hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-18 08:54:56 +01:00
Code Issues Packages Projects Releases Wiki Activity
64,079 Commits 1,679 Branches 158 Tags
0056067a17206bcd40c6cc00fc09c02fccd7befd
Commit Graph

502 Commits

Author SHA1 Message Date
Tom Hvitved
2683e40038 Merge pull request #15708 from hvitved/share-ide-contextual 
Share `getFileBySourceArchiveName` implementation
 2024-02-23 19:56:33 +01:00
Erik Krogh Kristensen
a0f91fbc15 Merge pull request #15706 from erik-krogh/pol-reg 
ReDoS: Restrict some edges related to upper/lower-case when constructing possible attack strings for polynomial-redos.
 2024-02-23 12:06:17 +01:00
Tom Hvitved
62b16c0fa3 Share getFileBySourceArchiveName implementation 2024-02-23 11:25:49 +01:00
erik-krogh
e74e5b3613 try to restrict the edges we follow (related to upper/lower-case) when contructing possible attack-strings for polynomial-redos 2024-02-22 13:15:17 +01:00
Tom Hvitved
ebee35b385 Ruby: No fieldFlowBranchLimit for SummarizedCallables 2024-02-22 10:27:25 +01:00
Anders Schack-Mulligen
71f8ccf45f Merge pull request #15654 from aschackmull/java/static-init-vec-query-perf 
Java: Switch helper flow from Global to SimpleGlobal in StaticInitializationVectorQuery.
 2024-02-21 10:51:16 +01:00
github-actions[bot]
37f8fa3413 Post-release preparation for codeql-cli-2.16.3 2024-02-20 16:50:47 +00:00
github-actions[bot]
6d061fbc35 Release preparation for version 2.16.3 2024-02-20 14:26:23 +00:00
Anders Schack-Mulligen
5a348a5048 Dataflow: SimpleGlobal / Typetracker perf fix. 2024-02-20 14:40:28 +01:00
Tony Torralba
1704bfe2bf Merge pull request #15585 from atorralba/atorralba/go/promote-jwt-unsafe-verification 
Go: Promote `go/missing-jwt-signature-check` from experimental
 2024-02-19 15:35:44 +01:00
Anders Schack-Mulligen
2fa8c2f992 Merge pull request #15634 from aschackmull/dataflow/simpleglobal-fixreads 
Dataflow: Bugfix for field reads in SimpleGlobal.
 2024-02-19 14:02:38 +01:00
Anders Schack-Mulligen
53801e8efb Dataflow: Bugfix for field reads in SimpleGlobal. 2024-02-16 14:00:04 +01:00
Anders Schack-Mulligen
03f7968dbf Dataflow: Fix flow-feature bug. 2024-02-16 11:38:30 +01:00
Tony Torralba
551875cb5a Add 'jwt' as valid sink kind 2024-02-14 17:25:08 +01:00
Anders Schack-Mulligen
393251dde6 Merge pull request #15582 from hvitved/dataflow/cache-viable-callable-ext 
Data flow: Cache `viableCallableExt`
 2024-02-14 10:31:43 +01:00
Tom Hvitved
bc8761c51b Data flow: Cache viableCallableExt 2024-02-13 14:12:50 +01:00
Asger F
faefa056eb Merge pull request #15507 from asgerf/shared/outbarrier-bugfix 
Shared: fix a bug in stateful outbarriers
 2024-02-12 21:44:49 +01:00
Nick Rolfe
b2ee5808f0 Merge pull request #15496 from github/nickrolfe/loc-fresh-ids 
Tree-sitter extractors: use fresh IDs for locations
 2024-02-12 09:54:09 +00:00
Tom Hvitved
1ea7717714 Capture flow: Take overwrites in nested scopes into account 2024-02-09 14:49:23 +01:00
Anders Schack-Mulligen
4fcb90298d Dataflow: Add change note. 2024-02-09 11:32:08 +01:00
Anders Schack-Mulligen
b7d4a6926f Dataflow: Add empty provenance column to PathGraph. 2024-02-09 11:27:30 +01:00
github-actions[bot]
b5139078d0 Post-release preparation for codeql-cli-2.16.2 2024-02-06 19:22:35 +00:00
github-actions[bot]
c1b35fbf47 Release preparation for version 2.16.2 2024-02-05 17:58:57 +00:00
Nick Rolfe
514a92d5bd Tree-sitter extractors: use fresh IDs for locations 
Since locations for any given source file are never referenced in any
TRAP files besides the one for that particular source file, it's not
necessary to use global IDs. Using fresh IDs will reduce the size of the
ID pool (both on disk and in memory) and the speed of multi-threaded
TRAP import.

