hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 19:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,347 Commits 1,672 Branches 157 Tags
hmac-cli-injection-from-library-inputs
Commit Graph

33347 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tom Hvitved
433e373e41 C#: Remove restriction in CFG implementation to work with stubs 2022-01-05 14:12:17 +01:00
Michael Nebel
6fb112f8ec C#: Update tests to comply with Csv validation rules for kind. 2022-01-05 13:44:47 +01:00
Michael Nebel
45469a4fe6 C#: Fix error message. 2022-01-05 13:44:47 +01:00
Michael Nebel
c88355ea13 C#: Introduce Csv validation for kind. 2022-01-05 12:48:24 +01:00
Arthur Baars
e96fcf8568 Merge pull request #7498 from github/dependabot/cargo/ruby/generator/clap-3.0 
Update clap requirement from 2.33 to 3.0 in /ruby/generator
 2022-01-05 12:24:42 +01:00
Mathias Vorreiter Pedersen
a48d5dcf48 Merge pull request #7459 from MathiasVP/promote-arithmetic-uncontrolled 
C++: Increase precision of `cpp/arithmetic-uncontrolled` to `high`
 2022-01-05 11:24:09 +00:00
Henry Mercer
19933262c4 Java: Fix copy/paste error in existing queries 
Co-authored-by: yo-h <55373593+yo-h@users.noreply.github.com>
 2022-01-05 10:50:22 +00:00
Mathias Vorreiter Pedersen
23b8b776ab C++: Add change-note. 2022-01-05 10:12:20 +00:00
Michael Nebel
9983c1cbfb C#: Remove generated comment checks in stub files as these are not present in handwritten stubs. 2022-01-05 10:37:37 +01:00
Mathias Vorreiter Pedersen
37c72cae3e Merge branch 'main' into promote-arithmetic-uncontrolled 2022-01-05 08:12:47 +00:00
Anders Schack-Mulligen
fdb3cd03ef Merge pull request #7513 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2022-01-05 08:54:46 +01:00
github-actions[bot]
0aa1152899 Add changed framework coverage reports 2022-01-05 00:10:19 +00:00
Erik Krogh Kristensen
c7da8df03c Merge pull request #7511 from erik-krogh/dedup-spaces 
Python: remove duplicated spaces in qldoc
 2022-01-04 21:39:15 +01:00
Erik Krogh Kristensen
fe1107ccac remove duplicated spaces in qldoc 2022-01-04 21:03:06 +01:00
Dave Bartolomeo
83ceb822aa Move upgrades into standard library packs 
Move upgrade to new location

Remove incorrectly merged files

Fix upgrades section
 2022-01-04 11:30:25 -08:00
Tom Hvitved
fd60c6e1ad Merge pull request #7510 from github/release-prep/2.7.5 
Release preparation for version 2.7.5
 2022-01-04 18:57:43 +01:00
Alex Ford
712972cb82 Ruby: formatting 2022-01-04 16:41:23 +00:00
Alex Ford
36ea360b25 Ruby: behaviour -> behavior 2022-01-04 15:43:38 +00:00
Mathias Vorreiter Pedersen
8f843209a8 Merge pull request #7493 from MrAnno/relax-ambiguously-signed-bit-field 
C++: relax ambiguously-signed-bit-field by allowing GLib's gboolean
 2022-01-04 16:18:46 +01:00
github-actions[bot]
1dfcf427aa Release preparation for version 2.7.5 2022-01-04 14:44:56 +00:00
Mathias Vorreiter Pedersen
e31185fea4 C++: add change-note for cpp/ambiguously-signed-bit-field. 2022-01-04 14:31:19 +00:00
László Várady
6496bf8c1d C++: relax ambiguously-signed-bit-field by allowing GLib's gboolean 
The gboolean type of GLib (a widely used C library) is a typedef to int.
It is meant to represent a simple true/false value.

