hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-06 02:01:09 +01:00
Code Issues Packages Projects Releases Wiki Activity
51,346 Commits 1,690 Branches 160 Tags
2270d6fa61ba24c6c64de20ccc49ed1bbfd37e2f
Commit Graph

51346 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Erik Krogh Kristensen
2270d6fa61 fix typo 
Co-authored-by: Taus <tausbn@github.com>
 2023-03-20 10:56:30 +01:00
erik-krogh
b208988675 Py: add test for problematic regex 2023-03-16 12:21:00 +01:00
erik-krogh
54ec047433 ReDoS: put an artificial limitation on the analysis in polynomial-redos for large regular expressions 2023-03-16 12:20:53 +01:00
erik-krogh
8bc8342c7c Py:don't parse regular expressions in system-code 2023-03-16 10:41:30 +01:00
Erik Krogh Kristensen
be8f04a997 Merge pull request #12525 from github/dependabot/cargo/ql/serde-1.0.156 
Bump serde from 1.0.155 to 1.0.156 in /ql
 2023-03-16 10:36:11 +01:00
Erik Krogh Kristensen
48f889b055 Merge pull request #12496 from github/dependabot/cargo/ql/chrono-0.4.24 
Bump chrono from 0.4.23 to 0.4.24 in /ql
 2023-03-16 10:35:59 +01:00
Tom Hvitved
a13b6ed230 Merge pull request #12536 from hvitved/dataflow/call-enclosing-callable-consistency-check 
Data flow: Add consistency check for `DataFlowCall::getEnclosingCallable`
 2023-03-16 10:19:42 +01:00
Rasmus Wriedt Larsen
b3a49ab143 Merge pull request #12467 from RasmusWL/kwargs-parameter-position-fixup 
Python/Ruby: Use new parameter position for synthetic hash-splat instead
 2023-03-16 09:52:46 +01:00
Tom Hvitved
404ead8a18 Python: Update expected test output 2023-03-16 08:40:53 +01:00
Tom Hvitved
b3ef1e9372 C++: Update expected test output 2023-03-16 08:40:53 +01:00
Tom Hvitved
64f13fa08f C#: Exclude call inside static field initializers from consistency check 2023-03-16 08:40:53 +01:00
Tom Hvitved
9f798902bd Data flow: Add consistency check for DataFlowCall::getEnclosingCallable 2023-03-16 08:40:53 +01:00
Henry Mercer
720eed398b Merge pull request #12523 from github/henrymercer/polish-diagnostics 
Polish diagnostic messages
 2023-03-15 15:06:52 +00:00
Anders Schack-Mulligen
bc9942eb75 Merge pull request #12530 from aschackmull/java/refactor-dataflow-queries-3 
Java: Refactor more dataflow queries to the new API (take 3)
 2023-03-15 14:57:29 +01:00
Tom Hvitved
a6e9d111a5 Merge pull request #12534 from hvitved/swift/summary-call-encl-callable 
Swift: Fix `SummaryCall::getEnclosingCallable`
 2023-03-15 14:35:00 +01:00
Tom Hvitved
96639c594f Swift: Fix SummaryCall::getEnclosingCallable 2023-03-15 13:58:12 +01:00
Arthur Baars
fe34ec1378 Ruby: fix formatting errors 2023-03-15 13:45:06 +01:00
Henry Mercer
5de0eae992 Ruby: Update diagnostic source names for consistency 2023-03-15 12:05:09 +00:00
Henry Mercer
a90f4915a7 C#: Add new lines before call to action 2023-03-15 12:00:47 +00:00
Henry Mercer
0de4259bff Revert "Ruby: Use rb prefix in diagnostic IDs for consistency with queries" 
This reverts commit a6509c7a37.
