hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-17 10:51:09 +02:00
Code Issues Packages Projects Releases Wiki Activity
87,274 Commits 1,780 Branches 169 Tags
codeql-cli-2.25.4
Commit Graph

87274 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Owen Mansel-Chan
b451adabfc Two small QLDoc improvements 2023-10-26 17:10:12 +01:00
Owen Mansel-Chan
896a3c65be Avoid doing float arithmetic with large integers 
There is the possibility of overflow.
 2023-10-26 17:09:53 +01:00
Owen Mansel-Chan
570ca3b6fe Fix upper bound check to make test pass 2023-10-26 17:08:19 +01:00
Alex Ford
24946c0dfd Ruby: modgen - restrict flow summaries to public methods 2023-10-26 17:05:31 +01:00
Alex Ford
fef2932f56 Apply suggestions from code review 
Co-authored-by: Harry Maclean <hmac@github.com>
 2023-10-26 17:04:51 +01:00
Owen Mansel-Chan
773f46d3b4 Add failing test for upper bound checks 2023-10-26 16:58:36 +01:00
Mathias Vorreiter Pedersen
30ecb4b0c8 Merge pull request #14588 from aschackmull/shared/rangeanalysis 
C++/Java: Share core range analysis
 2023-10-26 16:32:46 +01:00
yoff
867a39083e Merge pull request #14114 from yoff/python/allow-namespace-packages 
Python: Allow namespace packages
 2023-10-26 16:56:05 +02:00
Tony Torralba
7af3d239ab Java: Add JMS sink to java/unsafe-deserialization 2023-10-26 16:46:19 +02:00
Max Schaefer
08cc8b8e80 Autoformat. 2023-10-26 15:36:06 +01:00
erik-krogh
302199a74a fix TypeExprKinds crashing on a ThisExpression 2023-10-26 16:33:54 +02:00
Max Schaefer
abef8483bd Merge pull request #14600 from github/max-schaefer/express-rate-limit 
JavaScript: Add support for importing `express-rate-limit` using a named import.
 2023-10-26 15:15:22 +01:00
Max Schaefer
f42bd28ca9 Port changes to Ruby. 2023-10-26 15:06:45 +01:00
Mathias Vorreiter Pedersen
96a37f3a3c Swift: Simplify more tests. 2023-10-26 14:55:17 +01:00
Max Schaefer
741735cc83 Port changes to JavaScript. 2023-10-26 14:47:24 +01:00
Mathias Vorreiter Pedersen
2ad121a8a5 Swift: Simplify test. 2023-10-26 14:46:59 +01:00
Rasmus Lerchedahl Petersen
dcc778520a Python: refactor code 
Also add explanatory comment.

Co-authored-by: Taus <tausbn@github.com>
 2023-10-26 15:00:02 +02:00
Rasmus Lerchedahl Petersen
50041f07a3 Python: fix comment 2023-10-26 14:28:00 +02:00
Anders Schack-Mulligen
35f6e6ebb4 Java: Update tests to new partial flow api 2023-10-26 14:09:03 +02:00
Max Schaefer
aff848b038 Update javascript/ql/lib/semmle/javascript/security/dataflow/MissingRateLimiting.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2023-10-26 13:06:52 +01:00
Jeroen Ketema
dbb4167f80 Merge pull request #14579 from jketema/ir-backwards 
C++: Define an extractor version table and use in IR generation
 2023-10-26 13:36:15 +02:00
Owen Mansel-Chan
0ed01453b9 Fix getMaxIntValue to accept bitSize 64 2023-10-26 12:27:43 +01:00
Max Schaefer
2c7291336d Move test files into right directory. 2023-10-26 12:16:52 +01:00
Max Schaefer
bb146a1758 JavaScript: Add support for rateLimit export from express-rate-limit package. 2023-10-26 12:14:57 +01:00
Mathias Vorreiter Pedersen
2465cc20f0 Swift: Don't define 'ClosureSelfParameterNode' as the expression node of the closure. 2023-10-26 11:56:27 +01:00
Max Schaefer
3939167ba2 Include more details in the message for py/weak-cryptographic-algorithm. 
