codeql

mirror of https://github.com/github/codeql.git synced 2026-04-19 14:04:09 +02:00

Author	SHA1	Message	Date
Harry Maclean	246ad46eb1	Ruby: Account for filter skip ordering A `skip_*_filter :foo` call only has an effect if there was an earlier call that registered `:foo` as a filter.	2023-01-30 18:50:30 +13:00
Harry Maclean	a164e76a5d	Ruby: Model actioncontroller filter overrides If a filter is registered twice with the same name, the last registration wins.	2023-01-30 18:05:22 +13:00
Harry Maclean	28c3bd3e2f	Ruby: QL4QL fix	2023-01-30 17:41:36 +13:00
Harry Maclean	fb86ef4aac	Ruby: Model ActionController filters ActionController filters provide a way to register callbacks that run before, after or around an action (i.e. HTTP request handler). They run in the same class context as the action, so can get/set instance variables and generally interact with the action in arbitrary ways. In order to track flow between filters and actions, we have to model the callback chain. This commit does that. A later change will add dataflow steps to actually track flow through the chain.	2023-01-30 17:41:36 +13:00
Geoffrey White	6c0b50c696	Merge pull request #11980 from geoffw0/modern2 Swift: Structure modernized queries more consistently	2023-01-27 14:33:43 +00:00
Geoffrey White	794ba428a7	Merge pull request #11942 from geoffw0/rncrypt4 Swift: add RNCryptor sinks to swift/static-initialization-vector	2023-01-27 14:33:06 +00:00
James Fletcher	812306cb52	Merge pull request #12006 from felickz/patch-2 Add link to codeql metadata article for problem.severity	2023-01-27 13:59:06 +00:00
Chad Bentz	4fee536e6d	table spacing	2023-01-27 08:19:43 -05:00
Chad Bentz	3ef4d3118c	Add link to codeql metadata article for problem.severity	2023-01-27 08:01:07 -05:00
Michael B. Gale	f192191e8c	Merge pull request #11997 from github/smowton/fix/deperrors-conditional Go: Fix DepErrors test	2023-01-26 14:52:27 +00:00
Mathias Vorreiter Pedersen	508027e0e5	Merge pull request #11998 from MathiasVP/fix-iterator-test	2023-01-26 12:35:12 +00:00
Mathias Vorreiter Pedersen	13baa5b60b	C++: Add iterator typedefs to properly instantiate 'int_iterator_by_trait' and 'insert_iterator_by_trait'.	2023-01-26 11:43:33 +00:00
Chris Smowton	7921de243a	Fix DepErrors test This was likely harmlessly causing `go get` reruns, since most (all?) real dependency errors cause `go list` to exit with a nonzero return code in any case.	2023-01-26 11:37:41 +00:00
dependabot[bot]	295152cd32	Merge pull request #11992 from github/dependabot/cargo/ruby/serde-1.0.152	2023-01-26 10:17:56 +00:00
dependabot[bot]	bf02340a6a	Merge pull request #11982 from github/dependabot/cargo/ruby/num_cpus-1.14.0	2023-01-26 10:13:09 +00:00
dependabot[bot]	6e69acdd7e	Bump serde from 1.0.131 to 1.0.152 in /ruby Bumps [serde](https://github.com/serde-rs/serde) from 1.0.131 to 1.0.152. - [Release notes](https://github.com/serde-rs/serde/releases) - [Commits](https://github.com/serde-rs/serde/compare/v1.0.131...v1.0.152) --- updated-dependencies: - dependency-name: serde dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2023-01-26 03:08:58 +00:00
Harry Maclean	07a7a213b3	Merge pull request #11871 from hmac/rack	2023-01-26 08:40:30 +13:00
Rasmus Wriedt Larsen	1fcfae2464	Merge pull request #11987 from RasmusWL/suite-lists Misc: Add `security-experimental` to `generate-code-scanning-query-list.py`	2023-01-25 17:29:36 +01:00
Geoffrey White	e92a5eb467	Merge pull request #11911 from geoffw0/rncrypt2 Swift: Add RNCryptor sinks to swift/hardcoded-key	2023-01-25 15:11:16 +00:00
Rasmus Wriedt Larsen	e8714c9edb	Misc: Add Swift to `generate-code-scanning-query-list.py`	2023-01-25 15:22:20 +01:00
Rasmus Wriedt Larsen	b220c2f51d	Misc: Add `security-experimental` to `generate-code-scanning-query-list.py` Since not all experimental queries is part of this new suite, it's nice to be able to list them explicitly without having to replicate the logic from the .qls file.	2023-01-25 15:20:49 +01:00
Geoffrey White	f6fe627f4b	Merge pull request #11914 from geoffw0/rncrypt3 Swift: Add RNCryptor sinks to swift/constant-salt	2023-01-25 13:05:33 +00:00
Alex Ford	3dd9392f5e	Merge pull request #11869 from alexrford/rails/render_locals_shared Ruby: Rails - generalize rails flow step for accessing render locals hash in view	2023-01-25 12:07:26 +00:00
Erik Krogh Kristensen	39e9eaf2bc	Merge pull request #11986 from erik-krogh/redosNote2 RB: add note in ReDoS qhelp that Ruby 3.2 has fixed ReDoS	2023-01-25 11:56:04 +01:00
Paolo Tranquilli	f4cb920624	Merge pull request #11932 from github/redsun82/swift-docs Swift: add and fix some `schema.py` documentation	2023-01-25 10:52:00 +01:00
erik-krogh	54b0350cac	add note in ReDoS qhelp that Ruby 3.2 has fixed ReDoS	2023-01-25 10:24:11 +01:00
