hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-28 22:02:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
36,567 Commits 1,684 Branches 159 Tags
76cf8d165942d0c262effdebccf971cc3bf8d5b4
Commit Graph

36567 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nick Rolfe
76cf8d1659 C++: fix typos in comments 2022-05-12 14:28:26 +01:00
Nick Rolfe
844eef173c QL for QL: add predicate for other typos not in the shared typo db 2022-05-12 14:25:39 +01:00
Nick Rolfe
6058352fb0 QL for QL: add small test for misspelling query 2022-05-12 13:17:32 +01:00
Nick Rolfe
4321b5e1fa QL for QL: generalise non-US spelling query 
1. Catch common misspelling as well.
2. Also check names of classes, predicates, etc.
 2022-05-12 13:17:32 +01:00
Rasmus Wriedt Larsen
7cd51d6147 Merge pull request #9126 from RasmusWL/moduleimport-with-dots 
Python: Fully disallow `API::moduleImport` of module with dots
 2022-05-12 14:16:25 +02:00
AlexDenisov
dd900e622c Merge pull request #9107 from redsun82/swift-arena 
Swift: `TrapOutput`
 2022-05-12 14:09:18 +02:00
Rasmus Wriedt Larsen
795adf0566 Python: Fix API::moduleImport("foo.bar") 2022-05-12 13:33:00 +02:00
Rasmus Wriedt Larsen
3844c5b5c0 Python: Add change-note 2022-05-12 13:32:59 +02:00
Rasmus Wriedt Larsen
f8253f5fef Python: Fully disallow API::moduleImport of module with dots 
Inspired by discussion about this for MaD in
https://github.com/github/codeql/pull/8883#discussion_r865858084
 2022-05-12 13:30:26 +02:00
Rasmus Wriedt Larsen
597a8414d9 Python: Add test of API::moduleImport with dots 
This is currently semi-works -- the import is allowed, but doesn't
always work when used :|
 2022-05-12 13:29:16 +02:00
Nick Rolfe
234a36ff61 Merge pull request #9119 from github/nickrolfe/non-us-spelling-fixes 
Fix non-US spellings and the corresponding query
 2022-05-12 12:29:14 +01:00
Tom Hvitved
0a7892797e Merge pull request #8938 from hvitved/ruby/with-without-mad-tokens 
Ruby: Introduce `With(out)Element` MaD input tokens
 2022-05-12 11:49:51 +02:00
Nick Rolfe
12a43b6fae C++: fix another use of AnalysedString 2022-05-12 10:38:13 +01:00
Harry Maclean
e8972b814f Merge pull request #8635 from hmac/hmac/io-popen 
Ruby: Model IO.popen
 2022-05-12 21:17:55 +12:00
Nick Rolfe
a86b5a1586 C++: fix changenote formatting 2022-05-12 09:26:30 +01:00
Anders Schack-Mulligen
e0c74d4390 Merge pull request #9124 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2022-05-12 09:06:07 +02:00
Anders Schack-Mulligen
fad7d9ae72 Merge pull request #9120 from igfoo/igfoo/fixes 
Kotlin: Fix some alerts
 2022-05-12 08:29:34 +02:00
Erik Krogh Kristensen
6014614a31 Merge pull request #9103 from erik-krogh/nextParam 
JS: add support for typed NextJS route-handlers
 2022-05-12 08:18:26 +02:00
github-actions[bot]
acaf4517c0 Add changed framework coverage reports 2022-05-12 00:17:30 +00:00
Chris Smowton
85dc1090fe Merge pull request #9116 from smowton/smowton/feature/accept-conditional-cookie-security 
Java: tolerate `cookie.setSecure(request.isSecure())`
 2022-05-11 21:29:14 +01:00
Tom Hvitved
46ab25b61e Merge pull request #9098 from aschackmull/dataflow/perf 
Dataflow: Performance fixes
 2022-05-11 20:41:48 +02:00
Nick Rolfe
7cd6dc1a74 CPP: add changenote for AnalysedString -> AnalyzedString 2022-05-11 18:16:26 +01:00
Ian Lynagh
33e17f1665 Kotlin: Fix some alerts 2022-05-11 17:58:50 +01:00
Nick Rolfe
e1b277386a Fix non-US spellings: s/analyse/analyze 2022-05-11 17:48:27 +01:00
Nick Rolfe
2d246a4034 QL for QL: fix checking spelling of 'analyze' in multi-line comments 
`.` does not match a newline in `regexpMatch`, so we were missing some
comments.
