hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-20 22:44:52 +02:00
Code Issues Packages Projects Releases Wiki Activity
63,804 Commits 1,741 Branches 165 Tags
24a63ae94de387bd61d0f07d67d81d9833f47511
Commit Graph

63804 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
8635b5d316 C++: Add test with missing flow. 2024-02-12 16:44:38 +00:00
Cornelius Riemenschneider
27ebebc24b Python: Update BUILD.bazel files. 
This allows us to (later) build the whole python language pack with
bazel.
 2024-02-12 17:10:35 +01:00
Rasmus Wriedt Larsen
cbb9a64bbb Merge pull request #15457 from RasmusWL/psycopg 
Python: Model the `psycopg` package
 2024-02-12 15:59:16 +01:00
Harry Maclean
3d9f9afa77 Merge pull request #15566 from hmac/hmac-actioncontroller-regex 
Ruby: Fix ActionController path regex
 2024-02-12 14:14:57 +00:00
Michael Nebel
68b920f330 C#: Update other tests expected output. 2024-02-12 15:09:36 +01:00
Harry Maclean
99497e5f3c Merge pull request #15521 from hmac/hmac-ar-connection 
Ruby: Recognise more ActiveRecord connections
 2024-02-12 14:06:50 +00:00
Tony Torralba
b6385f7938 Merge pull request #15533 from JLLeitschuh/patch-5 
Reduce severity of `java/relative-path-command`
 2024-02-12 15:04:05 +01:00
Joe Farebrother
75a2b9415c Merge pull request #15481 from joefarebrother/android-local-auth 
Java: Add query for insecure local authentication
 2024-02-12 13:48:53 +00:00
Tony Torralba
db2eb202ee Merge pull request #15565 from atorralba/atorralba/java/open-redirect-sanitizer 
Java: Add extension point and default sanitizer to Open Redirect query
 2024-02-12 14:42:52 +01:00
Ian Lynagh
931b27f76c Merge pull request #15573 from igfoo/igfoo/k2-more 
Kotlin 2: Accept loc changes in library-tests/parameter-defaults/defaults.expected
 2024-02-12 13:29:19 +00:00
Ian Lynagh
a7eac1100b Merge pull request #15569 from igfoo/igfoo/kt2-accept 
Kotlin 2: Accept more location changes
 2024-02-12 13:29:10 +00:00
Harry Maclean
5af58d24e0 Ruby: Recognise raw Erb output as XSS sink 2024-02-12 13:28:44 +00:00
Michael Nebel
aed5080142 C#: Add primary constructor change note. 2024-02-12 13:27:40 +01:00
Michael Nebel
4083348b3e C#: Add a primary constructor QL library test. 2024-02-12 13:27:39 +01:00
Michael Nebel
ff29679317 C#: Update expected test output. 2024-02-12 13:27:39 +01:00
Michael Nebel
42f4656667 C#: Data flow for primary constructors. 2024-02-12 13:27:39 +01:00
Michael Nebel
f5d4c49b16 C#: Add some more constructor dataflow tests. 2024-02-12 13:13:06 +01:00
Michael Nebel
86212b24ba C#: Move constructor data flow tests to a separate folder. 2024-02-12 13:13:06 +01:00
Michael Nebel
afe3c5ea8d C#: Re-arrange the code in constructor data flow test and update expected output. 2024-02-12 13:13:06 +01:00
Tamas Vajk
888f47c6c8 Remove cil=false extractor option from integration tests 2024-02-12 12:02:43 +01:00
Tamas Vajk
70b6ae6876 Add comments to nuget.config file restore 2024-02-12 11:59:19 +01:00
Asger F
8d3a19aaad JS: Fix termination criteria 
Previously it was theoretically possible to create a cycle of preferred predecessors, since badness had higher precedence than depth. We now require the preferred predecessor to have lower depth.

