hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 02:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity
50,070 Commits 1,741 Branches 165 Tags
393649b7ce258ea8c3bfde7bec267102af1f0285
Commit Graph

50070 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
erik-krogh
393649b7ce don't call environment variables for command-line arguments 2023-02-14 14:27:41 +01:00
erik-krogh
36478124ae add process.env and process.argv etc. as source for js/regex-injection 2023-02-14 14:21:53 +01:00
Erik Krogh Kristensen
2f8c9a5a2c Merge pull request #12171 from erik-krogh/reg-dot 
JS: dont recognize regexps that match dot as sanitizers
 2023-02-14 14:10:44 +01:00
Erik Krogh Kristensen
e3e2df3247 Merge pull request #12166 from erik-krogh/more-html-san 
JS: add `HtmlSanitizer` as a sanitizer DOMBasedXss
 2023-02-14 14:09:56 +01:00
Erik Krogh Kristensen
028fcc7edf Merge pull request #11959 from erik-krogh/ssrfSan 
JS: add encodeURIComponent as a sanitizer for request-forgery
 2023-02-14 13:39:53 +01:00
Erik Krogh Kristensen
a498936f16 Merge pull request #12170 from erik-krogh/more-lib 
JS: More library inputs
 2023-02-14 13:38:00 +01:00
Erik Krogh Kristensen
bca3fa94fd Merge pull request #12159 from erik-krogh/express-ws 
JS: add express-ws as a source
 2023-02-14 13:36:33 +01:00
Joe Farebrother
f68083872d Merge pull request #12174 from joefarebrother/stubgen-name-conflicts 
Java: Stub generator: Use fully qualified names to avoid conflicts
 2023-02-14 10:10:24 +00:00
Anders Schack-Mulligen
0600a2ba96 Merge pull request #12138 from aschackmull/java/gen-file-mark-perf 
Java: Improve performance of GeneratedFileMarker.
 2023-02-14 09:57:09 +01:00
Tony Torralba
935e22d10d Merge pull request #12139 from atorralba/atorralba/java/xxe-local-query 
Java: Add local version of the XXE query
 2023-02-14 09:54:36 +01:00
Michael Nebel
781aab3eb7 Merge pull request #11634 from michaelnebel/java/excludeinterfacemembers 
Java: Exclude interface members from model generation.
 2023-02-14 09:35:56 +01:00
erik-krogh
4140598769 update expected output for experimental query 2023-02-14 00:08:13 +01:00
erik-krogh
c17d057520 default to index.js when no main: is specified in package.json, and recognize more classes as library inputs 2023-02-13 21:24:41 +01:00
Joe Farebrother
0b722bfe30 Stub generator: Use fully qualified names to avoid conflicts 2023-02-13 17:09:32 +00:00
erik-krogh
68656274f4 dont recognize regexps that match dot as sanitizers 2023-02-13 17:36:51 +01:00
Tony Torralba
1c57aa0456 Fix import locations 2023-02-13 17:13:01 +01:00
Tom Hvitved
8372ad9d84 Merge pull request #12169 from hvitved/util/numbers 
Move `NumberUtils.qll` from Ruby into shared `util` pack
 2023-02-13 16:37:51 +01:00
Tom Hvitved
2113c3c3d9 Ruby: Remove NumberUtils.qll 2023-02-13 15:59:50 +01:00
Tom Hvitved
29ce9bfe24 Util: Make some predicates private 2023-02-13 15:58:31 +01:00
Tom Hvitved
97f79602a9 Copy NumberUtils.qll from Ruby into shared util pack 2023-02-13 15:57:53 +01:00
erik-krogh
6192544fb4 add test for express-ws as a source 2023-02-13 15:26:50 +01:00
Owen Mansel-Chan
4fa484dad2 Merge pull request #12130 from owen-mc/go/port-integration-tests 
Go: port integration tests
 2023-02-13 13:49:59 +00:00
Kasper Svendsen
c66a44f2e2 Merge pull request #12162 from kaspersv/kaspersv/inline-late-docs 
QLDocs: Document inline_late pragma
 2023-02-13 13:35:28 +01:00
Anders Schack-Mulligen
e877b161d8 Merge pull request #12124 from hvitved/dataflow/stage1-dispatch 
Data flow: Call context virtual dispatch pruning in stage 1
 2023-02-13 13:13:43 +01:00
Owen Mansel-Chan
7ebe472cfe Move repo files into subfolder 
This is so that the test-db doesn't get moved when all the repo files
are moved, which was causing some problems.
