hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-12 08:21:09 +02:00
Code Issues Packages Projects Releases Wiki Activity
87,274 Commits 1,785 Branches 169 Tags
codeql-cli-2.25.4
Commit Graph

87274 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Paolo Tranquilli
9def57250d CI: make reporting better 2024-04-24 16:35:50 +02:00
Paolo Tranquilli
9af9873e04 CI: add names to steps 2024-04-24 16:20:54 +02:00
Paolo Tranquilli
9f5782b67b Bazel: introduce buildifier formatting 
This introduces tooling and enforcement for formatting bazel files.

The tooling is provided as a bazel run target from
[keith/buildifier-prebuilt](https://github.com/keith/buildifier-prebuilt).

This is used in a [`pre-commit`](https://pre-commit.com/) hook for those
having that installed. In turn this is used in a CI check. Relying on a
`pre-commit` action gives us easy checking that buildifying did not
change anything in the files and printing the diff, without having to
hand-roll the check ourselves.

This enforcement will make usage of gazelle easier, as gazelle itself
might reformat files, even outside of `go`. Having them properly
formatted will allow gazelle to leave them unchanged, without needing
to configure awkward exclude directives.
 2024-04-24 15:49:48 +02:00
Alex Ford
98a6d0fa26 Ruby: add another SQLi AR conditions test case 2024-04-24 14:46:53 +01:00
Alex Ford
6b0e7961fa Ruby: prepare test case whitespace 2024-04-24 14:39:06 +01:00
Owen Mansel-Chan
c61177cf42 Add change note 2024-04-24 14:21:59 +01:00
Owen Mansel-Chan
4140942479 Update tests 2024-04-24 14:19:33 +01:00
Owen Mansel-Chan
fd306ed79b Exclude constant names from sources to avoid duplicate results 2024-04-24 14:19:30 +01:00
Owen Mansel-Chan
8962307291 Add second good go file to tests 2024-04-24 14:19:29 +01:00
Owen Mansel-Chan
0000c72329 Remove attempt at avoiding duplicate alerts 2024-04-24 14:19:26 +01:00
Owen Mansel-Chan
3ef7a0932a Add flow through string concatenation 2024-04-24 14:19:25 +01:00
Alvaro Muñoz
c9b2dac128 Update action.yml 2024-04-24 15:07:05 +02:00
Tamás Vajk
f29d2c21bd Merge pull request #16312 from tamasvajk/fix/buildless/file-lookup 
C#: Fix `global.json` and `packages.config` lookup
 2024-04-24 15:05:55 +02:00
Joe Farebrother
53f69d9966 Reduce query tests with cases covered by concept tests 2024-04-24 14:05:42 +01:00
Joe Farebrother
8fb2faa89b Add additional info to concept tests 2024-04-24 14:05:41 +01:00
Joe Farebrother
2b935e575a Add concept tests + fix typo 2024-04-24 14:05:41 +01:00
Joe Farebrother
ec4c820391 Fix deprecation 2024-04-24 14:05:41 +01:00
Joe Farebrother
1dce2eb325 Rename to response splitting 2024-04-24 14:05:40 +01:00
Joe Farebrother
49e5f8a1a5 Add tests for instances of the header write concept 2024-04-24 14:05:40 +01:00
Joe Farebrother
f3b27d611a Add test case for validated wsgiref servers + fix typo 2024-04-24 14:05:40 +01:00
Joe Farebrother
f57ba3e642 Add change note 2024-04-24 14:05:40 +01:00
Joe Farebrother
d4a072818f Add more tests 2024-04-24 14:05:40 +01:00
Joe Farebrother
eeef062f7c Implement sinks for wsgiref + allow lists in bulk header updates + local flow 2024-04-24 14:05:39 +01:00
Joe Farebrother
9d56f3eb68 Fix qldoc formatting 2024-04-24 14:05:39 +01:00
Joe Farebrother
cf8db4e425 Update instances of experimental concept to the main one, and anotate missing experimental test results. 2024-04-24 14:05:39 +01:00
Joe Farebrother
daa31b5bb7 Add documentation 2024-04-24 14:05:38 +01:00
Joe Farebrother
8636a50190 Fix qldoc + remove deprecation from experimental concepts (as they are still used in another experimental query) 2024-04-24 14:05:38 +01:00
Joe Farebrother
fa28d94363 Added a sanitizer for replacing newlines. 2024-04-24 14:05:38 +01:00
