codeql

mirror of https://github.com/github/codeql.git synced 2026-06-13 17:01:10 +02:00

Author	SHA1	Message	Date
Mathias Vorreiter Pedersen	b5e59492bf	C++: Add change note.	2024-03-15 17:17:05 +00:00
Mathias Vorreiter Pedersen	fb218150e1	C++: Change the testcase so that it outputs the controlling values for switch statements as well.	2024-03-15 17:05:42 +00:00
Mathias Vorreiter Pedersen	07ebbb0591	C++: Accept test changes.	2024-03-15 17:04:27 +00:00
Mathias Vorreiter Pedersen	34decd3cf1	C++: Add more general public predicates to work with abstract values.	2024-03-15 17:03:45 +00:00
Mathias Vorreiter Pedersen	f4eb5f5a2d	C++: Convert 'getBranchSuccessor' to use abstract values.	2024-03-15 17:03:45 +00:00
Mathias Vorreiter Pedersen	b7292fbc67	C++: Introduce 'AbstractValue' similar to what C# has.	2024-03-15 17:03:45 +00:00
Mathias Vorreiter Pedersen	2af68d37d0	C++: Include 'SwitchInstruction's as 'IRGuardCondition's.	2024-03-15 17:03:45 +00:00
Mathias Vorreiter Pedersen	704f1fad46	C++: Add switches as testcases for guard conditions.	2024-03-15 17:02:32 +00:00
Jorge	09c2ba4280	Make action download `actions-all`	2024-03-15 16:39:18 +01:00
Max Schaefer	daee22d38c	Merge pull request #15933 from github/max-schaefer/go-incomplete-hostname-regex Go: Mention raw string iterals in QHelp for `go/incomplete-hostname-regexp`.	2024-03-15 15:07:10 +00:00
Edward Minnix III	8ae64e992c	Merge pull request #15929 from egregius313/egregius313/csharp/mad/source-node-clases-for-models C#: Add classes extending `SourceNode` for local and stored source models	2024-03-15 11:06:14 -04:00
Joe Farebrother	8c5fff2d11	Update names and qldoc for params taint predicates	2024-03-15 14:43:29 +00:00
Mathias Vorreiter Pedersen	23cf99734a	C++: Add a new experimental query ' cpp/iterator-to-expired-container'.	2024-03-15 14:29:29 +00:00
Mathias Vorreiter Pedersen	f7c29e6bfb	C++: Expose some previously private classes from our models so they can be used in queries.	2024-03-15 14:21:39 +00:00
Rasmus Lerchedahl Petersen	cfbc3f73ec	Pyhton: add test for conflicting summaries We noticed that when - a function has more than one summary (with different charpred) - one summary is subsumed by a subpath (or something happens around the function being extracted) - the function is called multiple times(we needed at least three) one of the summaries would no longer lead to flow.	2024-03-15 15:13:39 +01:00
Jorge	e0bbb66be4	Try to fix `actions-all` suite	2024-03-15 15:11:21 +01:00
Sim4n6	3acdd3382c	Update the expected file	2024-03-15 14:17:23 +01:00
Sim4n6	26a16b7857	use of a single var "op" of type Cmpop	2024-03-15 14:17:23 +01:00
Sim4n6	a717bf1b9d	Fix p tag in UnicodeDoS.qhelp	2024-03-15 14:17:23 +01:00
Sim4n6	af19a0342e	Fix UnicodeDoS vulnerability in CWE-770 code	2024-03-15 14:17:23 +01:00
Sim4n6	085d803b14	Fix UnicodeDoS vulnerability in CWE-770	2024-03-15 14:17:23 +01:00
Sim4n6	31dc542111	Update request parameter name in good_1() function	2024-03-15 14:17:23 +01:00
Sim4n6	70ebc58b4c	Refactor Unicode normalization code	2024-03-15 14:17:23 +01:00
