hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity
44,424 Commits 1,673 Branches 157 Tags
66e6f4d25e84cda8d1b9c6547da32e826ecca66c
Commit Graph

44424 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tony Torralba
66e6f4d25e Use empty string as default value for string annotation values 2022-10-03 10:31:14 +02:00
Tony Torralba
8a3ed6bdcf Apply code review suggestions 2022-10-03 10:31:14 +02:00
Tony Torralba
6f7b7c9efe If an annotation value is an array, order its elements by index 2022-10-03 10:31:14 +02:00
Tony Torralba
6f1124d7e7 Handle more annotation element value types 2022-10-03 10:31:13 +02:00
Tony Torralba
1ece12efd7 Add annotation element names 2022-10-03 10:31:13 +02:00
Tony Torralba
d4499a10d2 Fix typo 2022-10-03 10:31:13 +02:00
Tony Torralba
ee7507386c Fix annotation vs interface keyword stubbing 2022-10-03 10:31:13 +02:00
Tony Torralba
eda676df3e Add support for Annotation types stub generation 2022-10-03 10:31:13 +02:00
Erik Krogh Kristensen
3d00a61dac Merge pull request #10528 from erik-krogh/java-followMsg 
Java: Update the alert messages to better follow the style guide
 2022-10-03 09:49:47 +02:00
Asger F
47e5623b90 Merge pull request #10639 from hvitved/ruby/dataflow/known-element-no-floats-complexs 
Ruby: Do not attempt to track precise hash indices for floats and complex numbers
 2022-10-03 09:23:33 +02:00
Tony Torralba
683cacb8b5 Merge pull request #10640 from atorralba/atorralba/fix-cartesian-product 
Java: Fix cartesian product
 2022-10-03 08:56:47 +02:00
Harry Maclean
ba83b7c6c7 Merge pull request #10599 from hmac/hmac/actioncontroller-datastreaming 
Ruby: Model send_file
 2022-10-03 09:44:05 +13:00
erik-krogh
39ffa558f1 make a few more queries consistent with the other languages 2022-10-02 22:38:25 +02:00
Alex Ford
5c32c8badf Merge pull request #10560 from alexrford/ruby/yaml-load_file 
Ruby: treat `Psych` and `YAML` as aliases for rb/unsafe-deserialization
 2022-10-02 20:19:10 +01:00
erik-krogh
2f673efc67 autoformat 2022-10-01 13:21:20 +02:00
erik-krogh
129cda00db get a few more queries in sync with other languages 2022-10-01 11:17:48 +02:00
erik-krogh
acfcc4bfe2 update two more queries to better follow the style-guide 2022-10-01 10:59:59 +02:00
erik-krogh
7d643e41f3 Merge branch 'main' into java-followMsg 2022-10-01 10:48:06 +02:00
Erik Krogh Kristensen
17e6b2af37 Merge pull request #10557 from erik-krogh/csharp-followMsg 
C#: Update the alert messages to better follow the style guide
 2022-10-01 10:47:43 +02:00
erik-krogh
e2fe63f94a autoformat 2022-09-30 23:11:43 +02:00
Tom Hvitved
292bc67125 Merge pull request #10620 from hvitved/ruby/call-graph-protected-methods 
Ruby: Account for `protected` methods in call graph
 2022-09-30 19:31:36 +02:00
Tom Hvitved
dd7458acc8 Ruby: Add more call graph tests for protected methods 2022-09-30 16:24:34 +02:00
Tom Hvitved
32d002ed60 Merge pull request #10627 from hvitved/ruby/synthesis-reduce-non-linear-rec 
Ruby: Reduce size of input predicate for non-linear recursion
 2022-09-30 15:36:21 +02:00
Tamás Vajk
5017b21579 Merge pull request #10617 from tamasvajk/kotlin-op-calls 
Kotlin: extract operator expression when operator is in method call form
 2022-09-30 15:19:03 +02:00
Arthur Baars
d54a3059b4 Merge pull request #10642 from github/aibaars-patch-2 
Run QLHelp preview for all languages
 2022-09-30 15:13:48 +02:00
Tom Hvitved
