hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-04 10:10:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
58,431 Commits 1,673 Branches 157 Tags
2182bf17dcbf89a41b2d1f5491da0d209b292019
Commit Graph

58431 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Wriedt Larsen
2182bf17dc Merge pull request #14160 from erik-krogh/py-clear-text-log-help 
Py: add new qhelp for clear-text-logging
 2023-09-07 16:35:19 +02:00
Alexander Eyers-Taylor
df2b313c5e Merge pull request #14155 from alexet/reach-end-of-function-return 
CPP: Make functions that reach the end return.
 2023-09-07 13:58:43 +01:00
Alex Eyers-Taylor
e8dfecc4a4 CPP: Fix test result 2023-09-07 12:49:13 +01:00
Alex Eyers-Taylor
d603b7ac3c CPP: Make functions that reach the end return. 
This is UB in C++ but not C where it is only bad if the result is used.
 2023-09-07 12:39:48 +01:00
erik-krogh
bf3fe3cd66 add new qhelp for clear-text-logging 2023-09-07 12:39:13 +02:00
Michael B. Gale
38892bb51b Merge pull request #13999 from github/mbg/csharp/standalone/dotnet-version 
C# Standalone: Install .NET SDK specified in `global.json`
 2023-09-07 11:30:53 +01:00
Rasmus Wriedt Larsen
ec0529d68c Merge pull request #14145 from p-/p--asyncio-cmdi-exec 
Python: Support for command injection sinks found in the `asyncio` module
 2023-09-07 11:27:50 +02:00
Rasmus Wriedt Larsen
bfb4be26c2 Python: Autoformat 2023-09-07 10:31:39 +02:00
Rasmus Wriedt Larsen
54c456d95d Python: Apply suggestions from code review 2023-09-07 10:28:46 +02:00
Rasmus Wriedt Larsen
d4c3dfffec Merge pull request #14158 from RasmusWL/fix-ssrf-example 
Python: Fix typo in SSRF example
 2023-09-07 10:22:21 +02:00
Rasmus Wriedt Larsen
c85ea9a0c0 Python: Fix typo in SSRF example 2023-09-07 09:45:02 +02:00
Michael B. Gale
ccbc6f446a Use git ls-files to find DLLs to index 2023-09-06 22:17:08 +01:00
Tom Hvitved
334502a3de Merge pull request #14153 from github/revert-14082-csharp/bump-dependencies 
Revert "C#: Bump all dependencies"
 2023-09-06 21:10:56 +02:00
Peter Stöckli
7aa5d2dc8a Python: move asyncio CMDi related tests to stdlib tests 2023-09-06 16:54:18 +02:00
Mathias Vorreiter Pedersen
12a717e3af Merge pull request #14141 from github/alexdenisov/unresolved-ast-nodes 
Swift: add queries for unresolved AST nodes
 2023-09-06 15:40:11 +01:00
Tom Hvitved
6e0ff56788 Revert "C#: Bump all dependencies" 2023-09-06 16:23:38 +02:00
Peter Stöckli
ede7d8fb6a Python: apply suggestions from code review for asyncio 2023-09-06 15:47:07 +02:00
Michael Nebel
a8e427ffe1 Merge pull request #14097 from michaelnebel/csharp/extractorerrormessages 
C#: Update extractor_messages relation schema.
 2023-09-06 14:01:36 +02:00
Cornelius Riemenschneider
76f1c7a4cd Merge pull request #14137 from github/dependabot/github_actions/actions/checkout-4 
Bump actions/checkout from 2 to 4
 2023-09-06 13:13:30 +02:00
Cornelius Riemenschneider
79d210f7bd Update .github/workflows/ruby-build.yml 
Co-authored-by: Arthur Baars <aibaars@github.com>
 2023-09-06 12:19:46 +02:00
Tom Hvitved
3a9c34c3c6 Merge pull request #14132 from hvitved/csharp/data-flow-property-write 
C#: Fix logic for flow into property writes
 2023-09-06 08:49:53 +02:00
Erik Krogh Kristensen
a11db7a80a Merge pull request #14148 from github/dependabot/cargo/ql/chrono-0.4.29 
Bump chrono from 0.4.28 to 0.4.29 in /ql
 2023-09-06 07:25:13 +02:00
dependabot[bot]
7f73c59304 Bump chrono from 0.4.28 to 0.4.29 in /ql 
Bumps [chrono](https://github.com/chronotope/chrono) from 0.4.28 to 0.4.29.
