hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-26 15:17:06 +02:00
Code Issues Packages Projects Releases Wiki Activity
87,274 Commits 1,790 Branches 169 Tags
codeql-cli-2.25.4
Commit Graph

87274 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Harry Maclean
c1207e0938 Ruby: Fix rack response tracking 
Use type tracking instead of getReturningNode, which seems to be faster
and works correctly for the cases I've tried.
 2023-01-23 21:43:04 +00:00
erik-krogh
49f5e89f36 update expected output for experimental query 2023-01-23 22:29:49 +01:00
Erik Krogh Kristensen
fc66c905ff Merge pull request #11859 from erik-krogh/moreShell 
JS: slightly broaden the regular expression that recognizes bad string-concats used as shell commands
 2023-01-23 22:26:17 +01:00
Mathias Vorreiter Pedersen
ecbcee5bc8 Merge pull request #11945 from MathiasVP/refactor-param-out-nodes-2 2023-01-23 21:21:13 +00:00
Henry Mercer
21e63a8a86 Merge pull request #11967 from github/codeql-ci/atm/release-0.4.6 
JS: Bump version numbers of ML-powered packs after 0.4.6 release
 2023-01-23 20:43:18 +00:00
Henry Mercer
241951f53e Merge branch 'main' into codeql-ci/atm/release-0.4.6 2023-01-23 18:24:36 +00:00
github-actions[bot]
be481d975c JS: Bump version of ML-powered library and query packs to 0.4.7 2023-01-23 18:22:18 +00:00
github-actions[bot]
40a67d61d2 JS: Bump patch version of ML-powered library and query packs 2023-01-23 18:15:56 +00:00
Geoffrey White
25bcaa3a54 Merge pull request #11966 from geoffw0/usenumerics 
Swift: Use numeric types in CleartextLogging.qll.
 2023-01-23 18:06:17 +00:00
Sid Shankar
e32823c3e0 Merge pull request #11964 from github/sidshank/update-supported-language-versions-Jan-2023 
Update supported language versions in documentation
 2023-01-23 12:12:43 -05:00
Geoffrey White
19527016a5 Swift: Use numeric types in CleartextLogging.qll. 2023-01-23 16:52:03 +00:00
Geoffrey White
5ddff790b6 Swift: Autoformat. 2023-01-23 16:46:58 +00:00
Rasmus Wriedt Larsen
0879c8f8e1 Python: Expand comments on C3 MRO 2023-01-23 17:40:24 +01:00
Rasmus Wriedt Larsen
80324735bb Python: Fixup annotation for CWE-022-PathInjection/pathlib_use.py 2023-01-23 17:40:24 +01:00
Mathias Vorreiter Pedersen
79b77b01fd Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2023-01-23 15:49:36 +00:00
Sid Shankar
f77d156e9a Update supported version of Java 2023-01-23 15:41:35 +00:00
Sid Shankar
444df6fccb Update supported version of Go 2023-01-23 15:41:02 +00:00
Erik Krogh Kristensen
240248b9cf Merge pull request #11453 from erik-krogh/unsafeHtmlConstruction 
RB: add unsafe-html-construction query
 2023-01-23 16:40:25 +01:00
erik-krogh
11894144aa remove regular expression that did nothing 2023-01-23 16:38:09 +01:00
Jeroen Ketema
0a0d6d0841 Merge pull request #11963 from MathiasVP/testcase-with-loop 
C++: Add testcase with looping behavior
 2023-01-23 16:33:36 +01:00
Erik Krogh Kristensen
5be97f3761 Merge pull request #11909 from erik-krogh/concatCode 
Rb: recognize string concatenations as sinks for unsafe-code-construction
 2023-01-23 16:22:46 +01:00
Mathias Vorreiter Pedersen
a217017859 C++: Add testcase with looping behavior in C/C++ use-use flow. 2023-01-23 14:29:39 +00:00
erik-krogh
ae00518ddf remove the isAdditionalTaintStep predicate from UnsafeHtmlConstructionQuery, as it was not needed 2023-01-23 15:27:19 +01:00
erik-krogh
7c6ee5f293 Merge branch 'main' into unsafeHtmlConstruction 2023-01-23 15:01:01 +01:00
Erik Krogh Kristensen
32c4cf5769 Apply suggestions from code review 
Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>
 2023-01-23 14:58:04 +01:00
erik-krogh
