hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 03:36:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,347 Commits 1,672 Branches 157 Tags
hmac-cli-injection-from-library-inputs
Commit Graph

33347 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dave Bartolomeo
cca74e925f Merge pull request #7724 from github/aeisenberg/examples-groups 
Add new groups for examples packs
 2022-01-27 12:11:26 -05:00
Rasmus Lerchedahl Petersen
c60df7d69c Merge branch 'main' of github.com:github/codeql into python/support-match 2022-01-27 16:45:17 +01:00
yoff
4632c14280 Merge pull request #7654 from RasmusWL/remove-old-pointsto-queries 
Python: Cleanup: Remove old points-to versions of queries
 2022-01-27 16:39:01 +01:00
Nick Rolfe
cd5010fe11 C#: sync changes from Ruby to improve ordering of graph test output 2022-01-27 15:34:01 +00:00
Tom Hvitved
b7fb9e8b95 Merge pull request #7768 from hvitved/csharp/extractor-diagnostics-query 
C#: Add internal extractor diagnostics query
 2022-01-27 16:33:32 +01:00
Chris Smowton
17656fc12b Merge pull request #7771 from Dig2/main 
Fix typo in CodeQL-query-help-for-JavaScript
 2022-01-27 15:03:35 +00:00
Mathias Vorreiter Pedersen
b3f4357dc8 Merge pull request #7742 from geoffw0/clrtxt6 
C++: Upgrade cpp/cleartext-storage-buffer
 2022-01-27 14:40:40 +00:00
Rasmus Lerchedahl Petersen
b93c04bb79 python: Add reverse flow in some patterns 
Particularly in value and literal patterns.
This is getting a little bit into the guards aspect of matching.
We could similarly add reverse flow in terms of
sub-patterns storing to a sequence pattern,
a flow step from alternatives to an-or-pattern, etc..
It does not seem too likely that sources are embedded in patterns
to begin with, but for secrets perhaps?

It is illustrated by the literal test. The value test still fails.
I believe we miss flow in general from the static attribute.
 2022-01-27 15:20:23 +01:00
Tom Hvitved
cdfe239016 C#: Guard against AssociatedSymbol not being an IEventSymbol 
Apply same logic as for property/indexer accessors to account for cases where
the associated event cannot be determined. I have not been able to reproduce
such cases locally, though we have seen reports of it happening.
 2022-01-27 15:14:03 +01:00
Nick Rolfe
6f06263d49 Ruby: add more properties for ordering nodes in graph tests 2022-01-27 13:57:43 +00:00
Dig2
516bed391a Fix CodeQL-query-help-for-JavaScript typo 2022-01-27 21:33:20 +08:00
Benjamin Muskalla
5c9c83d331 Revert "Enable on my repo" 
This reverts commit b9c3e6a052.
 2022-01-27 14:24:41 +01:00
Geoffrey White
2e1b09fd75 C++: Modernize flow sources. 2022-01-27 13:19:09 +00:00
Geoffrey White
47528dd8c0 C++: Autoformat. 2022-01-27 12:56:16 +00:00
Tamás Vajk
50f546043a Merge pull request #7769 from github/release-prep/2.8.0 
Release preparation for version 2.8.0
codeql-cli/v2.8.0 		2022-01-27 13:36:59 +01:00
Tom Hvitved
d9a1046e0e Merge pull request #7683 from hvitved/ruby/qltest-4-threads 
Ruby: Use multiple threads in QL test CI job
 2022-01-27 13:11:39 +01:00
Benjamin Muskalla
39a853b5e4 Remove unused models 2022-01-27 12:27:37 +01:00
Benjamin Muskalla
1cfb088634 rely on defaults 2022-01-27 12:26:59 +01:00
Benjamin Muskalla
e5acc6b54b use default sha for pr 2022-01-27 12:26:59 +01:00
Benjamin Muskalla