Sim4n6	3d8868a6c3	Add routes for bad_5 and bad_6, and fix routes for good_3 and good_4	2024-03-15 14:17:23 +01:00
Sim4n6${{7*'7'}}	658b88e62f	Update python/ql/src/experimental/Security/CWE-770/UnicodeDoS.ql update the Config API Co-authored-by: yoff <lerchedahl@gmail.com>	2024-03-15 14:17:23 +01:00
Sim4n6	1f767b887e	Add some comments and docs	2024-03-15 14:17:23 +01:00
Sim4n6	5cc9170249	Add UnicodeDoS sink for werkzeug secure_filename	2024-03-15 14:17:23 +01:00
Sim4n6	342465057c	Add Unicode DoS (CWE-770)	2024-03-15 14:17:23 +01:00
Alvaro Muñoz	0da8f8d299	Merge pull request #36 from GitHubSecurityLab/fix_source_regexps fix(fn): Apply json wrappers to source regexps	2024-03-15 14:05:29 +01:00
Alvaro Muñoz	d9e589c6e7	Remove unnecessary boundary anchors	2024-03-15 13:58:46 +01:00
Alvaro Muñoz	6cb15f06bc	fix(fn): Apply json wrappers to source regexps	2024-03-15 13:54:21 +01:00
Alvaro Muñoz	27a9bc8564	Merge branch 'master' of https://github.com/GitHubSecurityLab/codeql-actions	2024-03-15 13:34:21 +01:00
Alvaro Muñoz	01d8d79e6d	Bump versions	2024-03-15 13:34:12 +01:00
Mathias Vorreiter Pedersen	19c9ea7e20	C++: Implement alias and side effect models for iterators.	2024-03-15 12:13:43 +00:00
Mathias Vorreiter Pedersen	a51fe4a00e	C++: Make the vector and iterator classes in 'ir.cpp' more realistic. This matches the one we use for dataflow tests.	2024-03-15 12:10:48 +00:00
Max Schaefer	d3e0a90ae5	Go: Mention raw string iterals in QHelp for `go/incomplete-hostname-regexp`.	2024-03-15 11:22:40 +00:00
Tom Hvitved	693c28a821	Merge pull request #15931 from hvitved/ql/remove-missing-override-query QL4QL: Remove `MissingOverride` query	2024-03-15 11:28:41 +01:00
Alvaro Muñoz	ea135a60de	Merge pull request #35 from GitHubSecurityLab/jorgectf-patch-2 Fix tokens	2024-03-15 11:25:08 +01:00
Jorge	5908d6c567	Fix tokens	2024-03-15 11:23:37 +01:00
Jorge	465700b2cd	Merge pull request #33 from GitHubSecurityLab/jorgectf-patch-1 Add `GITHUB_TOKEN`	2024-03-15 11:19:41 +01:00
Alvaro Muñoz	188f9d5adc	Merge pull request #34 from GitHubSecurityLab/refactor_queries Refactor queries	2024-03-15 11:17:31 +01:00
Alvaro Muñoz	169e57e874	Refactor queries	2024-03-15 11:10:41 +01:00
Owen Mansel-Chan	8e52483beb	Add df-manual models in manually modeled classes	2024-03-15 10:10:23 +00:00
Jorge	a36ae6a7e2	Add `GITHUB_TOKEN`	2024-03-15 11:07:01 +01:00
Tom Hvitved	80649786c3	QL4QL: Remove `MissingOverride` query	2024-03-15 11:06:15 +01:00
Tom Hvitved	e7b00a7b42	Ruby: Add post-update argument nodes for string constants	2024-03-15 10:47:39 +01:00
Rasmus Wriedt Larsen	7eb4419342	Python: Restrict type-tracking content to only be precise At least for now :)	2024-03-15 10:24:57 +01:00
Rasmus Wriedt Larsen	6babb2ff90	Python: Accept .expected for `typetracking-summaries`	2024-03-15 10:24:33 +01:00
Alvaro Muñoz	92dbceb507	boost pack versions	2024-03-15 10:19:08 +01:00
Rasmus Wriedt Larsen	00f2a6a65e	Python: Update ssa-compute test expectations	2024-03-15 10:14:45 +01:00

... 431 432 433 434 435 ...

87274 Commits