hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 13:45:19 +02:00
Code Issues Packages Projects Releases Wiki Activity
68,559 Commits 1,746 Branches 166 Tags
7fc95b8eff98c7df89e412a1aeea540ededb7c5a
Commit Graph

68559 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
github-actions[bot]
7fc95b8eff Add changed framework coverage reports 2024-07-14 00:20:23 +00:00
Owen Mansel-Chan
dd1d5ecab4 Merge pull request #16967 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2024-07-13 17:24:36 +01:00
Jami
9c98296ad2 Merge pull request #16965 from jcogs33/jcogs33/add-FilePath-exists-sink 
Java: add path-injection sink for `hudson.FilePath.exists()`
 2024-07-13 10:15:37 -04:00
github-actions[bot]
5d657ba99a Add changed framework coverage reports 2024-07-13 00:18:24 +00:00
Sid Shankar
772344dfa4 Merge pull request #16886 from aegilops/aegilops/polyfill-io-compromised-script 2024-07-12 11:34:17 -04:00
Paul Hodgkinson
de5ec1fc01 Merge branch 'main' into aegilops/polyfill-io-compromised-script 2024-07-12 14:22:15 +01:00
aegilops
79980a98a2 Added links to eventual location of CUSTOMIZING.md 2024-07-12 14:21:50 +01:00
Paul Hodgkinson
11249e7182 Apply suggestions from code review - docs tweaks of CUSTOMIZING.md 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2024-07-12 14:20:03 +01:00
Rasmus Wriedt Larsen
1de2943a9b Merge pull request #16940 from RasmusWL/rasmuswl/BuiltinModuleExtractable 
Python: Handle diagnostics writing for `BuiltinModuleExtractable`
 2024-07-12 14:46:30 +02:00
Tom Hvitved
8a9f0bf433 Merge pull request #16966 from hvitved/ssa/reduce-caching 
SSA: Reduce caching in data-flow integration layer
 2024-07-12 14:22:49 +02:00
Paul Hodgkinson
c9af53f050 Merge branch 'main' into aegilops/polyfill-io-compromised-script 2024-07-12 12:53:44 +01:00
aegilops
61df4d2f04 Merge branch 'aegilops/polyfill-io-compromised-script' of https://github.com/aegilops/codeql into aegilops/polyfill-io-compromised-script 2024-07-12 12:49:18 +01:00
aegilops
00d91dc6ba Created guide on customizing these queries, and referenced it in the query help 2024-07-12 12:49:09 +01:00
aegilops
040f948e65 Added a note that SRI can be considered for some dynamic services 2024-07-12 12:48:36 +01:00
Tamás Vajk
0839742daa Merge pull request #16968 from tamasvajk/feature/buildless-deterministic-file-order-2 
C#: Order syntax trees before creating compilation
 2024-07-12 13:47:21 +02:00
Rasmus Wriedt Larsen
354394d4c2 Python: Don't use fake locations in diagnostics 
Some of the internal tooling would not be too happy about this :D
 2024-07-12 13:36:41 +02:00
Paul Hodgkinson
3f37fe6add Apply suggestions from code review - docs and wording 
Docs suggestions accepted, thank you 🙏

Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2024-07-12 11:48:39 +01:00
Mathias Vorreiter Pedersen
f6627cc092 Merge pull request #16969 from MathiasVP/add-missing-underlying-type 
C++: Strip specifiers and typedefs when finding iterator parameter for string taint function
 2024-07-12 11:35:52 +01:00
Tom Hvitved
04f173d14e SSA: Reduce caching in data-flow integration layer 2024-07-12 11:04:03 +02:00
Mathias Vorreiter Pedersen
7a2b170da2 C++: Accept test changes. 2024-07-12 09:54:20 +01:00
Mathias Vorreiter Pedersen
813f08ef57 C++: Strip away specifiers and typedefs when finding iterator parameters for a string taint function. 2024-07-12 09:54:04 +01:00
Tamas Vajk
5a41b2c5fb C#: Order syntax trees before creating compilation 2024-07-12 10:12:20 +02:00
Tamas Vajk
d689ab0916 Revert "C#: Order files in buildless extraction" 
This reverts commit ccf56a21c2.
