hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,347 Commits 1,672 Branches 157 Tags
hmac-cli-injection-from-library-inputs
Commit Graph

33347 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Arthur Baars
169f65526e Merge pull request #8292 from aibaars/api-graphs-private 
Ruby: ApiGraphs: use private imports
 2022-03-02 00:35:46 +01:00
Taus
8460ab4f31 Merge pull request #7549 from hvitved/python/points-to-perf 2022-03-01 23:05:10 +01:00
Mathias Vorreiter Pedersen
155502cfdb C#/C++: Sync identical files. 2022-03-01 16:56:49 +00:00
Mathias Vorreiter Pedersen
4acae4a2d1 C++: Remove redundant conjunct. 2022-03-01 16:56:25 +00:00
Geoffrey White
2962b125af Merge branch 'main' into cwe497 2022-03-01 16:19:28 +00:00
Paolo Tranquilli
c81f2661a3 Merge pull request #8300 from redsun82/check-qhelp 
check-qhelp: call super init in IncludeHandler
 2022-03-01 17:07:28 +01:00
Paolo Tranquilli
ef4d1de9c3 check-qhelp: call super init in IncludeHandler 
`xml.sax.ContentHandler` has a non-trivial `__init__`. While this is
probably harmless, it does not hurt to fix this.
 2022-03-01 16:50:55 +01:00
Rasmus Lerchedahl Petersen
f55d7d627e python: model XPathEvaluator 2022-03-01 14:40:13 +01:00
Rasmus Lerchedahl Petersen
3bb17be389 python: add concept and library tests 2022-03-01 14:39:28 +01:00
Tom Hvitved
92fa0071bd Update python/ql/lib/semmle/python/pointsto/MRO.qll 
Co-authored-by: Taus <tausbn@github.com>
 2022-03-01 14:16:49 +01:00
Arthur Baars
ea8187c771 Ruby: .github/workflows/ruby-qltest.yml: turn off fail-fast 2022-03-01 13:30:56 +01:00
Arthur Baars
b2745d44f2 Ruby: update ReDoS.expected 2022-03-01 13:30:56 +01:00
Arthur Baars
61fa3ba314 Add change note 2022-03-01 13:30:56 +01:00
Arthur Baars
a51f17e0ed Ruby: introduce RegExpPatternSource 2022-03-01 13:30:51 +01:00
Arthur Baars
1240c11c4b Ruby: parse some string literals as regex 
In addition to regex literals, also parse normal string literals
as regular expressions if they somehow "flow" into a method call
that is known to interpret string values as regular expressions.
 2022-03-01 13:26:51 +01:00
Geoffrey White
5402b02fd7 Merge branch 'main' into cwe497 2022-03-01 11:58:24 +00:00
Mathias Vorreiter Pedersen
52dbf2c787 C#/C++: Sync identical files. 2022-03-01 11:50:50 +00:00
Mathias Vorreiter Pedersen
b6faa207a4 C++: Remove redundant cast. 2022-03-01 11:50:44 +00:00
Mathias Vorreiter Pedersen
93bd380838 C#/C++: Sync identical files. 2022-03-01 11:37:19 +00:00
Mathias Vorreiter Pedersen
6b324fb781 C++: Filter out InheritanceConversionInstructions with multiple base or derived classes when doing global value numbering. 2022-03-01 11:34:41 +00:00
Michael Nebel
8312fc6895 C#: Use groups and rename to trap.compression instead. Various changes to description to align with Ruby. 2022-03-01 12:01:44 +01:00
Tamás Vajk
94cb5c2be4 Merge pull request #8296 from github/post-release-prep/codeql-cli-2.8.2 
Post-release preparation for codeql-cli-2.8.2
 2022-03-01 11:57:36 +01:00
Rasmus Wriedt Larsen
eece2222ba Merge pull request #8252 from github/RasmusWL/debugging-dataflow-improvements 
Docs: Mention `hasPartialFlowRev` and performance problem
 2022-03-01 11:27:57 +01:00
Erik Krogh Kristensen
dfc74d728b fix duplicate words in qldoc 2022-03-01 11:22:58 +01:00
Erik Krogh Kristensen
1b5c7392f0 restrict the size of the getASubexpressionWithinQuery predicate, and remove double-recursion 2022-03-01 11:18:42 +01:00
Erik Krogh Kristensen
bdd07de7ed improve performance of getTestFile by finding possible test files first 2022-03-01 11:18:22 +01:00
Erik Krogh Kristensen
51482e4fcf Merge pull request #8295 from erik-krogh/ts46 
JS: Add support for TypeScript 4.6
 2022-03-01 11:09:02 +01:00
Michael Nebel
7522a2d248 Merge pull request #7832 from aschackmull/java/modelgen 
Java: Simplify model generator query using flow state.
