hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-05 23:26:51 +01:00
Code Issues Packages Projects Releases Wiki Activity
57,730 Commits 1,703 Branches 162 Tags
386dedb9df875a1bf9cff6b73205ba863daa91ca
Commit Graph

57730 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Maiky
a3c58c66e9 Using DataFlow::ConfigSig instead of TaintTracking::Configuration 2023-07-06 03:14:49 +02:00
Maiky
25814f76b9 Apply suggested changes 2023-07-06 02:20:42 +02:00
Owen Mansel-Chan
972aacc5da Accept test changes due to new paramater nodes 2023-07-05 22:25:47 +01:00
Owen Mansel-Chan
af5558a397 Add ParameterNodes for unused parameters 2023-07-05 22:25:44 +01:00
Owen Mansel-Chan
12723f5a7d Add change note 2023-07-05 22:10:54 +01:00
jorgectf
c82ab2b2ab Add markupsafe as XXE sanitizer 
Co-authored-by: Kevin Stubbings <Kwstubbs@users.noreply.github.com>
 2023-07-05 20:23:20 +02:00
Mathias Vorreiter Pedersen
3bbe95452a Merge branch 'main' into fix-join-in-isUse 2023-07-05 17:51:47 +01:00
Geoffrey White
45d32c3933 Swift: I'm not convinced these SPURIOUS tags are true and useful. 2023-07-05 17:50:48 +01:00
Joe Farebrother
c10a66809d Merge pull request #13094 from joefarebrother/csharp-missing-access-control 
C#: Add query for missing function level access control
 2023-07-05 17:40:59 +01:00
AlexDenisov
dbffe54b28 Merge pull request #13657 from github/alexdenisov/update-supported-swift-version 
Docs: update supported Swift versions
 2023-07-05 18:14:13 +02:00
Philip Ginsbach
2ec5e72e9b Merge pull request #13633 from github/ginsbach/SpecifyExtendsFinal 
document final extensions in the language specification
 2023-07-05 16:43:06 +01:00
Geoffrey White
aeb5199cd9 Swift: Expand the URL taint flow test. 2023-07-05 16:36:35 +01:00
Alex Ford
08784d24b4 Ruby: rack - add tests for env['QUERY_STRING'] 2023-07-05 15:49:00 +01:00
Alex Ford
ec2c9f20f6 Ruby: rack - env['QUERY_STRING'] changenote 2023-07-05 15:46:56 +01:00
Joe Farebrother
a53bf4ddd7 Apply doc review suggestions 2023-07-05 15:37:48 +01:00
Mathias Vorreiter Pedersen
93f1a3bdb9 C++: Fix join in 'isUse'. 2023-07-05 15:24:40 +01:00
Alex Ford
2b0b2855e1 Ruby: rack - Rack::Response changenote 2023-07-05 15:15:34 +01:00
Mathias Vorreiter Pedersen
b651c02dd9 Merge pull request #13653 from rdmarsh2/rdmarsh2/cpp/constant-array-overflow-tests 
C++: more constant-array-overflow tests
 2023-07-05 15:06:11 +01:00
Jeroen Ketema
dc6fd8fd7f Merge pull request #13666 from jketema/ir-test 
C++: Add IR tests that cause regressions after extractor frontend update
 2023-07-05 15:00:13 +02:00
Mathias Vorreiter Pedersen
d24a05a1b9 Merge branch 'main' into rdmarsh2/cpp/constant-array-overflow-tests 2023-07-05 13:49:17 +01:00
Mathias Vorreiter Pedersen
f714de0040 Merge pull request #13610 from MathiasVP/promote-overrun-write-again 
C++: Move `cpp/overrun-write` back to `medium` precision
 2023-07-05 13:39:12 +01:00
Tamas Vajk
d0b8b683af Adjust error handling when dotnet --info is called 2023-07-05 14:26:00 +02:00
Jeroen Ketema
7bb77abac7 C++: Add IR tests that cause regressions after extractor frontend update 2023-07-05 14:01:11 +02:00
Alex Ford
df62cf8a5a qlformat 2023-07-05 12:19:57 +01:00
Alex Ford
082f26bcb1 Ruby: update TaintStep.ql output 2023-07-05 12:19:55 +01:00
Alex Ford
