hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-03 16:51:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
53,992 Commits 1,689 Branches 159 Tags
9590dde1e69da7f97f31eed4e8335b478bcbd031
Commit Graph

53992 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Geoffrey White
9590dde1e6 Merge branch 'main' into swiftoddsends 2023-05-03 11:13:38 +01:00
Erik Krogh Kristensen
e9c25949fa Merge pull request #13002 from kaspersv/kaspersv/javascript-explicit-this-receiver 
JS: Make implicit this receivers explicit
 2023-05-03 11:55:22 +02:00
Kasper Svendsen
be08b97418 Merge pull request #12999 from kaspersv/kaspersv/cpp-explicit-this-receiver 
C++: Make implicit this receivers explicit
 2023-05-03 11:51:21 +02:00
Kasper Svendsen
a92a55f437 Merge pull request #13001 from kaspersv/kaspersv/csharp-explicit-this-receiver 
C#: Make implicit this receivers explicit
 2023-05-03 11:39:31 +02:00
Kasper Svendsen
efdaffedee JS: Make implicit this receivers explicit 2023-05-03 10:49:46 +02:00
Kasper Svendsen
bfc48efdaa C#: Make implicit this receivers explicit 2023-05-03 10:48:00 +02:00
Kasper Svendsen
c9fba18c48 C++: Make implicit this receivers explicit 2023-05-03 10:31:01 +02:00
Edward Minnix III
733a00039e Merge pull request #12864 from egregius313/egregius313/java/mad/update-typeAsModel 
Java: Erase generics in `typeAsModel` predicate used in model generator
 2023-05-02 15:28:51 -04:00
Alex Ford
388b2abf68 Merge pull request #12821 from maikypedia/maikypedia/ruby-ssti 
Ruby: Add Rails `render inline:` as Template Injection Sink
 2023-05-02 16:56:27 +01:00
Alex Ford
82c025020d Merge remote-tracking branch 'origin/main' into maikypedia/ruby-ssti 2023-05-02 16:18:41 +01:00
Alex Ford
a571bc64ac ruby: regenerate TemplateInjection.expected 2023-05-02 16:14:20 +01:00
Mathias Vorreiter Pedersen
2e5a04854e Merge pull request #12989 from MathiasVP/add-fp-overrun-write-product-flow 
C++: Add testcase with `cpp/overrun-write` FP
 2023-05-02 14:33:34 +01:00
Mathias Vorreiter Pedersen
635d290504 C++: Add testcase with FP. 2023-05-02 13:51:16 +01:00
Asger F
67afbee06d Merge pull request #12825 from smiddy007/JS-Allow-Truncated-Hash-Forge-NonKeyCipher 
JS: Allow NonKeyCiphers to include truncated SHA-512 MDs in Forge JS libr…
 2023-05-02 13:59:30 +02:00
Anders Schack-Mulligen
353d5f82a6 Merge pull request #12984 from aschackmull/dataflow/instanceof-node 
Dataflow: Replace "extends Node" with "instanceof Node".
 2023-05-02 13:52:33 +02:00
Asger F
0ce27d13a7 Merge pull request #12985 from asgerf/rb/meta-query-sql-injection 
Ruby: add SQL injection sinks to meta query
 2023-05-02 13:35:06 +02:00
Mathias Vorreiter Pedersen
ab67103e6e Merge pull request #12966 from MathiasVP/dataflow-for-static-vars 
C++: Dataflow for static local variables
 2023-05-02 11:52:43 +01:00
Anders Schack-Mulligen
ca09649679 Dataflow: Forward hasLocationInfo. 2023-05-02 10:48:32 +02:00
Asger F
f59c149bae Ruby: add SQL injection sinks to meta query 2023-05-02 10:46:55 +02:00
Anders Schack-Mulligen
2001ce34d4 Java/C#: Adjust references. 2023-05-02 10:21:09 +02:00
Tony Torralba
51c08f1314 Merge pull request #12969 from atorralba/atorralba/java/fix-model-generator-sinks-instance-parameters 
Java: Fix sink model generator for instance parameters
 2023-05-02 10:10:59 +02:00
Mathias Vorreiter Pedersen
fbc872cf1d Update cpp/ql/lib/change-notes/2023-04-28-static-local-dataflow.md 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2023-05-02 09:07:57 +01:00
Anders Schack-Mulligen
5927bb2030 Dataflow: Replace "extends Node" with "instanceof Node". 2023-05-02 09:48:34 +02:00
Maiky
5d15ec99c8 Change expected file to new 2023-05-02 09:26:41 +02:00
Nora Dimitrijević
383b2e183d Merge pull request #12936 from d10c/swift/rename-functions 
Swift: rename ugly names in the Function AST hierarchy
 2023-05-01 17:08:19 +02:00
Michael Nebel
a9cf6885d0 Merge pull request #12952 from michaelnebel/csharp/refactorcontentflow 
C#: Re-factor ContentFlow to a parameterised module and use the new API.
