hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 17:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity
62,649 Commits 1,741 Branches 165 Tags
7a0cbb4e5ac6860dd0b283ec4dd4dc7d23fe7cf1
Commit Graph

62649 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ed Minnix
1550f5df2a Environment variable injection query documentation 2024-01-08 09:38:47 -05:00
Ed Minnix
f1f0f50c92 TaintedEnvironmentVariableQuery docs 2024-01-08 09:38:47 -05:00
Ed Minnix
818c5de8d5 security-severity metadata 2024-01-08 09:38:46 -05:00
Ed Minnix
d4e2b84348 Cleanup helper dataflow configuration 2024-01-08 09:38:45 -05:00
Ed Minnix
f05f16116b Testing for Environment variable injection 2024-01-08 09:38:45 -05:00
Ed Minnix
8ed3f3c865 Move to library 2024-01-08 09:38:44 -05:00
Ed Minnix
65d05bf3de Add environment-injection to Model Validation 2024-01-08 09:38:43 -05:00
Ed Minnix
814885f7f6 Hudson environment variables models 2024-01-08 09:38:43 -05:00
Ed Minnix
028bd49211 org.apache.commons.exec models 2024-01-08 09:38:42 -05:00
Ed Minnix
b482b36b5f Initial ProcessBuilder support 2024-01-08 09:38:41 -05:00
Ed Minnix
ad32b81492 environment-injection sink 2024-01-08 09:38:41 -05:00
Ed Minnix
93025cc8cf Argument injection initial commit 2024-01-08 09:38:40 -05:00
Tony Torralba
7e6f2d1fc5 Merge pull request #14681 from atorralba/atorralba/java/weak-randomness-cve-coverage 
Java: Add more sinks to the Insecure Randomness query
 2024-01-08 15:33:03 +01:00
Jeroen Ketema
e772531bb3 C++: Remove test that is no longer relevant 2024-01-08 15:24:41 +01:00
Geoffrey White
6636c76af8 Merge pull request #15122 from geoffw0/pwhash 
Swift: Query for Use of an inappropriate cryptographic hashing algorithm on passwords
 2024-01-08 14:11:02 +00:00
Ian Lynagh
02734be287 Kotlin: Fix building with 2.0.255 snapshots 
A couple of extension functions were moved
 2024-01-08 13:25:25 +00:00
Ian Lynagh
9bc0167566 Kotlin: Add a 2.0.255 snapshot 
The current master isn't compatible with the 2.0.0-Beta1
 2024-01-08 13:25:25 +00:00
Cornelius Riemenschneider
b0599edb7e Bazel: Bump dependant rules versions. 
This doesn't bump rules_python, as there's some incompatible changes in that
which will need further addressing.
 2024-01-08 11:21:02 +01:00
Arthur Baars
f4df5c9556 Merge pull request #15224 from aibaars/ruby-update-grammar 
Ruby: update tree-sitter-ruby
 2024-01-08 11:01:42 +01:00
Tamás Vajk
6b8ed7ee71 Merge pull request #15175 from tamasvajk/feature/arg-param-mapping 
C#: Improve arg-param mapping logic to better handle arguments passed to `params` parameters
 2024-01-08 10:42:38 +01:00
Tom Hvitved
25e2271b2f Merge pull request #15157 from hvitved/dataflow/fwd-flow-in-non-linear-rec 
Data flow: Avoid unnecessary non-linear recursion in `fwdFlowIn`
 2024-01-08 10:31:51 +01:00
Tamas Vajk
e67035f891 Fix comment in test file 2024-01-08 10:00:39 +01:00
Tamas Vajk
e70cb1f259 Code quality improvement: simplify DataFlowPrivate::isParamsArg 2024-01-08 10:00:39 +01:00
Tamas Vajk
91637d49d4 Fix null dereference false positive 2024-01-08 10:00:39 +01:00
Tamas Vajk
a354ca3264 Add null dereference test case with false positive 2024-01-08 10:00:39 +01:00
Tamas Vajk
35ee3246bb Add change note 2024-01-08 10:00:39 +01:00
Tamas Vajk
7daeeef3a1 C#: Improve arg-param mapping logic to consider named arguments passed to params parameters 2024-01-08 10:00:39 +01:00
Tamas Vajk
9bb807431d C#: Improve arg-param mapping logic to consider arguments passed to params parameters 2024-01-08 10:00:39 +01:00
Tamas Vajk
93b0eb9ba3 C#: Add more test cases to argument-parameter mapping test 2024-01-08 10:00:39 +01:00
Alvaro Muñoz
dbefc132de Apply suggestions from code review 
Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>
 2024-01-07 10:31:50 +01:00
Chuan-kai Lin
66d2b9b7d2 Ruby: Fix upgrade delete directives 2024-01-05 14:21:52 -08:00
Chuan-kai Lin
6e25fb129b C#: Fix upgrade delete directives 2024-01-05 14:21:08 -08:00
Chuan-kai Lin
6f5bce046c C++: Fix upgrade delete directives 2024-01-05 14:20:30 -08:00
Henry Mercer
93d9332ab4 Merge pull request #15236 from github/codeql-cli-2.15.5 
Merge `codeql-cli-2.15.5` back to `main`
 2024-01-05 18:49:40 +00:00
Harry Maclean
d1fc40ce4f Merge pull request #15234 from pwntester/patch-4 
Ruby: Add `[]` to the methods returning an `ActionController::Parameters"
 2024-01-05 15:41:48 +00:00
Chuan-kai Lin
35c7d3ab15 Merge pull request #15237 from github/cklin-patch-1 
Python: Fix typo in upgrade script
 2024-01-05 07:40:18 -08:00
Chuan-kai Lin
2924be554c Python: Fix typo in upgrade script 2024-01-05 07:15:21 -08:00
Henry Mercer
59edae0b17 Merge pull request #15229 from github/codeql-cli-2.15.4 
Merge `codeql-cli-2.15.4` into `codeql-cli-2.15.5`
 2024-01-05 15:12:22 +00:00
Alvaro Muñoz
9146407f23 Add [] to the list of methods returning an `ActionController::Parameters" 2024-01-05 15:14:11 +01:00
Arthur Baars
20022b6f3a Add test case 2024-01-05 14:39:30 +01:00
Arthur Baars
aad42b1b0d Add change note 2024-01-05 14:36:52 +01:00
Arthur Baars
6ed7223167 Ruby: update tree-sitter-ruby 2024-01-05 14:33:14 +01:00
Geoffrey White
0aec2b1bf4 Swift: Improve consistency of phrasing arouaround 'computationally hard'. 2024-01-05 13:21:01 +00:00
Ben Rodes
250ed48bf3 Update cpp/ql/lib/semmle/code/cpp/commons/StringConcatenation.qll 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2024-01-05 08:19:11 -05:00
Geoffrey White
a0ea7148cb Swift: Add GOOD and BAD comments in the sensitive data hashing examples as well. 2024-01-05 13:17:21 +00:00
Geoffrey White
80afa65751 Swift: Add GOOD and BAD comments. 2024-01-05 13:16:41 +00:00
Geoffrey White
657e4d4132 Apply suggestions from code review 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2024-01-05 13:04:47 +00:00
Chris Smowton
48d48c16ab Note Java 21 support 
Supported as of CodeQL release 2.15.4
 2024-01-05 11:26:23 +00:00
Geoffrey White
2ab5e6f64c Swift: Add link / reference to CryptoSwift. 2024-01-05 11:02:55 +00:00
Michael Nebel
04a724f373 Java: Update the model diff workflow. 2024-01-05 11:28:47 +01:00