 2022-05-11 17:43:39 +01:00
Nick Rolfe
0af1976b74 JS: fix typos in qldoc comment 2022-05-11 17:42:43 +01:00
Paolo Tranquilli
ddb567b639 Swift: remove Tag nested alias in TrapLabel 2022-05-11 17:44:00 +02:00
Ian Lynagh
cfde0a1491 Merge pull request #9109 from igfoo/igfoo/kotlin_merge 
Initial Kotlin support
 2022-05-11 16:16:22 +01:00
Paolo Tranquilli
f1413f29c6 Swift: move back file opening code 2022-05-11 16:53:51 +02:00
Tony Torralba
5be30209c1 Merge pull request #9036 from luchua-bc/java/hardcoded-jwt-key 
Java: CWE-321 Query to detect hardcoded JWT secret keys
 2022-05-11 16:31:34 +02:00
Henry Mercer
6ecc542ca3 Merge pull request #9117 from github/henrymercer/java/tag-telemetry 
Java: Tag telemetry queries with `telemetry`
 2022-05-11 15:13:35 +01:00
Henry Mercer
a626078423 Merge pull request #9118 from github/henrymercer/csharp/tag-telemetry 
C#: Tag telemetry queries with `telemetry`
 2022-05-11 15:13:29 +01:00
Anders Schack-Mulligen
4884520ee1 Dataflow: Review fix. 2022-05-11 15:40:49 +02:00
Chris Smowton
f7e1f3e1a5 Remove URL fragment from Google search 2022-05-11 14:38:09 +01:00
Tom Hvitved
5df87d526c Sync files 2022-05-11 15:17:27 +02:00
Tom Hvitved
884d3b2ff4 Ruby: Introduce With(out)Element MaD input tokens 2022-05-11 15:17:27 +02:00
Tom Hvitved
333780e635 Merge pull request #8898 from hvitved/dataflow/clear-expect-summary-components 
Data flow: Introduce 'with/without content' summary components
 2022-05-11 15:16:42 +02:00
Ian Lynagh
c0a755e061 Merge remote-tracking branch 'upstream/main' into igfoo/kotlin_merge 
Resolving conflicts:
	java/ql/lib/semmle/code/java/Expr.qll
 2022-05-11 14:13:09 +01:00
Rasmus Wriedt Larsen
46f309c373 Merge pull request #6360 from jorgectf/jorgectf/python/insecure-cookie 
Python: Add cookie security-related queries
 2022-05-11 14:47:11 +02:00
Paolo Tranquilli
a46582d7d5 Swift: replace friend in TrapLabel with unsafeCreateFromExplicitId 2022-05-11 14:42:55 +02:00
Henry Mercer
b6f1ddcdab Java: Tag telemetry queries with telemetry 
This will exclude the results of these queries from the summary tables
produced by `codeql database analyze` in a future version of the CodeQL
CLI.
 2022-05-11 13:29:25 +01:00
Henry Mercer
cdd6e0e104 C#: Tag telemetry queries with telemetry 
This will exclude the results of these queries from the summary tables
produced by `codeql database analyze` in a future version of the CodeQL
CLI.
 2022-05-11 13:27:49 +01:00
Rasmus Wriedt Larsen
cff950f5f7 Python: Fix select of py/insecure-cookie 2022-05-11 14:06:30 +02:00
Anders Schack-Mulligen
9a4d86e9b4 Merge pull request #8571 from Marcono1234/marcono1234/statement-expression 
Java: Add `ValueDiscardingExpr`
 2022-05-11 13:37:24 +02:00
Rasmus Wriedt Larsen
fc8633cc01 Python: Fix select for py/cookie-injection 2022-05-11 13:18:14 +02:00
Chris Smowton
0044326884 Add change note 2022-05-11 12:06:27 +01:00
Chris Smowton
c17ef42cc7 Insecure cookie query: accept ServletRequest.isSecure(), and allow more than one possible input to a setSecure(...) call. 2022-05-11 11:59:37 +01:00
luchua-bc
f85c01c975 Correct string source 2022-05-11 10:37:22 +00:00
Paolo Tranquilli
e679612a5a Swift: move most of TrapArena to TrapFile 2022-05-11 12:32:14 +02:00
Chris Smowton
1af0e9b619 Servlets.qll: don't use deprecated library visiblity modifier. 2022-05-11 11:31:14 +01:00