hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-06 15:49:08 +01:00
Code Issues Packages Projects Releases Wiki Activity
61,371 Commits 1,703 Branches 162 Tags
0a74a3a765a91ed0cdabb5d72e4963004fde5ed8
Commit Graph

61371 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rafael
0a74a3a765 Update javascript/ql/src/change-notes/2023-11-28-django-urls.md 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2023-11-29 08:23:02 +01:00
Rafael
0b0c9e3e48 Create 2023-11-28-django-urls.md 2023-11-28 22:29:53 +01:00
Rafael
286e3951bf Detect Django template URLs 
Django URLs are currently not detected, but flask and nunjucks URL are. (See https://github.com/github/codeql/issues/12267)
 2023-11-28 22:22:07 +01:00
Felicity Chapman
298c6b5295 Merge pull request #14942 from github/codeql-cli-2.15.3 
Mergeback post release changes from the `codeql-cli-2.15.3` branch to `main`
 2023-11-28 20:41:43 +00:00
Jeroen Ketema
483f4c3ce9 Merge pull request #14921 from jketema/kr-style-function-parameters 
C++: Expose whether a function was prototyped or not
 2023-11-28 17:43:22 +01:00
Robert Marsh
4df25f4f7f Merge pull request #14797 from geoffw0/sqlsinks 
Swift: Heuristic sinks for swift/sql-injection
 2023-11-28 11:18:10 -05:00
Tom Hvitved
e79ad3b738 Merge pull request #14937 from hvitved/csharp/stubvisitor-recursion-guard 
C#: Prevent infinite recursion in `EqualsModuloTupleElementNames`
 2023-11-28 16:25:52 +01:00
Jeroen Ketema
28ac46a73f C++: Add change note 2023-11-28 14:57:02 +01:00
Michael B. Gale
e349611f86 Merge pull request #14932 from github/dependabot/go_modules/go/extractor/extractor-dependencies-29c4186f99 
Bump the extractor-dependencies group in /go/extractor with 1 update
 2023-11-28 12:57:24 +00:00
Tom Hvitved
fea2bf9217 C#: Prevent infinite recursion in EqualsModuloTupleElementNames 2023-11-28 11:45:09 +01:00
Rasmus Wriedt Larsen
c12053287e Merge pull request #14936 from RasmusWL/star-args-kwargs-missing-flow 
Python: Highlight missing post-update flow for `*args` and `**kwargs`
 2023-11-28 11:34:51 +01:00
Rasmus Wriedt Larsen
3c82653b63 Python: Highlight missing post-update flow for *args and **kwargs 2023-11-28 10:59:48 +01:00
Jeroen Ketema
7dec819151 C++: Expose whether a function was prototyped or not 2023-11-28 10:24:43 +01:00
dependabot[bot]
d2cad03e28 Bump the extractor-dependencies group in /go/extractor with 1 update 
Bumps the extractor-dependencies group in /go/extractor with 1 update: [golang.org/x/tools](https://github.com/golang/tools).

- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.15.0...v0.16.0)