3646ae0995 Skip diff install if not needed 2022-01-27 12:26:58 +01:00
Geoffrey White
1bf9c19638 C++: Autoformat. 2022-01-27 11:26:18 +00:00
Geoffrey White
f090a3b440 C++: Add to and clarify some taint library QLDoc. 2022-01-27 11:26:00 +00:00
Benjamin Muskalla
10aa7a7982 Better name 2022-01-27 12:02:42 +01:00
Benjamin Muskalla
b9c3e6a052 Enable on my repo 2022-01-27 12:01:47 +01:00
Tom Hvitved
1e39259e26 Merge pull request #7750 from hvitved/ruby/desugar-hash-literals 
Ruby: Desugar hash literals
 2022-01-27 12:01:06 +01:00
Benjamin Muskalla
66b9974dd4 Simplify naming pattern 2022-01-27 12:00:29 +01:00
Geoffrey White
d9a2347178 C++: Switch back to IR taint. 2022-01-27 10:50:22 +00:00
Tamás Vajk
3d2cc8890a Update CHANGELOG.md 2022-01-27 11:50:13 +01:00
Tamás Vajk
cc4bb9b02f Update 0.0.8.md 2022-01-27 11:49:29 +01:00
Benjamin Muskalla
4aa0002e97 Rename workflow 2022-01-27 11:43:25 +01:00
github-actions[bot]
634134f283 Release preparation for version 2.8.0 2022-01-27 10:40:20 +00:00
Tom Hvitved
e2ae327a74 C#: Add internal extractor diagnostics query 2022-01-27 11:19:31 +01:00
Rasmus Lerchedahl Petersen
cb52ab669e python: address review comments 
The comment about `py_scopes` was simply removed
 2022-01-27 11:17:00 +01:00
Benjamin Muskalla
c1b5565e4d Automation to regenerate framework models 2022-01-27 11:15:10 +01:00
yoff
e28669e487 Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2022-01-27 10:31:43 +01:00
Tom Hvitved
f4195219f4 C#: Make TypeParameterConstraints a CachedEntity 2022-01-27 10:19:16 +01:00
Tom Hvitved
280023c45a Address review comments 2022-01-27 09:44:41 +01:00
Tom Hvitved
ece952ae2d Merge pull request #7759 from hvitved/csharp/more-debug-context 
C#: Add more debug context to various error messages
 2022-01-27 09:40:21 +01:00
Andrew Eisenberg
a7f755cf12 Add new groups for examples packs 
Also, remove version numbers. Will make it easier to avoid publishing
the examples packs.
 2022-01-26 14:49:18 -08:00
Dave Bartolomeo
d069d91bf5 Merge pull request #6601 from dbartol/dbartol/side-effect-reorder/work 
Fix order of IR call side effects
 2022-01-26 17:02:02 -05:00
Tom Hvitved
32d1263810 Merge pull request #7755 from hvitved/csharp/qltest-stubs 
C#: Restrict stub logic to QL test DBs
 2022-01-26 20:08:33 +01:00
Rasmus Lerchedahl Petersen
163c888781 python: port concepts and implementations 2022-01-26 19:05:37 +01:00
Rasmus Lerchedahl Petersen
e6b5833bd6 python: fix typo in qhelp 2022-01-26 19:05:36 +01:00
Mathias Vorreiter Pedersen
647d4d028e Merge pull request #7758 from jketema/unnamed-variable-fix 
C++: Do not report "Declaration hides variable" for unnamed variables
 2022-01-26 15:36:04 +00:00
Erik Krogh Kristensen
e75dc2116f add CWE-184 to incomplete-scheme-check and bad-tag-filter 2022-01-26 16:13:13 +01:00
Jeroen Ketema
ee78cc731d Add change note 2022-01-26 15:59:17 +01:00
Tom Hvitved
ef580aa8bc C#: Add more debug context to various error messages 2022-01-26 15:50:26 +01:00
Tom Hvitved
baefd623c4 Merge pull request #7757 from hvitved/csharp/remove-stats 
C#: Remove stats for removed relations
 2022-01-26 15:22:59 +01:00
Jeroen Ketema
9194af9b15 Do not report "Declaration hides variable" for unnamed variables 2022-01-26 15:10:37 +01:00
Jeroen Ketema
10a94cfa45 Add test for structured binding declaration hiding variable 2022-01-26 15:08:50 +01:00