hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-29 00:27:05 +02:00
Code Issues Packages Projects Releases Wiki Activity
87,274 Commits 1,784 Branches 169 Tags
codeql-cli-2.25.4
Commit Graph

87274 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alex Ford
893c8763bb Ruby: model ActiveSupport json_escape flow 2022-11-24 15:33:08 +00:00
Edoardo Pirovano
9071acea01 Merge pull request #11416 from github/edoardo/mergeback-3.8 
Merge `rc/3.8` into `main`
 2022-11-24 15:05:28 +00:00
Erik Krogh Kristensen
03737543d4 Merge pull request #11403 from erik-krogh/additional 
ReDoS: add missing additional keywords
 2022-11-24 15:53:51 +01:00
Edoardo Pirovano
8eeba92a47 Merge pull request #11415 from github/edoardo/mergeback-2.11.4 
Merge `codeql-cli-2.11.4` into `rc/3.8`
 2022-11-24 14:42:36 +00:00
Henry Mercer
56e5f01ce0 Merge branch 'main' into codeql-ci/atm/release-0.4.2 2022-11-24 14:41:49 +00:00
Jeroen Ketema
4c94ff7deb Merge pull request #11413 from jketema/default-taint-upper-bound-check-fix 
C++: Fix upper bound detection in default taint flow
 2022-11-24 15:36:59 +01:00
github-actions[bot]
78d49e44b1 JS: Bump version of ML-powered library and query packs to 0.4.3 2022-11-24 14:22:14 +00:00
github-actions[bot]
8d96bfe973 JS: Bump patch version of ML-powered library and query packs 2022-11-24 14:18:13 +00:00
Nick Rolfe
50b10be2db Ruby: StackTraceExposure: add test for a specific rescue type 2022-11-24 14:08:34 +00:00
Nick Rolfe
1c407a28cd Apply suggestions from code review 
Co-authored-by: Harry Maclean <hmac@github.com>
 2022-11-24 14:02:32 +00:00
Jeroen Ketema
223eeb6921 C++: Fix upper bound detection in default taint flow 2022-11-24 14:38:36 +01:00
Tony Torralba
adf905d838 Merge pull request #11368 from ka1n4t/main 
Java: Add binding between annotation and sink-param in MyBatis SQL Injection query
 2022-11-24 14:34:57 +01:00
Tony Torralba
1d57663343 Merge pull request #11345 from atorralba/atorralba/swift/data-models 
Swift: Add taint models for the Data class
 2022-11-24 14:23:41 +01:00
Geoffrey White
32442a33de Merge pull request #11270 from geoffw0/optionals2 
Swift: Dataflow through ?? and ? :
 2022-11-24 13:20:54 +00:00
Ian Lynagh
184c903ec7 Merge pull request #11401 from igfoo/igfoo/unused 
Kotlin: Remove an unused argument
 2022-11-24 12:47:50 +00:00
Ian Lynagh
501ea31c25 Merge pull request #11404 from igfoo/igfoo/build_refactor 
Kotlin build system: Refactor jar-finder
 2022-11-24 12:47:34 +00:00
Anders Schack-Mulligen
f2897f5bfc Merge pull request #11392 from aschackmull/java/adjust-mad-dispatch-priority 
Java: Adjust the prioritisation between MaD and source dispatch.
