hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-03 16:51:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
53,984 Commits 1,689 Branches 159 Tags
a9d3cfccd4976fffc039e719d83fead07cb385dd
Commit Graph

53984 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Owen Mansel-Chan
a9d3cfccd4 use severityNote for all diagnostics 2023-05-03 12:03:12 +01:00
Owen Mansel-Chan
532e1446f0 Change diagnostic ids and use "lower than or equal to" 2023-05-03 12:03:12 +01:00
Owen Mansel-Chan
4b88279ccc Improve usage message formatting 2023-05-03 12:03:11 +01:00
Owen Mansel-Chan
27fb42db76 Env var for path to environment file 2023-05-03 11:11:09 +01:00
Owen Mansel-Chan
0c6efb8c84 Add telemetry-only diagnostics 2023-05-02 17:17:06 +01:00
Owen Mansel-Chan
3bfcbbf7af Add unit test 2023-05-02 17:17:05 +01:00
Owen Mansel-Chan
0710ed97db Refactor to be more easily testable 2023-05-02 17:17:05 +01:00
Owen Mansel-Chan
2db304edee Choose which version to install and write file 2023-05-02 17:17:04 +01:00
Owen Mansel-Chan
644d7f18c2 Factor out tryReadGoDirective() 2023-05-02 14:15:03 +01:00
Owen Mansel-Chan
5e87111a8b Stop using deprecate io/ioutil package 2023-05-02 14:15:02 +01:00
Owen Mansel-Chan
1e2bdd88b1 Add --identify-environment flag 2023-05-02 14:15:01 +01:00
Asger F
67afbee06d Merge pull request #12825 from smiddy007/JS-Allow-Truncated-Hash-Forge-NonKeyCipher 
JS: Allow NonKeyCiphers to include truncated SHA-512 MDs in Forge JS libr…
 2023-05-02 13:59:30 +02:00
Anders Schack-Mulligen
353d5f82a6 Merge pull request #12984 from aschackmull/dataflow/instanceof-node 
Dataflow: Replace "extends Node" with "instanceof Node".
 2023-05-02 13:52:33 +02:00
Asger F
0ce27d13a7 Merge pull request #12985 from asgerf/rb/meta-query-sql-injection 
Ruby: add SQL injection sinks to meta query
 2023-05-02 13:35:06 +02:00
Mathias Vorreiter Pedersen
ab67103e6e Merge pull request #12966 from MathiasVP/dataflow-for-static-vars 
C++: Dataflow for static local variables
 2023-05-02 11:52:43 +01:00
Anders Schack-Mulligen
ca09649679 Dataflow: Forward hasLocationInfo. 2023-05-02 10:48:32 +02:00
Asger F
f59c149bae Ruby: add SQL injection sinks to meta query 2023-05-02 10:46:55 +02:00
Anders Schack-Mulligen
2001ce34d4 Java/C#: Adjust references. 2023-05-02 10:21:09 +02:00
Tony Torralba
51c08f1314 Merge pull request #12969 from atorralba/atorralba/java/fix-model-generator-sinks-instance-parameters 
Java: Fix sink model generator for instance parameters
 2023-05-02 10:10:59 +02:00
Mathias Vorreiter Pedersen
fbc872cf1d Update cpp/ql/lib/change-notes/2023-04-28-static-local-dataflow.md 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2023-05-02 09:07:57 +01:00
Anders Schack-Mulligen
5927bb2030 Dataflow: Replace "extends Node" with "instanceof Node". 2023-05-02 09:48:34 +02:00
Nora Dimitrijević
383b2e183d Merge pull request #12936 from d10c/swift/rename-functions 
Swift: rename ugly names in the Function AST hierarchy
 2023-05-01 17:08:19 +02:00
Michael Nebel
a9cf6885d0 Merge pull request #12952 from michaelnebel/csharp/refactorcontentflow 
C#: Re-factor ContentFlow to a parameterised module and use the new API.
