hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 13:45:19 +02:00
Code Issues Packages Projects Releases Wiki Activity
63,106 Commits 1,746 Branches 166 Tags
7916616ee198932dd2b5bb2c64bef2d6971cf8f5
Commit Graph

63106 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
7916616ee1 C++: Fix duplication for indirect exprs similar to how we fixed it in #15410. 2024-01-24 16:20:06 +00:00
Mathias Vorreiter Pedersen
4e18cca0f4 C++: Add a way to test the behavior of 'asExpr' and 'toString' on dataflow nodes. 2024-01-24 16:12:47 +00:00
Ian Lynagh
67242278ee Merge pull request #15384 from igfoo/igfoo/kt2 
Kotlin: Support Kotlin 2.0.0-Beta3
 2024-01-24 12:47:35 +00:00
Michael B. Gale
514430e8b9 Merge pull request #15411 from github/mbg/go/refactor-go-autobuilder 2024-01-24 09:15:04 +00:00
Henry Mercer
3af42d57a0 Merge pull request #15402 from github/henrymercer/csharp-build-mode 
C#: Enable standalone extraction via `--build-mode`
 2024-01-24 09:01:03 +00:00
Tony Torralba
0bb0e52adb Merge pull request #15418 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2024-01-24 09:23:55 +01:00
Michael Nebel
2be1ee8b34 Merge pull request #15394 from michaelnebel/csharp/urlredirect-sanitizer 
C#: Add more santizers to the `cs/web/unvalidated-url-redirection` query.
 2024-01-24 08:42:05 +01:00
github-actions[bot]
465e8d3530 Add changed framework coverage reports 2024-01-24 00:17:20 +00:00
Henry Mercer
0928c93989 Use TryGetValue 2024-01-23 20:43:19 +00:00
Henry Mercer
e73c1b7281 Be forgiving with casing of build mode environment variable 2024-01-23 20:35:43 +00:00
Henry Mercer
a75c8273f9 C#: Allow checking environment variables that may be undefined 
The build mode environment variable for instance is only set when a build mode is specified.
 2024-01-23 20:33:16 +00:00
Edward Minnix III
3c8b09307d Merge pull request #15291 from egregius313/egregius313/java/dataflow/default-sanitizers 
Java: Introduce a common sanitizer type for types which cannot realistically carry taint.
 2024-01-23 13:28:03 -05:00
Mathias Vorreiter Pedersen
145b5a30bd Merge pull request #15343 from microsoft/38-cpp-generalize-use-after-free-libraries 
Generalization of FlowAfterFree
 2024-01-23 16:49:29 +00:00
Ben Rodes
55fe8d376c Update cpp/ql/lib/semmle/code/cpp/security/flowafterfree/UseAfterFree.qll 2024-01-23 10:49:47 -05:00
Benjamin Rodes
dfb3aec002 Removing unnecessary private modules and adding comments. 2024-01-23 10:47:38 -05:00
Mathias Vorreiter Pedersen
42fd3fc836 C++: Make more things 'private' and add QLDoc to public things. (#40) 2024-01-23 10:27:01 -05:00
Mathias Vorreiter Pedersen
b1b236d82d Merge pull request #15410 from MathiasVP/less-dataflow-duplication 
C++: Remove more `asExpr` duplication
 2024-01-23 14:50:01 +00:00
Michael Nebel
10be0deeb5 C#: Add a couple more testcases. 2024-01-23 15:09:10 +01:00
Edward Minnix III
0e866a5447 Merge pull request #15359 from egregius313/egregius313/csharp/dataflow/threat-modeling/add-threatmodelflowsource 
C#: Threat Modeling - Introduce `ThreatModelFlowSource`
 2024-01-23 09:02:10 -05:00
Michael B. Gale
cf1aab0157 Go: Move identify environment code to separate file 2024-01-23 13:59:34 +00:00
Michael B. Gale
ee36e7424a Go: Move project analysis code to separate file 2024-01-23 13:59:33 +00:00
Michael B. Gale
0dc3c847bc Go: Move go invocations to separate file 2024-01-23 13:59:33 +00:00
Tamás Vajk
df8d453058 Merge pull request #15395 from tamasvajk/feature/standalone-nuget-restore-retry 
C#: Try fallback `dotnet restore` without nuget.config
 2024-01-23 14:45:00 +01:00
Erik Krogh Kristensen
f1d6f56621 Merge pull request #15393 from erik-krogh/deps-jan-2024 
All: delete outdated deprecations
 2024-01-23 13:52:38 +01:00
Mathias Vorreiter Pedersen
8b172c133d C++: Accept test changes. 2024-01-23 12:06:42 +00:00
Mathias Vorreiter Pedersen
5bc602a208 C++: Ensure that we don't create a result for 'asExpr' on an instruction node if a result also exists for an operand node (and vice versa). 2024-01-23 12:06:35 +00:00
Chris Smowton
43453fea52 Merge pull request #15408 from smowton/smowton/admin/log-setup-go-message 
Log advice when a newer Go version is required under Actions
 2024-01-23 11:32:38 +00:00
Mathias Vorreiter Pedersen
d29d060706 Merge pull request #15401 from alexet/make-intended-join-order 
CPP: Fix join ordering hints to make them do what they intend.
