hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-09 07:31:37 +02:00
Code Issues Packages Projects Releases Wiki Activity
62,560 Commits 1,754 Branches 167 Tags
818c5de8d58afea91e65a784a353c8bb39b2af08
Commit Graph

62560 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ed Minnix
818c5de8d5 security-severity metadata 2024-01-08 09:38:46 -05:00
Ed Minnix
d4e2b84348 Cleanup helper dataflow configuration 2024-01-08 09:38:45 -05:00
Ed Minnix
f05f16116b Testing for Environment variable injection 2024-01-08 09:38:45 -05:00
Ed Minnix
8ed3f3c865 Move to library 2024-01-08 09:38:44 -05:00
Ed Minnix
65d05bf3de Add environment-injection to Model Validation 2024-01-08 09:38:43 -05:00
Ed Minnix
814885f7f6 Hudson environment variables models 2024-01-08 09:38:43 -05:00
Ed Minnix
028bd49211 org.apache.commons.exec models 2024-01-08 09:38:42 -05:00
Ed Minnix
b482b36b5f Initial ProcessBuilder support 2024-01-08 09:38:41 -05:00
Ed Minnix
ad32b81492 environment-injection sink 2024-01-08 09:38:41 -05:00
Ed Minnix
93025cc8cf Argument injection initial commit 2024-01-08 09:38:40 -05:00
Tony Torralba
7e6f2d1fc5 Merge pull request #14681 from atorralba/atorralba/java/weak-randomness-cve-coverage 
Java: Add more sinks to the Insecure Randomness query
 2024-01-08 15:33:03 +01:00
Geoffrey White
6636c76af8 Merge pull request #15122 from geoffw0/pwhash 
Swift: Query for Use of an inappropriate cryptographic hashing algorithm on passwords
 2024-01-08 14:11:02 +00:00
Arthur Baars
f4df5c9556 Merge pull request #15224 from aibaars/ruby-update-grammar 
Ruby: update tree-sitter-ruby
 2024-01-08 11:01:42 +01:00
Tamás Vajk
6b8ed7ee71 Merge pull request #15175 from tamasvajk/feature/arg-param-mapping 
C#: Improve arg-param mapping logic to better handle arguments passed to `params` parameters
 2024-01-08 10:42:38 +01:00
Tom Hvitved
25e2271b2f Merge pull request #15157 from hvitved/dataflow/fwd-flow-in-non-linear-rec 
Data flow: Avoid unnecessary non-linear recursion in `fwdFlowIn`
 2024-01-08 10:31:51 +01:00
Tamas Vajk
e67035f891 Fix comment in test file 2024-01-08 10:00:39 +01:00
Tamas Vajk
e70cb1f259 Code quality improvement: simplify DataFlowPrivate::isParamsArg 2024-01-08 10:00:39 +01:00
Tamas Vajk
91637d49d4 Fix null dereference false positive 2024-01-08 10:00:39 +01:00
Tamas Vajk
a354ca3264 Add null dereference test case with false positive 2024-01-08 10:00:39 +01:00
Tamas Vajk
35ee3246bb Add change note 2024-01-08 10:00:39 +01:00
Tamas Vajk
7daeeef3a1 C#: Improve arg-param mapping logic to consider named arguments passed to params parameters 2024-01-08 10:00:39 +01:00
Tamas Vajk
9bb807431d C#: Improve arg-param mapping logic to consider arguments passed to params parameters 2024-01-08 10:00:39 +01:00
Tamas Vajk
93b0eb9ba3 C#: Add more test cases to argument-parameter mapping test 2024-01-08 10:00:39 +01:00
Henry Mercer
93d9332ab4 Merge pull request #15236 from github/codeql-cli-2.15.5 
Merge `codeql-cli-2.15.5` back to `main`
 2024-01-05 18:49:40 +00:00
Harry Maclean
d1fc40ce4f Merge pull request #15234 from pwntester/patch-4 
Ruby: Add `[]` to the methods returning an `ActionController::Parameters"
 2024-01-05 15:41:48 +00:00
