hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-06 07:36:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
76,270 Commits 1,703 Branches 162 Tags
75d320401b4ab7ee511f326ebacdeeca34b2df3f
Commit Graph

76270 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
yoff
75d320401b Merge branch 'main' into ruby/add-DBCallInLoop-to-CCR-suite 2025-02-19 16:08:38 +01:00
Chris Smowton
bc6ce32af2 Merge pull request #18812 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2025-02-19 14:42:18 +00:00
yoff
7d3cc2eaf3 Merge pull request #18797 from github/redsun82/update-py-deps 
Python: upgrade `clap`
 2025-02-19 15:12:43 +01:00
github-actions[bot]
ce234bb2c6 Add changed framework coverage reports 2025-02-19 14:09:10 +00:00
Simon Friis Vindum
ae7e15d82f Merge pull request #18754 from paldepind/rust-ref-pattern 
Rust ref pattern
 2025-02-19 14:24:09 +01:00
Michael B. Gale
ebd6fd4156 Merge pull request #18814 from github/mbg/bazel/test-output-all 
Bazel: Add `--test_output all`
 2025-02-19 12:40:07 +00:00
Asger F
a5fde9c3df Merge pull request #18807 from asgerf/js/vue-without-tsconfig-fixup 
JS: Extract TS snippets with no tsconfig.json file
 2025-02-19 13:31:08 +01:00
Paolo Tranquilli
3c00dc48b1 Merge pull request #18802 from github/redsun82/rust-glob-members 
Rust: support glob members in workspaces
 2025-02-19 13:30:58 +01:00
Asger F
58c8b5fa2b Merge pull request #18790 from asgerf/js/no-implicit-array-taint 
JS: Do not taint whole array when storing into ArrayElement
 2025-02-19 13:23:31 +01:00
Michael B. Gale
462b6e6a0e Bazel: Add --test_output all 2025-02-19 11:41:57 +00:00
Simon Friis Vindum
faef735ce9 Rust: Move equality into disjunction 2025-02-19 11:11:11 +01:00
Asger F
e1c280500e Merge pull request #18749 from Kwstubbs/express 
JS: Add result.download to Express as Path Traversal Sink
 2025-02-19 09:08:36 +01:00
Remco Vermeulen
9865577bf5 Merge pull request #18811 from rvermeulen/rvermeulen/update-java-ccr-suite 
Updata Java CCR suite
 2025-02-18 16:54:41 -08:00
Remco Vermeulen
2d991fc387 Updata Java CCR suite 2025-02-18 20:25:22 +00:00
Asger F
804a1a6cb0 JS: Handle array of sorting criteria 2025-02-18 16:58:04 +01:00
Asger F
7486742c37 JS: Fix model of _.sortBy 2025-02-18 16:53:40 +01:00
Jami
d94dc5aa40 Merge pull request #18504 from jcogs33/jcogs33/java/file-constructor-path-sanitizer 
Java: `File` constructor path sanitizer
 2025-02-18 08:00:32 -05:00
Asger F
b3f7cd988b JS: Extract TS snippets with no tsconfig.json file 2025-02-18 12:43:13 +01:00
Simon Friis Vindum
53557dbebd Merge pull request #18800 from paldepind/generate-model-script 
Sanitize path when generating MaD files
 2025-02-18 12:22:42 +01:00
Paolo Tranquilli
530bfccb7c Merge branch 'main' into redsun82/update-py-deps 2025-02-18 10:03:29 +01:00
Paolo Tranquilli
38efd4a8a2 Python: downgrade tree-sitter back to 0.20.4 2025-02-18 10:03:18 +01:00
Asger F
82a4b17218 JS: Change note 2025-02-18 09:43:08 +01:00
Asger F
e610683377 JS: Linter fix 2025-02-18 09:25:23 +01:00
Ian Lynagh
02249af781 Merge pull request #18804 from github/post-release-prep/codeql-cli-2.20.5 
Post-release preparation for codeql-cli-2.20.5
 2025-02-17 21:40:36 +00:00
Jami Cogswell
9bb5fe837d Java: address review comments 2025-02-17 15:47:45 -05:00
Asger F
c958702830 JS: Accept some unproblematic consistency warnings 2025-02-17 20:30:07 +01:00
github-actions[bot]
ad24f94a77 Post-release preparation for codeql-cli-2.20.5 2025-02-17 17:58:24 +00:00
Ian Lynagh
975881c74a Merge pull request #18803 from github/release-prep/2.20.5 
Release preparation for version 2.20.5
codeql-cli/v2.20.5 		2025-02-17 17:29:25 +00:00
github-actions[bot]
6f4562f3bd Release preparation for version 2.20.5 2025-02-17 16:55:54 +00:00
Paolo Tranquilli
342bff6125 Python: undo tree-sitter update 2025-02-17 15:52:45 +01:00
Paolo Tranquilli
755140152c Rust: support glob members in workspaces 2025-02-17 15:09:35 +01:00
Asger F
a54f0a74f1 JS: Target post-update node instead of getALocalSource 
getAPropertyWrite() contains getALocalSource() under the the hood. Don't rely on that to find the successor of a mutation.