 2022-03-01 10:57:07 +01:00
Rasmus Lerchedahl Petersen
ce3ee65f47 python: remove getTree for now 2022-03-01 10:49:21 +01:00
Rasmus Wriedt Larsen
f3f2c3183e Docs: Apply suggestions from code review 
Co-authored-by: James Fletcher <42464962+jf205@users.noreply.github.com>
 2022-03-01 10:45:24 +01:00
Mathias Vorreiter Pedersen
1f01d8014e Merge pull request #8225 from jketema/ir-structured-bindings-translation 
C++: Update the IR translation for structured bindings
 2022-03-01 09:43:35 +00:00
yoff
853857bd7e Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-03-01 10:26:29 +01:00
ihsinme
be11e4fc2d Apply suggestions from code review 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2022-03-01 12:25:57 +03:00
github-actions[bot]
980f822983 Post-release preparation for codeql-cli-2.8.2 2022-03-01 09:24:30 +00:00
Arthur Baars
7e6ef7ac74 Ruby: ApiGraphs: use private imports 2022-03-01 10:24:19 +01:00
Erik Krogh Kristensen
4c58f9781b add support for TypeScript 4.6 2022-03-01 09:56:21 +01:00
Mathias Vorreiter Pedersen
3719353338 Merge pull request #8172 from github/redsun82/pre-commit 
add pre-commit configuration
 2022-03-01 08:54:54 +00:00
Erik Krogh Kristensen
2b7c819135 fix extension of change-note 2022-03-01 09:54:19 +01:00
Michael Nebel
7bde1cbfb3 Java: Add case for Synthetic Fields in isRelevantTaintStep. 2022-03-01 09:15:01 +01:00
ihsinme
bc22b9b208 Update test.cpp 2022-03-01 09:43:15 +03:00
ihsinme
c6083a6f95 Apply suggestions from code review 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2022-03-01 09:37:57 +03:00
Jeroen Ketema
0c2cfa1307 C++: Add comment on the existence of reference types 2022-02-28 19:14:54 +01:00
Arthur Baars
5ce6b847d1 Merge pull request #8166 from aibaars/regex-char-sequence-1 
Ruby/Python: regex parser: group sequences of 'normal' characters
 2022-02-28 17:47:53 +01:00
Tamás Vajk
d3e36038a0 Merge pull request #8152 from tamasvajk/fix/useless-dynamic-cast 
C# Exclude dynamic casts from useless casts check
 2022-02-28 17:00:28 +01:00
Michael Nebel
24640c3670 Java: Make a testcase for wrappers of sources. 2022-02-28 16:57:36 +01:00
Michael Nebel
66fe0e74b5 Java: Don't require that the source is directly within the TargetApi itself (in that case wrappers get excluded). 2022-02-28 16:48:23 +01:00
Michael Nebel
4a0b2b64b3 Java: Explicitly tie ReturnNode to TargetApi before calling returnNodeAsOutput. 2022-02-28 16:48:23 +01:00
Tom Hvitved
44949b6353 Java: Add bindingset to returnNodeAsOutput 2022-02-28 16:48:23 +01:00
Anders Schack-Mulligen
908cc40c9f Java: Fix bug in model flow sanitizer. 2022-02-28 16:48:23 +01:00
Anders Schack-Mulligen
16a5ccddea Java: Simplify model generator query using flow state. 2022-02-28 16:48:23 +01:00