hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-09 19:51:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
49,592 Commits 1,689 Branches 160 Tags
02da7187865e09ba108fd68303464732100d516c
Commit Graph

49592 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
erik-krogh
02da718786 add code-injection sink for node-pty 2023-01-30 15:14:25 +01:00
Erik Krogh Kristensen
e46960e0cf Merge pull request #12022 from github/dependabot/cargo/ql/regex-1.7.1 
Bump regex from 1.6.0 to 1.7.1 in /ql
 2023-01-30 13:11:54 +01:00
dependabot[bot]
e3afb1640a Bump regex from 1.6.0 to 1.7.1 in /ql 
Bumps [regex](https://github.com/rust-lang/regex) from 1.6.0 to 1.7.1.
- [Release notes](https://github.com/rust-lang/regex/releases)
- [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/regex/compare/1.6.0...1.7.1)

---
updated-dependencies:
- dependency-name: regex
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-30 11:19:30 +00:00
Erik Krogh Kristensen
8198bbf893 Merge pull request #12019 from github/dependabot/cargo/ql/serde_json-1.0.91 
Bump serde_json from 1.0.82 to 1.0.91 in /ql
 2023-01-30 12:16:49 +01:00
dependabot[bot]
f430e83fca Bump serde_json from 1.0.82 to 1.0.91 in /ql 
Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.82 to 1.0.91.
- [Release notes](https://github.com/serde-rs/json/releases)
- [Commits](https://github.com/serde-rs/json/compare/v1.0.82...v1.0.91)

---
updated-dependencies:
- dependency-name: serde_json
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-30 10:36:14 +00:00
Erik Krogh Kristensen
f647910e0c Merge pull request #12018 from erik-krogh/qlDependabot 
QL: fixup the dependabot config for QL-for-QL
 2023-01-30 11:35:05 +01:00
Erik Krogh Kristensen
78683e4e8a Merge pull request #11879 from erik-krogh/rbRegConcept 
RB: add a RegexExecution concept, and use it for better regexp tracking
 2023-01-30 11:33:09 +01:00
erik-krogh
40a576b775 fixup the dependabot config for QL-for-QL 2023-01-30 11:22:17 +01:00
erik-krogh
f04a9cb523 Merge branch 'main' into rbRegConcept 2023-01-30 11:05:40 +01:00
Erik Krogh Kristensen
3508a4b799 Merge pull request #12016 from erik-krogh/newEntity 
QL: support the NewEntity module in QL-for-QL
 2023-01-30 11:01:11 +01:00
erik-krogh
54c4c23b46 support the NewEntity module in QL-for-QL 2023-01-30 10:34:06 +01:00
Mathias Vorreiter Pedersen
6a8c570915 Merge pull request #12009 from MathiasVP/fix-fwd-flow-read-join 
DataFlow: Fix join in `fwdFlowRead`
 2023-01-30 09:23:43 +00:00
Mathias Vorreiter Pedersen
95b15825f9 DataFlow: Sync identical files. 2023-01-27 16:24:31 +00:00
Mathias Vorreiter Pedersen
a691535e77 C++: Fix join order in 'fwdFlowRead'. 2023-01-27 16:24:08 +00:00
Geoffrey White
6c0b50c696 Merge pull request #11980 from geoffw0/modern2 
Swift: Structure modernized queries more consistently
 2023-01-27 14:33:43 +00:00
Geoffrey White
794ba428a7 Merge pull request #11942 from geoffw0/rncrypt4 
Swift: add RNCryptor sinks to swift/static-initialization-vector
 2023-01-27 14:33:06 +00:00
James Fletcher
812306cb52 Merge pull request #12006 from felickz/patch-2 
Add link to codeql metadata article for problem.severity
 2023-01-27 13:59:06 +00:00
Chad Bentz
4fee536e6d table spacing 2023-01-27 08:19:43 -05:00
Chad Bentz
3ef4d3118c Add link to codeql metadata article for problem.severity 2023-01-27 08:01:07 -05:00
Michael B. Gale
f192191e8c Merge pull request #11997 from github/smowton/fix/deperrors-conditional 
Go: Fix DepErrors test
 2023-01-26 14:52:27 +00:00
Mathias Vorreiter Pedersen
508027e0e5 Merge pull request #11998 from MathiasVP/fix-iterator-test 2023-01-26 12:35:12 +00:00
Mathias Vorreiter Pedersen
13baa5b60b C++: Add iterator typedefs to properly instantiate 'int_iterator_by_trait' and 'insert_iterator_by_trait'. 2023-01-26 11:43:33 +00:00
Chris Smowton
7921de243a Fix DepErrors test 
This was likely harmlessly causing `go get` reruns, since most (all?) real dependency errors cause `go list` to exit with a nonzero return code in any case.
 2023-01-26 11:37:41 +00:00
dependabot[bot]
295152cd32 Merge pull request #11992 from github/dependabot/cargo/ruby/serde-1.0.152 2023-01-26 10:17:56 +00:00
dependabot[bot]
bf02340a6a Merge pull request #11982 from github/dependabot/cargo/ruby/num_cpus-1.14.0 2023-01-26 10:13:09 +00:00
dependabot[bot]
6e69acdd7e Bump serde from 1.0.131 to 1.0.152 in /ruby 
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.131 to 1.0.152.
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.131...v1.0.152)