Resolves #7491
 2022-01-04 14:22:48 +00:00
Tom Hvitved
964915ee2e C#: Treat QL test stubs as not from source 2022-01-04 14:53:28 +01:00
Tom Hvitved
bfb573c86a Merge pull request #7508 from hvitved/python/change-note-typo2 
Python: Fix another change note typo
 2022-01-04 14:10:37 +01:00
Tom Hvitved
6b4eaf674f Python: Fix another change note typo 2022-01-04 13:53:07 +01:00
Tom Hvitved
a1bbe58516 C#: More uses of PopulateArguments 2022-01-04 13:47:55 +01:00
Erik Krogh Kristensen
b9964799f3 Merge pull request #7458 from erik-krogh/modelling 
QL: add "modelling/modeling" to `ql/non-us-spelling`
 2022-01-04 13:33:54 +01:00
Anders Schack-Mulligen
6457f42497 Merge pull request #7500 from zbazztian/stringbuilder-reverse-taint 
Propagate taint through AbstractStringBuilder.reverse()
 2022-01-04 13:28:14 +01:00
Alex Ford
dadaf25262 Merge branch 'main' into ruby/rails-cookie-config 2022-01-04 12:04:44 +00:00
Geoffrey White
344e380fa3 Merge pull request #6949 from ihsinme/ihsinme-patch-073 
CPP: Add query for CWE-266 Incorrect Privilege Assignment
 2022-01-04 11:37:17 +00:00
Tom Hvitved
a2c1995b9b Merge pull request #7506 from hvitved/python/change-note-typo 
Python: Fix typo in change note
 2022-01-04 11:47:48 +01:00
Anders Schack-Mulligen
f8380dabe0 Update java/ql/lib/semmle/code/java/frameworks/Strings.qll 2022-01-04 11:47:26 +01:00
Edoardo Pirovano
081765cbe8 Apply suggestions from code review 
Co-authored-by: Asger F <asgerf@github.com>
 2022-01-04 10:07:34 +00:00
Tom Hvitved
23fb3455c0 Python: Fix typo in change note 2022-01-04 11:06:23 +01:00
Tom Hvitved
1f8a291d6f Merge pull request #7198 from hvitved/ruby/dataflow/arrays 
Ruby: Flow through arrays/enumerables
 2022-01-04 10:37:08 +01:00
yoff
5ba70ff3b6 Merge pull request #7369 from RasmusWL/filter-tag-cwe 
JS/Py/Ruby: Add more CWEs to bad-tag-filter queries
 2022-01-04 10:11:03 +01:00
Michael Nebel
c3007ff713 Merge pull request #7468 from michaelnebel/csharp-foreach-dataflow 
C#: Re-factor the ForEachCapture query to use MaD flow summaries.
 2022-01-04 09:46:39 +01:00
Tom Hvitved
de1697ab39 Merge pull request #7503 from dbartol/dbartol/move-change-notes 
Move change notes to correct location
 2022-01-04 09:35:21 +01:00
Dave Bartolomeo
5f5af4a29e Move change notes to correct location 
A few change notes slipped through the cracks of my previous change. These are now in the proper locations: `old-change-notes` for older notes, and `<lang>\ql\[src|lib]\change-notes` for current change notes.
 2022-01-03 18:21:16 -05:00
Dave Bartolomeo
ded3c52a34 Merge pull request #7407 from github/post-release-prep/codeql-cli-2.7.4 
Post-release preparation for codeql-cli-2.7.4
 2022-01-03 17:09:58 -05:00
github-actions[bot]
1334d207fa Post-release version bumps 2022-01-03 20:11:15 +00:00
dependabot[bot]
b74af00b2b Update clap requirement from 2.33 to 3.0 in /ruby/generator 
Updates the requirements on [clap](https://github.com/clap-rs/clap) to permit the latest version.
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/clap_generate-v3.0.0-rc.0...clap_complete-v3.0.0)

---
updated-dependencies:
- dependency-name: clap
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-01-03 16:12:45 +00:00
Taus
ec533c8465 Merge pull request #7502 from tausbn/ql-support-trailing-comma-in-set-literals 
QL: Support trailing comma in set literals
 2022-01-03 17:06:46 +01:00
Taus
8845529548 QL: Support trailing comma in set literals 
See

725395405e

for the grammar changes and corresponding test.
 2022-01-03 15:48:24 +00:00
Sebastian Bauersfeld
421bd1b970 Propagate taint through AbstractStringBuilder.reverse() and its overrides. 2022-01-03 10:38:27 +07:00
Edoardo Pirovano
a616059761 Fix example in JavaScript query 2021-12-29 12:01:09 +00:00
Tom Hvitved
882caf4011 Merge pull request #7470 from hvitved/csharp/dispatch-join-order 
C#: Fix bad join-order in dispatch library
 2021-12-22 19:11:33 +01:00
Alex Ford
7d3932dc8d Merge remote-tracking branch 'origin/main' into ruby/rails-cookie-config 2021-12-22 17:54:03 +00:00
Alex Ford
7f01be7067 Ruby: use new changenote format for rb/weak-cookie-configuration 2021-12-22 17:47:44 +00:00
Alex Ford
d977e8a473 Ruby: remove unnecessary custom transitive version of getReceiver 2021-12-22 17:47:44 +00:00