hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-03 12:45:27 +02:00
Code Issues Packages Projects Releases Wiki Activity
45,031 Commits 1,741 Branches 166 Tags
81bc6c2d4915ef3edb4b02f880a43dfd7c8af7e0
Commit Graph

45031 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nick Rolfe
39107047bf Merge pull request #10735 from github/nickrolfe/actionmailer 
Ruby: add `ActionMailer#params` as a `RemoteFlowSource`
 2022-10-12 10:21:11 +01:00
Tom Hvitved
202549bdd9 Merge pull request #10758 from hvitved/ruby/type-tracking-level-step 
Type tracking: Split up `levelStep` into `levelStepCall` and `levelStepNoCall`
 2022-10-12 10:42:01 +02:00
Josh Soref
c92ce69f48 spelling: when 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 04:40:26 -04:00
Josh Soref
9d6ea28448 spelling: the 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 04:40:26 -04:00
Josh Soref
a8e5a12ec2 spelling: specific 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 04:40:26 -04:00
Josh Soref
b9d8903bdb spelling: similarly 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 04:40:26 -04:00
Josh Soref
9eac158d7c spelling: revocation 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 04:40:26 -04:00
Josh Soref
08a79531cf spelling: response 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 04:40:26 -04:00
Josh Soref
1a14c06008 spelling: receiver 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 04:40:26 -04:00
Josh Soref
061d1ee9fe spelling: presence 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 04:40:26 -04:00
Josh Soref
71b0613f9a spelling: parenthesized 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 04:40:26 -04:00
Josh Soref
ba0f34afed spelling: owasp 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 04:40:26 -04:00
Josh Soref
0919507565 spelling: outside 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 04:40:26 -04:00
Josh Soref
7e0bbf1bdb spelling: optimization 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 04:40:25 -04:00
Josh Soref
114653162c spelling: operator 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 04:40:25 -04:00
Josh Soref
c77f685c0c spelling: operations 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 04:40:25 -04:00
Asger F
e55be83645 Ruby: add 'render file:' as file system access 2022-10-12 09:47:04 +02:00
Alex Ford
bf4dac78c5 Ruby: remove some singleton set literals 2022-10-11 21:44:52 +01:00
Alex Ford
d3c8ce3f48 Ruby: ActiveSupport extends Pathname with an existence method that may return itself 2022-10-11 21:35:58 +01:00
Henry Mercer
bfa9765a6d Merge branch 'main' into codeql-ci/js/ml-powered-pack-release-0.3.5 2022-10-11 19:06:01 +01:00
github-actions[bot]
06bbede92b JS: Bump version of ML-powered library and query packs to 0.3.6 2022-10-11 17:58:33 +00:00
github-actions[bot]
4e3a6e60b2 JS: Bump patch version of ML-powered library and query packs 2022-10-11 17:48:46 +00:00
Asger F
ed165c6194 Ruby: bugfix in self-resolution in type-tracking 2022-10-11 18:53:20 +02:00
Asger F
a64286b664 Ruby: add test for singleton class instance field 
incorrect test output
 2022-10-11 18:53:20 +02:00
Mathias Vorreiter Pedersen
fc810ddbf4 Merge pull request #10775 from atorralba/atorralba/swift/custom-url-scheme-sources 
Swift: Add taint sources for custom URL scheme URLs
 2022-10-11 16:47:52 +01:00
Tony Torralba
f4d43deec4 Add taint sources for custom URL scheme URLs 2022-10-11 17:19:04 +02:00
Mathias Vorreiter Pedersen
