hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 16:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity
54,887 Commits 1,741 Branches 165 Tags
5c77edecf77e26fc83221f7394f295d93bb0d658
Commit Graph

54887 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Wriedt Larsen
5c77edecf7 Merge pull request #12991 from Sim4n6/python-UBV 
[Python] Add Unicode Bypass Validation query tests and help
 2023-05-23 12:21:55 +02:00
Tony Torralba
0ff90df497 Merge pull request #13245 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2023-05-23 09:38:01 +02:00
Erik Krogh Kristensen
50cb5ea184 Merge pull request #13164 from erik-krogh/polyQhelp 
ReDoS: add another example to the qhelp in poly-redos, showing how to just limit the length of the input
 2023-05-23 09:25:15 +02:00
Erik Krogh Kristensen
e658177c31 Merge pull request #12975 from tyage/support-sub-modules 
JS: Support sub modules
 2023-05-23 09:24:43 +02:00
Erik Krogh Kristensen
4540ac88ad Merge pull request #13247 from github/dependabot/cargo/ql/regex-1.8.2 
Bump regex from 1.8.1 to 1.8.2 in /ql
 2023-05-23 08:19:18 +02:00
dependabot[bot]
3a39e8badf Bump regex from 1.8.1 to 1.8.2 in /ql 
Bumps [regex](https://github.com/rust-lang/regex) from 1.8.1 to 1.8.2.
- [Release notes](https://github.com/rust-lang/regex/releases)
- [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/regex/compare/1.8.1...1.8.2)

---
updated-dependencies:
- dependency-name: regex
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-05-23 04:14:09 +00:00
github-actions[bot]
abcece88f5 Add changed framework coverage reports 2023-05-23 00:16:20 +00:00
Erik Krogh Kristensen
653cd86c13 update qldoc 2023-05-22 20:48:21 +02:00
Jeroen Ketema
a319fc0044 Merge pull request #13234 from jketema/std-inline 
C++: Include inline namespaces in `StdNamespace`
 2023-05-22 19:56:15 +02:00
Tom Hvitved
97b0012a5e Merge pull request #13233 from hvitved/ruby/type-tracking-summary-ret-node 
Ruby: Allow for flow out of callbacks passed to summarized methods in type tracking
 2023-05-22 16:05:18 +02:00
Jeroen Ketema
f31ab3a7e7 C++: Add change note 2023-05-22 16:00:12 +02:00
Mathias Vorreiter Pedersen
e3a5805916 Merge pull request #13237 from jketema/pointer-deref-fp 
C++: Add `cpp/invalid-pointer-deref` false positives
 2023-05-22 14:27:14 +01:00
Philip Ginsbach
cff4317cb1 Merge pull request #13236 from github/ginsbach/IdentifierSpecification 
repair and update the Identifier section of the QL specification
 2023-05-22 14:26:46 +01:00
Jeroen Ketema
ec265c6bb2 Merge pull request #13229 from MathiasVP/add-fp-testcase 
C++: Add FP testcase for `cpp/overrun-write`
 2023-05-22 15:26:13 +02:00
Paolo Tranquilli
f56ffbc25e Merge pull request #13232 from github/redsun82/swift-hidden-ast 
Swift: fix hidden AST getters
 2023-05-22 14:47:11 +02:00
Jeroen Ketema
3f289b1c99 C++: Add cpp/invalid-pointer-deref false positives 2023-05-22 14:34:59 +02:00
Sim4n6
e300816b72 Merge branch 'python-UBV' of https://github.com/sim4n6/codeql-pun into python-UBV 2023-05-22 13:18:40 +01:00
Philip Ginsbach
35114d5ac4 introduce parameterName rule 2023-05-22 11:48:13 +01:00
Philip Ginsbach
42e81015d0 mention signatureExpr in section on use of identifier rules 2023-05-22 11:48:13 +01:00
Philip Ginsbach
d98fcdd6aa do not use upperId directly in type signature rules 2023-05-22 11:48:13 +01:00
Philip Ginsbach
b707815370 do not use simpleId directly in module expression rules 2023-05-22 11:48:06 +01:00
Philip Ginsbach
7ace4cd43e add rule for module signature names (differing from module names) 2023-05-22 11:44:59 +01:00
Tom Hvitved
20efe81f10 Update ruby/ql/lib/codeql/ruby/typetracking/TypeTrackerSpecific.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2023-05-22 12:43:05 +02:00
