hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-08 20:20:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
59,809 Commits 1,679 Branches 157 Tags
28bedda5ea9cc36c03eda335511dfdc5a48de591
Commit Graph

59809 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Wriedt Larsen
28bedda5ea Merge pull request #14513 from RasmusWL/yield-modeling 
Python: Improve `yield` modeling
 2023-10-17 14:15:01 +02:00
Stephan Brandauer
9d719aa44e Merge pull request #13444 from github/java/update-mad-decls-after-triage-2023-06-13T14-50-57 
Java: Update MaD Declarations after Triage
 2023-10-17 13:54:10 +02:00
Mathias Vorreiter Pedersen
68f2501bf0 Merge pull request #14496 from geoffw0/memberinittest 
Swift: Add data flow tests for member initialization.
 2023-10-17 12:35:07 +01:00
Geoffrey White
5ffb773568 Swift: Explore instantiated / not instantiated classes. 2023-10-17 11:30:03 +01:00
Mathias Vorreiter Pedersen
0ad338f04a Merge pull request #14521 from geoffw0/defaultstep 
Swift: Add CollectionContent to defaultImplicitTaintRead
 2023-10-17 11:07:10 +01:00
Tony Torralba
96d6e8e3f2 Update change note 2023-10-17 11:57:53 +02:00
Tony Torralba
3cd06b0026 More review suggestions 2023-10-17 11:54:32 +02:00
Tony Torralba
62a9ffd277 Apply suggestions from code review 2023-10-17 11:51:55 +02:00
Rasmus Wriedt Larsen
80506f1028 Python: Accept .expected changes 2023-10-17 10:11:39 +02:00
Rasmus Wriedt Larsen
62a992473f Python: Update QLDoc 2023-10-17 10:09:19 +02:00
Rasmus Wriedt Larsen
2bf4c32433 Python: Add syntactic support for yield in contextlib.contextmanager 2023-10-17 09:51:20 +02:00
Rasmus Wriedt Larsen
2399793c8a Python: Expand contextmanager test even more 2023-10-17 09:41:30 +02:00
Erik Krogh Kristensen
24e779b826 Merge pull request #14520 from github/dependabot/cargo/ql/regex-1.10.2 
Bump regex from 1.10.0 to 1.10.2 in /ql
 2023-10-16 22:27:50 +02:00
dependabot[bot]
cf0173acad Bump regex from 1.10.0 to 1.10.2 in /ql 
Bumps [regex](https://github.com/rust-lang/regex) from 1.10.0 to 1.10.2.
- [Release notes](https://github.com/rust-lang/regex/releases)
- [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/regex/compare/1.10.0...1.10.2)

