hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 20:56:33 +01:00
Code Issues Packages Projects Releases Wiki Activity
42,215 Commits 1,673 Branches 157 Tags
3314b56ffe6ccfca63243bb504e8ccc1c6116898
Commit Graph

42215 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tony Torralba
3314b56ffe Fix Fragment tests after androidx stubs update 2022-08-22 11:13:19 +02:00
Tony Torralba
90aa7d8be5 Add change note 2022-08-19 17:01:37 +02:00
Tony Torralba
794fd976a9 Add androidx Fragment support 2022-08-19 16:32:06 +02:00
Tom Hvitved
93fc952ef1 Merge pull request #10099 from hvitved/csharp/html-raw-tests 
C#: Add a cshtml-based XSS test
 2022-08-19 10:24:52 +02:00
Erik Krogh Kristensen
4f93f2b9ba Merge pull request #10076 from erik-krogh/ql-for-ql-fixes 
various QL-for-QL fixes
 2022-08-18 15:46:48 +02:00
Tom Hvitved
f275885258 C#: Add a cshtml-based XSS test 2022-08-18 15:24:04 +02:00
Anders Schack-Mulligen
61a2c0dab5 Merge pull request #10084 from aschackmull/java/numericcasttainted-barrier 
Java: Move sink-constraints into the configuration in NumericCastTainted.ql.
 2022-08-18 15:22:00 +02:00
Tom Hvitved
2afb4abaa2 Merge pull request #10094 from hvitved/csharp/redundant-override 
C#: Remove redundant override
 2022-08-18 15:17:20 +02:00
Tom Hvitved
d68f817e53 Merge pull request #10098 from hvitved/ql/redundant-override 
QL: Add redundant overrides query
 2022-08-18 15:13:35 +02:00
Tom Hvitved
e5911df697 QL: Add redundant overrides query 2022-08-18 14:59:04 +02:00
Chris Smowton
72009f8614 Merge pull request #10085 from smowton/smowton/fix/dont-use-write-instruction-for-channel-flow 
Go: don't use WriteNode for channel writes
 2022-08-18 12:47:55 +01:00
Tom Hvitved
ece37d80f0 C#: Remove redundant override 2022-08-18 13:13:06 +02:00
Tamás Vajk
ad1cb8f8c7 Merge pull request #10065 from tamasvajk/kotlin-1.7.20-Beta 
Kotlin: Add support for version 1.7.20-Beta
 2022-08-18 12:17:10 +02:00
Tom Hvitved
08a5b5dc73 Merge pull request #10089 from hvitved/ruby/local-source-nodes 
Ruby: Reduce size of `isLocalSourceNode`
 2022-08-18 12:02:35 +02:00
Tom Hvitved
e949458add Merge pull request #10066 from hvitved/csharp/underlying-as-callable 
C#: Include both source code and hand-written summaries in data flow
 2022-08-18 12:01:49 +02:00
Asger F
349331d6ca Merge pull request #10082 from asgerf/js/exports-handling2 
JS: Handle nested conditions in "exports" section
 2022-08-18 11:10:59 +02:00
Nick Rolfe
a46e2b3f2f Merge pull request #10056 from hmac/hmac/action-controller-response-body 
Ruby: Recognise Rails render calls as HTTP responses
 2022-08-18 10:02:17 +01:00
Tom Hvitved
682986c0a2 Merge pull request #10087 from hvitved/ruby/unknown-member-warning 
Ruby: Get rid of warning in `getUnknownMember`
 2022-08-18 10:50:24 +02:00
erik-krogh
9e7c0c6ab9 revert changing imports in java/ 2022-08-18 10:19:12 +02:00
Anders Schack-Mulligen
07e0bd3ce1 Merge pull request #10083 from aschackmull/java/sensitivelog-barrier 
Java: Add some type-based sanitizers to SensitiveInfoLog.ql.