Philip Ginsbach
d4ab1c9643 such identifiers do not actually exist in QL 2023-05-22 11:22:47 +01:00
Rasmus Wriedt Larsen
c1b90c8f05 Python: Apply suggested change 2023-05-22 11:58:32 +02:00
Rasmus Wriedt Larsen
a057365b7e Python: Accept .expected changes 2023-05-22 11:54:50 +02:00
Erik Krogh Kristensen
3647b9cfeb Merge pull request #13196 from erik-krogh/indirectCommand 
JS: require arguments to be shell interpreted to be flagged by indirect-command-injection
 2023-05-22 11:53:57 +02:00
Rasmus Wriedt Larsen
44d806507d Merge branch 'main' into python-UBV 2023-05-22 11:53:56 +02:00
Jeroen Ketema
f46183d0ba C++: Include inline namespaces in StdNamespace 2023-05-22 11:41:49 +02:00
Tom Hvitved
33be52f0b7 Ruby: Allow for flow out of callbacks passed to summarized methods in type tracking 2023-05-22 11:01:08 +02:00
Paolo Tranquilli
20893bdef5 Swift: accept test changes after hidden AST fix 2023-05-22 10:14:29 +02:00
Tony Torralba
05c30e8fac Merge pull request #13230 from atorralba/atorralba/java/groove-template-engine-sink 
Java: Add TemplateEngine.createTemplate as a Groovy injection sink
 2023-05-22 10:04:29 +02:00
Paolo Tranquilli
de03bdc235 Swift: fix hidden AST getters 
For consistency with the C/C++ QL library, getters of AST elements
within the hidden AST should not themselves skip other hidden AST
elements.
 2023-05-22 09:57:48 +02:00
Tom Hvitved
224a2c3d91 Merge pull request #13231 from hvitved/ruby/type-tracker-missing-callback-flow-out 
Ruby: Allow for flow through callbacks to summarized methods in type tracking
 2023-05-22 09:38:59 +02:00
erik-krogh
710b309142 apply suggestions from doc review 2023-05-21 22:18:48 +02:00
erik-krogh
10bf17c33e Merge branch 'main' into polyQhelp 2023-05-21 22:17:06 +02:00
Tom Hvitved
128168a7e7 Ruby: Allow for flow through callbacks to summarized methods in type tracking 2023-05-21 20:51:45 +02:00
Sim4n6
be3f59afab Replaced StringMethod() with a restrained String method calls 2023-05-20 12:17:33 +01:00
Sim4n6
d939f192d5 Deleted the UBV query change note. 2023-05-20 11:46:18 +01:00
Sim4n6
21e99d52c7 Fix a redundant import 2023-05-20 10:23:04 +01:00
Sim4n6
b8969707c5 Delete the vulnerability flow image from the QHelp file. 2023-05-20 10:21:38 +01:00
Sim4n6
16ce024429 Update python/ql/src/experimental/Security/CWE-176/UnicodeBypassValidation.qhelp 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2023-05-20 10:13:23 +01:00
Sim4n6
8462b14b54 Update python/ql/src/experimental/Security/CWE-176/UnicodeBypassValidation.qhelp 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2023-05-20 10:12:55 +01:00
Sim4n6
2a8645c447 Fix 'Singleton set literal' warning 2023-05-20 10:11:26 +01:00
Sim4n6
58be109a70 Moved UnicodeBypassValidation Customizations & Query.qll to src/experimental 2023-05-20 10:08:56 +01:00
Mathias Vorreiter Pedersen
58f4b7696d Merge pull request #13223 from geoffw0/useasnominaltypedecl 
Swift: Use asNominalTypeDecl more.
 2023-05-19 16:53:28 +01:00
Tony Torralba
b58eb3a92c Java: Add TemplateEngine.createTemplate as a groovy injection sink 2023-05-19 17:45:47 +02:00
Mathias Vorreiter Pedersen
c15ebf83ee C++: Add testcase with FP (and also fix an incorrect test annotation). 2023-05-19 16:38:18 +01:00
Philip Ginsbach
999e7f96c7 Merge pull request #13222 from github/ginsbach/SignatureSyntax 
add syntax for signature definitions to QL specification
 2023-05-19 16:22:45 +01:00
Alexandre Boulgakov
f943502e41 Merge pull request #13224 from github/sashabu/tsp-empty-help-links 
Swift: Drop support for plaintext diagnostics (and `helpLinks`).
 2023-05-19 15:44:44 +01:00