hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-05 23:26:51 +01:00
Code Issues Packages Projects Releases Wiki Activity
55,828 Commits 1,703 Branches 162 Tags
150854603b147f5e6eb70472ea851de25f09ce1e
Commit Graph

55828 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tiago Pascoal
150854603b Single quote was preventing the shell from expanding the BODY variable 
While this prevents the attack highlighted in the query help it also prevents it from working.

Double quotes will allow the expansion of the variable while still preventing the attack
 2023-06-20 11:38:27 +01:00
yoff
579c56c744 Merge pull request #13178 from yoff/python-ruby/track-through-summaries-pm 
ruby/python: Shared module for typetracking through flow summaries
 2023-06-20 11:19:45 +02:00
Owen Mansel-Chan
d28c4203db Merge pull request #13453 from owen-mc/go/test-mad-pointer-content 
Go: Add failing tests for MaD with pointer content
 2023-06-20 09:55:06 +01:00
Erik Krogh Kristensen
7387653bd7 Merge pull request #13504 from github/rc/3.10 
Merge rc/3.10 into main
 2023-06-20 10:42:44 +02:00
Tony Torralba
54db4cc107 Merge pull request #13503 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2023-06-20 09:51:07 +02:00
github-actions[bot]
6da5ec8196 Add changed framework coverage reports 2023-06-20 00:15:43 +00:00
Jeroen Ketema
b500bbba76 Merge pull request #13460 from erik-krogh/rest-of-cpp 
CPP: delete the deprecated Container::getURL predicates
 2023-06-20 01:32:25 +02:00
erik-krogh
2104507cec add change-note 2023-06-19 23:11:38 +02:00
erik-krogh
5fdfd98a1d delete the deprecated Conatiner::getURL predicates 2023-06-19 23:11:38 +02:00
Jeroen Ketema
9c774ac97f Merge pull request #13426 from jketema/inline-3 
Update inline flow tests to use parameterized module
 2023-06-19 17:39:29 +02:00
Alexandre Boulgakov
61a3f86f0f Merge pull request #13447 from github/sashabu/windows2 
Swift: Bare-bones extractor pack for Windows.
 2023-06-19 15:39:54 +01:00
AlexDenisov
21ad3e851a Merge pull request #13497 from github/redsun82/swift-remove-result-of 
Swift: remove `std::result_of` from swift headers
 2023-06-19 16:31:26 +02:00
Jean Helie
423336310c Merge pull request #13480 from github/jhelie/clean-up-mad-kinds-use 
Java: clean up mad kinds use
 2023-06-19 16:21:20 +02:00
Paolo Tranquilli
592e7f0b56 Swift: add TODO for later swift updates 2023-06-19 15:52:16 +02:00
Paolo Tranquilli
3ff7148147 Swift: remove std::result_of from swift headers 
`std::result_of` was removed in C++20, though the actual removal from
the STL library implementations seems to depend on the version. For
example using xcode 14.2 one gets away with a deprecation warning, but
xcode 14.3 will fail.

