Rasmus Wriedt Larsen
54ab5d4bc8
Python: Fix date for FastAPI change-note
2021-10-25 15:23:33 +02:00
Rasmus Wriedt Larsen
7e7a6464ec
Python: FastAPI: Model extra-taint for pydantic models
...
It feels a bit strange to add it to `frameworks.rst` since we only
support a little bit of it, but if I don't do it now, we will most
likely forget to do it later on (since it has already been added to
`frameworks.qll`).
2021-10-25 15:22:50 +02:00
Rasmus Wriedt Larsen
f5464b79e4
Merge branch 'main' into fastapi
2021-10-25 09:49:42 +02:00
Tom Hvitved
7648815f1f
Merge pull request #6936 from hvitved/csharp/delegate-conversion-join-order
...
C#: Improve join-order in `defaultDelegateConversion`
2021-10-22 15:10:20 +02:00
hubwriter
12e56ec9e6
Merge pull request #6887 from github/hubwriter/codeql-ruby-support
...
Docs: Updates for Ruby support
2021-10-22 11:21:49 +01:00
Henry Mercer
02b1fe27d2
Merge pull request #6907 from github/henrymercer/add-experimental-atm-libraries
...
JS: [Internal only] Add experimental libraries and queries for adaptive threat modeling
2021-10-22 11:02:09 +01:00
Tony Torralba
1333f67a69
Merge pull request #6917 from JLLeitschuh/feat/JLL/jdk_lambda_collections_model_tracking
...
[Java] JDK Collection lambda models
2021-10-22 10:26:50 +02:00
Tom Hvitved
4e40337d02
C#: Improve join-order in defaultDelegateConversion
2021-10-22 10:12:18 +02:00
Taus
562a57b75b
Merge pull request #6928 from RasmusWL/diagnostic-as-warning
...
Python: Improve SARIF severity level reporting of extractor diagnostics
2021-10-21 13:54:01 +02:00
Rasmus Wriedt Larsen
852e9875bd
Python: Apply suggestions from code review
...
Co-authored-by: Taus <tausbn@github.com >
2021-10-21 10:24:34 +02:00
Edoardo Pirovano
1fe772a2ab
Merge pull request #6896 from edoardopirovano/fix-version-trailing
...
Language reference: Fix when trailing commas are allowed
2021-10-21 00:02:02 +01:00
Aditya Sharad
174df98762
Merge pull request #6929 from github/esbena-patch-5
...
Mention default JavaScript Autobuilder excludes
2021-10-20 15:47:51 -07:00
Esben Sparre Andreasen
a1ce81c3d7
Update creating-codeql-databases.rst
2021-10-20 23:00:46 +02:00
Rasmus Wriedt Larsen
8167e83ae5
Python: Fix tests
2021-10-20 17:58:03 +02:00
Rasmus Wriedt Larsen
d0fd907582
Python: Add change-note
...
I reworded this slightly from what was done in C++, such that I can
completely stand behind what it says.
2021-10-20 17:03:55 +02:00
Rasmus Wriedt Larsen
8f28684d10
Python: Rename ExtractionErrors.ql -> ExtractionWarnings.ql
2021-10-20 17:01:33 +02:00
Rasmus Wriedt Larsen
605494c3d1
Python: Treat SyntaxErrors as warnings in diagnostics
...
Rename going to happen in second commit, so git doesn't get too confused
I don't actually recall where to lookup that warning is 1, and error is
2, but I took this from
https://github.com/github/codeql/pull/6830/files#diff-460fc20823ced3b074784db804f2d4d6cfcad4f23fe5d264dc7496c782629a2eR121-R123
2021-10-20 16:59:00 +02:00
Mathias Vorreiter Pedersen
7feab27bf4
Merge pull request #6926 from geoffw0/setliterals2
...
C++: Use set literals (more).
2021-10-20 14:58:06 +01:00
Geoffrey White
da412178ce
C++: Use set literals (more).
2021-10-20 14:18:27 +01:00
hubwriter
8f15dc4bd0
Add 'requires glibc 2.17' in supported languages table
2021-10-20 12:48:20 +01:00
Tom Hvitved
19589bef27
Merge pull request #6777 from hvitved/dataflow/summary-clear-modelling
...
