hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 00:35:20 +02:00
Code Issues Packages Projects Releases Wiki Activity
51,346 Commits 1,741 Branches 165 Tags
2270d6fa61ba24c6c64de20ccc49ed1bbfd37e2f
Commit Graph

51346 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Anders Schack-Mulligen
0c95ab2cdc Merge pull request #12474 from hvitved/dataflow/call-back-post-update 
Data flow: Synthesize post-update nodes for callback arguments inside summarized callables
 2023-03-13 13:21:52 +01:00
Ian Lynagh
4fbc747f93 Kotlin: Move kotlin_double_interception test to posix_only 
It's failing on Windows
 2023-03-13 11:57:57 +00:00
Ian Lynagh
fd8f7e071b Kotlin: Tweak double_interception test 2023-03-13 11:57:57 +00:00
Ian Lynagh
fae4a8f37b Kotlin: double interception test: Fix for old python versions 2023-03-13 11:57:57 +00:00
Ian Lynagh
8b6047dfd1 Kotlin: Handle double-interceptions without failing 2023-03-13 11:57:57 +00:00
Ian Lynagh
81e71c4669 Kotlin: Add a test for double niterception 2023-03-13 11:57:57 +00:00
dependabot[bot]
6e75df4088 Merge pull request #12494 from github/dependabot/cargo/ruby/serde-1.0.155 2023-03-13 11:49:00 +00:00
Erik Krogh Kristensen
060c37b6a2 Merge pull request #12345 from erik-krogh/delOldDeps 
delete old deprecations
 2023-03-13 12:48:24 +01:00
Tom Hvitved
163bb2b94d Add change note 2023-03-13 12:45:46 +01:00
Tom Hvitved
714b61b63e Ruby: Add missing flow through self.new constructor calls 2023-03-13 12:45:46 +01:00
dependabot[bot]
219bac74bf Bump serde from 1.0.154 to 1.0.155 in /ruby 
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.154 to 1.0.155.
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.154...v1.0.155)

---
updated-dependencies:
- dependency-name: serde
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-03-13 11:36:09 +00:00
dependabot[bot]
de84dddfc1 Merge pull request #12495 from github/dependabot/cargo/ql/serde-1.0.155 2023-03-13 11:32:03 +00:00
Arthur Baars
e0a49e2999 Merge pull request #12486 from aibaars/windows-long-paths 
Ruby: support long paths on Windows
 2023-03-13 12:18:50 +01:00
Tamas Vajk
e44aca0b33 Java: Add printAST test with javadoc 2023-03-13 12:02:50 +01:00
Arthur Baars
41a53ec109 Address comments 2023-03-13 11:50:03 +01:00
Geoffrey White
e4837f7da9 Merge pull request #12489 from geoffw0/typealiastests 
Swift: Skeleton + tests for type alias support
 2023-03-13 10:38:43 +00:00
Asger F
5461f94c6c Merge pull request #12424 from asgerf/js/html-sanitizer-for-sql 
JS: Add html sanitizers as a taint step in a few queries
 2023-03-13 11:36:19 +01:00
Asger F
41dd63adc7 Handle forwardRef in React 2023-03-13 11:30:18 +01:00
Anders Schack-Mulligen
7c0e89ffdd Java: Refactor ArithmeticTainted.ql, TempDirLocalInformationDisclosure.ql 2023-03-13 11:27:14 +01:00
Anders Schack-Mulligen
da273269cb Java: Refactor PolynomialReDoS.ql 2023-03-13 11:27:14 +01:00
Anders Schack-Mulligen
f53a05bf13 Merge pull request #12475 from aschackmull/dataflow/mergepathgraph 
Dataflow: Add MergePathGraph module.
 2023-03-13 11:26:24 +01:00
Jeroen Ketema
a0fca20f0d Merge pull request #12498 from jketema/frontend-tests 
C++: Update `.expected` after frontend changes
 2023-03-13 11:25:58 +01:00
Anders Schack-Mulligen
c380ecbbbc Data flow: Add change notes. 2023-03-13 11:09:13 +01:00
erik-krogh
6c1ebd999e Merge branch 'main' into delOldDeps 2023-03-13 11:00:29 +01:00
Erik Krogh Kristensen
25e6b976c8 Merge pull request #12405 from github/dependabot/cargo/ql/rayon-1.7.0 
Bump rayon from 1.6.1 to 1.7.0 in /ql
 2023-03-13 10:57:11 +01:00
Geoffrey White
7512d81331 Merge pull request #12484 from geoffw0/summarydetail 
Swift: Update swift/summary/summary-statistics to DataFlow::ConfigSig
 2023-03-13 09:54:54 +00:00
Tom Hvitved
6ee231fac5 Ruby: Add more tests for flow through constructors 2023-03-13 10:52:01 +01:00
Geoffrey White
0d1be2294c Merge branch 'main' into typealiastests 2023-03-13 09:38:54 +00:00
Geoffrey White
8d666d00c2 Swift: Update codegen. 2023-03-13 09:21:44 +00:00
Geoffrey White
9a5dbd078e Merge pull request #12485 from geoffw0/qldocraw 
Swift: Add generated QLDoc to the Raw.qll file.
 2023-03-13 09:10:55 +00:00
Jeroen Ketema
bd47c4f9ec C++: Update .expected after frontend changes 2023-03-13 09:40:10 +01:00
Tony Torralba
e834f9302e Fix Apache Commons HTTP Client and SQL Injection tests 2023-03-13 09:36:53 +01:00
Harry Maclean
9c3d141c9c Ruby: Add change note 2023-03-13 18:57:55 +13:00
dependabot[bot]
7ab3bb1239 Bump serde from 1.0.154 to 1.0.155 in /ql 
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.154 to 1.0.155.
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.154...v1.0.155)

