hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 05:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity
31,798 Commits 1,742 Branches 166 Tags
64f19637d49457e24e177a65a4fa692855cbfeef
Commit Graph

31798 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tony Torralba
1e2a956a30 Remove unused stub 2022-01-19 16:43:02 +01:00
Tony Torralba
d9e98ceacc Consider setSslContextFactory and fix tests 2022-01-19 16:43:01 +01:00
Tony Torralba
4d207101e2 Fix QLDoc 2022-01-19 16:43:00 +01:00
Tony Torralba
999acb0021 Improve qhelp references 2022-01-19 16:43:00 +01:00
Tony Torralba
e9712f04a4 Add missing QLDoc 2022-01-19 16:42:59 +01:00
Tony Torralba
698fd64f7f Adjust test after rebase 2022-01-19 16:42:59 +01:00
Tony Torralba
68fe3dd9f4 Fix conflicts in experimental query 2022-01-19 16:42:58 +01:00
Tony Torralba
c24520cb75 Adjust qhelp after rebase 2022-01-19 16:42:58 +01:00
Tony Torralba
5997b874de Add change note 2022-01-19 16:42:53 +01:00
Tony Torralba
9e93aecf75 Add spurious test case 2022-01-19 16:42:06 +01:00
Tony Torralba
19d1a780ca Generalize sanitizer using local flow 2022-01-19 16:42:05 +01:00
Tony Torralba
64518bf91a Handle a specific pass-by-reference flow issue 2022-01-19 16:42:04 +01:00
Tony Torralba
4508945f85 Fix assumption regarding when an SSLSocket does the TLS handhsake 2022-01-19 16:42:03 +01:00
Tony Torralba
e842acf9e0 Improve qhelp 2022-01-19 16:42:03 +01:00
Tony Torralba
5d4cd70f8c Adjusted sources and sanitizer of UnsafeCertTrust taint tracking config 2022-01-19 16:42:02 +01:00
Tony Torralba
e43fff2d30 Use InlineExpectationsTest 2022-01-19 16:42:02 +01:00
Tony Torralba
02d0fa9188 Minor changes in QLDocs and a sanitizer's type 2022-01-19 16:42:01 +01:00
Tony Torralba
4313baf622 Big refactor: 
- Move classes and predicates to appropriate libraries
- Overhaul the endpoint identification algorithm logic to use taint tracking
- Adapt tests
 2022-01-19 16:42:00 +01:00
Tony Torralba
e0f4c73aed Move from experimental 2022-01-19 16:42:00 +01:00
Tony Torralba
6096080156 Use all possible packages for Fragment classes 
Also fix stub
 2022-01-19 16:23:11 +01:00
Benjamin Muskalla
52406dc8df Exclude logging sinks 
Those sinks are too coarse grained to be exposed as sinks on any model.
 2022-01-19 16:11:59 +01:00
Benjamin Muskalla
25d251c24f Exclude main methods from models 2022-01-19 16:11:59 +01:00
Tony Torralba
3c9fac0c6e Sync DataFlowImplForOnActivityResult.qll 2022-01-19 16:11:51 +01:00
Tony Torralba
6a4d2ee850 Apply code review suggestions 2022-01-19 16:08:31 +01:00
Tony Torralba
57ff13dd19 Sync DataFlowImplForOnActivityResult to latest changes 2022-01-19 16:08:31 +01:00
Tony Torralba
ea4ff80cc6 Add DataFlowImplForOnActivityResult to identical-files.json 2022-01-19 16:08:31 +01:00
Tony Torralba
37916a8368 Fix previous merge 2022-01-19 16:08:31 +01:00
Tony Torralba
d9d9ad7d63 Use dedicated instance of DataFlow 2022-01-19 16:08:31 +01:00
Tony Torralba
aef63f69b0 Formatting 2022-01-19 16:08:30 +01:00
Tony Torralba
4b3029564c Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-01-19 16:08:29 +01:00
Tony Torralba
c675028537 Add Fragment and Activity edge case 2022-01-19 16:08:28 +01:00
Tony Torralba
9ae1f1cf85 QLDoc 2022-01-19 16:08:27 +01:00
Tony Torralba
211cb9370f Add the Intent parameter of onActivityResult as a source 2022-01-19 16:08:25 +01:00
Tony Torralba
520d8f5ec5 Add stubs 2022-01-19 16:06:23 +01:00
Tom Hvitved
7e3f3c6e2a Merge pull request #7515 from hvitved/csharp/extraction-mode 
C#: Introduce extractor mode to identify DBs created with `codeql test run`
 2022-01-19 16:04:57 +01:00
Chris Smowton
162b3822dd Merge pull request #7613 from github/smowton/admin/tag-random-used-once 
Remove security-severity tag to java/random-used-once
 2022-01-19 14:43:08 +00:00
Henry Mercer
c134e6c9ef JS: Bump ML-powered query packs to v0.0.6 2022-01-19 14:40:42 +00:00
Chris Smowton
c63fcb2c69 Add change note 2022-01-19 14:13:45 +00:00
Chris Smowton
f0645a34b9 Remove security-severity tag instead 
This leaves the Java query in the same state as its C# cousin.
 2022-01-19 14:06:40 +00:00
Erik Krogh Kristensen
cb9e14f544 add cwe-471 to js/prototype-pollution 2022-01-19 14:54:57 +01:00
Alex Ford
0aab670b17 Ruby: add missing example rails action 2022-01-19 13:47:00 +00:00
Tom Hvitved
cb098df4ea Merge pull request #7334 from github/hmac/regexp-interpolations 
Ruby: Resolve simple string interpolations
 2022-01-19 14:43:58 +01:00
Alex Ford
45ed5a806c Ruby: changenote for rb/csrf-protection-disabled enhancement 2022-01-19 13:41:00 +00:00
Alex Ford
b27d315ff4 Ruby: add an example of protect_from_forgery with: :exception 2022-01-19 13:30:27 +00:00
Mathias Vorreiter Pedersen
dfbde23821 Merge pull request #7627 from geoffw0/nullterm5 
C++: Fix branch related FPs in cpp/improper-null-termination.
 2022-01-19 13:30:05 +00:00
Erik Krogh Kristensen
e4203a4109 add CWE-471 to the prototype-pollution queries 2022-01-19 14:26:34 +01:00
Tom Hvitved
dacb33d1dd C#: Adjust Roslyn workaround 2022-01-19 14:12:21 +01:00
Geoffrey White
0230494799 C++: Expand QLDoc comment. 2022-01-19 13:07:55 +00:00
Henry Mercer
061b9badfe Merge pull request #7649 from github/henrymercer/bump-atm-query-pack-v0.0.5 
JS: Bump ML-powered query packs to v0.0.5
 2022-01-19 13:00:41 +00:00
Geoffrey White
acfd593eb4 C++: Change note. 2022-01-19 13:00:36 +00:00