Data flow: Rework `SummarizedCallable::clearsContent/2`
2021-10-20 13:23:56 +02:00
hubwriter
aaa5046533
Add beta note to page Calum added
2021-10-20 11:17:38 +01:00
Tom Hvitved
f9fb046e9f
C#: Update expected test output after rebase
2021-10-20 12:15:27 +02:00
Tom Hvitved
29cdc8a49a
Java: Update expected test output after rebase
2021-10-20 12:11:59 +02:00
hubwriter
dd31d5ffb3
Merge branch 'main' into hubwriter/codeql-ruby-support
2021-10-20 11:08:59 +01:00
Tom Hvitved
0bf5238f39
Update QL doc for allowParameterReturnInSelf
2021-10-20 12:08:58 +02:00
Tom Hvitved
53d4d72fe5
C#: Simplify SummarizedCallableDefaultClearsContent
2021-10-20 12:08:58 +02:00
Tom Hvitved
dd138b0429
Address review comments
2021-10-20 12:08:58 +02:00
Tom Hvitved
ec5d8ab2db
Java: Restrict use-use flow
2021-10-20 12:08:57 +02:00
Tom Hvitved
a1511e13d8
Data flow: Sync files
2021-10-20 12:08:57 +02:00
Tom Hvitved
1196d0c624
C#: Rework SummarizedCallable::clearsContent/2
2021-10-20 12:08:57 +02:00
Calum Grant
ed73d9bab4
Merge pull request #6860 from github/ruby-docs
...
Ruby documentation
2021-10-20 10:47:05 +01:00
Tamás Vajk
9331b3538d
Merge pull request #6914 from tamasvajk/feature/improve-csv-pr-commenter
...
Introduce foldable region in CSV coverage PR comments
2021-10-20 08:45:55 +02:00
Jonathan Leitschuh
d4b18fe6a3
[Java] JDK Collection lambda models
...
Adds support for data flow tracking through simple JDK collection
functional APIs.
- `Iterable::forEach`
- `Iterator::forEachRemaining`
- `Map::forEach`
Replaces #5871
Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com >
2021-10-19 15:57:58 -04:00
Calum Grant
112d408fb9
Address review comments.
2021-10-19 16:30:54 +01:00
Chris Smowton
233a3346a8
Merge pull request #6240 from haby0/java/UnsafeUrlForward
...
[Java] CWE-552: Unsafe url forward
2021-10-19 16:18:23 +01:00
Jonas Jensen
7015be7cad
Merge pull request #6916 from geoffw0/fixnotbound
...
C++: Fix unbound variables in PrivateCleartextWrite.qll.
2021-10-19 16:46:42 +02:00
Geoffrey White
38257a58f0
C++: Fix unbound variables in PrivateCleartextWrite.qll.
2021-10-19 15:01:32 +01:00
Chris Smowton
057d0fb7e0
Rewrite query to use shared StringPrefixes library
2021-10-19 14:45:38 +01:00
Tamás Vajk
12d7f0c9e2
Merge pull request #6913 from tamasvajk/feature/improve-stubbing
...
C#: Remove cartesian product in stubbing (GeneratedType::getStub)
2021-10-19 15:13:26 +02:00
Chris Smowton
8a4fa0a7e2
Copyedit
2021-10-19 12:50:17 +01:00
haby0
9d9a7abd06
Fix
2021-10-19 12:50:03 +01:00
haby0
283376eb19
Modify the model
2021-10-19 12:49:08 +01:00
haby0
679652e63a
Modify Sanitizer
2021-10-19 12:49:08 +01:00
haby0
952b34a163
Eliminate FP
2021-10-19 12:49:08 +01:00
haby0
d0eec1e381
Add CWE-552-UnsafeUrlForward
2021-10-19 12:49:07 +01:00
Tamas Vajk
70ffbae091
Introduce foldable region in CSV coverage PR comments
2021-10-19 13:34:25 +02:00
Anders Schack-Mulligen
662852bd1d
Merge pull request #6859 from smowton/smowton/admin/factor-string-prefix
...
Java: Factor out string prefix logic
2021-10-19 13:32:52 +02:00
Henry Mercer
548a344d34
JS: Implement suggestions from review
...
Co-authored-by: Andrew Eisenberg <aeisenberg@github.com >
2021-10-19 12:00:40 +01:00
Tamas Vajk
c7c35401e0
C#: Remove cartesian product in stubbing (GeneratedType::getStub)
2021-10-19 12:56:23 +02:00
