hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-28 04:43:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
42,180 Commits 1,697 Branches 161 Tags
349331d6ca898734fcf228858affa05ebcb42053
Commit Graph

42180 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger F
349331d6ca Merge pull request #10082 from asgerf/js/exports-handling2 
JS: Handle nested conditions in "exports" section
 2022-08-18 11:10:59 +02:00
Nick Rolfe
a46e2b3f2f Merge pull request #10056 from hmac/hmac/action-controller-response-body 
Ruby: Recognise Rails render calls as HTTP responses
 2022-08-18 10:02:17 +01:00
Tom Hvitved
682986c0a2 Merge pull request #10087 from hvitved/ruby/unknown-member-warning 
Ruby: Get rid of warning in `getUnknownMember`
 2022-08-18 10:50:24 +02:00
Anders Schack-Mulligen
07e0bd3ce1 Merge pull request #10083 from aschackmull/java/sensitivelog-barrier 
Java: Add some type-based sanitizers to SensitiveInfoLog.ql.
 2022-08-18 10:18:33 +02:00
Tom Hvitved
baa646e102 Ruby: Remove unused UnknownMember from API graphs 2022-08-18 09:40:02 +02:00
Anders Schack-Mulligen
37e5f0438c Java: Add change note. 2022-08-18 09:19:32 +02:00
Harry Maclean
8f370b2457 Update ruby/ql/lib/change-notes/2022-08-16-action-controller-response-body.md 
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
 2022-08-18 10:03:52 +12:00
Harry Maclean
70ec70940a Merge pull request #8142 from github/hmac/incomplete-multi-char-sanitization 2022-08-18 10:02:39 +12:00
Erik Krogh Kristensen
e93ff8672c Merge pull request #10075 from erik-krogh/depOld 
delete old deprecations
 2022-08-17 21:21:57 +02:00
yoff
78756bdc6a Merge pull request #9859 from tausbn/python-fix-another-bad-value-transfer-join 2022-08-17 20:47:00 +02:00
Tom Hvitved
c307a12c20 Ruby: Get rid of warning in getUnknownMember 2022-08-17 16:22:11 +02:00
Alex Ford
d4d6657cb7 Merge pull request #10008 from alexrford/rb/log-injection 
Ruby: Add `rb/log-injection` query
 2022-08-17 15:01:22 +01:00
erik-krogh
6b9f01535b change All to Most in the change-notes 2022-08-17 15:34:57 +02:00
Mathias Vorreiter Pedersen
1eb0f6a12e Merge pull request #10081 from erik-krogh/desugar 
add desugered to the typo database
 2022-08-17 13:56:59 +01:00
Anders Schack-Mulligen
c3ba632a32 Java: Add some type-based sanitizers to SensitiveInfoLog.ql. 2022-08-17 14:54:28 +02:00
Erik Krogh Kristensen
bd4947fdbd Merge pull request #10046 from erik-krogh/protoFunc 
JS: generalize `BarrierGuardFunction`to work on function that have multiple parameters
 2022-08-17 14:50:54 +02:00
Anders Schack-Mulligen
6e495ba6e5 Merge pull request #10068 from aschackmull/java/summarizedcallable-split 
Java: Make synthesized method bodies disjoint from source code.