Specifically, we add a link to the location where the cryptographic algorithm is configured, which can be far away from its use.
 2023-10-26 11:28:09 +01:00
Jeroen Ketema
64004926bc C++: Use a more declarative predicate name 2023-10-26 12:07:19 +02:00
Jeroen Ketema
903f376620 C++: Define an extractor version table and use in IR generation 2023-10-26 12:07:19 +02:00
Mathias Vorreiter Pedersen
b1d4ca505d Merge pull request #14599 from aschackmull/dataflow/partialflow-separate 
Dataflow: Restrict partial flow to either forward or reverse flow.
 2023-10-26 11:01:03 +01:00
Anders Schack-Mulligen
bbc3cfba6f Dataflow: Fix documentation. 2023-10-26 11:29:16 +02:00
Anders Schack-Mulligen
a2e3b37847 Dataflow: Fix accidental visibility. 2023-10-26 11:28:52 +02:00
Chris Smowton
8198898d73 Merge pull request #14583 from smowton/smowton/admin/really-deprecate-old-java-names 
Java: Deprecate MethodAccess and SuperMethodAccess
 2023-10-26 10:25:05 +01:00
Owen Mansel-Chan
39eeed9238 Add failing test showcasing problem 2023-10-26 10:20:27 +01:00
Stephan Brandauer
5fe6a5a730 Merge pull request #14487 from github/kaeluka/extraction-query-docs 
Java: basic version of automodel extraction query docs
 2023-10-26 11:10:01 +02:00
Anders Schack-Mulligen
4dca4a7389 Dataflow: Restrict partial flow to either forward or reverse flow. 2023-10-26 10:33:03 +02:00
Anders Schack-Mulligen
ec58b209e3 Merge pull request #14584 from Marcono1234/kotlin-Literal-getLiteral 
Kotlin: Mention `Literal::getLiteral()` difference from source code
 2023-10-26 10:03:57 +02:00
Kevin Stubbings
21e4a5b2d5 Add Cookie Sanitizer 2023-10-25 22:07:08 -07:00
Kevin Stubbings
dafcd5ec98 Added support for Gin CORS 2023-10-25 17:23:10 -07:00
Maiky
a1e38c3444 Remove unnecessary imports and add returns 2023-10-26 01:16:43 +02:00
Chris Smowton
29d57d82b7 Deprecate MethodAccess and SuperMethodAccess 2023-10-25 22:26:38 +01:00
Ed Minnix
9d90c24006 Refactor to using MethodCall instead of MethodAccess 2023-10-25 14:31:56 -04:00
Ed Minnix
f288ddc3d5 Add signature back to trilead ssh2 model 2023-10-25 14:31:56 -04:00
Ed Minnix
d923784ae4 Add signatures to models 2023-10-25 14:31:56 -04:00
Ed Minnix
90c63ab6b0 Remove additional net.schmizz.sshj models 2023-10-25 14:31:56 -04:00
Edward Minnix III
2fb4dfeb90 TrustType should be nested in sun.security.pkcs11.Secmod models 
Co-authored-by: Jami <57204504+jcogs33@users.noreply.github.com>
 2023-10-25 14:31:55 -04:00
Ed Minnix
665b140a8a Make SaltAndParams be nested 2023-10-25 14:31:55 -04:00
Edward Minnix III
700201556c Remove extra model 
Co-authored-by: Jami <57204504+jcogs33@users.noreply.github.com>
 2023-10-25 14:31:55 -04:00
Ed Minnix
58dae6d1c6 Set provenance of models from otherApiCallableCredentialParam to manual and remove extra models 2023-10-25 14:31:55 -04:00
Edward Minnix III
2a91743477 Re-add IvParameterSpec constructor to otherApiCallableCredentialParam 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2023-10-25 14:31:55 -04:00
Ed Minnix
a28f19c857 Remove initialization vectors from SensitiveApi 2023-10-25 14:31:55 -04:00