hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-10 13:10:26 +01:00
Code Issues Packages Projects Releases Wiki Activity
59,749 Commits 1,679 Branches 158 Tags
0509c0fdf3dbd13cbb34151a76fb790d8257030d
Commit Graph

59749 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Geoffrey White
0509c0fdf3 Swift: Effect on dataflow tests. 2023-10-16 18:28:50 +01:00
Geoffrey White
89867d6214 Swift: Default content read step. 2023-10-16 18:28:50 +01:00
Joe Farebrother
fe2468e7d0 Merge pull request #14498 from joefarebrother/csharp-missing-access-control 
C#: Fix FP in Missing Function Level Access Control and Insecure Direct Object Reference
 2023-10-16 10:46:19 +01:00
Arthur Baars
0e3369f93f Merge pull request #14484 from aibaars/ts53-js 
JS: Support import attributes
 2023-10-16 10:47:49 +02:00
Erik Krogh Kristensen
80c5e1ea77 Merge pull request #14497 from erik-krogh/jsp 
JS: add support for extracting `.jsp` files
 2023-10-16 09:27:46 +02:00
Erik Krogh Kristensen
c30e004506 Merge pull request #14506 from github/dependabot/cargo/ql/tracing-0.1.39 
Bump tracing from 0.1.38 to 0.1.39 in /ql
 2023-10-16 09:24:12 +02:00
Tony Torralba
ae8e237f2c Merge pull request #14494 from atorralba/atorralba/remove-library 
Java/C/C#: Remove library annotations
 2023-10-16 09:01:40 +02:00
Tamás Vajk
d723905035 Merge pull request #14368 from tamasvajk/standalone/use-legacy-framework-dlls 
C#: Choose between .NET framework or core DLLs in standalone
 2023-10-16 08:53:55 +02:00
dependabot[bot]
7700210ed2 Bump tracing from 0.1.38 to 0.1.39 in /ql 
Bumps [tracing](https://github.com/tokio-rs/tracing) from 0.1.38 to 0.1.39.
- [Release notes](https://github.com/tokio-rs/tracing/releases)
- [Commits](https://github.com/tokio-rs/tracing/compare/tracing-0.1.38...tracing-0.1.39)

---
updated-dependencies:
- dependency-name: tracing
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-10-16 03:21:13 +00:00
Owen Mansel-Chan
53561008a1 Merge pull request #14445 from owen-mc/go/automated-mad-coverage-report 
Go: automated mad coverage report
 2023-10-15 21:49:47 +01:00
Owen Mansel-Chan
39bca2d4bb Merge pull request #14276 from tunnelshade/enable-gokit-by-default 
Go: Enable GoKit module into the default list
 2023-10-15 21:44:27 +01:00
BD
0ef83b3c74 Merge branch 'main' into enable-gokit-by-default 2023-10-15 10:22:27 +05:30
Jeroen Ketema
d56a9f0781 Merge pull request #14424 from jketema/rewrite-cgi-xss 
C++: Rewrite `cpp/cgi-xss` to not use default taint tracking
 2023-10-13 17:57:04 +02:00
Mathias Vorreiter Pedersen
fb0016e4f6 Merge pull request #14485 from geoffw0/logging 
Swift: Add more sinks to `swift/cleartext-logging`
 2023-10-13 16:09:19 +01:00
Mathias Vorreiter Pedersen
9a2ac65f53 Merge pull request #14394 from geoffw0/sqlpathinject3 
Swift: Add sinks for sqlite3 and SQLite.swift to swift/hardcoded-key
 2023-10-13 16:07:09 +01:00
Joe Farebrother
915352861d Check for generic base types in Missing Function Level Access Control and Insecure Direct Object Reference. 2023-10-13 14:22:45 +01:00
erik-krogh
69c3e62965 add change-note 2023-10-13 15:16:39 +02:00
Tamas Vajk
15ec0a10c9 Code quality improvements 2023-10-13 14:09:58 +02:00
Jeroen Ketema
61676277e8 C++: Fix barrier in cpp/cgi-xss 2023-10-13 14:05:47 +02:00
Tony Torralba
0cea3f8531 Remove library annotations 2023-10-13 12:46:56 +02:00
Harry Maclean
1297acf5b1 Merge pull request #14216 from hmac/hmac-graphql-enum 
Ruby: Restrict GraphQL remote flow sources
 2023-10-13 11:31:50 +01:00
erik-krogh
9080e84fc9 add support for extracting .jsp files 2023-10-13 12:09:27 +02:00
Tony Torralba
