hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-28 22:02:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
57,138 Commits 1,684 Branches 159 Tags
06c19fd8cf6d1df231eb6fd5f3bd6fa65ef288c6
Commit Graph

57138 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Geoffrey White
06c19fd8cf Swift: Add CommonCrypto test cases for the broken crypto query. 2023-08-02 18:36:05 +01:00
Stephan Brandauer
cb55b10edc Merge pull request #13788 from github/kaeluka/automodel-telemetry-testing 
Java: Tests for Automodel Extraction Queries
 2023-08-01 15:30:26 +02:00
Anders Schack-Mulligen
15da4ee009 Merge pull request #13856 from aschackmull/java/maybebrokencrypto-barrier 
Java: Make the barrier in java/potentially-weak-cryptographic-algorithm less restrictive
 2023-08-01 14:20:44 +02:00
Asger F
9326fbd1dd Merge pull request #13841 from jeongsoolee09/log-injection-mad 
JS: Add support for log injection in MaD
 2023-08-01 13:09:56 +02:00
Alex Ford
2b741448f4 Merge pull request #13309 from maikypedia/maikypedia/ldap-injection 
Ruby: Add LDAP Injection query
 2023-08-01 10:44:46 +01:00
Cornelius Riemenschneider
41487987b5 Merge pull request #13858 from github/criemen-update-bazel 
Update bazel to 6.3.1
 2023-08-01 10:44:36 +02:00
Mathias Vorreiter Pedersen
d111fa7e94 Merge pull request #13862 from jketema/ir-test 
C++: Add IR test that shows dataflow regression after frontend update
 2023-08-01 10:06:49 +02:00
Anders Schack-Mulligen
e73e312e10 Java: Add change note. 2023-08-01 09:28:56 +02:00
Stephan Brandauer
621c05dc4b Java: format 2023-08-01 09:19:03 +02:00
Stephan Brandauer
bc3e78f034 Java: add automodel framework mode test case for newly supported interface-method parameter extraction 2023-08-01 09:18:58 +02:00
Stephan Brandauer
058236877e Java: Drive-by: fix oversight in #13823 
In PR #13823, we had rewritten the endpoints that are being considered for framework mode. We used to use `DataFlow::ParameterNode` as endpoints.
However, `ParameterNode`s do not exist for the implicit `this` parameter; they also do not exist for bodiless interface-methods.

In PR #13823, we forgot to model that `this` only exists for non-static methods and to only consider parameters that we have source code for.
 2023-08-01 09:18:58 +02:00
Stephan Brandauer
5ad984f22f Java: update text expectations after merging #13823 2023-08-01 09:18:58 +02:00
Stephan Brandauer
da87d82d08 Java: fix a comment 2023-08-01 09:18:58 +02:00
Stephan Brandauer
be629b27ed Java: Automodel package private test case 2023-08-01 09:18:57 +02:00
Stephan Brandauer
f5c4155d63 Java: Automodel tests: update after merging #13818 2023-08-01 09:18:57 +02:00
Stephan Brandauer
44b8ec642e Java: merge framework mode tests into one 2023-08-01 09:18:57 +02:00
Stephan Brandauer
8cc367c45e Java: merge application mode tests into one 2023-08-01 09:18:57 +02:00
Stephan Brandauer
37b6b46dbf Java: update extraction query tests after merging PR #13747 2023-08-01 09:18:57 +02:00
Stephan Brandauer
50603102d1 Java: tests for automodel application mode, test that local calls are not candidates 2023-08-01 09:18:57 +02:00
Stephan Brandauer
457604e37e Java: tests for automodel framework mode negative example extraction 2023-08-01 09:18:57 +02:00
Stephan Brandauer
938a7a788f Java: tests for automodel application mode negative example extraction 2023-08-01 09:18:57 +02:00