 2025-02-17 15:00:02 +01:00
Asger F
6e074c301f JS: Port lodash callback steps to flow summaries 
Not all of lodash, just the callbacks we already modeled plus a few easy ones
 2025-02-17 14:54:45 +01:00
Paolo Tranquilli
df305d6b52 Python: run bazel vendoring 2025-02-17 14:18:48 +01:00
Erik Krogh Kristensen
7fa41c438f Merge pull request #18794 from erik-krogh/v-flag 
JS: Add support for the regex V flag
 2025-02-17 13:56:48 +01:00
Anders Schack-Mulligen
a90bd68796 Merge pull request #18786 from aschackmull/ssa/cleanup 
Rust/Ruby: Minor SSA cleanup.
 2025-02-17 13:51:17 +01:00
Simon Friis Vindum
12a5766f31 Sanitize path when generating MaD files 2025-02-17 13:45:33 +01:00
Simon Friis Vindum
b08f5356dd Merge pull request #18772 from paldepind/rust-method-call 
Rust: Adjust argument position when call expression is for method
 2025-02-17 13:39:24 +01:00
Simon Friis Vindum
dcfe65bc66 Rust: Address review comments 2025-02-17 13:35:46 +01:00
yoff
4b53e1c034 Merge pull request #18304 from yoff/ruby/performance-queries 
Ruby: Query for database calls in a loop
 2025-02-17 13:16:07 +01:00
Asger F
4e325d9f1c JS: Convert some exception steps to legacy 2025-02-17 11:53:50 +01:00
Owen Mansel-Chan
6045d9bb22 Merge pull request #18792 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2025-02-17 10:45:36 +00:00
Asger F
08b9d934c0 JS: Add a negative test 2025-02-17 11:37:44 +01:00
Asger F
352924fb8c JS: Handle a few other stringification contexts 2025-02-17 11:36:28 +01:00
Asger F
33ab7db98a JS: Handle Array.prototype.toString calls 2025-02-17 11:25:03 +01:00
Asger F
a74b203c86 JS: Add test with implicit array stringification 2025-02-17 11:21:46 +01:00
Asger F
d87534c7d0 JS: Model Array#toString 2025-02-17 11:13:36 +01:00
Asger F
e8d1703224 JS: Add test for flow through Buffer.concat 
This flow was lost since the existing model of concat() boxes its return value in ArrayElement. There is no explicit model of Buffer.concat.
 2025-02-17 11:12:51 +01:00
Paolo Tranquilli
91b3d108bb Python: upgrade cargo dependencies 
This required some code changes because of some breaking changes in
`clap` and `tree-sitter`.

Also needed to assign a new bazel repo name to the `crates_vendor` to
avoid name conflicts in `MODULE.bazel`.
 2025-02-17 10:56:36 +01:00
Simon Friis Vindum
8b3c1ab698 Merge branch 'main' into rust-ref-pattern 2025-02-17 10:36:39 +01:00