5e921784fb Merge pull request #14399 from ebickle/fix/thread-resource-arithmetic 
Java: Flow taint through arithmetic expressions for java/thread-resource-abuse experimental query
 2023-10-13 10:06:33 +02:00
Erik Krogh Kristensen
b1ad61e27d Merge pull request #14481 from erik-krogh/proper-codepoints 
ReDoS: use the new codePointAt and codePointCount methods instead of regex hacks
 2023-10-13 09:35:55 +02:00
Felicity Chapman
2ddcd1d9cc Merge pull request #14489 from github/felicitymay-typo-fix 
Fix typo in link
 2023-10-12 21:45:30 +01:00
Felicity Chapman
8f70b55158 Fix typo in link 2023-10-12 20:53:44 +01:00
Ian Lynagh
2edc70da79 Merge pull request #14390 from igfoo/igfoo/compr 
Kotlin: Improve support for TRAP compression options
 2023-10-12 20:22:10 +01:00
Geoffrey White
fe57cd0784 Merge pull request #14488 from geoffw0/strlentest 
Swift: Additional test cases for `swift\string-length-conflation`
 2023-10-12 19:39:43 +01:00
AlexDenisov
6ab2de10e3 Merge pull request #14437 from github/alexdenisov/ignore-unavailable-declarations 
Swift: skip declarations marked as unavailable
 2023-10-12 20:08:18 +02:00
Ian Lynagh
ed9502fd0b Kotlin: Enhance the TRAP compression test 2023-10-12 18:13:07 +01:00
Ian Lynagh
adb47399c7 Kotlin: Improve support for TRAP compression options 
While you could control compression with
    CODEQL_EXTRACTOR_JAVA_OPTION_TRAP_COMPRESSION
before, most TRAP files used gzip regardless for compatibility with the
Java extractor. Now Java understands the option too we can use it for
shared TRAP files.
 2023-10-12 18:13:06 +01:00
Mathias Vorreiter Pedersen
3c34638438 Merge pull request #14486 from MathiasVP/simplify-overrun-write 
C++: Remove unnecessary `FlowState` from `cpp/overrun-write`
 2023-10-12 17:48:52 +01:00
Geoffrey White
9f683b8630 Swift: Remove duplicate results. 2023-10-12 17:38:58 +01:00
Geoffrey White
cf7f355fc4 Swift: Additional test cases. 2023-10-12 17:11:56 +01:00
Mathias Vorreiter Pedersen
64fa6c8bbd C++: Remove the hacky flow state since this is no longer needed after #13717. 2023-10-12 13:58:36 +01:00
Geoffrey White
5c0085880f Swift: Change note. 2023-10-12 13:24:10 +01:00
Geoffrey White
e2a8569940 Swift: Clean up indentation. 2023-10-12 13:05:20 +01:00
Geoffrey White
8f852f2e7d Swift: Turn sink models into flow summary models, where appropriate. 2023-10-12 12:57:05 +01:00
erik-krogh
fa1e8ee426 add getACodepoint to the shared Strings library, and use it in NfaUtils 2023-10-12 13:38:19 +02:00
erik-krogh
822ba2ae59 add documentation for the new string methods in ql-language-specification.rst 2023-10-12 13:38:19 +02:00
erik-krogh
116025c569 use the new codePointAt and codePointCount methods instead of regex hacks 2023-10-12 13:38:19 +02:00
Arthur Baars
a4d0ef6350 Add changenote 2023-10-12 13:04:00 +02:00
Arthur Baars
a9a21aa313 Rename DynamicImportExpr::getImport{Attributes => Options} 2023-10-12 13:00:39 +02:00
Arthur Baars
1f4fcf1f31 Rename test files 2023-10-12 13:00:39 +02:00
Arthur Baars
a1c1f7b910 Add tests for deprecated 'assert' syntax 2023-10-12 13:00:39 +02:00
Arthur Baars
f38d2e1b89 Replace 'assert' with 'with' in QL test files 2023-10-12 13:00:39 +02:00
Arthur Baars
c28004f2a6 Rename 'getImportAssertion()' to 'getImportAttributes()' in QL library 2023-10-12 13:00:39 +02:00
Arthur Baars
07172da1bc Add tests for deprecated 'assert' syntax 2023-10-12 12:51:13 +02:00
Arthur Baars
f7b02c01dd Rename getAssertion() to getAttributes() in the extractor 2023-10-12 12:51:13 +02:00
Arthur Baars
1d9ee5da3c Rename 'assertions' to 'attributes' in JS extractor 2023-10-12 12:49:25 +02:00