Tony Torralba
4ecda9cccd
Add consistency check exception
2023-10-17 10:18:19 +02:00
Tony Torralba
d08ee76b16
Java: Improve java/spring-disabled-csrf-protection
2023-10-16 16:01:14 +02:00
Harry Maclean
1297acf5b1
Merge pull request #14216 from hmac/hmac-graphql-enum
...
Ruby: Restrict GraphQL remote flow sources
2023-10-13 11:31:50 +01:00
Tony Torralba
5e921784fb
Merge pull request #14399 from ebickle/fix/thread-resource-arithmetic
...
Java: Flow taint through arithmetic expressions for java/thread-resource-abuse experimental query
2023-10-13 10:06:33 +02:00
Erik Krogh Kristensen
b1ad61e27d
Merge pull request #14481 from erik-krogh/proper-codepoints
...
ReDoS: use the new codePointAt and codePointCount methods instead of regex hacks
2023-10-13 09:35:55 +02:00
Felicity Chapman
2ddcd1d9cc
Merge pull request #14489 from github/felicitymay-typo-fix
...
Fix typo in link
2023-10-12 21:45:30 +01:00
Felicity Chapman
8f70b55158
Fix typo in link
2023-10-12 20:53:44 +01:00
Ian Lynagh
2edc70da79
Merge pull request #14390 from igfoo/igfoo/compr
...
Kotlin: Improve support for TRAP compression options
2023-10-12 20:22:10 +01:00
Geoffrey White
fe57cd0784
Merge pull request #14488 from geoffw0/strlentest
...
Swift: Additional test cases for `swift\string-length-conflation`
2023-10-12 19:39:43 +01:00
AlexDenisov
6ab2de10e3
Merge pull request #14437 from github/alexdenisov/ignore-unavailable-declarations
...
Swift: skip declarations marked as unavailable
2023-10-12 20:08:18 +02:00
Ian Lynagh
ed9502fd0b
Kotlin: Enhance the TRAP compression test
2023-10-12 18:13:07 +01:00
Ian Lynagh
adb47399c7
Kotlin: Improve support for TRAP compression options
...
While you could control compression with
CODEQL_EXTRACTOR_JAVA_OPTION_TRAP_COMPRESSION
before, most TRAP files used gzip regardless for compatibility with the
Java extractor. Now Java understands the option too we can use it for
shared TRAP files.
2023-10-12 18:13:06 +01:00
Mathias Vorreiter Pedersen
3c34638438
Merge pull request #14486 from MathiasVP/simplify-overrun-write
...
C++: Remove unnecessary `FlowState` from `cpp/overrun-write`
2023-10-12 17:48:52 +01:00
Geoffrey White
9f683b8630
Swift: Remove duplicate results.
2023-10-12 17:38:58 +01:00
Geoffrey White
cf7f355fc4
Swift: Additional test cases.
2023-10-12 17:11:56 +01:00
Mathias Vorreiter Pedersen
64fa6c8bbd
C++: Remove the hacky flow state since this is no longer needed after #13717 .
2023-10-12 13:58:36 +01:00
erik-krogh
fa1e8ee426
add getACodepoint to the shared Strings library, and use it in NfaUtils
2023-10-12 13:38:19 +02:00
erik-krogh
822ba2ae59
add documentation for the new string methods in ql-language-specification.rst
2023-10-12 13:38:19 +02:00
erik-krogh
116025c569
use the new codePointAt and codePointCount methods instead of regex hacks
2023-10-12 13:38:19 +02:00
Erik Krogh Kristensen
59c43c7904
Merge pull request #14410 from erik-krogh/bigger-compilation-cache
...
use a bigger compilation cache in the compile-queries workflow
2023-10-12 12:35:44 +02:00
Mathias Vorreiter Pedersen
02f73145d6
Merge pull request #14354 from geoffw0/conversions2
...
Swift: Improve models for Numeric, RangeReplaceableCollection
2023-10-12 11:13:50 +01:00
Michael B. Gale
f6570710e7
Merge pull request #14441 from github/dependabot/go_modules/go/extractor/golang.org/x/tools-0.14.0
...
Bump golang.org/x/tools from 0.13.0 to 0.14.0 in /go/extractor
2023-10-12 10:19:34 +01:00
Owen Mansel-Chan
5fcdb9e112
Merge pull request #14442 from owen-mc/go/test-qldoc-coverage
...