 2023-05-01 15:53:57 +02:00
Anders Schack-Mulligen
6c8cb0dc5e Merge pull request #12930 from aschackmull/dataflow/split-typedcontent 
Dataflow: Refactor access paths to split TypedContent into an explicit pair
 2023-05-01 14:58:15 +02:00
Tom Hvitved
3a8a585335 Merge pull request #12979 from hvitved/type-tracking-inline-late 
Type tracking: Use `noopt`+`inline_late` in `TypeTracker::[small]step`
 2023-05-01 14:58:04 +02:00
Tom Hvitved
4687ac16ff Type tracking: Use noopt+inline_late in TypeTracker::[small]step 2023-05-01 11:48:16 +02:00
yoff
0bc6f10a71 Merge pull request #12220 from amammad/amammad-python-paramiko 
add some python sinks for paramiko ssh clients
 2023-05-01 11:38:50 +02:00
Asger F
2c89f9747b Merge pull request #12949 from asgerf/js/angular-native 
JS: Add a few more DOM element sources
 2023-05-01 11:08:45 +02:00
Nora Dimitrijević
c81ea9d747 Merge branch 'main' into swift/rename-functions 2023-05-01 11:03:26 +02:00
Michael Nebel
36ea61c25e C#: Address review comments. 2023-05-01 10:38:39 +02:00
Asger F
e9f1e99526 Merge pull request #12887 from asgerf/js/unsafe-yaml-deserialization 
JS: Update model of js-yaml
 2023-05-01 09:57:20 +02:00
Rasmus Wriedt Larsen
1bba5258d6 Merge pull request #11280 from RasmusWL/dict-dataflow-steps 
Python: Support more dictionary read/store steps
 2023-04-30 16:07:29 +02:00
Mathias Vorreiter Pedersen
a7d238f4c4 C++: Accept consistency changes. 2023-04-28 22:41:58 +01:00
Erik Krogh Kristensen
3d41cd583f Merge pull request #12963 from tyage/track-interfile-use-router 
JS: Track interfile useRouter
 2023-04-28 22:41:43 +02:00
Asger F
d1c8e0abd7 Merge pull request #12951 from asgerf/js/json-with-comments 
JS: Stop complaining about comments in JSON files
 2023-04-28 20:53:35 +02:00
Tony Torralba
77ec181cac Java: Fix sink model generator for instance parameters 2023-04-28 14:49:04 +02:00
Asger F
f87740ab18 Merge pull request #12867 from asgerf/js/webpack-bundles 
JS: Ignore more webpack modules
 2023-04-28 14:35:57 +02:00
Asger F
1b75afb5b1 JS: Change note 2023-04-28 14:32:11 +02:00
Michael B. Gale
edfe2d7ab7 Merge pull request #12944 from github/mbg/go/html-template-sanitizers 
Go: Add `html/template` functions as sanitisers for XSS queries
 2023-04-28 12:15:57 +01:00
Michael B. Gale
5a44fae515 Go: add test for unrelated A->C data flow 2023-04-28 10:56:12 +01:00
Mathias Vorreiter Pedersen
2716c73f87 C++: Add change note. 2023-04-28 10:49:49 +01:00
Mathias Vorreiter Pedersen
c35cb70c9f C++: Fix inconsistencies. 2023-04-28 10:40:18 +01:00
Mathias Vorreiter Pedersen
fd2f0257b6 C++: Accept query changes. 2023-04-28 10:25:12 +01:00
Mathias Vorreiter Pedersen
24d1cac9d7 C++: Accept test changes. 2023-04-28 10:25:07 +01:00
Mathias Vorreiter Pedersen
ee7b137c24 C++: Add dataflow for static locals. 2023-04-28 10:24:57 +01:00
Mathias Vorreiter Pedersen
3eca60cc40 C++: Add static local testcases. 2023-04-28 10:23:36 +01:00
Mathias Vorreiter Pedersen
205bb76036 Merge pull request #12960 from MathiasVP/fp-invalid-deref-2 
C++: Add more FPs for `cpp/invalid-pointer-deref`
 2023-04-28 09:47:46 +01:00