 2024-01-23 11:30:20 +00:00
Chris Smowton
7e96eaa273 Log advice when a newer Go version is required under Actions 2024-01-23 10:49:52 +00:00
Tony Torralba
77e724b3ba Merge pull request #15188 from github/java/update-mad-decls-after-triage-2023-12-21T14-39-02 
Java: Update MaD Declarations after Triage
 2024-01-23 11:34:57 +01:00
Tony Torralba
fcd9a5ed71 Update java/ql/lib/change-notes/2023-12-21-new-models.md 2024-01-23 11:18:12 +01:00
Stephan Brandauer
95b439bf31 Merge branch 'main' into java/update-mad-decls-after-triage-2023-12-21T14-39-02 2024-01-23 09:40:50 +01:00
Stephan Brandauer
cd765e7c19 work on review comments 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2024-01-23 09:35:36 +01:00
Stephan Brandauer
8b34407ab7 Java: java.awt.Desktop::browse is a url-redirection sink 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2024-01-23 09:28:13 +01:00
Michael Nebel
95a200453b Merge pull request #15404 from michaelnebel/csharp/inlinearraydummystats 
C#: Add dummy stats for inline_array_type.
 2024-01-23 09:17:18 +01:00
Michael Nebel
123e86e0e0 C#: Add dummy stats for inline_array_type. 2024-01-23 08:29:01 +01:00
Erik Krogh Kristensen
97071b0dc7 Merge pull request #15403 from github/dependabot/cargo/ql/chrono-0.4.32 
Bump chrono from 0.4.31 to 0.4.32 in /ql
 2024-01-23 08:20:28 +01:00
Ed Minnix
fcbee1994b Update change note 2024-01-22 23:57:31 -05:00
Ed Minnix
fb80c5ea84 Rename SimpleScalarSanitizer to SimpleTypeSanitizer 2024-01-22 23:55:29 -05:00
Ed Minnix
696788e5b2 Rename semmle.code.java.security.dataflow.CommonSanitizers to semmle.code.java.security.Sanitizers 2024-01-22 23:52:19 -05:00
Ed Minnix
bb44277090 Make import of dataflow private 2024-01-22 23:40:24 -05:00
Ed Minnix
ec3d683186 Change change note category to feature 2024-01-22 23:39:23 -05:00
Ed Minnix
38828672a9 Update change note 2024-01-22 23:38:33 -05:00
Ed Minnix
32fe8e02fb Change note 2024-01-22 23:38:31 -05:00
Ed Minnix
3311b3be8e Convert experimental queries' isBarrier to use instanceof SimpleScalarSanitizer 2024-01-22 23:38:29 -05:00
Ed Minnix
67dfca2e58 Convert libraries to use instanceof SimpleScalarSanitizer 2024-01-22 23:38:26 -05:00
Ed Minnix
7f7c49d6ce Add the SimpleScalarSanitizer class 
The `SimpleScalarSanitizer` class represents common scalar types which
cannot realistically carry taint (e.g. primitives/numbers, and
eventually UUIDs and Dates)
 2024-01-22 23:38:24 -05:00
dependabot[bot]
e9a1fa9592 Bump chrono from 0.4.31 to 0.4.32 in /ql 
Bumps [chrono](https://github.com/chronotope/chrono) from 0.4.31 to 0.4.32.
- [Release notes](https://github.com/chronotope/chrono/releases)
- [Changelog](https://github.com/chronotope/chrono/blob/main/CHANGELOG.md)
- [Commits](https://github.com/chronotope/chrono/compare/v0.4.31...v0.4.32)

---
updated-dependencies:
- dependency-name: chrono
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-23 03:12:14 +00:00
Taus
24b37ffd36 Merge pull request #15187 from github/max-schaefer/py-url-redirection 
Python: Add support for more URL redirect sanitisers.
 2024-01-22 23:19:36 +01:00
Henry Mercer
6724dea54d C#: Enable standalone extraction via --build-mode 2024-01-22 19:12:07 +00:00