f88aaf37a5 C++: Add 'UninitializedNode' to IR dataflow. 2022-10-11 16:08:06 +01:00
Ed Minnix
80cc3fc518 Reword first sentence of documentation 2022-10-11 11:02:37 -04:00
Edward Minnix III
1f0a48de28 Documentation suggestion 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2022-10-11 10:59:00 -04:00
Mathias Vorreiter Pedersen
af79139c30 Merge pull request #10772 from atorralba/atorralba/swift/subscriptexpr-taint-step 
Swift: Add taint step for subscript expressions
 2022-10-11 15:45:54 +01:00
Alex Ford
3d08a2954d Ruby: add rb/unsafe-deserialization sinks for const_get args 2022-10-11 15:45:51 +01:00
Alex Ford
a3f096a6bc Ruby: rb/unsafe-deserialization test realignment 2022-10-11 15:44:00 +01:00
Nick Rolfe
078c3e9d28 Ruby: create top-level module for ActionMailer 2022-10-11 15:22:42 +01:00
Mathias Vorreiter Pedersen
7ac9c1e832 Merge pull request #10713 from MathiasVP/fix-types-in-ir-dataflow 
C++: Fix `getType` for experimental IR dataflow
 2022-10-11 15:20:49 +01:00
Rasmus Wriedt Larsen
b3f10311b3 Merge pull request #10752 from RasmusWL/pymssql 
Python: DB Modeling: Add `pymssql` and `executemany` in general
 2022-10-11 15:55:04 +02:00
Tamas Vajk
9b2cc6c318 Kotlin/Java: Exclude generated code from java/missing-override-annotation 2022-10-11 15:48:46 +02:00
Tony Torralba
0892a5795d Add taint step for subscript expressions 2022-10-11 15:33:45 +02:00
Tamás Vajk
8523d21f8c Merge pull request #10696 from tamasvajk/kotlin-lateinit 
Kotlin: Extract `lateinit` modifier
 2022-10-11 15:03:10 +02:00
Tamás Vajk
e9835ec07e Merge pull request #10756 from tamasvajk/kotlin-fix-java-modifier 
Kotlin: extract `protected` modifier from java class files
 2022-10-11 15:02:13 +02:00
Erik Krogh Kristensen
66c2de87b0 Merge pull request #10729 from erik-krogh/py-last-msg 
Py: fix some more style-guide violations in the alert-messages
 2022-10-11 14:48:14 +02:00
Rasmus Wriedt Larsen
ac30cfa5c1 Python: Apply suggestions from code review 2022-10-11 14:05:27 +02:00
erik-krogh
a826dbbdee fix capitalization in stack-trace-exposure 2022-10-11 13:59:10 +02:00
Tom Hvitved
7171fd1bb2 Update python/ql/lib/semmle/python/dataflow/new/internal/TypeTrackerSpecific.qll 
Co-authored-by: Taus <tausbn@github.com>
 2022-10-11 13:58:51 +02:00
Tom Hvitved
f1c44f72b5 Python: Sync on TypeTracker.qll changes 2022-10-11 13:58:50 +02:00
Tom Hvitved
2e8f46ddd9 Type tracking: Split up levelStep into levelStepNoCall and levelStepCall 
To reduce non-linear recursion during call graph construction.
 2022-10-11 13:58:46 +02:00
Mathias Vorreiter Pedersen
95e798565b C++: Expand on the comment about missing types in the database. Also rename 'getType0' to 'getTypeImpl' to avoid confusion. 2022-10-11 12:57:51 +01:00
Erik Krogh Kristensen
0883b1782d Merge pull request #10730 from erik-krogh/ql-last-msg 
QL: fix some more style-guide violations in the alert-messages
 2022-10-11 13:43:21 +02:00
Asger F
02656b16c3 Merge pull request #10685 from asgerf/rb/splat-and-local-field-step 
Ruby: summarize unary splat operators and add local field step
 2022-10-11 13:28:58 +02:00
Erik Krogh Kristensen
01bc5f7226 Merge pull request #10731 from erik-krogh/rb-last-msg 
Ruby: fix some more style-guide violations in the alert-messages
 2022-10-11 12:16:52 +02:00
Mathias Vorreiter Pedersen
5cfc3fe8df C++: Use 'DataFlowType' instead of 'Type' for the 'getType' predicate in 'PostUpdateNode'. 2022-10-11 11:00:25 +01:00