---
updated-dependencies:
- dependency-name: regex
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-10-16 17:49:47 +00:00
Michael B. Gale
d15c60ba76 Merge pull request #14516 from github/mbg/go/fix-dependabot-yml-again 2023-10-16 18:48:26 +01:00
Geoffrey White
c6ff42986d Swift: Change note. 2023-10-16 18:43:03 +01:00
Geoffrey White
990c40c8c8 Swift: Barrier for duplicate results in constant queries, resulting from sources like [1, 2, 3]. 2023-10-16 18:28:51 +01:00
Geoffrey White
6108f787dd Swift: Effect on query tests. 2023-10-16 18:28:51 +01:00
Geoffrey White
0509c0fdf3 Swift: Effect on dataflow tests. 2023-10-16 18:28:50 +01:00
Geoffrey White
89867d6214 Swift: Default content read step. 2023-10-16 18:28:50 +01:00
Dave Bartolomeo
e4e472ee74 Merge pull request #14512 from MathiasVP/fix-size-in-invalid-ptr-deref 
C++: Fix size deduction in `cpp/invalid-pointer-deref`
 2023-10-16 11:22:41 -04:00
Alex Ford
25c416ec8a Merge pull request #14061 from maikypedia/maikypedia/ruby-jwt 
Ruby: JWT Security Queries (CWE-347)
 2023-10-16 15:42:31 +01:00
Edward Minnix III
21bea38ec8 Merge pull request #14472 from egregius313/egregius313/sync-local-and-remote-queries 
Java: Synchronize `*Local` versions of queries with their remote counterpart
 2023-10-16 10:31:40 -04:00
Michael B. Gale
8c818a8657 group => groups 2023-10-16 14:53:03 +01:00
Michael B. Gale
822f37156e Merge pull request #14483 from github/mbg/go/dependabot 
Go: Improve Dependabot configuration
 2023-10-16 14:05:36 +01:00
Alex Ford
22850b28df Ruby: update alert message test output 2023-10-16 13:08:49 +01:00
Alex Ford
66d230a207 ruby: qlformat 2023-10-16 12:45:46 +01:00
Alex Ford
3dd042c38a Merge remote-tracking branch 'origin/main' into maikypedia/ruby-jwt 2023-10-16 12:42:19 +01:00
Mathias Vorreiter Pedersen
79947956bc Merge pull request #14509 from MathiasVP/tag-redundant-null-check-simple-as-security 
C++: Mark `cpp/redundant-null-check-simple` as a security query
 2023-10-16 11:58:21 +01:00
Mathias Vorreiter Pedersen
ba27a0d515 Update cpp/ql/src/change-notes/2023-10-16-redundant-null-check-simple.md 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2023-10-16 12:48:53 +02:00
Rasmus Wriedt Larsen
883bd9f3b3 Python: Add test for type-tracking with yield 2023-10-16 12:09:07 +02:00
Mathias Vorreiter Pedersen
32d82380f1 C++: Add change note. 2023-10-16 11:08:27 +01:00
Mathias Vorreiter Pedersen
d8a049f5cc C++: Accept test changes. 2023-10-16 10:51:47 +01:00
Mathias Vorreiter Pedersen
7e6857d36b C++: Make 'hasSize' slightly smarter when handling ternary operators. 2023-10-16 10:48:28 +01:00
Mathias Vorreiter Pedersen
6a7b2e4aa4 C++: Add failing test. 2023-10-16 10:47:45 +01:00
Joe Farebrother
fe2468e7d0 Merge pull request #14498 from joefarebrother/csharp-missing-access-control 
C#: Fix FP in Missing Function Level Access Control and Insecure Direct Object Reference
 2023-10-16 10:46:19 +01:00
Mathias Vorreiter Pedersen
20c3984872 C++: Add the 'security' tag and add a 'security-severity' rating to 'cpp/redundant-null-check-simple'. 2023-10-16 09:54:36 +01:00
Arthur Baars
0e3369f93f Merge pull request #14484 from aibaars/ts53-js 
JS: Support import attributes
 2023-10-16 10:47:49 +02:00
Erik Krogh Kristensen
80c5e1ea77 Merge pull request #14497 from erik-krogh/jsp 
JS: add support for extracting `.jsp` files
 2023-10-16 09:27:46 +02:00
Erik Krogh Kristensen
c30e004506 Merge pull request #14506 from github/dependabot/cargo/ql/tracing-0.1.39 
Bump tracing from 0.1.38 to 0.1.39 in /ql
 2023-10-16 09:24:12 +02:00
Tony Torralba
ae8e237f2c Merge pull request #14494 from atorralba/atorralba/remove-library 
Java/C/C#: Remove library annotations
 2023-10-16 09:01:40 +02:00
Tamás Vajk
d723905035 Merge pull request #14368 from tamasvajk/standalone/use-legacy-framework-dlls 
C#: Choose between .NET framework or core DLLs in standalone
 2023-10-16 08:53:55 +02:00
dependabot[bot]
7700210ed2 Bump tracing from 0.1.38 to 0.1.39 in /ql 
Bumps [tracing](https://github.com/tokio-rs/tracing) from 0.1.38 to 0.1.39.
- [Release notes](https://github.com/tokio-rs/tracing/releases)
- [Commits](https://github.com/tokio-rs/tracing/compare/tracing-0.1.38...tracing-0.1.39)

---
updated-dependencies:
- dependency-name: tracing
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-10-16 03:21:13 +00:00
Owen Mansel-Chan
53561008a1 Merge pull request #14445 from owen-mc/go/automated-mad-coverage-report 
Go: automated mad coverage report
 2023-10-15 21:49:47 +01:00
Owen Mansel-Chan
39bca2d4bb Merge pull request #14276 from tunnelshade/enable-gokit-by-default 
Go: Enable GoKit module into the default list
 2023-10-15 21:44:27 +01:00
Maiky
e204100701 Resolve conflict in Concepts.qll 2023-10-15 10:37:10 +02:00
Maiky
17210c76a5 change-note edition 
Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>
 2023-10-15 10:25:58 +02:00
BD
0ef83b3c74 Merge branch 'main' into enable-gokit-by-default 2023-10-15 10:22:27 +05:30
Geoffrey White
cea87a53e0 Swift: Fix LocalTaint.expected. 2023-10-13 18:19:26 +01:00
Jeroen Ketema
d56a9f0781 Merge pull request #14424 from jketema/rewrite-cgi-xss 
C++: Rewrite `cpp/cgi-xss` to not use default taint tracking
 2023-10-13 17:57:04 +02:00