hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
59,339 Commits 1,671 Branches 157 Tags
96edc1d3493f9862e5f51bc75d237a586664faf9
Commit Graph

59339 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Cornelius Riemenschneider
96edc1d349 Add skeleton bazel files for accessing the dbschemes. 2023-10-05 09:00:38 +02:00
Henry Mercer
99646ba2a3 Merge pull request #14367 from github/henrymercer/rc-3.11-mergeback 
Merge `rc/3.11` into `main`
 2023-10-04 10:05:38 +01:00
Michael Nebel
ecd8561104 C#: Undo poor mans quoting fix as it conflicts with the permanent solution. 2023-10-04 09:19:55 +02:00
Geoffrey White
d258f69ab0 Merge pull request #14329 from geoffw0/sinks 
Swift: Update summary queries
 2023-10-03 17:39:00 +01:00
Geoffrey White
34b33e1577 Merge pull request #14328 from geoffw0/debugdesc 
Swift: Model .description, .debugDescription more generally
 2023-10-03 17:37:22 +01:00
Geoffrey White
c518f39a0c Merge pull request #14357 from geoffw0/commandinject3 
Swift: Replace two additional taint steps with implicit reads
 2023-10-03 17:34:59 +01:00
Henry Mercer
da92da2204 Bump minor versions of packs we regularly release 2023-10-03 16:31:23 +01:00
Henry Mercer
f3847b3f51 Merge branch 'main' into henrymercer/rc-3.11-mergeback 2023-10-03 16:30:23 +01:00
Michael Nebel
8224f172b2 Merge pull request #14257 from michaelnebel/java/threatmodelsources 
Java: Introduce a class of dataflow nodes for the threat modeling.
 2023-10-03 16:10:49 +02:00
Tamás Vajk
df988e46da Merge pull request #14351 from tamasvajk/csharp/standalone-compilation 
C#: Extract compilation DB entity in standalone mode
 2023-10-03 14:21:21 +02:00
Ian Lynagh
c365f459fd Merge pull request #14355 from igfoo/igfoo/lang-vers 
Kotlin: Specify language version when compiling for old compilers
 2023-10-03 11:33:23 +01:00
Mathias Vorreiter Pedersen
dbe3bd0c50 Merge pull request #14360 from MathiasVP/promote-use-after-free-and-double-free 
C++: Promote `cpp/double-free` and `cpp/use-after-free` to Code Scanning
 2023-10-03 11:52:23 +02:00
Michael Nebel
fcbd301de8 Java: Address review comments. 2023-10-03 10:36:45 +02:00
Mathias Vorreiter Pedersen
b6ed9ccfda C++: Add change notes. 2023-10-03 09:33:40 +02:00
Mathias Vorreiter Pedersen
7084dc1a88 C++: Promote 'cpp/use-after-free' and 'cpp/double-free' to Code Scanning. 2023-10-03 09:22:47 +02:00
Mathias Vorreiter Pedersen
5632dd5e46 Merge pull request #14275 from alexet/fix-use-after-free-fp 
CPP: Fix some use after free FPs.
 2023-10-03 09:16:42 +02:00
Michael Nebel
5b949b19f7 Java: Cleanup threat model taxanomy to align with the EDR. 2023-10-03 09:16:39 +02:00
Michael Nebel
5c700afa27 Java: Add some threat model dataflow tests. 2023-10-03 09:16:39 +02:00
Michael Nebel
537965c0e8 Java: Add some testfiles. 2023-10-03 09:16:39 +02:00
Michael Nebel
2055d5492c Java: Let RemoteFlowSource and LocalUserInput extends SourceNode and fine grain the LocalUserInput threat models. 2023-10-03 09:16:38 +02:00
Michael Nebel
9a112dde66 Java: Introduce a class of dataflow nodes for the threat modeling. 2023-10-03 09:16:38 +02:00
Geoffrey White
bbd3c66d5a Swift: Update for CollectionContent. 2023-10-02 20:32:24 +01:00
Geoffrey White
81b358a711 Swift: Replace a similar additional taint step in another query. 2023-10-02 20:19:40 +01:00
Geoffrey White
27bdee8058 Swift: Replace additional taint step with implict read. 
Now that we have array content, this is a more principled approach than having a special case data step.
 2023-10-02 20:19:30 +01:00
Ian Lynagh
513a39f0b4 Kotlin: Specify language versino when compiling for old compilers 
Otherwise builds with Kotlin 2 won't work with older compilers.
 2023-10-02 18:14:01 +01:00
Ian Lynagh
f3c5c01ec5 Kotlin: Drop support for 1.4.32 
We never claimed to support anything < 1.5.0, and compiling with
-language-version 1.4 fails as it's not meant to support sealed classes.