The one exception is the empty location, which still uses a global ID.
 2024-02-02 15:06:10 +00:00
Joe Farebrother
031bd8bd0c Merge pull request #15281 from joefarebrother/android-sensitive-ui-notif 
Java: Add query for exposure of sensitive information to android notifiactions
 2024-01-26 16:42:55 +00:00
Asger F
f15ead6130 Shared: check stateful outBarrier as part of pathStep SCC 2024-01-26 11:14:23 +01:00
Asger F
d1310c74fc Shared: remove old stateful outBarrier check 2024-01-26 11:14:23 +01:00
Mathias Vorreiter Pedersen
2db76c7fad Merge pull request #15434 from MathiasVP/fix-dataflow-join-order 
DataFlow: Fix join order
 2024-01-25 16:32:14 +00:00
Henry Mercer
10343dd822 Merge pull request #15416 from github/post-release-prep/codeql-cli-2.16.1 
Post-release preparation for codeql-cli-2.16.1
 2024-01-25 14:15:25 +00:00
erik-krogh
396da117bb remove an FP in overly-large-range for [@-Z] 2024-01-25 14:15:06 +01:00
Mathias Vorreiter Pedersen
db929ccf9b DataFlow: Fix join order. 2024-01-25 12:51:35 +00:00
github-actions[bot]
d0b74c00fe Post-release preparation for codeql-cli-2.16.1 2024-01-23 23:02:29 +00:00
github-actions[bot]
7ef611e6dc Release preparation for version 2.16.1 2024-01-23 19:45:16 +00:00
Joe Farebrother
0acb647e7d Fix tests and add notification sink kind to model verification 2024-01-23 09:51:41 +00:00
erik-krogh
865df920f9 add change-notes 2024-01-22 19:30:57 +01:00
erik-krogh
8be7eadace delete outdated deprecations 2024-01-22 09:11:35 +01:00
Calum Grant
4660a25d44 Merge pull request #15354 from github/calumgrant/shared-diagnostics 
C++/Swift: Create shared library and share Diagnostics
 2024-01-17 15:40:12 +00:00
Calum Grant
d57fc3d7db C++: Remove unneeded includes 2024-01-17 14:34:28 +00:00
Calum Grant
51c5afff8b Create shared/cpp library and move Diagnostics there 2024-01-17 14:23:18 +00:00
erik-krogh
1a8a70dc1b mark the range [0-?] as good in the overly-large-range query 2024-01-17 13:11:57 +01:00
Alexander Eyers-Taylor
934474681d Merge pull request #15254 from github/post-release-prep/codeql-cli-2.16.0 
Post-release preparation for codeql-cli-2.16.0
 2024-01-16 14:50:40 +00:00
github-actions[bot]
57df8b92df Post-release preparation for codeql-cli-2.16.0 2024-01-15 15:00:50 +00:00
Tom Hvitved
295198744b Ruby: Handle captured yield calls 2024-01-10 14:25:15 +01:00
Tom Hvitved
c9cf2a899c Merge pull request #15260 from hvitved/dataflow/may-benefit-from-cctx-simplify 
Data flow: Remove column from `mayBenefitFromCallContext`
 2024-01-10 11:43:15 +01:00
Tom Hvitved
f90201eb56 Data flow: Remove column from mayBenefitFromCallContext 2024-01-09 11:34:43 +01:00
Ed Minnix
65d05bf3de Add environment-injection to Model Validation 2024-01-08 09:38:43 -05:00
github-actions[bot]
a6c8cc9551 Release preparation for version 2.16.0 2024-01-08 13:11:26 +00:00
Tom Hvitved
25e2271b2f Merge pull request #15157 from hvitved/dataflow/fwd-flow-in-non-linear-rec 
Data flow: Avoid unnecessary non-linear recursion in `fwdFlowIn`
 2024-01-08 10:31:51 +01:00
Aditya Sharad
b1803d0ac2 Merge rc/3.12 into main 2023-12-21 16:40:51 -08:00
Tom Hvitved
5be4fe1887 Data flow: Avoid unnecessary non-linear recursion in fwdFlowIn 2023-12-19 21:03:03 +01:00