Joe Farebrother
dbbc944f32 Correct spelling 2024-04-24 14:05:38 +01:00
Joe Farebrother
a88ad62c00 Implemented sinks for bulk header updates, and added corresponding tests. 2024-04-24 14:05:38 +01:00
Joe Farebrother
3e9341ff8a Model class instantiation for werkzueg headers 2024-04-24 14:05:37 +01:00
Joe Farebrother
b9984beb16 Add test cases 2024-04-24 14:05:37 +01:00
Joe Farebrother
68d90918cf Add to header write concept a specification of whether the name or value arg allows newlines. 
Ported sink defenitions from Flask and Werzeug from experimental to main.
Removed experimental sink definitions for Django, as neither name nor value are vulnerable.
 2024-04-24 14:05:37 +01:00
Joe Farebrother
25ffcb2fde Split into customizations file 2024-04-24 14:05:37 +01:00
Joe Farebrother
6021d9238c Move headers injection query and concept from experimental to main 2024-04-24 14:05:37 +01:00
Tamás Vajk
3b44b131b9 Merge pull request #16311 from tamasvajk/fix/resx 
C#: Do not download `Microsoft.CodeAnalysis.ResxSourceGenerator` when…
 2024-04-24 13:49:55 +02:00
Tamas Vajk
4a97f95890 Improve code quality 2024-04-24 13:47:25 +02:00
Paolo Tranquilli
a23327c399 Merge branch 'main' into HEAD 2024-04-24 13:39:44 +02:00
Paolo Tranquilli
4aa0a8ebae Kotlin: make wrapper more robust for windows 2024-04-24 13:39:32 +02:00
Tamás Vajk
84ea3a9a2c Merge pull request #16310 from tamasvajk/buildless/nuget_versions 
C#: Add integration test with multiple versions of the same nuget pac…
 2024-04-24 13:33:27 +02:00
Nick Rolfe
8f2e51faa6 Ruby: do fewer regexp matches in SensitiveActions 2024-04-24 12:32:49 +01:00
Owen Mansel-Chan
f828f8ea65 Merge pull request #16250 from owen-mc/go/rename-untrusted-flow-source 
Go: Rename `UntrustedFlowSource` to `RemoteFlowSource` to match other language libraries
 2024-04-24 11:37:00 +01:00
Tom Hvitved
95d579d9de Data flow: Fix bad join 
```
Evaluated relational algebra for predicate _DataFlowImpl::Impl<HardcodedDataInterpretedAsCodeQuery::HardcodedDataInterpretedAsCodeFlow::C>::ret__#count_range@d112335l with tuple counts:
            285176  ~2%    {3} r1 = SCAN `_DataFlowDispatch::DataFlowCall.getEnclosingCallable/0#dispred#b7b78b19_DataFlowImpl::Impl<Hardcoded__#shared` OUTPUT In.1, In.0, In.2
        3265592261  ~3%    {5}    | JOIN WITH `DataFlowImpl::Impl<HardcodedDataInterpretedAsCodeQuery::HardcodedDataInterpretedAsCodeFlow::C>::returnCallEdge1/4#d02cae42_2301#join_rhs` ON FIRST 2 OUTPUT Lhs.0, Lhs.2, Rhs.2, Lhs.1, Rhs.3
             39070  ~8%    {6}    | JOIN WITH `DataFlowImplCommon::Cached::viableImplInCallContextExt/2#58e931ad` ON FIRST 3 OUTPUT Lhs.0, Lhs.3, Lhs.1, Lhs.2, Lhs.4, _
             39070  ~0%    {6}    | REWRITE WITH Out.5 := 1
                           return r1
```
 2024-04-24 12:22:28 +02:00
Tamas Vajk
f3daba510b C#: Fix global.json and packages.config lookup 2024-04-24 11:57:45 +02:00
Tamas Vajk
88e67715a1 C#: Do not download Microsoft.CodeAnalysis.ResxSourceGenerator when there are no resx files to process 2024-04-24 11:53:29 +02:00
Tamas Vajk
53eb753346 C#: Add integration test with multiple versions of the same nuget package 2024-04-24 11:50:43 +02:00
Mathias Vorreiter Pedersen
037114b336 Merge pull request #16309 from geoffw0/newtests 
C++: Add test cases
 2024-04-24 10:06:51 +01:00
Nick Rolfe
af72c0848e Merge pull request #16306 from github/nickrolfe/js-sensitive 
JS: do fewer regexp matches in SensitiveActions
 2024-04-24 09:49:44 +01:00
Tamás Vajk
de58ee5a22 Merge pull request #16225 from tamasvajk/buildless/resx 
C#: Add resource generator
 2024-04-24 10:10:45 +02:00
Tom Hvitved
a1a93c7331 Merge pull request #16304 from hvitved/csharp/fix-bad-join 
C#: Fix a bad join
 2024-04-24 08:11:25 +02:00