Chuan-kai Lin
35c7d3ab15 Merge pull request #15237 from github/cklin-patch-1 
Python: Fix typo in upgrade script
 2024-01-05 07:40:18 -08:00
Chuan-kai Lin
2924be554c Python: Fix typo in upgrade script 2024-01-05 07:15:21 -08:00
Henry Mercer
59edae0b17 Merge pull request #15229 from github/codeql-cli-2.15.4 
Merge `codeql-cli-2.15.4` into `codeql-cli-2.15.5`
 2024-01-05 15:12:22 +00:00
Alvaro Muñoz
9146407f23 Add [] to the list of methods returning an `ActionController::Parameters" 2024-01-05 15:14:11 +01:00
Arthur Baars
20022b6f3a Add test case 2024-01-05 14:39:30 +01:00
Arthur Baars
aad42b1b0d Add change note 2024-01-05 14:36:52 +01:00
Arthur Baars
6ed7223167 Ruby: update tree-sitter-ruby 2024-01-05 14:33:14 +01:00
Geoffrey White
0aec2b1bf4 Swift: Improve consistency of phrasing arouaround 'computationally hard'. 2024-01-05 13:21:01 +00:00
Geoffrey White
a0ea7148cb Swift: Add GOOD and BAD comments in the sensitive data hashing examples as well. 2024-01-05 13:17:21 +00:00
Geoffrey White
80afa65751 Swift: Add GOOD and BAD comments. 2024-01-05 13:16:41 +00:00
Geoffrey White
657e4d4132 Apply suggestions from code review 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2024-01-05 13:04:47 +00:00
Geoffrey White
2ab5e6f64c Swift: Add link / reference to CryptoSwift. 2024-01-05 11:02:55 +00:00
Rasmus Wriedt Larsen
95c24275f2 Merge pull request #15044 from RasmusWL/automated-subclass-models 
Python: Automated subclass models
 2024-01-05 10:43:48 +01:00
Michael Nebel
8810f166ee Merge pull request #15228 from michaelnebel/modelgenoutputdir 
Java/C#: Make it possible to specify subfolder location of generated model files.
 2024-01-05 09:18:41 +01:00
Michael Nebel
a3e2d40392 Merge pull request #15222 from michaelnebel/csharp/updatestats 
C#: Update DB stats.
 2024-01-05 09:15:47 +01:00
Chris Smowton
8144d90d4d Merge pull request #15227 from smowton/smowton/admin/add-test-buildless-maven-multimodule 
Add test for Java buildless vs Maven multimodule projects
 2024-01-04 16:36:44 +00:00
Ian Wright
3668ba6b03 Merge pull request #15226 from github/z80coder/release-automodel-0.0.4 
0.0.11 release of `automodel` extraction queries
 2024-01-04 15:03:35 +00:00
Owen Mansel-Chan
6f9242b1cb Merge pull request #15162 from owen-mc/go/stratify-cfg-succ 
Go: Stratify `CFG::succ` to avoid recursion
 2024-01-04 14:11:25 +00:00
Ian Wright
dab28edfa9 0.0.11 release of automodel extraction queries 2024-01-04 13:10:46 +00:00
Michael Nebel
e44b2d26ce Java/C#: Make it possible to specify subfolder location of generated model files. 2024-01-04 14:05:13 +01:00
Michael Nebel
682aef9548 Merge pull request #15212 from michaelnebel/csharp/stringreplace 
C#: Fix Log forging false positive.
 2024-01-04 13:38:29 +01:00
Chris Smowton
c90171c73f Add test for Java buildless vs Maven multimodule projects 2024-01-04 12:30:13 +00:00
Michael Nebel
4961e659b4 C#: Update DB stats. 2024-01-04 13:07:49 +01:00
Ian Wright
7c6d30b1a2 Merge pull request #15165 from github/z80coder/automodel-release 
ensure `publish.sh` uses the latest `automodel` release
 2024-01-04 11:58:59 +00:00
Ian Wright
468454645e better 2024-01-04 11:15:05 +00:00