800077dabe changes based on feedback 2023-01-23 14:54:36 +01:00
Erik Krogh Kristensen
a10b45e0db Merge pull request #11927 from mvogelgesang/express-rate-limit 
JS: Updated express-rate-limit example to match implementation examples f…
 2023-01-23 14:37:50 +01:00
Jeroen Ketema
05ecd2e015 Merge pull request #11958 from jketema/argv-if-tests 
C++: Add some additional uncontrolled format string tests
 2023-01-23 14:05:07 +01:00
erik-krogh
3cece50f78 add encodeURIComponent as a sanitizer for request-forgery 2023-01-23 13:53:53 +01:00
erik-krogh
be8ef1b324 add failing test 2023-01-23 13:52:36 +01:00
Erik Krogh Kristensen
45aaeb897a Merge pull request #11955 from erik-krogh/docFrameworks 
JS: add Fastify and restify to the list of supported frameworks
 2023-01-23 13:14:15 +01:00
Philip Ginsbach
78a2dfa7c4 Merge pull request #11939 from github/ginsbach/DocumentNewNamespaces 
document new namespaces
 2023-01-23 12:12:49 +00:00
Chris Smowton
fea97a22c6 Merge pull request #11827 from smowton/smowton/admin/test-gradle-script-parsing 
Java: Add integration tests for Android projects
 2023-01-23 11:39:24 +00:00
Philip Ginsbach
8a3972049b fix grammar 2023-01-23 11:15:22 +00:00
Mathias Vorreiter Pedersen
9dbea539ed Merge branch 'mathiasvp/replace-ast-with-ir-use-usedataflow' into refactor-param-out-nodes-2 2023-01-23 10:51:46 +00:00
Jeroen Ketema
cfc0dabad9 C++: Add some additional uncontrolled format string tests 
These duplicate the `i9` and `i91` tests slightly earlier in the same file, but
use an explicit `if` instead of the ternary operator.
 2023-01-23 11:50:45 +01:00
Mathias Vorreiter Pedersen
470abfd0aa C++: Conflate iterator value and indirection for taint-flow to fix AST dataflow. 2023-01-23 10:40:25 +00:00
yoff
fe0290fb39 Update supported-versions-compilers.rst 
List 3.11 as supported for Python
 2023-01-23 11:33:32 +01:00
Rasmus Wriedt Larsen
753192bb4d Merge branch 'main' into call-graph-code 2023-01-23 11:25:02 +01:00
Mathias Vorreiter Pedersen
962b651c44 C++: Fix models. 2023-01-23 10:10:02 +00:00
Alex Ford
3b10a2de11 Merge branch 'main' into rails/render_locals_shared 2023-01-23 10:00:22 +00:00
Alex Ford
55550e7980 Merge pull request #11941 from alexrford/summary-component-tostring-syntheticglobal 
Add missing toString case for synthetic globals
 2023-01-23 10:00:00 +00:00
Jeroen Ketema
3f9deb66ce Merge pull request #11936 from jketema/pretty-path 
C++: In use-use dataflow use the AST representation of IR Instructions and Operands as their strings
 2023-01-23 10:30:17 +01:00
Erik Krogh Kristensen
1ee9957838 Merge pull request #9807 from erik-krogh/endFilter 
JS: recognize "-->" as a bad tag filter
 2023-01-23 10:06:50 +01:00
Arthur Baars
99148244a4 Merge pull request #11856 from aibaars/update-grammars 
Update grammars
 2023-01-23 09:46:50 +01:00
erik-krogh
dc1bfa3a04 add Fastify and restify to the list of supported frameworks 2023-01-23 09:36:49 +01:00
Michael Nebel
69a42d8b1f Merge pull request #11931 from michaelnebel/csharp/refactor 
Remove the Csv postfix of some predicate names.
 2023-01-23 09:09:48 +01:00
Michael Nebel
440fe80c14 C#: Update stats. 2023-01-23 09:06:34 +01:00
Harry Maclean
21ce9b448a Ruby: Attempt to fix performance of AppCandidate 
`DataFlow::MethodNode.getAReturningNode` is expensive to compute.
Instead we look for rack responses which flow to the `SynthReturnNode`.
Each method has only one of these (vs many "returning" nodes) so it is
a lot faster.
I'm not sure yet whether the results are the same.
 2023-01-23 15:25:52 +13:00
Chris Smowton
a2e7b83411 Add additional note to Android tests 2023-01-21 11:57:54 +00:00