codeql-cli-2.18.0
 2024-07-08 16:51:16 +02:00
Owen Mansel-Chan
b83147fa44 Add links on threat models to change note 2024-07-08 15:39:27 +01:00
Owen Mansel-Chan
8241d0b7ef Update QLDoc for ReverseDnsUserInput 2024-07-08 15:33:39 +01:00
Owen Mansel-Chan
07a25a233d Update threat model documentation 2024-07-08 15:32:47 +01:00
Cornelius Riemenschneider
bb78536804 Install script: Windows-compatible cleanup path. 
Windows might need some retrying around deleting
the target directory.
 2024-07-08 16:21:29 +02:00
Owen Mansel-Chan
64432215a9 Make "reverse-dns" pass validation 2024-07-08 15:16:14 +01:00
Owen Mansel-Chan
8526510783 Add ungrouped threat models to threat-model-grouping.model.yml 2024-07-08 15:15:40 +01:00
Mathias Vorreiter Pedersen
d5d04f2f4c C++: Add a 'cpp/unsafe-strncat' FP. 2024-07-08 15:13:00 +01:00
Geoffrey White
8818f63ca7 C++: Add some practical details to the examples. 2024-07-08 14:32:05 +01:00