 2022-08-18 10:18:33 +02:00
Tom Hvitved
93830f43cc Address review comment 2022-08-18 10:06:26 +02:00
Tom Hvitved
baa646e102 Ruby: Remove unused UnknownMember from API graphs 2022-08-18 09:40:02 +02:00
Anders Schack-Mulligen
37e5f0438c Java: Add change note. 2022-08-18 09:19:32 +02:00
Tamas Vajk
fb9a34851a Apply code review changes 2022-08-18 09:01:10 +02:00
erik-krogh
4bc10f9b5c explicitly import required frameworks that were previously implicitly imported 2022-08-18 08:40:46 +02:00
Harry Maclean
8f370b2457 Update ruby/ql/lib/change-notes/2022-08-16-action-controller-response-body.md 
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
 2022-08-18 10:03:52 +12:00
Harry Maclean
70ec70940a Merge pull request #8142 from github/hmac/incomplete-multi-char-sanitization 2022-08-18 10:02:39 +12:00
Erik Krogh Kristensen
e93ff8672c Merge pull request #10075 from erik-krogh/depOld 
delete old deprecations
 2022-08-17 21:21:57 +02:00
yoff
78756bdc6a Merge pull request #9859 from tausbn/python-fix-another-bad-value-transfer-join 2022-08-17 20:47:00 +02:00
Chris Smowton
3802deab70 Adjust test expectations re: reformatting 2022-08-17 17:31:27 +01:00
Chris Smowton
e33ddbdcfd Format go 2022-08-17 16:42:06 +01:00
Tom Hvitved
ed2ec1acc0 Ruby: Reduce size of isLocalSourceNode 2022-08-17 17:19:30 +02:00
Tom Hvitved
c307a12c20 Ruby: Get rid of warning in getUnknownMember 2022-08-17 16:22:11 +02:00
Alex Ford
d4d6657cb7 Merge pull request #10008 from alexrford/rb/log-injection 
Ruby: Add `rb/log-injection` query
 2022-08-17 15:01:22 +01:00
erik-krogh
6b9f01535b change All to Most in the change-notes 2022-08-17 15:34:57 +02:00
Chris Smowton
077bae55fe Go: don't use WriteNode for channel writes 
I overlooked the fact that this has a WriteInstruction, which wasn't bound in the channel-write case, but somehow the evaluator discarded the implied cartesian product until last night's performance evaluation.

Rather than try to cram channel writes into WriteInstruction, just handle them as their own beast.
 2022-08-17 14:27:16 +01:00
Anders Schack-Mulligen
f6eccd390e Java: Move sink-constraints into the configuration. 2022-08-17 15:06:55 +02:00
Tamas Vajk
5d01653371 Fix gradle exclude list after the version number changes 2022-08-17 15:03:37 +02:00
Mathias Vorreiter Pedersen
1eb0f6a12e Merge pull request #10081 from erik-krogh/desugar 
add desugered to the typo database
 2022-08-17 13:56:59 +01:00
Anders Schack-Mulligen
c3ba632a32 Java: Add some type-based sanitizers to SensitiveInfoLog.ql. 2022-08-17 14:54:28 +02:00
Erik Krogh Kristensen
bd4947fdbd Merge pull request #10046 from erik-krogh/protoFunc 
JS: generalize `BarrierGuardFunction`to work on function that have multiple parameters
 2022-08-17 14:50:54 +02:00
Anders Schack-Mulligen
6e495ba6e5 Merge pull request #10068 from aschackmull/java/summarizedcallable-split 
Java: Make synthesized method bodies disjoint from source code.
 2022-08-17 14:13:56 +02:00
erik-krogh
2622c78766 add change-notes 2022-08-17 13:55:16 +02:00
erik-krogh
14d83ab1b5 make the framework imports in FlowSources.qll private 2022-08-17 13:50:08 +02:00
erik-krogh
8066e39d07 delete some redundant imports 2022-08-17 13:50:04 +02:00
Tom Hvitved
355c1f5959 Merge pull request #10035 from hvitved/ssa/phi-reads 
SSA: Improve use-use calculation using "phi read nodes"
 2022-08-17 13:43:00 +02:00
erik-krogh
dbbba32579 revert change to generated swift code 2022-08-17 13:34:22 +02:00
erik-krogh
b7b80fe176 reintroduce redundant cast in synced file 2022-08-17 13:34:22 +02:00
erik-krogh
ffb65d054e delete redundant inline casts 2022-08-17 13:34:22 +02:00
erik-krogh
2e44fba67d add explicit this 2022-08-17 13:33:31 +02:00