As Swift 5.8.1 is still compiled with C++14, we cannot replace
`std::result_of` with `std::invoke_result` in the prebuilding patches
just yet, but we can do that for the extractor itself, patching the
prebuilt package.
 2023-06-19 15:29:45 +02:00
Tony Torralba
c62689022e Merge pull request #13256 from atorralba/atorralba/java/stapler-models 
Java: Model the Stapler framework
 2023-06-19 15:27:19 +02:00
Tony Torralba
00fe8adc09 Fix name clash 2023-06-19 15:04:33 +02:00
Tony Torralba
5cb451b040 Merge pull request #13475 from atorralba/atorralba/many/zipslip-docs-update 
C#/Go/Java/JS/Python/Ruby: Update the description and qhelp of the Zipslip query
 2023-06-19 14:33:44 +02:00
Ian Lynagh
64e591a823 Merge pull request #13482 from igfoo/igfoo/conc 
Kotlin: Avoid another cause of ConcurrentModificationException with 1.9
 2023-06-19 12:57:25 +01:00
Ian Lynagh
ec73f28d09 Merge pull request #13479 from igfoo/igfoo/ENUM_ENTRIES 
Kotlin: Handle IrSyntheticBodyKind.ENUM_ENTRIES
 2023-06-19 12:57:10 +01:00
Ian Lynagh
ca5bc6f224 Java: Add up/downgrade scripts 2023-06-19 10:36:29 +01:00
Ian Lynagh
1f538cced3 Kotlin: Handle IrSyntheticBodyKind.ENUM_ENTRIES 
Generated by Kotlin 1.9 for some of our tests.
 2023-06-19 10:36:29 +01:00
Arthur Baars
ea97c3ea83 Merge pull request #13423 from aibaars/update-grammar-3 
Ruby: update grammar
 2023-06-19 10:54:12 +02:00
Jeroen Ketema
bc42308bd3 Java: fix formatting 2023-06-19 10:31:49 +02:00
Jeroen Ketema
b420455e2b C#: Update InlineFlowTests to use the merged path graph 2023-06-19 10:28:54 +02:00
Jeroen Ketema
6a84e6cbfd Add the merged PathGraph to all copies of the InlineFlowTest library 2023-06-19 10:28:10 +02:00
Tony Torralba
8f6d2ed2f9 Adjust ZipSlip query description according to review suggestions. 2023-06-19 10:27:41 +02:00
Erik Krogh Kristensen
c289f66692 Merge pull request #13469 from erik-krogh/redos-3.10 
ReDoS: stop spuriously matching everything when encountering an unsupported charclass
 2023-06-19 10:21:00 +02:00
Tony Torralba
3c4d938cf1 Apply code review suggestions. 
Co-authored-by: Asger F <asgerf@github.com>
 2023-06-19 10:20:19 +02:00
Tony Torralba
433fc680ec Apply suggestions from code review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2023-06-19 10:17:40 +02:00
Tom Hvitved
2253761eb0 Merge pull request #13494 from maikypedia/maikypedia/typo 
Ruby : Naming error
 2023-06-19 09:50:45 +02:00
Michael Nebel
1338261f04 Merge pull request #13472 from michaelnebel/csharp/usestubs2 
C#: Use stubs in the Security feature related tests.
 2023-06-19 09:34:19 +02:00
Maiky
849e732c48 typos 2023-06-19 01:16:27 +02:00
Mathias Vorreiter Pedersen
cc09715ba7 Merge pull request #13466 from jketema/pointer-deref-fp 2023-06-18 00:51:59 +01:00
Alexandre Boulgakov
abc6d62b6f Swift: Use platform-specific Bazel config. 2023-06-16 17:24:04 +01:00
Alexandre Boulgakov
679df1e61b Swift: Add "autobuilder" on Windows that simply shows an error. 2023-06-16 17:23:50 +01:00
Alexandre Boulgakov
2bb3101316 Swift: Rename incompatible OS diagnostic to clarify that it's for the autobuilder. 2023-06-16 17:22:43 +01:00
Alexandre Boulgakov
bc48968def Swift: Build incompatible OS diagnostic on all platforms. 2023-06-16 17:22:43 +01:00
Ian Lynagh
04a7ff7f76 Merge pull request #13477 from igfoo/igfoo/diags_classes 
Kotlin: Remove diags.ql from classes test
 2023-06-16 17:07:38 +01:00
Ian Lynagh
096e9a4ba4 Kotlin: Avoid another cause of ConcurrentModificationException with 1.9 2023-06-16 17:06:54 +01:00
Jeroen Ketema
9ff5754473 C++: Add cpp/invalid-pointer-def FP test case 2023-06-16 16:48:24 +02:00
Jeroen Ketema
0e68767efc C++: Add more cpp/invalid-pointer-deref FPs 2023-06-16 15:28:05 +02:00
Rasmus Wriedt Larsen
fb6955edf9 Python: Add tests of methods in summaries 2023-06-16 14:43:45 +02:00
Rasmus Wriedt Larsen
afafaac0d7 Python: Fix typo 2023-06-16 14:41:36 +02:00
Jean Helie
baf6b74945 use new sink mad kinds and simplify isKnownKind predicate 2023-06-16 13:58:23 +02:00
Jean Helie
daf2743143 only use neutral models of kind "sink" 2023-06-16 13:58:23 +02:00
Ian Lynagh
a8acf16088 Kotlin: Remove diags.ql from classes test 
The diags consistency test already handles this for us.
 2023-06-16 12:57:19 +01:00
AlexDenisov
b572974536 Merge pull request #13476 from github/alexdenisov/rc3.10_mergeback 
rc3.10 mergeback: getting Swift changes back to main
 2023-06-16 11:59:23 +02:00
Alex Denisov
0479ef5b9c Merge remote-tracking branch 'origin/rc/3.10' into alexdenisov/rc3.10_mergeback 2023-06-16 10:13:23 +02:00
Michael Nebel
f4f195c837 C#: Base tests for CWE-807 on stubs. 2023-06-16 10:08:40 +02:00