 2023-02-13 11:59:38 +00:00
Owen Mansel-Chan
37d3793e87 Set LGTM_INDEX_IMPORT_PATH in two tests 
This is needed for Dep and Glide
 2023-02-13 11:59:38 +00:00
Owen Mansel-Chan
1f1e2dbf98 Make dep integration test linux-only 
This is because there is no release of Dep for
MacOS (Arm).
 2023-02-13 11:59:38 +00:00
Owen Mansel-Chan
3ee3acd8fd Make Glide integration test linux-only 
This is because it is hard to install Glide on the other platforms.
 2023-02-13 11:59:37 +00:00
Owen Mansel-Chan
e635140eae Add files needed for tests 2023-02-13 11:59:37 +00:00
Owen Mansel-Chan
f2c541a461 Delete build-sample test 
This is adequately tested elsewhere.
 2023-02-13 11:59:37 +00:00
Owen Mansel-Chan
f062a8d204 Copy LGTM integration tests over 2023-02-13 11:59:36 +00:00
Owen Mansel-Chan
947a9f12a1 Make DiagnosticsReporting.qll a library 2023-02-13 11:59:36 +00:00
Kasper Svendsen
11204987f1 Reword based on review comments 2023-02-13 12:49:50 +01:00
Michael Nebel
34c6b24882 Merge pull request #12147 from michaelnebel/csharp/relaxedshift 
C# 11: Test of relaxed shift operator requirements.
 2023-02-13 12:48:39 +01:00
Arthur Baars
457a2bb2a2 Merge pull request #12093 from aibaars/oneline-match 
Ruby: add support for one-line pattern matches
 2023-02-13 12:38:28 +01:00
Kasper Svendsen
ac54caac35 Update docs/codeql/ql-language-reference/annotations.rst 
Co-authored-by: Philip Ginsbach <ginsbach@github.com>
 2023-02-13 12:35:08 +01:00
Kasper Svendsen
426425a7ca Update docs/codeql/ql-language-reference/annotations.rst 
Co-authored-by: Philip Ginsbach <ginsbach@github.com>
 2023-02-13 12:34:50 +01:00
Chris Smowton
0537579b28 Merge pull request #12131 from owen-mc/go/named-type-location 
Add `hasLocationInfo` for `Type`s
 2023-02-13 11:33:50 +00:00
Erik Krogh Kristensen
2f404df17c Merge pull request #10782 from erik-krogh/rbPoly 
Ruby: add library input as a source for `rb/polynomial-redos`
 2023-02-13 12:26:07 +01:00
erik-krogh
b85bfc8ba6 add HtmlSanitizer as a sanitizer for DOMBasedXss 2023-02-13 11:57:29 +01:00
erik-krogh
c258e44772 add failing test for spurious edge through sanitizer 2023-02-13 11:49:57 +01:00
Erik Krogh Kristensen
26d5fb2412 Merge pull request #11824 from erik-krogh/secondMissAnchor 
RB: add query detecting validators that use badly anchored regular expressions on library/remote input
 2023-02-13 11:26:05 +01:00
Kasper Svendsen
74472d786c QLDocs: Document inline_late pragma 2023-02-13 10:51:48 +01:00
erik-krogh
634087b417 Merge branch 'main' into rbPoly 2023-02-13 10:46:00 +01:00
Michael Nebel
2ce6d5f920 Java: Update negative models test to not produce a negative summary for interface member. 2023-02-13 10:45:54 +01:00
Paolo Tranquilli
f07c598a22 Merge pull request #12164 from github/redsun82/swift-codegen-outside-bazel 
Swift: make `codegen` run also outside `bazel`
 2023-02-13 10:32:20 +01:00
Michael Nebel
80628596dd Java: Exclude interface members from model generation. 2023-02-13 10:21:32 +01:00
Geoffrey White
124e4ddd4f Merge pull request #12150 from geoffw0/cfg2 
Swift: control flow for #available
 2023-02-13 09:17:06 +00:00
Tom Hvitved
0b8173e2e7 Ruby: Add another data flow test 2023-02-13 09:50:50 +01:00
Paolo Tranquilli
55aacd6fe9 Merge pull request #12137 from github/redsun82/swift-doc-for-schema-doc 
Swift: add documentation for generated documentation
 2023-02-13 09:43:34 +01:00