---
updated-dependencies:
- dependency-name: serde
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-03-13 04:10:45 +00:00
Harry Maclean
fe995dd99b Ruby: ActiveRecord::Connection.execute SQL sink 2023-03-13 09:03:54 +13:00
Harry Maclean
025cd34dab Ruby: Taint flow through ActionController params 
We were not recognising "require" as returning a Parameters instance.
 2023-03-13 08:52:41 +13:00
Harry Maclean
2d95b6a049 Ruby: Add count_by_sql as SQL sink 2023-03-13 08:40:32 +13:00
Harry Maclean
c97dccf0de Ruby: Add reorder as a SQL sink 
In recent versions of Rails this method doesn't seem to be vulnerable,
but it may be in previous versions. There's a slight FP risk here, but
I think it is small.
 2023-03-13 08:38:17 +13:00
Mathias Vorreiter Pedersen
ab58d4c11f Merge pull request #12415 from github/rdmarsh2/swift/constructor-flow 2023-03-10 23:16:37 +00:00
Arthur Baars
c67bfff33b Ruby: strip \\?\ from display paths 2023-03-10 22:32:11 +01:00
Arthur Baars
4bfcc31ef0 Ruby: support long paths on Windows 2023-03-10 22:32:11 +01:00
Ed Minnix
59eea2a4a3 Change FlowState classes to use IPAs instead of string 2023-03-10 15:24:04 -05:00
Ed Minnix
b6eeac5bc8 Update names to new naming convention 2023-03-10 15:13:58 -05:00
Robert Marsh
d9732361fc Swift: autoformat 2023-03-10 19:28:01 +00:00
Geoffrey White
fbde174a89 Swift: Autoformat. 2023-03-10 19:02:54 +00:00
Arthur Baars
50ff82fe51 Merge pull request #12482 from github/revert-12245-calumgrant/codeowners-dynamic 
Revert "Update CODEOWNERS for dynamic teams"
 2023-03-10 19:44:12 +01:00
Geoffrey White
7ddd08fb1e Swift: Extend an extractor test as well. 2023-03-10 18:35:03 +00:00
Geoffrey White
f6e7837cb8 Swift: Extend the PrintAST test as well. 2023-03-10 18:28:11 +00:00
Geoffrey White
0c900e4b8a Swift: Add a test for aliased types. 2023-03-10 18:26:48 +00:00
Mathias Vorreiter Pedersen
d4269251be Swift: Add QL skeleton for aliased types. 2023-03-10 18:15:40 +00:00