Stephan Brandauer
abed936556 Java: tests for automodel framework mode positive example extraction 2023-08-01 09:18:57 +02:00
Stephan Brandauer
1bc222ec40 Java: tests for automodel application mode positive example extraction 2023-08-01 09:18:57 +02:00
Stephan Brandauer
2e89a11949 Java: tests for automodel application mode candidate extraction 2023-08-01 09:18:56 +02:00
Stephan Brandauer
18fe587e75 Java: tests for automodel framework mode candidate extraction 2023-08-01 09:18:56 +02:00
Tony Torralba
2b3cab355d Merge pull request #13859 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2023-08-01 09:18:20 +02:00
Jeroen Ketema
ef8d95f87d C++: Add IR test that shows dataflow regression after frontend update 2023-08-01 09:01:39 +02:00
Owen Mansel-Chan
5a5e921ee7 Merge pull request #13846 from owen-mc/go/better-baselines 
Go: Add language-specific baseline configuration
 2023-08-01 07:14:43 +01:00
Owen Mansel-Chan
a8c64443e8 Merge pull request #13645 from porcupineyhairs/goTiming 
Go : Improvements to Timing Attacks query
 2023-08-01 07:10:42 +01:00
github-actions[bot]
b547ae7c2f Add changed framework coverage reports 2023-08-01 00:18:36 +00:00
Jeongsoo Lee
1d5eb4a960 Update javascript/ql/lib/change-notes/2023-07-28-mad-log-injection.md 
Co-authored-by: Asger F <asgerf@github.com>
 2023-07-31 15:38:35 -07:00
Cornelius Riemenschneider
caf2180bad Update .bazelversion 2023-08-01 00:15:53 +02:00
Jeongsoo Lee
9ab2a28de0 Merge branch 'main' into log-injection-mad 2023-07-31 09:55:35 -07:00
Felicity Chapman
df1e8e263b Merge pull request #13854 from github/11185-add-note 
CodeQL library update to use modular API interface - Add note and include in articles
 2023-07-31 17:22:17 +01:00
Owen Mansel-Chan
d98079d72c Apply suggestions from code review 
Co-authored-by: Henry Mercer <henry.mercer@me.com>
 2023-07-31 16:49:11 +01:00
Owen Mansel-Chan
216911dad9 Merge branch 'main' into goTiming 2023-07-31 16:15:10 +01:00
Owen Mansel-Chan
3d495bdd43 Add new files to CODEQL_TOOLS in Makefile 2023-07-31 16:12:52 +01:00
Owen Mansel-Chan
47a536c85d Always output valid JSON containing paths-ignore 2023-07-31 16:09:47 +01:00
Alex Ford
af854749d7 Ruby: update Ldapinjection test output 2023-07-31 16:08:15 +01:00
Alex Ford
f437a6f729 Merge branch 'main' into maikypedia/ldap-injection 2023-07-31 16:00:41 +01:00
Alex Ford
558238a9be Ruby: update TaintStep test output 2023-07-31 16:00:27 +01:00
Felicity Chapman
46f80dc5ca Put back a missing colon to fix the link 2023-07-31 15:56:24 +01:00
Alex Ford
f272b0786a Ruby: fix qldoc typo 2023-07-31 14:58:05 +01:00
Alex Ford
7f82aba7d4 qlformat 2023-07-31 14:57:14 +01:00
Alex Ford
2240e4bffb Ruby: fix changenote date format 2023-07-31 14:56:53 +01:00
Felicity Chapman
9a334d3300 Add shortened link to changelog 2023-07-31 14:13:52 +01:00
Anders Schack-Mulligen
e87b8ba3d7 Java: Make the barrier in java/potentially-weak-cryptographic-algorithm less restrictive. 2023-07-31 14:28:53 +02:00
Asger F
a148c7cc87 JS: Mention log-injection sink kind in docs 2023-07-31 14:04:16 +02:00
Geoffrey White
1c64fb16f1 Merge pull request #13756 from geoffw0/sources2 
Swift: CustomUrlSchemes test enhancements and minor model improvement
 2023-07-31 12:53:03 +01:00
Felicity Chapman
a0c0da78e9 Merge branch 'main' into 11185-add-note 2023-07-31 11:54:00 +01:00