hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-16 15:03:41 +01:00
Code Issues Packages Projects Releases Wiki Activity
68,091 Commits 1,693 Branches 160 Tags
19b6d24bc2e95d039aa6318edb79cd9dc32ba195
Commit Graph

68091 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
19b6d24bc2 Merge pull request #16816 from MathiasVP/fix-valuenumber-imports 
C++: Fix value numbering imports
 2024-06-24 13:37:38 +01:00
Mathias Vorreiter Pedersen
00d772f980 C++: Fix value numbering imports. 2024-06-24 11:53:24 +01:00
Michael Nebel
abc7cc39d4 Merge pull request #16775 from michaelnebel/modelgen/refactorprinting 
C#/Java: Parameterized module for model printing.
 2024-06-24 12:51:07 +02:00
Michael Nebel
9cd16fd9d6 Java: Base the model printing on the shared implementation. 2024-06-24 11:52:50 +02:00
Michael Nebel
8630583856 C#/Java: Exclude the model printing implementation form sync files. 2024-06-24 11:50:57 +02:00
Michael Nebel
b7bc540325 C#: Adjust implementation to use the shared model printer. 2024-06-24 11:50:46 +02:00
Michael Nebel
65e150b416 Add parameterized module for MaD model printing. 2024-06-24 11:48:33 +02:00
Owen Mansel-Chan
f04a85e121 Merge pull request #16753 from owen-mc/go/misc-clean-up 
Go: a few small clean ups
 2024-06-24 10:47:21 +01:00
Michael Nebel
94d12edfdb Merge pull request #16759 from michaelnebel/modelgen/sourcesinkmodelgen 
C#/Java: Introduce source and sink model generation sanitisers.
 2024-06-24 11:47:11 +02:00
Mathias Vorreiter Pedersen
a1743aa12e Merge pull request #16805 from MathiasVP/tc-in-temp-materialization 
C++: Fix missing `asExpr` for temporary materializations with conversions
 2024-06-23 13:38:01 +01:00
Owen Mansel-Chan
513ec16691 Merge pull request #16796 from owen-mc/go/fix/package-vendor 
Go: Fix bug removing "vendor/" from package paths
 2024-06-22 07:54:18 +01:00
Mathias Vorreiter Pedersen
1bb762bea9 C++: Accept test changes. 2024-06-21 13:35:10 +01:00
Mathias Vorreiter Pedersen
7d41e8ef73 C++: Perform a TC to skip conversions when special-casing materialization of temporaries. 2024-06-21 13:35:09 +01:00
Mathias Vorreiter Pedersen
3b585b4196 C++: Add test with missing flow. 2024-06-21 13:35:08 +01:00
Taus
4a448f445e Merge pull request #15715 from am0o0/am0o0-python-codeExec 
Python: New command execution sinks
 2024-06-21 14:26:33 +02:00
Erik Krogh Kristensen
49f74bacf2 Merge pull request #16729 from mbaluda/main 
JS: Extract SAP XSJS file types as Javascript
 2024-06-21 14:23:55 +02:00
Mauro Baluda
b75514c990 Merge branch 'github:main' into main 2024-06-21 13:36:38 +02:00
Kasper Svendsen
988d0671bb Merge pull request #16734 from kaspersv/kaspersv/doc-intern-sets-builtin 
Document builtin InternSets module
 2024-06-21 12:06:40 +02:00
Tom Hvitved
dff3ce2a9f Merge pull request #16794 from hvitved/ruby/sinatra-flow 
Ruby: Rework `Sinatra.FilterJumpStep`
 2024-06-21 11:38:10 +02:00
Tom Hvitved
8ea4f85de3 Ruby: Rework Sinatra.FilterJumpStep 2024-06-21 08:57:59 +02:00
Tom Hvitved
95c764eff6 Fix Sinatra test to properly output pathgraph 2024-06-21 08:57:19 +02:00
Erik Krogh Kristensen
db768960f4 Merge pull request #15060 from am0o0/amammad-js-envinjection 
JS: Env Injection query
 2024-06-20 21:27:21 +02:00
Erik Krogh Kristensen
555d7e5958 Merge pull request #14293 from am0o0/amammad-js-CodeInjection_dynamic_import 
JS: Dynamic import as code injection sink
 2024-06-20 21:19:57 +02:00
Erik Krogh Kristensen