9a263e12ec Ruby: rack - add some qldoc 2023-07-05 12:18:52 +01:00
Alex Ford
bf25b07c17 Ruby: rack - request input tests 2023-07-05 12:18:52 +01:00
Alex Ford
175d524146 Ruby: rack - add Rack#Utils.parse_query summary 2023-07-05 12:18:52 +01:00
Alex Ford
cc6f6418f5 Ruby: rack - start modelling request inputs 2023-07-05 12:18:52 +01:00
Mathias Vorreiter Pedersen
60c0226dce Update cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/constant-size/test.cpp 
Co-authored-by: Calum Grant <42069085+calumgrant@users.noreply.github.com>
 2023-07-05 12:03:47 +01:00
Max Schaefer
f89992eb16 Address more review feedback. 2023-07-05 12:02:11 +01:00
Alex Ford
9b2cd768e1 Ruby: rack - add env['QUERY_STRING'] as an http request input 2023-07-05 11:59:18 +01:00
Alex Ford
b6912decc1 Merge pull request #13483 from alexrford/rb/rack-extend-app-and-resp 
Ruby: rack - model more responses and app types
 2023-07-05 11:58:01 +01:00
Tamás Vajk
9eae9464c9 Merge pull request #13659 from tamasvajk/standalone-minor-fixes 
C#: Minor fixes in standalone extraction
 2023-07-05 12:22:16 +02:00
Max Schaefer
921d8de8dc Apply suggestions from code review 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2023-07-05 11:19:30 +01:00
Mathias Vorreiter Pedersen
5ea929dbdb Merge pull request #13662 from geoffw0/swapmodel 
Swift: Add dataflow model for 'swap'
 2023-07-05 09:44:51 +01:00
Geoffrey White
c1c605ebac Swift: Change note. 2023-07-04 17:42:40 +01:00
Geoffrey White
df816268cb Swift: Model swap. 2023-07-04 17:37:49 +01:00
Max Schaefer
5fb6b5810f Clarify that splitting arguments on space is not safe. 2023-07-04 15:58:37 +01:00
Max Schaefer
74af0b1f05 Improve command-injection example and provide a fixed version. 2023-07-04 15:58:37 +01:00
Geoffrey White
155122509c Swift: Add a dataflow test for swap. 2023-07-04 15:21:41 +01:00
Geoffrey White
2870bc2ee0 Swift: Use US spelling. 2023-07-04 13:35:26 +01:00
Taus
97610d2cac Java: Add query for counting sink model instances 
Also adds a more sensible ordering to the existing queries.
 2023-07-04 14:24:52 +02:00
Geoffrey White
6f3dba5f98 Swift: Tweak qhelp and example. 2023-07-04 13:21:51 +01:00
Tamas Vajk
9b2fd8df9f Add todo comment 2023-07-04 14:03:04 +02:00
Tamas Vajk
ffc09c44c2 Minor fixes in standalone extraction 2023-07-04 13:54:23 +02:00
Tamas Vajk
ef0e102cd7 Retrieve package IDs from files and restore the not yet restored ones 
Read all files in the repo and look for `PackageReference` XML elements
to extract the package IDs, then restore the packages that are not yet
restored. This change improves the percentage of found assemblies on the
Powershell repo from 95% to 97% compared to a traced extraction. Also,
it increases the number of assemblied only referenced in the standalone
extraction from 79 to 134.
 2023-07-04 13:52:12 +02:00
Tamas Vajk
cd6419503f Execute dotnet restore on all projects in standalone 
Previously, we only did this for the solution files in the repository, but
there might be projects that are not added to any solution. This change
improves the percentage of found assemblies on the Powershell repo from
81% to 95%.
 2023-07-04 13:52:12 +02:00
Tamas Vajk
728f3bce2d Refactor dotnet restore command invocation 2023-07-04 13:52:12 +02:00
Tamas Vajk
d2b0c872f5 Code quality improvements 2023-07-04 13:52:12 +02:00