3ec43dbd16 Ruby: Do not attempt to track precise hash indices for floats and complex numbers 2022-09-30 14:57:50 +02:00
erik-krogh
318718c428 update expected output 2022-09-30 14:51:41 +02:00
Asger F
6e1914ad01 Merge pull request #10375 from asgerf/rb/summarize-loads-v2 
Ruby: type-tracking and API edges through simple library callables
 2022-09-30 14:25:17 +02:00
Tamas Vajk
121a5645b8 Kotlin: extract operator expression when operator is in method call form 2022-09-30 13:48:53 +02:00
Tamas Vajk
0f9b6d4a8b Kotlin: Add test cases for operators being called by name 2022-09-30 13:46:57 +02:00
erik-krogh
7098e7b102 change more queries to start with "This " 2022-09-30 13:29:18 +02:00
Nick Rolfe
ef8ec0878a Merge pull request #10641 from github/nickrolfe/a_an 
JS/Python/Ruby: s/a HTML/an HTML/
 2022-09-30 12:17:15 +01:00
CodeQL CI
b66e5c5aee Merge pull request #10634 from yoff/python/rewrite-typetrackers 
Approved by tausbn
 2022-09-30 03:55:35 -07:00
Arthur Baars
c7b01975c1 Run QLHelp preview for all languages 2022-09-30 12:08:05 +02:00
Tamás Vajk
ee59bdab25 Merge pull request #10624 from tamasvajk/kotlin-java-fn-equivalence-remove 
Kotlin: find java-kotlin equivalent functions by erased parameter types
 2022-09-30 12:00:46 +02:00
Ian Lynagh
9be2ca2f1e Merge pull request #10630 from igfoo/igfoo/ver0 
Kotlin: Make newerThan symmetric
 2022-09-30 10:52:42 +01:00
Nick Rolfe
ed74e0aad1 JS/Python/Ruby: s/a HTML/an HTML/ 2022-09-30 10:37:52 +01:00
Henti Smith
476960e699 Merge pull request #10625 from github/henti/ql_jobrunson 
Added job.getRunsOn
 2022-09-30 10:19:14 +01:00
Tony Torralba
585cbe2b95 Fix cartesian product 2022-09-30 10:47:22 +02:00
Erik Krogh Kristensen
06ea829537 Merge pull request #10636 from erik-krogh/fixHardcoded 
JS: recognize another kind of dummy passwords to fix an FP in hardcoded-credentials
 2022-09-30 10:42:01 +02:00
Henti Smith
074fac8f2f Ran autoformatter on Actions.qll 2022-09-30 09:24:12 +01:00
Michael Nebel
82294c1349 Merge pull request #10622 from michaelnebel/ruby/postupdateassignexpr 
Ruby: Postupdate notes for assignment expressions.
 2022-09-30 10:00:02 +02:00
Michael Nebel
c867f2ba5b Merge pull request #10594 from michaelnebel/csharp/postupdatenotes 
C#: Postupdate notes for ternary expressions.
 2022-09-30 09:56:21 +02:00
Harry Maclean
4a39bc8f47 Merge pull request #10598 from hmac/hmac/actioncontroller-metal 
Ruby: Identify ActionController::Metal controllers
 2022-09-30 13:07:03 +13:00
erik-krogh
9f2d7dfb29 update expected output 2022-09-29 22:48:41 +02:00
erik-krogh
0a5ff1b79a recognize another kind of dummy passwords to fix an FP in hardcoded-credentials 2022-09-29 21:25:40 +02:00
yoff
8ab5617b51 Merge pull request #10539 from yoff/python/improve-API-graphs 
Python: add subscript to API graphs
 2022-09-29 21:05:22 +02:00
Rasmus Lerchedahl Petersen
84ab860600 python: rewrite type tracker for ldap operations 
There are several other clean ups I would like to do in this file,
but this can wait until we promote the query.
 2022-09-29 20:32:19 +02:00
Rasmus Lerchedahl Petersen
0654e39e72 python: rewrite type tracker for compiled regexes 
we have the option to use `regex.getAValueReachingSink`
rather than `regex.asSink`, but it will likely be used as a
sink for data flow.
 2022-09-29 20:30:29 +02:00
James Fletcher
7ffbc738fb Merge pull request #10632 from jf205/lgtm-updates 
Remove a mentions of LGTM.com from the README and style guides
 2022-09-29 19:29:32 +01:00