hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-22 07:26:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
65,046 Commits 1,712 Branches 163 Tags
97567f412e5d33ac1d0915b6d3e893a400337178
Commit Graph

65046 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger F
97567f412e JS: Update VariableCapture.qll after changes to API 2024-03-13 14:53:00 +01:00
Asger F
5e7d1d5c2c Merge branch 'main' into js/shared-dataflow-merged 2024-03-13 14:27:16 +01:00
Mathias Vorreiter Pedersen
8d504d8b32 Merge pull request #15899 from jketema/destructors10 
C++: Add IR tests for the destruction of temporaries
 2024-03-13 11:56:04 +00:00
Asger F
c5a02dae2b Merge pull request #15768 from asgerf/js/amd-pseudo-deps 
JS: Do not treat AMD pseudo-dependencies as imports
 2024-03-13 12:49:17 +01:00
Ian Lynagh
adefdfd59f Merge pull request #15889 from igfoo/igfoo/k2exprs 
Kotlin 2: Accept more changes in the exprs test
 2024-03-13 11:34:10 +00:00
Asger F
fa8933eb41 JS: Reduce duplication in UnsafeDynamicMethodAccessQuery 2024-03-13 12:30:05 +01:00
Asger F
ea4bc9cdbb JS: Comment about manually applying taint steps 2024-03-13 12:30:05 +01:00
Jeroen Ketema
3ef1ab49ea C++: Add IR tests for the destruction of temporaries 2024-03-13 12:00:02 +01:00
Asger F
406b080ce3 JS: Add comment about allowImplicitRead in PostMessageStar 2024-03-13 11:30:52 +01:00
Asger F
0a2050bc42 JS: Deduplicate predicate in HostHeaderPoisoningQuery 2024-03-13 11:27:18 +01:00
Asger F
11983faccf JS: Remove out-commented code 2024-03-13 11:26:56 +01:00
yoff
b5c0fbb827 Merge pull request #15776 from RasmusWL/tt-consistency 
Python: Add type-tracking consistency query
 2024-03-13 11:11:07 +01:00
Asger F
b31f20a64e JS: Explain why ObjetWrapperFlowLabel is deprecated 2024-03-13 11:08:25 +01:00
Asger F
e0aae53ac7 JS: Remove unnecessary BarrierGuardLegacy class 2024-03-13 11:05:23 +01:00
Asger F
fce2be0af3 JS: Use BarrierGuardLegacy in TaintedPath 2024-03-13 11:02:09 +01:00
Tom Hvitved
4085c8ec8f Merge pull request #15866 from hvitved/ruby/orm-tracking-ap-limit 
Ruby: Lower access path limit to 1 for `OrmTracking`
 2024-03-13 10:57:09 +01:00
Asger F
e640154048 JS: Be backwards compatible with AdditionalBarrierGuardNode 
I've confirmed that the 'legacyBarrier' predicate does not occur in the DIL
 2024-03-13 10:54:02 +01:00
Harry Maclean
dd5eb982ec Merge pull request #15524 from hmac/hmac-process-spawn 
Ruby: Add some more command injection sinks
 2024-03-13 09:53:10 +00:00
Tony Torralba
2fd2b4c874 Merge pull request #15891 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2024-03-13 09:51:22 +01:00
Asger F
14e75be510 JS: Expand comments and synthetic node name in ForOfLoops 2024-03-13 09:27:00 +01:00
Asger F
e66f27cfe3 JS: Move hasWildcardReplaceRegExp to a shared place 2024-03-13 09:19:26 +01:00
Asger F
4043bc13ab JS: Explicit mark comment as a TODO 2024-03-13 09:19:03 +01:00
Asger F
858c79e395 JS: Add plain taint step through Promise.all() 2024-03-13 08:57:42 +01:00
Asger F
13a8e0fbf0 JS: Add failing test for Promise.all() 2024-03-13 08:54:06 +01:00
github-actions[bot]
cff2cdb9e4 Add changed framework coverage reports 2024-03-13 00:15:53 +00:00
Edward Minnix III
c190dd21db Merge pull request #15877 from egregius313/egregius313/csharp/mad/sources/windows-registry 
C#: Add source models for values from the Windows registry
 2024-03-12 16:41:42 -04:00
Edward Minnix III
d54489931c Merge pull request #15869 from egregius313/egregius313/java/fix/parcelfiledescriptor-open-sink 
Java: Add path-injection sink for `ParcelFileDescriptor::open`
 2024-03-12 16:39:20 -04:00
Asger F
2c1aa08f79 JS: Rename Strings2 -> Strings 2024-03-12 21:18:14 +01:00
Asger F
478dd25f3e JS: Rename Sets2 -> Sets 2024-03-12 21:17:29 +01:00
Asger F
433489478d JS: Rename Promise2 -> Promise 2024-03-12 21:16:43 +01:00
Asger F
e2f3565227 JS: Rename Maps2 -> Maps 2024-03-12 21:14:29 +01:00
Erik Krogh Kristensen
863e3f79e5 Merge pull request #15731 from erik-krogh/java-url 
Java: More sanitizers for request-forgery
 2024-03-12 19:31:52 +01:00
Ian Lynagh
0e94aa0eb5 Kotlin 2: Accept more changes in the exprs test 2024-03-12 16:42:37 +00:00
Ian Lynagh
8d1ee10981 Merge pull request #15876 from igfoo/igfoo/buildless-java-complete 
Java: Accept test changes
 2024-03-12 16:12:58 +00:00
Tamás Vajk
be2ce17376 Merge pull request #15881 from tamasvajk/buildless/fix-fallback 
C#: Deduplicate not yet restored package names
 2024-03-12 16:08:16 +01:00
erik-krogh
f613823047 add explicit QLDoc that any method named "contains" is matched 2024-03-12 15:25:27 +01:00
erik-krogh
35aae0a981 move changenote to src/ 2024-03-12 15:22:57 +01:00
Erik Krogh Kristensen
b53ae77c56 expand change-note 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2024-03-12 15:22:17 +01:00
Asger F
b3fad7a8dc JS: Rename Iterators2 -> Iterators 2024-03-12 15:12:07 +01:00
Asger F
5aafd33cec JS: Rename Arrays2 -> Arrays 2024-03-12 15:11:29 +01:00
Asger F
76e0445af0 JS: Be consistent about caching in PreCallGraphStep 2024-03-12 15:08:59 +01:00
Tamas Vajk
b07b0762f2 Adjust based on code review feedback 2024-03-12 15:07:58 +01:00
erik-krogh
74876ff49b add change-note 2024-03-12 15:07:36 +01:00
erik-krogh
52f71e4553 small fixes based on review 2024-03-12 15:07:29 +01:00
Ian Lynagh
c2aa334465 Java: Accept test changes 2024-03-12 14:03:02 +00:00
Asger F
28fc8ba0c1 JS: Remove EmptyType 2024-03-12 14:59:04 +01:00
Tom Hvitved
695e728ed5 Ruby: Lower access path limit to 1 for OrmTracking 2024-03-12 14:58:29 +01:00
Tom Hvitved
dddba3228b Merge pull request #15867 from hvitved/dataflow/ap-limit 
Data flow: Add `ConfigSig::accessPathLimit`
 2024-03-12 14:57:51 +01:00
Asger F
f94aa2ceec Update javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowNode.qll 2024-03-12 14:41:11 +01:00
Tom Hvitved
d7790faece Address review comments 2024-03-12 13:34:55 +01:00