---
updated-dependencies:
- dependency-name: serde
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-26 03:08:58 +00:00
Harry Maclean
07a7a213b3 Merge pull request #11871 from hmac/rack 2023-01-26 08:40:30 +13:00
Rasmus Wriedt Larsen
1fcfae2464 Merge pull request #11987 from RasmusWL/suite-lists 
Misc: Add `security-experimental` to `generate-code-scanning-query-list.py`
 2023-01-25 17:29:36 +01:00
Geoffrey White
e92a5eb467 Merge pull request #11911 from geoffw0/rncrypt2 
Swift: Add RNCryptor sinks to swift/hardcoded-key
 2023-01-25 15:11:16 +00:00
Rasmus Wriedt Larsen
e8714c9edb Misc: Add Swift to generate-code-scanning-query-list.py 2023-01-25 15:22:20 +01:00
Rasmus Wriedt Larsen
b220c2f51d Misc: Add security-experimental to generate-code-scanning-query-list.py 
Since not all experimental queries is part of this new suite, it's nice
to be able to list them explicitly without having to replicate the logic
from the .qls file.
 2023-01-25 15:20:49 +01:00
Geoffrey White
f6fe627f4b Merge pull request #11914 from geoffw0/rncrypt3 
Swift: Add RNCryptor sinks to swift/constant-salt
 2023-01-25 13:05:33 +00:00
Alex Ford
3dd9392f5e Merge pull request #11869 from alexrford/rails/render_locals_shared 
Ruby: Rails - generalize rails flow step for accessing render locals hash in view
 2023-01-25 12:07:26 +00:00
Erik Krogh Kristensen
39e9eaf2bc Merge pull request #11986 from erik-krogh/redosNote2 
RB: add note in ReDoS qhelp that Ruby 3.2 has fixed ReDoS
 2023-01-25 11:56:04 +01:00
Paolo Tranquilli
f4cb920624 Merge pull request #11932 from github/redsun82/swift-docs 
Swift: add and fix some `schema.py` documentation
 2023-01-25 10:52:00 +01:00
erik-krogh
54b0350cac add note in ReDoS qhelp that Ruby 3.2 has fixed ReDoS 2023-01-25 10:24:11 +01:00
dependabot[bot]
531c0559a0 Bump num_cpus from 1.13.0 to 1.14.0 in /ruby 
Bumps [num_cpus](https://github.com/seanmonstar/num_cpus) from 1.13.0 to 1.14.0.
- [Release notes](https://github.com/seanmonstar/num_cpus/releases)
- [Changelog](https://github.com/seanmonstar/num_cpus/blob/master/CHANGELOG.md)
- [Commits](https://github.com/seanmonstar/num_cpus/compare/v1.13.0...v1.14.0)

---
updated-dependencies:
- dependency-name: num_cpus
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-25 08:48:08 +00:00
Arthur Baars
358ae7529b Merge pull request #11973 from github/dependabot/cargo/ruby/serde_json-1.0.91 
Bump serde_json from 1.0.72 to 1.0.91 in /ruby
 2023-01-25 09:45:32 +01:00
Arthur Baars
068b71bc3d Merge pull request #11972 from github/dependabot/cargo/ruby/regex-1.7.1 
Bump regex from 1.5.5 to 1.7.1 in /ruby
 2023-01-25 09:44:57 +01:00
Arthur Baars
e634ab771f Merge pull request #11971 from github/dependabot/cargo/ruby/flate2-1.0.25 
Bump flate2 from 1.0.22 to 1.0.25 in /ruby
 2023-01-25 09:44:29 +01:00
Erik Krogh Kristensen
99bad77972 Merge pull request #11906 from erik-krogh/moreStem 
JS: expand what is parsed as the stem of a pathexpr
 2023-01-25 08:44:44 +01:00
Geoffrey White
5375678ca6 Swift: Add consistent CSV extension points. 2023-01-24 18:49:50 +00:00
Geoffrey White
6a210d719b Swift: Rename QueryExtensions.qll files for consistency. 2023-01-24 17:58:13 +00:00
Paolo Tranquilli
ddef87f6e2 Merge pull request #10956 from github/redsun82/swift-linkage-awareness 
Swift: disambuigate entities using linkage awareness on modules
 2023-01-24 18:49:24 +01:00
Paolo Tranquilli
4880ab41a2 Swift: use weakly_canonical instead of canonical 
`weakly_canonical` will resolve as much as possible in the path, and not
return an error if it can't resolve everything (for example due to a
non existant file). In any case in case of problems with the file we
will see an error when actually using the resolved path.

This tunes down some unhelpful log messages.
 2023-01-24 16:34:47 +01:00
Paolo Tranquilli
a74247e5d8 Swift: add filename to an error message 2023-01-24 16:29:10 +01:00
Paolo Tranquilli
6b77e6748a Swift: use same implementation for createTarget{Link,Object}Domain 2023-01-24 16:27:21 +01:00
James Fletcher
176b2cae19 Merge pull request #11882 from github/charisk/rename-vscode-run-query-cmd 
Rename VS Code Extension Run Query command
 2023-01-24 15:17:30 +00:00
Paolo Tranquilli
23344a7183 Merge branch 'main' into redsun82/swift-linkage-awareness 2023-01-24 15:47:44 +01:00
Jeroen Ketema
ae2fa6c1a4 Merge pull request #11975 from MathiasVP/another-dataflow-loop 
C++: Add another looping dataflow test
 2023-01-24 14:21:16 +01:00