hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,333 Commits 1,671 Branches 157 Tags
ginsbach/NewOverlayLocalJava
Commit Graph

4731 Commits

Author SHA1 Message Date
Joe Farebrother
da93a08639 Add change notes 
No change note is needed for Swift, as the new heuristics are unused and thus should not affect any queries.
 2024-05-09 10:03:20 +01:00
Joe Farebrother
9aff22c664 Fix typos in sensitive data regex 2024-05-09 09:39:03 +01:00
Joe Farebrother
5f4bc4197b Add private category to sensitive data heuristics 2024-05-08 10:02:00 +01:00
Chuan-kai Lin
cbc0261567 Ruby: Use entities in reorder directives 2024-05-03 11:18:15 -07:00
Harry Maclean
ef88f3ed09 Merge pull request #16377 from hmac/hmac-sanitization-fp 
Ruby: Fix StringSubstitutionCall charpred
 2024-05-02 13:31:01 +01:00
Owen Mansel-Chan
9bfb189fa7 Merge pull request #16392 from owen-mc/external-flow/standardize-empty-model-yml 
External flow: standardize `empty.model.yml`
 2024-05-02 11:01:47 +01:00
Owen Mansel-Chan
83249cd9c2 Fix grammar in comment 2024-05-02 09:59:48 +01:00
Owen Mansel-Chan
16dcc0969b Standardise comment explaining why extensible predicates must be defined 2024-05-01 22:00:01 +01:00
Owen Mansel-Chan
09e59ccf44 Name files with empty definitions of MaD extensible predicates to erowdmpty.model.yml 2024-05-01 21:39:38 +01:00
Harry Maclean
c00d0d302d Ruby: fix wording in rb/request-without-cert-validation 2024-05-01 17:25:58 +01:00
Harry Maclean
f7fc2e0b00 Ruby: Fix StringSubstitutionCall charpred 
Some missing parens meant this class targeted way more things than
intended.
 2024-05-01 16:14:58 +01:00
github-actions[bot]
99928b82ed Post-release preparation for codeql-cli-2.17.2 2024-04-30 12:15:35 +00:00
github-actions[bot]
5228d94d42 Release preparation for version 2.17.2 2024-04-30 10:25:51 +00:00
Erik Krogh Kristensen
7e839792da Merge pull request #16330 from erik-krogh/del-deps-apr-2024 
All: delete outdated deprecations
 2024-04-30 10:43:39 +02:00
Harry Maclean
51bc8e917e Ruby: Reduce FPs for rb/incomplete-hostname-regexp 
Arguments in calls to `match[?]` should only be considered regular
expression interpretations if the `match` refers to the standard library
method, not a method in source code.
 2024-04-29 11:19:34 +01:00
Harry Maclean
8b23f6db10 Ruby: Add URI.open example to rb/kernel-open qhelp 2024-04-27 09:53:54 +01:00
erik-krogh
800d7546fa change all the change-notes to breaking 2024-04-26 17:17:23 +02:00
erik-krogh
14d88eb3ce add change-notes 2024-04-26 12:56:28 +02:00
erik-krogh
baa31e1469 delete outdated deprecations 2024-04-25 22:19:28 +02:00
Alex Ford
98a6d0fa26 Ruby: add another SQLi AR conditions test case 2024-04-24 14:46:53 +01:00
Alex Ford
6b0e7961fa Ruby: prepare test case whitespace 2024-04-24 14:39:06 +01:00
Nick Rolfe
8f2e51faa6 Ruby: do fewer regexp matches in SensitiveActions 2024-04-24 12:32:49 +01:00
Nick Rolfe
af72c0848e Merge pull request #16306 from github/nickrolfe/js-sensitive 
JS: do fewer regexp matches in SensitiveActions
 2024-04-24 09:49:44 +01:00
Nick Rolfe
003d208574 JS: do fewer regexp matches in SensitiveActions 2024-04-23 15:31:38 +01:00
Anders Schack-Mulligen