 2022-11-24 13:10:48 +01:00
Tony Torralba
e4e5291511 Fix more test expectations after rebase 2022-11-24 13:03:12 +01:00
Erik Krogh Kristensen
6464135800 Merge pull request #11409 from erik-krogh/cache-more 
Ruby: cache the compiled extractor in the build tests
 2022-11-24 12:42:33 +01:00
Tony Torralba
fc7c66dab2 Remove now unnecessary additional taint step in UnsafeJsEval 2022-11-24 12:35:52 +01:00
Tony Torralba
e67b72d954 Update test expectations 2022-11-24 12:35:51 +01:00
Tony Torralba
25354d2dd8 Apply code review suggestions 2022-11-24 12:35:51 +01:00
Tony Torralba
6a8b9fde78 Add data flowsources test 2022-11-24 12:35:51 +01:00
Tony Torralba
d6b14a1395 Update test expectations 2022-11-24 12:35:50 +01:00
Tony Torralba
2284127650 Add MaD rows for the Data class 2022-11-24 12:35:50 +01:00
Tony Torralba
4bbc1dc734 Update test expectations 2022-11-24 12:34:48 +01:00
Tony Torralba
cac6e946ab Merge pull request #11411 from atorralba/atorralba/swift/fix-nsdata-test 
Swift: Fix expectation in NSData tests
 2022-11-24 12:34:28 +01:00
Ben Ahmady
7f5df4fc0e Merge pull request #11384 from github/subatoi/codeql-cli-2.11.4 
Adds Kotlin (beta) content
codeql-cli/v2.11.4 		2022-11-24 11:33:46 +00:00
Geoffrey White
c6835cd270 Swift: Update .generated.list. 2022-11-24 11:16:56 +00:00
Tony Torralba
4f8ef13cd8 Fix expectation in NSData tests 2022-11-24 12:13:46 +01:00
Tony Torralba
04450c5173 Merge pull request #11378 from atorralba/atorralba/swift/nsdata-models 
Swift: Add models for NSData and NSMutableData
 2022-11-24 11:19:14 +01:00
Tony Torralba
17218fa663 Formatting 2022-11-24 11:14:16 +01:00
Ben Ahmady
42259ef8d1 Update docs/codeql/reusables/kotlin-java-differences.rst 2022-11-24 10:10:42 +00:00
Tony Torralba
443d0f50c1 Apply suggestions from code review 2022-11-24 11:10:07 +01:00
erik-krogh
c9a600d496 Ruby: cache the compiled extractor, because that's way smaller than the cargo cache 2022-11-24 10:55:38 +01:00
Tony Torralba
2ac06b8db9 Turns out lambda flow is already supported 2022-11-24 10:52:27 +01:00
Nora Dimitrijević
8f065e9483 Merge pull request #11001 from d10c/swift/js-injection 2022-11-24 10:52:05 +01:00
Tom Hvitved
4e4ee32dbc Data flow: Join on one more column in flowThroughIntoCall 2022-11-24 10:48:29 +01:00
Michael Nebel
cb4a7e22f0 Merge pull request #11395 from michaelnebel/csharp/externalflowcleanup 
C#: ExternalFlow.qll cleanup.
 2022-11-24 10:28:58 +01:00
Rasmus Wriedt Larsen
d151e21f15 Python: Move ControlFlowNode.toString() to AST cached stage 
This means points-to is no longer evaluated for sql injection 🎉

Thanks @asgerf 💪
 2022-11-24 10:14:39 +01:00
Mathias Vorreiter Pedersen
d9fab8afd9 Merge pull request #11405 from jketema/611-use-use-fix 
C++: Fix CWE-611 XXE query to work with use-use dataflow - take 2
 2022-11-24 09:10:28 +00:00
Harry Maclean
57f689401e Ruby: SplatExprCfgNode extends UnaryOperationCfgNode 2022-11-24 17:33:57 +13:00
Jeroen Ketema
6fa5fdfeb2 C++: Fix CWE-611 XXE query to work with use-use dataflow - take 2 
This commit ensures stack allocated parsers are also handled.
 2022-11-23 23:59:04 +01:00
Ian Lynagh
2d92cee26a Kotlin build system: Refactor jar-finder 
We were globbing with a * in the filename, but that is not necessary.
 2022-11-23 21:43:32 +00:00
Erik Krogh Kristensen
1eec067474 Merge pull request #11294 from erik-krogh/fileDoc 
QL: improve the "this block-comment should have been a QLDoc"-query
 2022-11-23 22:23:36 +01:00
Erik Krogh Kristensen
3d4f64f168 Merge pull request #11397 from erik-krogh/call-instanceof 
Rb: use `instanceof` instead of `extends` on `DataFlow::CallNode` in some case
 2022-11-23 22:20:17 +01:00
Erik Krogh Kristensen
efdfc361be Merge pull request #11396 from erik-krogh/jsTypo 
JS: fix two typos
 2022-11-23 22:18:43 +01:00
erik-krogh
95f35196e4 add missing additional keywords 2022-11-23 20:45:51 +01:00
Ian Lynagh
5b8b9044a5 Kotlin: Remove an unused argument 2022-11-23 18:47:53 +00:00
tiferet
03b8e649f1 Filter endpoints by confidence 
Select endpoints to score at inference time base purely on their confidence level, and not on whether they fit the historical definition of endpoint filters.
 2022-11-23 10:46:27 -08:00