dependabot[bot]	531c0559a0	Bump num_cpus from 1.13.0 to 1.14.0 in /ruby Bumps [num_cpus](https://github.com/seanmonstar/num_cpus) from 1.13.0 to 1.14.0. - [Release notes](https://github.com/seanmonstar/num_cpus/releases) - [Changelog](https://github.com/seanmonstar/num_cpus/blob/master/CHANGELOG.md) - [Commits](https://github.com/seanmonstar/num_cpus/compare/v1.13.0...v1.14.0) --- updated-dependencies: - dependency-name: num_cpus dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2023-01-25 08:48:08 +00:00
Arthur Baars	358ae7529b	Merge pull request #11973 from github/dependabot/cargo/ruby/serde_json-1.0.91 Bump serde_json from 1.0.72 to 1.0.91 in /ruby	2023-01-25 09:45:32 +01:00
Arthur Baars	068b71bc3d	Merge pull request #11972 from github/dependabot/cargo/ruby/regex-1.7.1 Bump regex from 1.5.5 to 1.7.1 in /ruby	2023-01-25 09:44:57 +01:00
Arthur Baars	e634ab771f	Merge pull request #11971 from github/dependabot/cargo/ruby/flate2-1.0.25 Bump flate2 from 1.0.22 to 1.0.25 in /ruby	2023-01-25 09:44:29 +01:00
Erik Krogh Kristensen	99bad77972	Merge pull request #11906 from erik-krogh/moreStem JS: expand what is parsed as the stem of a pathexpr	2023-01-25 08:44:44 +01:00
Geoffrey White	5375678ca6	Swift: Add consistent CSV extension points.	2023-01-24 18:49:50 +00:00
Geoffrey White	6a210d719b	Swift: Rename QueryExtensions.qll files for consistency.	2023-01-24 17:58:13 +00:00
Paolo Tranquilli	ddef87f6e2	Merge pull request #10956 from github/redsun82/swift-linkage-awareness Swift: disambuigate entities using linkage awareness on modules	2023-01-24 18:49:24 +01:00
Paolo Tranquilli	4880ab41a2	Swift: use `weakly_canonical` instead of `canonical` `weakly_canonical` will resolve as much as possible in the path, and not return an error if it can't resolve everything (for example due to a non existant file). In any case in case of problems with the file we will see an error when actually using the resolved path. This tunes down some unhelpful log messages.	2023-01-24 16:34:47 +01:00
Paolo Tranquilli	a74247e5d8	Swift: add filename to an error message	2023-01-24 16:29:10 +01:00
Paolo Tranquilli	6b77e6748a	Swift: use same implementation for `createTarget{Link,Object}Domain`	2023-01-24 16:27:21 +01:00
James Fletcher	176b2cae19	Merge pull request #11882 from github/charisk/rename-vscode-run-query-cmd Rename VS Code Extension Run Query command	2023-01-24 15:17:30 +00:00
Paolo Tranquilli	23344a7183	Merge branch 'main' into redsun82/swift-linkage-awareness	2023-01-24 15:47:44 +01:00
Jeroen Ketema	ae2fa6c1a4	Merge pull request #11975 from MathiasVP/another-dataflow-loop C++: Add another looping dataflow test	2023-01-24 14:21:16 +01:00
Calum Grant	522c9d640d	Merge pull request #11957 from github/yoff-list-support-for-python-3.11 Update supported-versions-compilers.rst	2023-01-24 10:15:11 +00:00
Mathias Vorreiter Pedersen	510211a4c7	C++: Add testcase with looping behavior in C/C++ def-use flow.	2023-01-24 09:44:30 +00:00
Michael Nebel	4df615f994	Merge pull request #11922 from michaelnebel/csharp11/strings C# 11: String related functionality.	2023-01-24 10:31:31 +01:00
Michael Nebel	0b04654f33	C#: Update expected test output.	2023-01-24 09:51:47 +01:00
Michael Nebel	4c966f2b8a	C#: Add some more UTF-8 encoded string examples.	2023-01-24 09:49:38 +01:00
Mathias Vorreiter Pedersen	ca5916f3dc	Merge pull request #11946 from MathiasVP/fix-taint-models-2	2023-01-24 08:13:43 +00:00
dependabot[bot]	fd22c7c73e	Bump serde_json from 1.0.72 to 1.0.91 in /ruby Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.72 to 1.0.91. - [Release notes](https://github.com/serde-rs/json/releases) - [Commits](https://github.com/serde-rs/json/compare/v1.0.72...v1.0.91) --- updated-dependencies: - dependency-name: serde_json dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2023-01-24 06:39:13 +00:00
dependabot[bot]	c4bf25f33c	Bump regex from 1.5.5 to 1.7.1 in /ruby Bumps [regex](https://github.com/rust-lang/regex) from 1.5.5 to 1.7.1. - [Release notes](https://github.com/rust-lang/regex/releases) - [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md) - [Commits](https://github.com/rust-lang/regex/compare/1.5.5...1.7.1) --- updated-dependencies: - dependency-name: regex dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2023-01-24 06:39:09 +00:00
dependabot[bot]	b1f73b59cd	Bump flate2 from 1.0.22 to 1.0.25 in /ruby Bumps [flate2](https://github.com/rust-lang/flate2-rs) from 1.0.22 to 1.0.25. - [Release notes](https://github.com/rust-lang/flate2-rs/releases) - [Commits](https://github.com/rust-lang/flate2-rs/compare/1.0.22...1.0.25) --- updated-dependencies: - dependency-name: flate2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2023-01-24 06:39:03 +00:00
Arthur Baars	c512eddb69	Merge pull request #11969 from hmac/simplify-ruby-dependabot-config Ruby: Simplify dependabot config	2023-01-24 07:34:45 +01:00

1 2 3 4 5 ...

49570 Commits