b2f09949df Merge pull request #15599 from aschackmull/dataflow/fieldflowbranchlimit-v2 
Dataflow: update fieldFlowBranchLimit semantics
 2024-04-23 10:08:05 +02:00
Asger F
decd576a6b Merge pull request #15386 from asgerf/js/graph-export 
JS: Add library for exporting graphs as type models
 2024-04-18 11:56:17 +02:00
Alexander Eyers-Taylor
da3fa22cbd Merge pull request #16228 from github/post-release-prep/codeql-cli-2.17.1 
Post-release preparation for codeql-cli-2.17.1
 2024-04-17 11:24:34 +01:00
Asger F
3335d48154 Sync files 2024-04-16 20:26:41 +02:00
Asger F
be64daf265 Merge branch 'main' into js/graph-export 2024-04-16 20:23:33 +02:00
Cornelius Riemenschneider
6ba27dc863 Upgrade rules_pkg to 0.10.1. 2024-04-16 16:29:56 +02:00
github-actions[bot]
622e176a16 Post-release preparation for codeql-cli-2.17.1 2024-04-16 14:21:32 +00:00
Tom Hvitved
75b1e14098 Merge pull request #16205 from samgiz/samgiz-tiny-docs-fix 
Tiny docs fix
 2024-04-16 13:57:38 +02:00
github-actions[bot]
9bfe4ea90a Release preparation for version 2.17.1 2024-04-15 17:34:47 +00:00
Anders Schack-Mulligen
2f0987e980 Dataflow: Add dummy DataFlowSecondLevelScope implementations. 
These could be an empty type, but Unit was available and it probably
doesn't matter.
 2024-04-15 15:16:30 +02:00
Zigmas Bitinas
5125468307 Tiny docs fix 
Noticed the mistake when browsing the docs [here](https://codeql.github.com/codeql-standard-libraries/ruby/codeql/ruby/security/CodeInjectionCustomizations.qll/module.CodeInjectionCustomizations$CodeInjection$FlowState.html)
 2024-04-13 21:18:36 +01:00
Alex Ford
91bca4a2c3 Ruby: limit ActiveRecord conditions sink to first array element 2024-04-12 15:32:16 +01:00
Alex Ford
2950890180 Ruby: add more ActiveRecord conditions arg test cases 2024-04-12 15:31:28 +01:00
Alex Ford
f98479dca3 Ruby: prepare test case whitespace 2024-04-12 15:30:42 +01:00
Tom Hvitved
e7dc120456 Add deprecation comments 2024-04-12 13:40:15 +02:00
Tom Hvitved
04de315e0e Ruby: Deprecate models-as-data CSV interface 2024-04-12 13:40:14 +02:00
Joe Farebrother
5cebcadc56 Merge pull request #15987 from joefarebrother/ruby-mass-reassignment 
Ruby: Add query for insecure mass assignment
 2024-04-12 10:18:41 +01:00
Anders Schack-Mulligen
2c43d0c5a4 Ruby: Update expected output (interesting). 2024-04-12 09:20:38 +02:00
Anders Schack-Mulligen
7cc8fd00aa Ruby: Update expected output (uninteresting). 2024-04-12 09:20:35 +02:00
Anders Schack-Mulligen
6991f5452f Ruby: Add alert provenance plumbing. 2024-04-12 09:20:04 +02:00
Anders Schack-Mulligen
eafc0075fd Legacy dataflow: Sync. 2024-04-12 09:19:54 +02:00
Joe Farebrother
06d7b3ce80 Use cfg nodes 2024-04-11 22:30:41 +01:00
Erik Krogh Kristensen
c00e2075a4 Merge pull request #16111 from erik-krogh/rb-url 
RB: Improve QHelp for `rb/url-redirect`, and fix an FP.
 2024-04-11 13:03:35 +02:00
Joe Farebrother
ec973ac1f3 Use not exists 2024-04-11 09:38:41 +01:00
Joe Farebrother
0a3d73d902 Add flow steps and sanitizers for permit calls 2024-04-10 21:47:07 +01:00
Erik Krogh Kristensen
844e78dce5 remove redundant cast 
Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>
 2024-04-10 20:02:49 +02:00