 2023-03-15 12:00:47 +00:00
Anders Schack-Mulligen
ecf5591bc6 Merge pull request #12527 from aschackmull/java/remove-dataflow-for-serializability 
Java: Delete `DataFlowForSerializability` and `DataFlowForOnActivityResult`
 2023-03-15 12:37:17 +01:00
Anders Schack-Mulligen
6408d7cbbe Java: Refactor RsaWithoutOaep. 2023-03-15 10:37:54 +01:00
Anders Schack-Mulligen
b3b5c2c767 Java: Refactor UnsafeContentUriResolution. 2023-03-15 10:32:58 +01:00
Anders Schack-Mulligen
4b814ec71c Java: Refactor SensitiveCommunication.ql. 2023-03-15 10:32:35 +01:00
Anders Schack-Mulligen
ca8e013618 Java: Refactor FragmentInjection. 2023-03-15 10:23:21 +01:00
Anders Schack-Mulligen
5bd530f570 Java: Refactor IntentUriPermissionManipulation. 2023-03-15 10:13:28 +01:00
Anders Schack-Mulligen
b14b95cd79 Java: Refactor LogInjection 2023-03-15 10:10:02 +01:00
Anders Schack-Mulligen
abf3abdc65 Java: Delete DataFlowForOnActivityResult. 2023-03-15 09:47:21 +01:00
Anders Schack-Mulligen
bea7c43584 Java: Delete DataFlowForSerializability 2023-03-15 09:42:02 +01:00
Anders Schack-Mulligen
e8a7139020 Merge pull request #12476 from aschackmull/java/refactor-dataflow-queries-2 
Java: Refactor more dataflow queries to the new API
 2023-03-15 09:40:32 +01:00
dependabot[bot]
f811436cff Bump serde from 1.0.155 to 1.0.156 in /ql 
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.155 to 1.0.156.
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.155...v1.0.156)

---
updated-dependencies:
- dependency-name: serde
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-03-15 04:05:38 +00:00
Arthur Baars
fbe9823a42 Merge branch 'main' into henrymercer/polish-diagnostics 2023-03-14 23:42:33 +01:00
Henry Mercer
1454890a58 C#: Add new paragraphs before call to action 2023-03-14 21:52:23 +00:00
Henry Mercer
1394abcf98 JS: Update diagnostics IDs for consistency with rules 2023-03-14 21:44:19 +00:00
Henry Mercer
1f63c5d5e4 JS: Update parse error diagnostic name for consistency 2023-03-14 21:43:32 +00:00
Harry Maclean
604d5f0c71 Merge pull request #12510 from hmac/merge-ruby-extractor 
Ruby: Merge extractor crates
 2023-03-15 09:41:07 +13:00
Harry Maclean
fd43ba0827 Update .github/workflows/ruby-build.yml 
Co-authored-by: Arthur Baars <aibaars@github.com>
 2023-03-15 09:28:53 +13:00
Harry Maclean
6dcc884fe1 Ruby: Small doc change 
This is primarily to bust the actions cache, to test a change in the
ruby-build workflow.
 2023-03-15 08:42:24 +13:00
Harry Maclean
eefc4866ea Ruby: build query pack in temporary directory 
This ensures we don't clobber any existing directories in the repo.
 2023-03-15 08:20:23 +13:00
Harry Maclean
aaeb8a0aa0 Merge pull request #12493 from hmac/ar-sinks 2023-03-15 07:59:07 +13:00
Geoffrey White
959f93a766 Merge pull request #12520 from geoffw0/basetypefix 
Swift: Fix result type of NominalType.getABaseType.
 2023-03-14 18:23:54 +00:00
Geoffrey White
a391c01d36 Swift: Fix result type of NominalType.getABaseType. 2023-03-14 17:36:30 +00:00
Henry Mercer
bc106873c1 C#: Fix casing of "CodeQL Action" 2023-03-14 17:24:30 +00:00
Henry Mercer
7e4f77bfb3 C#: Only serialize the location if it is present 2023-03-14 17:23:00 +00:00
Henry Mercer
a6509c7a37 Ruby: Use rb prefix in diagnostic IDs for consistency with queries 2023-03-14 17:13:50 +00:00
Henry Mercer
769f9051af Ruby: Serialize severities as lowercase 2023-03-14 17:09:25 +00:00
Henry Mercer
6fbc8261f2 Java: Add a full stop 2023-03-14 17:03:42 +00:00
Henry Mercer
770924455e Java: Use Dotcom help links 2023-03-14 17:00:48 +00:00
Henry Mercer
ce96f009b7 Java: Capitalise HTTPS 2023-03-14 16:58:24 +00:00
Henry Mercer
819e0dfbf0 Java: Use "relevant" instead of "suspicious" 2023-03-14 16:54:14 +00:00