 2023-05-01 15:53:57 +02:00
Anders Schack-Mulligen
6c8cb0dc5e Merge pull request #12930 from aschackmull/dataflow/split-typedcontent 
Dataflow: Refactor access paths to split TypedContent into an explicit pair
 2023-05-01 14:58:15 +02:00
Tom Hvitved
3a8a585335 Merge pull request #12979 from hvitved/type-tracking-inline-late 
Type tracking: Use `noopt`+`inline_late` in `TypeTracker::[small]step`
 2023-05-01 14:58:04 +02:00
Tom Hvitved
4687ac16ff Type tracking: Use noopt+inline_late in TypeTracker::[small]step 2023-05-01 11:48:16 +02:00
yoff
0bc6f10a71 Merge pull request #12220 from amammad/amammad-python-paramiko 
add some python sinks for paramiko ssh clients
 2023-05-01 11:38:50 +02:00
Asger F
2c89f9747b Merge pull request #12949 from asgerf/js/angular-native 
JS: Add a few more DOM element sources
 2023-05-01 11:08:45 +02:00
Nora Dimitrijević
c81ea9d747 Merge branch 'main' into swift/rename-functions 2023-05-01 11:03:26 +02:00
Michael Nebel
36ea61c25e C#: Address review comments. 2023-05-01 10:38:39 +02:00
Asger F
e9f1e99526 Merge pull request #12887 from asgerf/js/unsafe-yaml-deserialization 
JS: Update model of js-yaml
 2023-05-01 09:57:20 +02:00
Rasmus Wriedt Larsen
1bba5258d6 Merge pull request #11280 from RasmusWL/dict-dataflow-steps 
Python: Support more dictionary read/store steps
 2023-04-30 16:07:29 +02:00
Mathias Vorreiter Pedersen
a7d238f4c4 C++: Accept consistency changes. 2023-04-28 22:41:58 +01:00
Erik Krogh Kristensen
3d41cd583f Merge pull request #12963 from tyage/track-interfile-use-router 
JS: Track interfile useRouter
 2023-04-28 22:41:43 +02:00
Asger F
d1c8e0abd7 Merge pull request #12951 from asgerf/js/json-with-comments 
JS: Stop complaining about comments in JSON files
 2023-04-28 20:53:35 +02:00
Tony Torralba
77ec181cac Java: Fix sink model generator for instance parameters 2023-04-28 14:49:04 +02:00
Asger F
f87740ab18 Merge pull request #12867 from asgerf/js/webpack-bundles 
JS: Ignore more webpack modules
 2023-04-28 14:35:57 +02:00
Asger F
1b75afb5b1 JS: Change note 2023-04-28 14:32:11 +02:00
Michael B. Gale
edfe2d7ab7 Merge pull request #12944 from github/mbg/go/html-template-sanitizers 
Go: Add `html/template` functions as sanitisers for XSS queries
 2023-04-28 12:15:57 +01:00
Michael B. Gale
5a44fae515 Go: add test for unrelated A->C data flow 2023-04-28 10:56:12 +01:00
Mathias Vorreiter Pedersen
2716c73f87 C++: Add change note. 2023-04-28 10:49:49 +01:00
Mathias Vorreiter Pedersen
c35cb70c9f C++: Fix inconsistencies. 2023-04-28 10:40:18 +01:00
Mathias Vorreiter Pedersen
fd2f0257b6 C++: Accept query changes. 2023-04-28 10:25:12 +01:00
Mathias Vorreiter Pedersen
24d1cac9d7 C++: Accept test changes. 2023-04-28 10:25:07 +01:00
Mathias Vorreiter Pedersen
ee7b137c24 C++: Add dataflow for static locals. 2023-04-28 10:24:57 +01:00
Mathias Vorreiter Pedersen
3eca60cc40 C++: Add static local testcases. 2023-04-28 10:23:36 +01:00
Mathias Vorreiter Pedersen
205bb76036 Merge pull request #12960 from MathiasVP/fp-invalid-deref-2 
C++: Add more FPs for `cpp/invalid-pointer-deref`
 2023-04-28 09:47:46 +01:00
Mathias Vorreiter Pedersen
4ef58cd662 C++: Remove unused parameter in test. 2023-04-28 09:30:30 +01:00
Anders Schack-Mulligen
ce64408442 Merge pull request #12954 from aschackmull/java/implicitlypublic 
Java: Add SrcCallable.isImplicitlyPublic convenience predicate.
 2023-04-28 10:07:45 +02:00
Asger F
ee25f97ea5 Merge pull request #12956 from asgerf/js/express-array-routes 
JS: Properly recognise Express middlewares in an array
 2023-04-28 09:57:35 +02:00