60ed51781e Merge pull request #16790 from github/max-schaefer-patch-1 
JavaScript: Fix CodeQL alert in extractor
 2024-06-20 20:20:00 +02:00
Erik Krogh Kristensen
e84028d01e Merge pull request #14088 from am0o0/amammad-js-JWT 
JS: decoding JWT without signature verification
 2024-06-20 20:13:40 +02:00
Jeroen Ketema
0e04a59c08 Merge pull request #16795 from jketema/test-cleanup 
C++: Remove unneeded options from tests
 2024-06-20 16:24:07 +02:00
Jeroen Ketema
4c4c15b425 C++: Remove unneeded options from tests 2024-06-20 14:21:34 +02:00
Owen Mansel-Chan
aa35bd771b Fix bug removing "vendor/" from package paths 2024-06-20 13:18:21 +01:00
Asger F
a36e39359f Merge pull request #16739 from RasmusWL/js-array-steps 
JS: Allow many Array steps to be used in type-tracking
 2024-06-20 11:39:46 +02:00
Rasmus Wriedt Larsen
596102d3fb Update javascript/ql/lib/change-notes/2024-06-14-type-tracking-array-steps.md 
Co-authored-by: Asger F <asgerf@github.com>
 2024-06-20 10:07:49 +02:00
Owen Mansel-Chan
754fd8e84c Drop leading . from getQualifiedName for built-in functions 
So it will be "panic" instead of ".panic".
 2024-06-19 22:04:21 +01:00
Owen Mansel-Chan
68a661f3c7 Write out whole function names 2024-06-19 21:58:31 +01:00
Owen Mansel-Chan
b79711b17e Move deprecated notice to top of comment 2024-06-19 21:58:28 +01:00
Max Schaefer
2be171746b JavaScript: Fix CodeQL alert in extractor 
This doesn't make a difference in practice because we only run the method on arrays of even length, but we might as well fix it.
 2024-06-19 17:13:01 +01:00
Michael Nebel
aa962f9b03 Java: Update expected output of model generation. 2024-06-19 14:10:59 +02:00
Michael Nebel
1185e28ea2 Java: Add some spurious source and sink model generation examples. 2024-06-19 14:10:56 +02:00
Michael Nebel
ed3f1e40db Java: Sync changes and make dummy language specific implementation. 2024-06-19 14:10:54 +02:00
Michael Nebel
99907471b2 C#: Update model generator expected output. 2024-06-19 14:10:52 +02:00
Michael Nebel
40204911bc C#: Only allow source propgatation upwards in the call stack if the call path consists of unique call targets (to avoid unwanted virtual dispatch). This severely tightens the generation of extrapolated sources. 2024-06-19 14:10:49 +02:00
Tom Hvitved
6dbdc9e17f Merge pull request #16784 from github/redsun82/fix-warnings-in-ql-tests 
C++/Java: Accept new warning format in ql tests
 2024-06-19 13:05:50 +02:00
Paolo Tranquilli
b7a2ea8981 CI: accept other diagnostic format related test changes 2024-06-19 11:33:50 +02:00
Paolo Tranquilli
59f8f8a394 Merge branch 'main' into redsun82/fix-warnings-in-ql-tests 2024-06-19 11:21:36 +02:00
Tamás Vajk
45ece48b6f Merge pull request #16776 from tamasvajk/fix/source-generator-folder 
C#: Make sure no file is added twice to the compilation
 2024-06-19 10:09:50 +02:00
Paolo Tranquilli
919ddccfdb C++/Java: Accept new warning format in ql tests 2024-06-19 09:13:18 +02:00
Edward Minnix III
7adfa6bbed Merge pull request #16709 from egregius313/egregius313/go/df/threat-models/refactor-queries 
Go: Refactor queries to use `ThreatModelFlowSource` instead of `RemoteFlowSource`
 2024-06-18 13:56:00 -04:00
am0o0
eb1999f8b3 revert .vscode/settings.json :(( 2024-06-18 18:43:20 +02:00
am0o0
ccb923a436 fix formatting 2024-06-18 18:31:29 +02:00
Ed Minnix
5bbd003dfc Reword change note 2024-06-18 12:27:21 -04:00
Ed Minnix
b53712cae0 Change note 2024-06-18 12:27:19 -04:00
Ed Minnix
6a0be6ad09 ExternalAPIs 2024-06-18 12:27:18 -04:00