---
updated-dependencies:
- dependency-name: golang.org/x/tools
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-11-28 03:58:15 +00:00
Michael Nebel
f05c86239f Merge pull request #14878 from michaelnebel/csharp/pindotnetinintegrationtests 
C#: Pin integration tests to a specific .NET version.
 2023-11-27 13:22:02 +01:00
Ian Lynagh
7560573b89 Merge pull request #14906 from igfoo/igfoo/locs 
Kotlin 2: Accept some location changes in test-kotlin2/library-tests/stmts
 2023-11-27 11:42:47 +00:00
Mathias Vorreiter Pedersen
70e0b33ce6 Merge pull request #14807 from geoffw0/formatsinks 
Swift: More sinks for swift/uncontrolled-format-string
 2023-11-27 11:10:04 +00:00
Michael Nebel
d1c4e772f0 C#: Pin integration tests to a specific .NET version. 2023-11-27 10:51:04 +01:00
Stephan Brandauer
68a7734e08 Merge pull request #14849 from github/kaeluka/automodel-extraction-skip-primitive-types-candidates 
Java Automodel extraction: remove primitives in framework mode
 2023-11-27 09:52:48 +01:00
AlexDenisov
59ee3e16b4 Merge pull request #14800 from github/alexdenisov/more-extractions 
Swift: final 5.8/5.9 extractions
 2023-11-27 08:41:37 +01:00
Mathias Vorreiter Pedersen
865cbab242 Merge pull request #14911 from MathiasVP/remove-duplication-workaround-in-sources 2023-11-24 20:00:57 +00:00
Geoffrey White
dfdc502525 Merge pull request #14908 from geoffw0/setmodels 
Swift: Flow models for Set
 2023-11-24 19:16:16 +00:00
Geoffrey White
2e93c1d7b6 Merge pull request #14879 from geoffw0/contentsof 
Swift: "contentsOf" sources
 2023-11-24 17:47:57 +00:00
Mathias Vorreiter Pedersen
73138f1913 C++: No need to exclude ExprNodes as sources now that #14903 is merged. 2023-11-24 16:58:30 +00:00
Mathias Vorreiter Pedersen
e89d8e2967 Merge pull request #14907 from MathiasVP/remove-workaround-in-authentication-bypass 
C++: Remove workaround for negated conditions in `cpp/user-controlled-bypass`
 2023-11-24 16:54:37 +00:00
Jeroen Ketema
04338215cd Merge pull request #14903 from jketema/ret-val 
C++: Do not use `isReturnValue` in `getenv`, `gets`, and `fgets` models
 2023-11-24 17:51:11 +01:00
Geoffrey White
06ae374206 Swift: Add a predicate for common code. 2023-11-24 16:06:35 +00:00
Geoffrey White
1638796173 Swift: Add change note. 2023-11-24 15:41:49 +00:00
Geoffrey White
2b481bbb48 Swift: Model Sequence.enumerated() as well. 2023-11-24 15:41:49 +00:00
Jeroen Ketema
ee35bfb290 C++: Do not use isReturnValue in getenv, gets, and fgets models 2023-11-24 16:38:15 +01:00
Mathias Vorreiter Pedersen
a7d820ce62 C++: Remove workaround for negated conditions in 'cpp/user-controlled-bypass'. 2023-11-24 15:17:45 +00:00
Geoffrey White
14031bf351 Swift: Model Sequence.forEach as well. 2023-11-24 14:58:13 +00:00
Geoffrey White
60b27a4e69 Swift: Expand and improve models of Set and Sequence. 2023-11-24 14:43:19 +00:00
Mathias Vorreiter Pedersen
e438671846 Merge pull request #14896 from MathiasVP/no-dtt-in-user-controlled-bypass 
C++: Rewrite `cpp/user-controlled-bypass` away from `DefaultTaintTracking`
 2023-11-24 14:43:10 +00:00
Mathias Vorreiter Pedersen
631dc98d72 Merge pull request #14904 from MathiasVP/taint-through-int-to-bool-casts 
C++: Add Taint through int -> bool casts
 2023-11-24 14:30:19 +00:00
Stephan Brandauer
2e5971bb57 Java automodel: also drop boxed types and number types from endpoints 2023-11-24 15:04:13 +01:00
Tom Hvitved
9eaebfcf60 Merge pull request #14859 from hvitved/ruby/missing-flow-tests 
Ruby: Add tests illustrating missing flow
 2023-11-24 14:57:15 +01:00
Harry Maclean
d239a30866 Merge pull request #14874 from hmac/hmac-missing-flow-test 
Ruby: Add test for missing block flow
 2023-11-24 13:44:55 +00:00
Ian Lynagh
fc2142feb4 Merge pull request #14887 from igfoo/igfoo/kloc 
Kotlin: Add LighterAST support to numlines extraction
 2023-11-24 13:43:34 +00:00
Geoffrey White
04c90a684c Swift: Add taint tests for 'Set'. 2023-11-24 13:38:31 +00:00
Ian Lynagh
b33fcf3719 Kotlin: Accept some location changes in test-kotlin2/library-tests/stmts 2023-11-24 13:34:44 +00:00
Tom Hvitved
8ccce5891d Ruby: Add tests illustrating missing flow 2023-11-24 14:28:04 +01:00
Mathias Vorreiter Pedersen
6b48b3643e Merge branch 'main' into no-dtt-in-user-controlled-bypass 2023-11-24 12:50:45 +00:00
Mathias Vorreiter Pedersen
2681617f28 C++: Undo the workaround in 'cpp/tainted-permissions-check'. 2023-11-24 10:56:11 +00:00
Mathias Vorreiter Pedersen
0c924c2b27 C++: Taint-flow through integer to boolean casts. 2023-11-24 10:55:50 +00:00
Mathias Vorreiter Pedersen
e1c326642c Merge pull request #14894 from MathiasVP/dont-short-circuit-negation-in-conditions 
C++: Don't short circuit logical negation in conditions
 2023-11-24 10:50:42 +00:00
Owen Mansel-Chan
6f9a70475d Merge pull request #14882 from owen-mc/go/minor-fixes 
Go: improve CallNode documentation
 2023-11-24 10:36:07 +00:00
Erik Krogh Kristensen
22bdcad0c6 Merge pull request #14302 from amammad/amammad-js-SQLI 
JS: extend DatabaseAccess by `TypeORM` and `sqlite` and `better-sqlite3` packages
 2023-11-24 11:18:47 +01:00
Alex Denisov
2783c6dcd0 Swift: add change note 2023-11-24 10:11:51 +01:00
Alex Denisov
7676ad316c Swift: database downgrade script 2023-11-24 10:08:16 +01:00