If we build 1.4.32 with -language-version 1.5 using a 2.0 compiler,
then the resulting plugin also fails.
 2023-10-02 17:29:10 +01:00
Tom Hvitved
2684a22484 Merge pull request #14255 from hvitved/dataflow/perf-improvements 
Data flow: Performance improvements
 2023-10-02 16:37:24 +02:00
Tamas Vajk
b2514b3c69 Adjust expected test output 2023-10-02 13:35:16 +02:00
Tamas Vajk
de45a9b137 C#: Extract compilation DB entity in standalone mode 2023-10-02 12:54:49 +02:00
Rasmus Wriedt Larsen
e7384da162 Merge pull request #14341 from GeekMasher/py-django-restframework 
Python - Add support for RestFramework ModelViewSet functions
 2023-10-02 10:50:11 +02:00
Henry Mercer
0dd3837c31 Merge pull request #14345 from github/adityasharad/atm/remove-js-ml-tests 
ATM/JS: Remove test workflow
 2023-10-02 09:44:46 +01:00
Tom Hvitved
4fa93a077c Address review comments 2023-10-02 09:03:12 +02:00
Erik Krogh Kristensen
5dccc8d33e Merge pull request #14348 from github/dependabot/cargo/ql/regex-1.9.6 
Bump regex from 1.9.5 to 1.9.6 in /ql
 2023-10-02 08:34:59 +02:00
dependabot[bot]
a86b010504 Bump regex from 1.9.5 to 1.9.6 in /ql 
Bumps [regex](https://github.com/rust-lang/regex) from 1.9.5 to 1.9.6.
- [Release notes](https://github.com/rust-lang/regex/releases)
- [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/regex/compare/1.9.5...1.9.6)

---
updated-dependencies:
- dependency-name: regex
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-10-02 03:33:25 +00:00
Aditya Sharad
cf98b84279 ATM/JS: Remove test workflow 
These queries are deprecated, and upcoming nightly CLIs will no longer support their experimental functionality. To avoid test breakage, remove this workflow.

The code and tests can be cleaned up as future follow-up.
 2023-09-29 15:19:45 -07:00
Sarita Iyer
178b5c1c30 Merge pull request #14282 from github/saritai/update-language-display-names 
Update language display names
 2023-09-29 11:15:56 -04:00
Sarita Iyer
f29063bca3 Update codeql-for-java.rst 2023-09-29 10:44:27 -04:00
Rasmus Wriedt Larsen
3162033d56 Python: Make tests run for django rest framework 2023-09-29 16:21:04 +02:00
Sarita Iyer
b6b554f384 Apply suggestions from code review 
Co-authored-by: Henry Mercer <henry.mercer@me.com>
 2023-09-29 10:07:22 -04:00
Sarita Iyer
c0653adc85 remove trailing space 2023-09-29 09:57:48 -04:00
Sarita Iyer
925d8e21ce Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2023-09-29 09:45:34 -04:00
Mathew Payne
41bb8377d9 Add change notes 2023-09-29 14:44:36 +01:00
Mathew Payne
19c93b0228 Add RestFramework tests 2023-09-29 14:41:57 +01:00
Michael Nebel
81e4cddf9f Merge pull request #14333 from michaelnebel/csharp/windowsunittests 
C#: Also run extractor unit tests on a windows runner.
 2023-09-29 15:28:26 +02:00
Mathew Payne
eb9b32473e Add support for ModelViewSet functions 2023-09-29 14:26:39 +01:00
yoff
dbecb1bd0f Merge pull request #14070 from yoff/python/promote-nosql-query 
Python: promote nosql query
 2023-09-29 14:21:22 +02:00
Rasmus Wriedt Larsen
9b73bbfc31 Python: Add keyword argument support 
and a fair bit of refactoring
 2023-09-29 13:54:21 +02:00
Rasmus Wriedt Larsen
d6d13f84a9 Python: -> NoSQL in QLDocs 2023-09-29 13:54:21 +02:00
Rasmus Wriedt Larsen
3676262313 Python: Clean trailing whitespace 2023-09-29 13:54:21 +02:00
Rasmus Wriedt Larsen
d7ad5a0f23 Python: List NoSQL injection sinks 2023-09-29 13:54:21 +02:00