Fix module name
2023-10-11 23:45:53 +01:00
Eric Bickle
ee2d8f84de
Merge branch 'main' into fix/thread-resource-arithmetic
2023-10-11 13:09:57 -07:00
Eric Bickle
f018d83951
Merge branch 'fix/thread-resource-arithmetic' of https://github.com/ebickle/codeql into fix/thread-resource-arithmetic
2023-10-11 13:09:39 -07:00
Eric Bickle
4cb78ab3c7
Remove change notes
2023-10-11 13:08:56 -07:00
Henry Mercer
1a370bfbbe
Merge pull request #14443 from github/post-release-prep/codeql-cli-2.15.0
...
Post-release preparation for codeql-cli-2.15.0
2023-10-11 17:39:04 +01:00
github-actions[bot]
ae6af17c74
Post-release preparation for codeql-cli-2.15.0
2023-10-11 14:19:20 +00:00
Tamás Vajk
a31f946d6f
Merge pull request #14436 from tamasvajk/void-type-value-type
...
C#: Include the `void` type in value types
2023-10-11 16:16:06 +02:00
Asger F
7780fe9472
Merge pull request #14435 from asgerf/ruby/port-synced-queries
...
JS/Ruby: desync two queries and port the Ruby version to ConfigSig-style
2023-10-11 15:50:58 +02:00
Owen Mansel-Chan
b6bf4d04ff
Fix module name
2023-10-11 14:47:46 +01:00
dependabot[bot]
442a4fe9cf
Bump golang.org/x/tools from 0.13.0 to 0.14.0 in /go/extractor
...
Bumps [golang.org/x/tools](https://github.com/golang/tools ) from 0.13.0 to 0.14.0.
- [Release notes](https://github.com/golang/tools/releases )
- [Commits](https://github.com/golang/tools/compare/v0.13.0...v0.14.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/tools
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-10-11 13:12:49 +00:00
Michael B. Gale
7a98afe6ec
Merge pull request #14439 from github/mbg/go/workspace-experiments
...
Go: Move `go.mod` into `extractor` subdirectory
2023-10-11 14:11:07 +01:00
Jean Helie
a4eb3fd997
Merge pull request #14438 from github/jhelie/fix-automodel-extraction-queries
...
Automodel: Fix automodel extraction queries
2023-10-11 14:30:01 +02:00
Michael B. Gale
7d7d90e7e0
Update expected test output
2023-10-11 13:18:27 +01:00
Michael B. Gale
94b0bc1e35
Move go.mod into extractor directory
2023-10-11 13:10:20 +01:00
Jean Helie
6260768e6a
update query message to incoude extensibleType
2023-10-11 14:02:24 +02:00
Jean Helie
c41676a21a
update query message to incoude extensibleType
2023-10-11 14:02:12 +02:00
Owen Mansel-Chan
477d8f8b9a
Merge pull request #14064 from amammad/amammad-go-NewFileSystemAccess
...
Go: New File System Access Sinks
2023-10-11 12:58:38 +01:00
Owen Mansel-Chan
96543b8337
Merge pull request #14075 from amammad/amammad-go-JWT
...
Go: Improved JWT query, JWT decoding without verification
2023-10-11 12:31:43 +01:00
Mathias Vorreiter Pedersen
02915582eb
Merge pull request #14432 from MathiasVP/select-the-right-node-for-flow-sources
...
C++: Use fully converted instructions as the target of modelled functions
2023-10-11 13:04:16 +02:00
Owen Mansel-Chan
8a3aa2c767
Fix formatting
2023-10-11 11:46:31 +01:00
Tamas Vajk
267fd23b26
C#: Include the void type in value types
2023-10-11 12:01:17 +02:00
Tamás Vajk
304d7a4395
Merge pull request #14429 from tamasvajk/relax-metadata_handle-keyset
...
C#: Remove `keyset` from `metadata_handle` relation
2023-10-11 12:00:11 +02:00
Erik Krogh Kristensen
85bb14f04f
Merge pull request #14405 from erik-krogh/tagCall
...
JS: recognize tagged template literals as `DataFlow::CallNode`
2023-10-11 11:25:34 +02:00
Mathias Vorreiter Pedersen
d54ab640c7
Merge branch 'main' into select-the-right-node-for-flow-sources
2023-10-11 10:17:10 +01:00
Alex Denisov
4133284bc8
Swift: skip declarations marked as unavailable
2023-10-11 10:55:49 +02:00
Tamás Vajk
aa7a667919
Merge pull request #14421 from tamasvajk/csharp/autobuilder-test
...
C#: Add autobuilder test with global.json
2023-10-11 10:35:53 +02:00
amammad
5e273238ca
fix qldoc
2023-10-11 10:33:44 +02:00
Asger F
89bd00a4ec
Ruby: port queries to ConfigSig-style
2023-10-11 10:06:19 +02:00