 2022-08-17 14:13:56 +02:00
erik-krogh
2622c78766 add change-notes 2022-08-17 13:55:16 +02:00
Tom Hvitved
355c1f5959 Merge pull request #10035 from hvitved/ssa/phi-reads 
SSA: Improve use-use calculation using "phi read nodes"
 2022-08-17 13:43:00 +02:00
erik-krogh
b2e3d8bb86 remove some more legacy code that existed to support deprecated code 2022-08-17 13:32:39 +02:00
erik-krogh
6ac898bad4 add desugered to the typo database 2022-08-17 13:13:43 +02:00
Ian Lynagh
0d4419dd8c Merge pull request #10071 from igfoo/igfoo/refactor 
Kotlin: Refactor TypeResults
 2022-08-17 11:58:33 +01:00
Joe Farebrother
2bc2649204 Merge pull request #9853 from joefarebrother/static-init-vec 
Java: Promote Static Initialization Vector query
 2022-08-17 11:56:00 +01:00
Nick Rolfe
61db581512 Merge pull request #10080 from github/nickrolfe/desugared-typo 
Ruby: fix typo: s/Desugered/Desugared
 2022-08-17 11:54:15 +01:00
Anders Schack-Mulligen
c034a1e268 Java: Fix test. 2022-08-17 12:46:35 +02:00
Anders Schack-Mulligen
27f76330be Java: Fix models. 2022-08-17 12:46:09 +02:00
Anders Schack-Mulligen
857b473503 Java: Delete duplicate tests. 2022-08-17 12:44:42 +02:00
Nick Rolfe
94a51142d0 Ruby: fix typo in internal predicate name 2022-08-17 11:05:39 +01:00
Erik Krogh Kristensen
47353f6c28 Merge pull request #10067 from erik-krogh/paramSig 
QL: support signature parameters in QL-for-QL
 2022-08-17 11:50:39 +02:00
Joe Farebrother
7c188a6b96 Apply doc suggestions 2022-08-17 10:35:16 +01:00
Joe Farebrother
7989ba3391 Replace a tainttracking instance with local flow 2022-08-17 10:35:16 +01:00
Joe Farebrother
5afc0b0c15 Add security severity 2022-08-17 10:35:15 +01:00
Joe Farebrother
bf32b5a8fd Reiview suggestions - add doc comment, reword description, simplify a part 2022-08-17 10:35:15 +01:00
Joe Farebrother
a62bb8e115 Add additional test case 2022-08-17 10:35:15 +01:00
Joe Farebrother
960a4e58a0 Add change note 2022-08-17 10:35:14 +01:00
Joe Farebrother
c152a27a68 Reword docs 2022-08-17 10:35:14 +01:00
Joe Farebrother
4d0957711b Reduce FPs from empty arrays 2022-08-17 10:35:14 +01:00
Joe Farebrother
c0a1300955 Improve initializedWthConstants to no longer need a workaround 2022-08-17 10:35:13 +01:00
Joe Farebrother
f8f21c7ee6 Move static init vector query and tests from experimental to main 2022-08-17 10:35:13 +01:00
Tom Hvitved
44e1ecdf94 Merge pull request #10060 from hvitved/ruby/pos-args-missing-flow-tests 
Ruby: Add tests that demonstrate missing flow through positional arguments
 2022-08-17 10:45:25 +02:00
Paolo Tranquilli
979706903a Merge pull request #10070 from github/redsun82/swift-self-apply-tests 
Swift: add more `SelfApplyExpr` testing
 2022-08-17 09:34:20 +02:00
Harry Maclean
1f4dad4167 Update for rename of ReDoSUtil to NfaUtils 2022-08-17 16:03:49 +12:00
Harry Maclean
f1a546c4d6 Rename IncompleteMultiCharacterSanitization[Query] 2022-08-17 16:03:49 +12:00
Harry Maclean
e48158b9ad JS: Share more code with Ruby 2022-08-17 16:03:49 +12:00
Harry Maclean
f2384a6a8f Ruby: Share more code with JS 2022-08-17 16:03:49 +12:00
Harry Maclean
025e34d8e1 Ruby: Simplify imports 2022-08-17 16:03:48 +12:00
Harry Maclean
ab6287aebd Ruby: Fix import 2022-08-17 16:03:48 +12:00
Harry Maclean
b7d9bf4066 Share IncompleteMultiCharacterSanitization JS/Ruby 
Most of the classes and predicates in this query can be shared between
the two languages. There's just a few language-specific things that we
place in IncompleteMultiCharacterSanitizationSpecific.
 2022-08-17 16:03:46 +12:00
Harry Maclean
3179c60a1e Ruby: Remove RegExpLiteral.getAMatch 
This predicate is a duplicate of getAMatchedString, which matches the
naming in the JS version.
 2022-08-17 16:02:48 +12:00
Harry Maclean
6bb24f9d7c Ruby: matchesEmptyString -> isNullable 
Rename RegExpLiteral.matchesEmptyString to isNullable, to match the JS
version.
 2022-08-17 16:02:48 +12:00