 2024-07-12 10:11:13 +02:00
Jami Cogswell
6b497da15f Java: fix line number changes in tests 2024-07-11 15:33:09 -04:00
Jami Cogswell
ab9a6faaf3 Java: add change note 2024-07-11 15:10:11 -04:00
Jami Cogswell
77a8ba934c Java: add path-injection sink for hudson.FilePath.exists() 2024-07-11 15:03:40 -04:00
Mathias Vorreiter Pedersen
1a2b4a30bb Merge pull request #16939 from geoffw0/docsforautofix 
C++: Assorted minor doc improvements
 2024-07-11 18:30:45 +01:00
Calum Grant
24914efcb8 Merge pull request #16956 from github/calumgrant/cpp20-array-sizes 
C++: Test C++20 implicit array sizes.
 2024-07-11 17:44:08 +01:00
Calum Grant
13c25a494f C++: Move change notes to correct location 2024-07-11 16:49:17 +01:00
Geoffrey White
bf47574796 Merge branch 'main' into docsforautofix 2024-07-11 16:42:27 +01:00
Tom Hvitved
9794269550 Merge pull request #16952 from hvitved/ssa/barrier-guards-param-mod 
SSA: Make barrier guards a parameterized module
 2024-07-11 16:46:02 +02:00
Rasmus Wriedt Larsen
f41d2a896c Merge pull request #16771 from porcupineyhairs/js2py 
Python : Arbitrary code execution due to Js2Py
 2024-07-11 15:31:57 +02:00
Joe Farebrother
8152ec7472 Merge pull request #16696 from joefarebrother/python-cookie-write-headers 
Python: Model CookieWrites from HeaderWrites
 2024-07-11 14:25:54 +01:00
Angela P Wen
0b6714e06f Merge pull request #16954 from github/angelapwen/remove-ci-workaround 
Remove CI workaround for `DatabaseQualityDiagnostics.ql`
 2024-07-11 15:21:31 +02:00
Calum Grant
c6fb50095b C++: Change note and autoformat 2024-07-11 14:21:09 +01:00
Rasmus Wriedt Larsen
5ecde387af Python: Fix .expected 2024-07-11 14:42:26 +02:00
Calum Grant
29df3cb5b3 C++: Add test for C++20 implicit array sizes 
Implement NewArrayExpr.getArraySize()
 2024-07-11 12:59:52 +01:00
Ian Lynagh
311799c798 Merge pull request #16899 from igfoo/igfoo/semmle_dist 
Java/Kotlin: Remove legacy $SEMMLE_DIST support
 2024-07-11 12:48:53 +01:00
Erik Krogh Kristensen
de9370ae95 Merge pull request #16540 from aegilops/aegilops/js/insecure-helmet-middleware 
JS/TS: insecure Helmet middleware (new query)
 2024-07-11 13:48:09 +02:00
Owen Mansel-Chan
5bdef38dd9 Merge pull request #16941 from owen-mc/go/mad-package-alias 
Go: Allow grouping import paths for models-as-data
 2024-07-11 12:27:43 +01:00
Angela P Wen
90641a5152 Remove CI workaround for DatabaseQualityDiagnostics.ql 2024-07-11 13:22:06 +02:00
Jeroen Ketema
87d9218369 Merge pull request #16951 from jketema/builtin-op 
C++: Support more builtin operations
 2024-07-11 12:50:46 +02:00
aegilops
d71be8aeaf Moved from experimental into default queries 2024-07-11 11:44:01 +01:00
Michael B. Gale
45b782554c Merge pull request #16925 from github/mbg/go/add-vendor-env-var 
Go: Add environment variable to include `vendor` directories in extraction
 2024-07-11 11:06:31 +01:00
Paul Hodgkinson
412ad177c2 Merge branch 'main' into aegilops/js/insecure-helmet-middleware 2024-07-11 11:01:38 +01:00
Jeroen Ketema
5e0ce7efc4 C++: Fix test 2024-07-11 11:58:25 +02:00
Jeroen Ketema
ed42c3cd6f C++: Fix class extension 2024-07-11 11:48:01 +02:00
Tom Hvitved
16b142d332 SSA: Make barrier guards a parameterized module 2024-07-11 11:34:56 +02:00
Tom Hvitved
a452eadb33 Merge pull request #16946 from hvitved/csharp/fewer-version-regexps 
C#: Perform fewer `regexpCapture`s when matching version numbers
 2024-07-11 11:22:36 +02:00
Tamás Vajk
fd8cda36e5 Merge pull request #16924 from tamasvajk/feature/winforms-linux 
C#: Restore Windows dependencies when Windows Forms or WPF usage is detected
 2024-07-11 11:01:37 +02:00