hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 13:45:19 +02:00
Code Issues Packages Projects Releases Wiki Activity
54,689 Commits 1,746 Branches 166 Tags
5d68473d1281bedb220c9ef365a5828dfba795a9
Commit Graph

54689 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Lerchedahl Petersen
5d68473d12 python: elide nodes without location from basic 2023-05-16 14:38:51 +02:00
Rasmus Lerchedahl Petersen
5b4f98d6c4 python: Add summaries for container constructors 
Also:
- turn on flow summaries for taint
- do not restrict node type
  (as now we need summary nodes)
 2023-05-16 14:38:51 +02:00
Rasmus Lerchedahl Petersen
145eaf3947 python: remove steps for container constructors 2023-05-16 10:35:10 +02:00
Tony Torralba
ac1df4de91 Merge pull request #13166 from atorralba/atorralba/java/xpath-xxe-sink 
Java: Add `XPath.evaluate` as XXE sink
 2023-05-16 09:14:56 +02:00
Erik Krogh Kristensen
57858afbd9 Merge pull request #13165 from erik-krogh/proto-assign-qhelp 
JS: fixup in the qhelp for `js/prototype-polluting-assignment`
 2023-05-16 08:52:52 +02:00
Owen Mansel-Chan
1a9bd9ccde Merge pull request #13135 from owen-mc/go/fix-unit-test 
Go: fix unit test
 2023-05-16 07:50:50 +01:00
Philip Ginsbach
167a5723b4 Merge pull request #13156 from github/ginsbach/SpecifyParameterisedSyntax 
add parameter syntax for module declarations and module references
 2023-05-15 17:07:20 +01:00
Tony Torralba
7d79d87d48 Add XPath.evaluate as XXE sink 2023-05-15 17:39:35 +02:00
erik-krogh
2ebce99eae add another example of how to fix the prototype pollution issue 2023-05-15 17:24:02 +02:00
erik-krogh
7a338c408e fix typo, the variable in the example is called items 2023-05-15 17:23:40 +02:00
Tom Hvitved
9dede31c0d Merge pull request #13077 from hvitved/ruby/track-regexp-improvements 
Ruby: Improvements to `RegExpTracking`
 2023-05-15 16:02:00 +02:00
Paolo Tranquilli
725a0a5eec Merge pull request #13161 from github/redsun82/swift-markdown-diagnostics 
Swift: support markdown TSP diagnostics
 2023-05-15 14:47:59 +02:00
Paolo Tranquilli
10d084fbbf Swift: update comment 2023-05-15 13:48:24 +02:00
Paolo Tranquilli
cfcd26cf0d Swift: support markdown TSP diagnostics 2023-05-15 13:48:24 +02:00
Paolo Tranquilli
d8c0054ea9 Merge pull request #13133 from github/redsun82/swift-diagnostics-locations 
Swift: add location and visibility support to TSP diagnostics
 2023-05-15 13:47:52 +02:00
Rasmus Wriedt Larsen
4be226ffe4 Merge pull request #13113 from yoff/python/test-container-steps 
python: Add tests for container steps
 2023-05-15 11:07:27 +02:00
Asger F
20e8ee8423 Merge pull request #12748 from JarLob/yi 
JS: Add more sources, more unit tests, fixes to the GitHub Actions injection query
 2023-05-15 11:03:00 +02:00
Tom Hvitved
cc6da7e38e Merge pull request #13031 from hvitved/identity-consistency-check 
C#: Remove local identity flow steps
 2023-05-15 10:45:35 +02:00
Paolo Tranquilli
dbff3e4fa4 Swift: remove unneeded SwiftDiagnosticLogWrapper 2023-05-15 10:08:43 +02:00
Paolo Tranquilli
a2cb331ebe Swift: remove hacky binlog interception 2023-05-15 10:02:24 +02:00
Paolo Tranquilli
9a555aea5f Merge branch 'main' into redsun82/swift-diagnostics-locations 2023-05-15 10:01:45 +02:00
Tom Hvitved
027cb2d335 C#: Reenable consistency check 2023-05-15 09:36:37 +02:00
Tom Hvitved
3c173df69e C#: Update expected test output 2023-05-15 09:35:20 +02:00
Tom Hvitved
165dc0b9bf C#: Filter away phi (read) input steps from a node into itself 2023-05-15 09:35:04 +02:00
Tom Hvitved
75dd4c8653 C#: Filter away use-use steps from a node into itself 2023-05-15 09:35:04 +02:00
Paolo Tranquilli
b214003720 Merge pull request #13131 from github/sashabu/tsp-incompatible-os 
Swift: Emit a diagnostic when attempting to use the autobuilder on Linux.
