hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-06 07:36:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
45,009 Commits 1,703 Branches 162 Tags
0130e4ba7ff0eb64263f1bacb8f436cc3287409b
Commit Graph

45009 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Harry Maclean
0130e4ba7f Re-add path methods that are user-controlled 2022-10-14 16:49:15 +13:00
Harry Maclean
a3c14f7f46 Update test 2022-10-13 13:57:28 +13:00
Harry Maclean
8e55e62b15 Ruby: Add change note 2022-10-13 13:24:16 +13:00
Harry Maclean
4686718630 Ruby: Add kind to Http::Server::RequestInputAccess 
Like in JS, this describes whether the input came from the request URL,
body, parameters, headers or cookie. Only some of these are relevant for
UrlRedirect and ReflectedXSS queries.
 2022-10-13 13:24:16 +13:00
Harry Maclean
9eff4936cf Ruby: Restrict request methods to user-controlled 2022-10-13 13:24:16 +13:00
Harry Maclean
ad464abde2 Ruby: Model more params accesses 2022-10-13 13:24:16 +13:00
Erik Krogh Kristensen
10aab81f42 Merge pull request #10799 from jsoref/spelling-nfautils 
ReDoS: Spelling nfautils
 2022-10-12 23:09:06 +02:00
Henry Mercer
c3af41b907 Merge pull request #10781 from github/codeql-ci/js/ml-powered-pack-release-0.3.5 
JS: Bump version numbers of ML-powered packs after 0.3.5 release
 2022-10-12 20:20:31 +01:00
Josh Soref
09c8a98761 spelling: representation 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 15:20:26 -04:00
Josh Soref
bb1ce8973a spelling: repeatable 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 15:20:24 -04:00
Josh Soref
adb8860b9b spelling: pattern 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 15:20:24 -04:00
Asger F
d28b9af8bd Merge pull request #10791 from asgerf/rb/rails-render-file 
Ruby: treat render 'file:' argument as a file system access
 2022-10-12 21:18:32 +02:00
Josh Soref
c7ae0728f3 spelling: javascript 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 15:02:00 -04:00
Josh Soref
98b317d1a5 spelling: escape 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 15:02:00 -04:00
Josh Soref
370da943dc spelling: abcdefghijklmnopqrstuvwxyz 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 15:02:00 -04:00
Jeroen Ketema
99b9101455 Merge pull request #10796 from github/nickrolfe/implicit_this 
C++: use explicit `this`
 2022-10-12 18:11:06 +02:00
Nick Rolfe
cfb9277cd7 C++: use explicit this 2022-10-12 16:11:45 +01:00
Sam Browning
87af5b7d71 Merge pull request #10793 from github/sabrowning1/clarify-codeql-installation-vscode 
Add clarity to CodeQL extension installation
 2022-10-12 09:42:38 -04:00
Edward Minnix III
ce740b47ae Merge pull request #10637 from egregius313/egregius313/android-misconfigured-contentprovider 
Android ContentProvider Incomplete Permissions
 2022-10-12 09:41:03 -04:00
Chris Smowton
338ce838bf Merge pull request #10788 from smowton/smowton/feature/kotlin-default-proxy-getter 
Kotlin: Add Callable.getKotlinParameterDefaultsProxy
 2022-10-12 14:16:09 +01:00
Sam Browning
8791a20f0c Merge branch 'main' into sabrowning1/clarify-codeql-installation-vscode 2022-10-12 08:59:43 -04:00
Michael Nebel
2836c5eaef Merge pull request #10679 from michaelnebel/csharp/telemetryresults 
C#/Java: Limit telemetry results.
 2022-10-12 14:52:20 +02:00
Sam Browning
af12eedb32 Add clarity to CodeQL extension installation 2022-10-12 08:46:42 -04:00
Asger F
7bfb3497eb Ruby: change note 2022-10-12 14:29:34 +02:00
Nora Dimitrijević
7b90ba6189 Merge pull request #10550 from d10c/cpp/comma-before-misleading-indentation 2022-10-12 14:08:53 +02:00
Asger F
83464d48a9 Merge pull request #10773 from asgerf/rb/bugfix-singleton-class-resolution 
Ruby: bugfix in type-tracking singleton class resolution
 2022-10-12 13:45:16 +02:00
Nora Dimitrijević
949d3e13fe Merge branch 'main' into cpp/comma-before-misleading-indentation 2022-10-12 13:25:22 +02:00
Nora Dimitrijević
695d8c6004 C++: Add Wikipedia references to QHelp 2022-10-12 13:21:24 +02:00
Nora Dimitrijević
93c01371c3 C++: no parens in select message 
Debatable; see comment thread in PR.
 2022-10-12 13:01:37 +02:00
Nora Dimitrijević
b42b88338e C++: s/put/but/ typo in QHelp 2022-10-12 13:00:42 +02:00
Nora Dimitrijević
a56770999f Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2022-10-12 12:54:27 +02:00
Jeroen Ketema
d389a183f0 Merge pull request #10743 from jsoref/spelling 
Spelling
 2022-10-12 12:48:22 +02:00
Chris Smowton
3b49594c20 Kotlin: Add Callable.getKotlinParameterDefaultsProxy 2022-10-12 11:29:55 +01:00
Mathias Vorreiter Pedersen
9eca56cbe2 Merge pull request #10779 from MathiasVP/add-uninitialized-dataflow-predicate-to-ir-dataflow 
C++: Add `UninitializedNode` to experimental IR dataflow
 2022-10-12 11:09:01 +01:00
Tom Hvitved
9bd25220d4 Merge pull request #10760 from hvitved/ruby/regex-taint-flow-restrict 
Ruby: Restrict regexp taint flow to `String` summaries
 2022-10-12 11:59:08 +02:00
Tamás Vajk
56797c515b Merge pull request #10776 from tamasvajk/kotlin-missing-override-fix 
Kotlin/Java: Exclude generated code from `java/missing-override-annotation`
 2022-10-12 11:30:20 +02:00
Nick Rolfe
39107047bf Merge pull request #10735 from github/nickrolfe/actionmailer 
Ruby: add `ActionMailer#params` as a `RemoteFlowSource`
 2022-10-12 10:21:11 +01:00
Tom Hvitved
202549bdd9 Merge pull request #10758 from hvitved/ruby/type-tracking-level-step 
Type tracking: Split up `levelStep` into `levelStepCall` and `levelStepNoCall`
 2022-10-12 10:42:01 +02:00
Josh Soref
c92ce69f48 spelling: when 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 04:40:26 -04:00
Josh Soref
9d6ea28448 spelling: the 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 04:40:26 -04:00
Josh Soref
a8e5a12ec2 spelling: specific 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 04:40:26 -04:00
Josh Soref
b9d8903bdb spelling: similarly 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 04:40:26 -04:00
Josh Soref
9eac158d7c spelling: revocation 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 04:40:26 -04:00
Josh Soref
08a79531cf spelling: response 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 04:40:26 -04:00
Josh Soref
1a14c06008 spelling: receiver 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 04:40:26 -04:00
Josh Soref
061d1ee9fe spelling: presence 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 04:40:26 -04:00
Josh Soref
71b0613f9a spelling: parenthesized 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 04:40:26 -04:00
Josh Soref
ba0f34afed spelling: owasp 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 04:40:26 -04:00
Josh Soref
0919507565 spelling: outside 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 04:40:26 -04:00
Josh Soref
7e0bbf1bdb spelling: optimization 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 04:40:25 -04:00