- [Release notes](https://github.com/chronotope/chrono/releases)
- [Changelog](https://github.com/chronotope/chrono/blob/main/CHANGELOG.md)
- [Commits](https://github.com/chronotope/chrono/compare/v0.4.28...v0.4.29)

---
updated-dependencies:
- dependency-name: chrono
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-06 03:58:08 +00:00
Mathias Vorreiter Pedersen
570b08e2e9 Merge pull request #14143 from alexet/global-from-unreachble 
CPP: Handle globals flowing into "UnreacheachedInstruction"
 2023-09-05 16:58:55 +01:00
Peter Stöckli
9027eac312 Python: add change notes for asyncio CMDi sinks 2023-09-05 16:14:56 +02:00
Peter Stöckli
8c4dccc81b Python: initial support for CMDi via asyncio 2023-09-05 15:33:29 +02:00
Michael Nebel
b5d4987c0a C#: Add upgrade and downgrade scripts. 2023-09-05 15:32:09 +02:00
Michael Nebel
880da69d16 C#: Update extractor_messages relation schema. 2023-09-05 15:19:32 +02:00
Tamás Vajk
97f09e106e Merge pull request #14101 from tamasvajk/csharp/recursive-generics 
C#: Exclude base type extraction of recursive generics
 2023-09-05 14:24:51 +02:00
Alex Denisov
35e949945d Swift: add queries for unresolved AST nodes 2023-09-05 13:29:11 +02:00
Alex Eyers-Taylor
3db384ddc3 CPP: Handle globals flowing into "UnreacheachedInstruction" 2023-09-05 11:50:32 +01:00
dependabot[bot]
03771ffad2 Bump actions/checkout from 2 to 4 
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-05 12:17:54 +02:00
Tom Hvitved
cb8922034c Merge pull request #14133 from hvitved/ruby/flow-test-path-graph-fixes 
Ruby: Use proper `PathGraph` module in inline flow tests
 2023-09-05 10:33:07 +02:00
Tamas Vajk
bf96e688ff Fix review findings 2023-09-05 10:19:41 +02:00
Rasmus Wriedt Larsen
49f5d38956 Merge pull request #14068 from RasmusWL/dataflow-config-refactor 
Python: Use new dataflow API
 2023-09-04 21:04:10 +02:00
Tom Hvitved
a2912cd72b Ruby: Use proper PathGraph module in inline flow tests 
Gets rid of
```
PathNode is incompatible with PathNode (the type of the edge relation).
```
warnings.
 2023-09-04 20:27:34 +02:00
Tom Hvitved
4a1163b38c Merge pull request #14109 from hvitved/ruby/hide-desugared-assignments-in-dataflow 2023-09-04 19:59:33 +02:00
Michael B. Gale
5337785571 Remove TODO comment 2023-09-04 15:10:00 +01:00
Michael B. Gale
bd5f5314ea C#: Pass .dotnet path to standalone extractor 2023-09-04 15:09:28 +01:00
Michael B. Gale
37535d1f52 C#: Make WithDotNet public 2023-09-04 15:08:57 +01:00
Michael B. Gale
3b010a2fb3 C# standalone: accept path to .dotnet folder 2023-09-04 15:08:53 +01:00
Michael B. Gale
4c2a7aab3d Do not rename global.json in standalone mode 2023-09-04 15:04:44 +01:00
Michael B. Gale
bbe90be0db Wrap StandaloneBuildRule in WithDotNet 2023-09-04 15:02:44 +01:00
Tom Hvitved
55aedbc46c C#: Fix logic for flow into property writes 2023-09-04 15:42:50 +02:00
Kasper Svendsen
ecee427c72 Merge pull request #14117 from kaspersv/delete-unnecessary-test 
Java: Delete java test query which fails to compile
 2023-09-04 15:28:57 +02:00
Alex Ford
0325c87ccb Merge pull request #13825 from boveus/add-cwe-208 
Ruby: Add Unsafe HMAC Comparison Query.
 2023-09-04 14:10:12 +01:00
Ian Lynagh
a2659eecfb Merge pull request #14018 from igfoo/igfoo/extractor_information_kotlin1 
Kotlin: Write usesK2 ("uses Kotlin 2") information to the database
 2023-09-04 13:38:23 +01:00
Michael B. Gale
77369a09a4 Merge pull request #13872 from Kwstubbs/Kevin_error_sanitizer 
Go: Add sanitizer to remove paths passing through http.Error
 2023-09-04 13:25:55 +01:00
Alex Ford
11e5565344 Merge branch 'main' into add-cwe-208 2023-09-04 12:45:49 +01:00
Ian Lynagh
03ad04bc8e Merge pull request #14118 from igfoo/igfoo/kotlin_master 
Kotlin: Make it possible to build with master
 2023-09-04 12:12:25 +01:00