 2023-05-15 08:23:40 +02:00
Paolo Tranquilli
95cd948f09 Swift: order help links in integration test checks 
They are currently a set within the codeql cli.
 2023-05-14 22:33:48 +02:00
Ian Lynagh
202037e925 Merge pull request #13148 from igfoo/igfoo/arrays 
Kotlin: Add some documentation on arrays, and tweak the tests we use for them
 2023-05-12 18:52:16 +01:00
Max Schaefer
5dfe52afd0 Merge pull request #13152 from github/max-schaefer/unsafe-shell-command-construction-examples-sync 
JavaScript: Use synchronous APIs in examples for js/shell-command-constructed-from-input.
 2023-05-12 16:50:25 +01:00
Jeroen Ketema
ed0524d08c Merge pull request #13155 from jketema/invalid-pointer-deref-fp 
C++: Add FP test case for `cpp/invalid-pointer-deref`
 2023-05-12 17:33:28 +02:00
Philip Ginsbach
c5be3fb6c0 add missing syntax for parameterised module declaration 2023-05-12 15:50:28 +01:00
Max Schaefer
ef659310d3 Merge pull request #13151 from github/max-schaefer-patch-1 
JavaScript: Use gender-neutral language in qhelp for js/user-controlled-bypass
 2023-05-12 15:37:32 +01:00
Jeroen Ketema
eb493a1981 C++: Add FP test case for cpp/invalid-pointer-deref 
Also add reduced range analysis test case that seems to expose the underlying
reason for the FP.
 2023-05-12 16:25:34 +02:00
Philip Ginsbach
41df8cafe5 'Expr' is more appropriate than 'Id' now that instantiation can be involved 2023-05-12 15:21:12 +01:00
Max Schaefer
2e7eb50319 JavaScript: Use synchronous APIs in examples for js/shell-command-constructed-from-input. 2023-05-12 14:42:11 +01:00
Kasper Svendsen
d27f84e34e Merge pull request #13143 from kaspersv/kaspersv/java-explicit-this-receivers2 
Java: Make implicit this receivers explicit
 2023-05-12 15:22:15 +02:00
Max Schaefer
a4f6ccf2fc JavaScript: Use gender-neutral language in qhelp for js/user-controlled-bypass 2023-05-12 14:21:40 +01:00
Rasmus Lerchedahl Petersen
81adf5aad4 python: remember to adjust annotation 2023-05-12 14:28:41 +02:00
Ian Lynagh
826e87f435 Kotlin: Simplify some array tests 2023-05-12 12:54:08 +01:00
Rasmus Lerchedahl Petersen
1b848bb510 python: fix tests 2023-05-12 13:51:50 +02:00
Ian Lynagh
ad51767374 Kotlin: Add comment describing Kotlin array predicates 2023-05-12 12:38:05 +01:00
Harry Maclean
48f22681a5 Merge pull request #13029 from hmac/ruby-autobuilder-refactor 
Shared: Share autobuilder code between Ruby and QL
 2023-05-12 18:24:06 +07:00
yoff
3adaa21571 Merge branch 'main' into python/test-container-steps 2023-05-12 13:19:53 +02:00
Kasper Svendsen
c91d1cf721 Merge pull request #13145 from kaspersv/kaspersv/javascript-implicit-this-receiver3 
JS: Make implicit this receivers explicit
 2023-05-12 13:16:57 +02:00
yoff
72c6919f4e Merge pull request #13095 from yoff/python/interpret-summary-content 
Python: Interpret summary content
 2023-05-12 13:09:14 +02:00
yoff
6a5fc3c1b1 Update python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/test_collections.py 2023-05-12 13:06:08 +02:00
yoff
62b60f490c Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2023-05-12 12:54:17 +02:00
Kasper Svendsen
d40cd0f275 Java: Make implicit this receivers explicit 2023-05-12 12:47:21 +02:00
Kasper Svendsen
8e18627eae Merge pull request #13144 from kaspersv/kaspersv/go-explicit-this-receivers2 
Go: Make implicit this receivers explicit
 2023-05-12 12:44:35 +02:00
Kasper Svendsen
7c5625a4dc Go: Make implicit this receivers explicit 2023-05-12 12:14:13 +02:00