With this criteria we can remove the arbitray cap on badness.
 2024-02-12 11:44:52 +01:00
Asger F
0fbe530d9e JS: Fix some broken comments 2024-02-12 11:39:40 +01:00
Asger F
6d01ba67f7 JS: Check isPrivateLike in isExported instead 2024-02-12 11:39:29 +01:00
Erik Krogh Kristensen
1520305ae1 Merge pull request #15523 from erik-krogh/exclude-tagged 
JS: exclude tagged template literals from `js/superfluous-trailing-arguments`
 2024-02-12 11:31:18 +01:00
Joe Farebrother
d3fea4044e Apply suggestions from documentation review 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2024-02-12 10:27:56 +00:00
Josh Soref
6779c667f6 Limit xl runner jobs to github org 2024-02-12 05:00:49 -05:00
Nick Rolfe
b2ee5808f0 Merge pull request #15496 from github/nickrolfe/loc-fresh-ids 
Tree-sitter extractors: use fresh IDs for locations
 2024-02-12 09:54:09 +00:00
Tamas Vajk
5be3993405 Preserve nuget.config file casing after cleanup 2024-02-12 10:40:33 +01:00
Tamas Vajk
26cea33cc6 C# - Add default nuget feed if there's none 2024-02-12 10:40:33 +01:00
Tamas Vajk
933a8e648d Add integration test for missing nuget package sources 2024-02-12 10:35:49 +01:00
Tony Torralba
cf7091ae5f Merge branch 'main' into atorralba/java/open-redirect-sanitizer 2024-02-12 10:31:52 +01:00
Harry Maclean
51a5c2bbba Ruby: Address doc review comments 2024-02-12 09:16:13 +00:00
Tony Torralba
e6623ebe4c Add change note 2024-02-12 10:10:42 +01:00
Tony Torralba
5f729d57fa Merge pull request #15578 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2024-02-12 09:24:05 +01:00
Tom Hvitved
b27b89bff7 Merge pull request #15567 from hvitved/csharp/cache-module 
C#: Actually cache module `Cached`
 2024-02-12 09:15:49 +01:00
Tom Hvitved
9634511ac5 Merge pull request #15489 from hvitved/csharp/lambda-field-flow 
C#: Additional tracking of lambdas through fields and properties
 2024-02-12 09:14:21 +01:00
Erik Krogh Kristensen
4d65e4e985 Merge pull request #15579 from github/dependabot/cargo/ql/chrono-0.4.34 
Bump chrono from 0.4.33 to 0.4.34 in /ql
 2024-02-12 08:47:22 +01:00
dependabot[bot]
3212f80bea Bump chrono from 0.4.33 to 0.4.34 in /ql 
Bumps [chrono](https://github.com/chronotope/chrono) from 0.4.33 to 0.4.34.
- [Release notes](https://github.com/chronotope/chrono/releases)
- [Changelog](https://github.com/chronotope/chrono/blob/main/CHANGELOG.md)
- [Commits](https://github.com/chronotope/chrono/compare/v0.4.33...v0.4.34)

---
updated-dependencies:
- dependency-name: chrono
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-02-12 03:38:19 +00:00
github-actions[bot]
3cba1764e2 Add changed framework coverage reports 2024-02-12 00:16:45 +00:00
Tom Hvitved
e75f7dd7f9 Merge pull request #15540 from hvitved/variable-capture-overwrite 2024-02-10 10:25:29 +01:00
Joe Farebrother
16aed18821 Address reviews - Elaborate on docs and update severity 2024-02-09 13:53:36 +00:00
Ian Lynagh
ab758d5f1e Kotlin 2: Accept loc changes in library-tests/parameter-defaults/defaults.expected 2024-02-09 13:53:05 +00:00
Tom Hvitved
37d774176b Ruby: Fix SSA inconsistency 2024-02-09 14:49:26 +01:00
Tom Hvitved
1ea7717714 Capture flow: Take overwrites in nested scopes into account 2024-02-09 14:49:23 +01:00
Tom Hvitved
0c43ad45b4 Ruby: Add another captured variable data flow test 2024-02-09 14:48:36 +01:00
Ian Lynagh
0547c877c2 Kotlin 2: Accept some location changes in library-tests/methods/exprs.expected 2024-02-09 13:34:56 +00:00
Ian Lynagh
be4413ffc8 Kotlin 2: Accept changes in library-tests/methods/parameters.expected 
These mostly make things consistent with Kotlin 1.
 2024-02-09 13:19:26 +00:00
Ian Lynagh
b836260b9a Kotlin 2: Accept some test changes 
I'm not sure these are an improvement, but they bring Kotlin 2 back in
line with Kotlin 1.
 2024-02-09 13:15:02 +00:00
Anders Schack-Mulligen
566351a49a Merge pull request #15549 from aschackmull/dataflow/empty-provenance 
Dataflow: Add empty provenance column to PathGraph.
 2024-02-09 12:58:09 +01:00