hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-01 21:34:50 +01:00
Code Issues Packages Projects Releases Wiki Activity
59,677 Commits 1,697 Branches 161 Tags
adf7d5409dfffd39db78deee210c93bc8a32dc89
Commit Graph

59677 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Wriedt Larsen
2d947a4f53 Merge pull request #13781 from maikypedia/maikypedia/python-unsafe-deserialization 
Python: Add unsafe deserialization sinks (CWE-502)
 2023-10-10 13:30:38 +02:00
Owen Mansel-Chan
542d5a2451 Merge pull request #14414 from owen-mc/go/fix-incorrect-integer-conversion-performance-regression 
Go: Change MaxValueState API to get architecture bit size
 2023-10-10 11:27:18 +01:00
Tamas Vajk
1872a937d5 C#: Only download nuget.exe if there are packages.config files 2023-10-10 11:39:39 +02:00
Owen Mansel-Chan
fd9c1d30f9 Remove argument that is always one value 2023-10-10 10:35:04 +01:00
Owen Mansel-Chan
cf0411e7e2 Change MaxValueState API to get architecture bit size 
This fixes a performance regression, though it is not clear why.
 2023-10-10 10:35:02 +01:00
Taus
8e1bb4b364 Python: Accept moved consistency test results 
Co-authored-by: Rasmus Lerchedahl Petersen <yoff@github.com>
 2023-10-10 09:22:36 +00:00
Michael Nebel
5c44f8bbad Merge pull request #14370 from michaelnebel/java/enablethreatmodels 
Java: Enable threat models for most Java queries.
 2023-10-10 09:25:47 +02:00
Tamas Vajk
538df1bb6d C#: Add autobuilder test with global.json 2023-10-10 09:11:40 +02:00
Erik Krogh Kristensen
5cb3543899 Merge pull request #14420 from github/dependabot/cargo/ql/regex-1.10.0 
Bump regex from 1.9.6 to 1.10.0 in /ql
 2023-10-10 08:43:46 +02:00
dependabot[bot]
0e09420e7b Bump regex from 1.9.6 to 1.10.0 in /ql 
Bumps [regex](https://github.com/rust-lang/regex) from 1.9.6 to 1.10.0.
- [Release notes](https://github.com/rust-lang/regex/releases)
- [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/regex/compare/1.9.6...1.10.0)

---
updated-dependencies:
- dependency-name: regex
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-10-10 03:56:00 +00:00
Erik Krogh Kristensen
4489e2bf28 Merge pull request #14403 from erik-krogh/dDEps 
All: delete outdated deprecations
 2023-10-09 21:04:55 +02:00
amammad
2579791f51 fix examples 2023-10-09 19:00:55 +02:00
Jeroen Ketema
fe60269fdd Merge pull request #14416 from jketema/revert-cgi-xss-rewrite 
Revert "C++: Rewrite `cpp/cgi-xss` to not use default taint tracking"
 2023-10-09 18:52:54 +02:00
Jeroen Ketema
6ff8e06ace Revert "C++: Rewrite cpp/cgi-xss to not use default taint tracking" 
This reverts commit b6132d2a0f.
 2023-10-09 16:30:21 +02:00
Taus
e8ac258994 Python: Add missing flow for AssignmentExpr nodes 
Also extend the tests surrounding this construct to be a bit more comprehensive.

Co-authored-by: Rasmus Lerchedahl Petersen <yoff@github.com>
 2023-10-09 14:16:03 +00:00
Michael B. Gale
f186b93c93 Add dependabot configuration for Go dependencies 2023-10-09 15:14:17 +01:00
Robert Marsh
8af727734e Merge pull request #13909 from rdmarsh2/rdmarsh2/swift/for-in 
Swift: dataflow for `for-in` loops
 2023-10-09 10:00:27 -04:00
Michael B. Gale
ebd640da04 Merge pull request #14391 from github/mbg/go/update-newer-go-version-needed 
Go: Fix version detection and test for `newer-go-version-needed`
 2023-10-09 14:47:37 +01:00
Erik Krogh Kristensen
625e889c62 Merge pull request #14339 from erik-krogh/range-printing 
JS/PY/RB/Java: escape unicode chars in overly-large-range
 2023-10-09 14:22:38 +02:00
Geoffrey White
57e32b47b7 Merge pull request #14386 from geoffw0/swiftperf 
Swift: defaultImplicitTaintRead performance improvement
 2023-10-09 13:07:11 +01:00
Geoffrey White
62b0ebf2fe Merge pull request #14407 from geoffw0/grdbsinks 
Swift: Add sinks for the GRDB database library to swift/hardcoded-key
 2023-10-09 12:58:17 +01:00
erik-krogh
e1b2f81f43 Revert "update doc example to not use isBarrierGuard" 
This reverts commit 28f8c1cc11.
 2023-10-09 13:29:41 +02:00
Michael Nebel
cf3a62d201 Java: Address review comments. 2023-10-09 13:06:59 +02:00
Anders Schack-Mulligen
4a0ab4a050 Merge pull request #14402 from Marcono1234/marcono1234/MemberRefExpr-getReceiverExpr 
Java: Add predicate `MemberRefExpr::getReceiverExpr`
 2023-10-09 13:01:36 +02:00
Anders Schack-Mulligen
8c6a1be070 Merge pull request #14401 from Marcono1234/marcono1234/ClassInstanceExpr-type-argument-doc 
Java: Adjust `ClassInstanceExpr` type argument predicates docs
 2023-10-09 13:01:18 +02:00
Robert
e38ba27a65 Merge pull request #14408 from github/robertbrignull/telemetryLevel-docs 
Update about-telemetry-in-codeql-for-visual-studio-code.rst to mention telemtry.telemetryLevel
 2023-10-09 11:38:33 +01:00
Robert
ada331588f Update about-telemetry-in-codeql-for-visual-studio-code.rst to mention telemtry.telemetryLevel 2023-10-09 11:04:52 +01:00
Jeroen Ketema
f7bd801e00 Merge pull request #11716 from jketema/rewrite-cgi-xss 
C++: Rewrite `cpp/cgi-xss` to not use default taint tracking
 2023-10-09 11:26:14 +02:00
Mathias Vorreiter Pedersen
a1d417d8b6 Merge pull request #14385 from alexet/ir-debug-perf 
CPP: Improve performance of IR debugging
 2023-10-09 11:21:03 +02:00
Tony Torralba
0258dd4fed Merge pull request #14379 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2023-10-09 10:06:22 +02:00
erik-krogh
a7ab9fd93b add change-notes 2023-10-09 09:43:06 +02:00
erik-krogh
f48b47c656 JavaScript: add import that populate the shared abstract classes 2023-10-09 09:14:55 +02:00
erik-krogh
57c757c0a6 Ruby: delete outdated deprecation in test code 2023-10-09 09:14:55 +02:00
erik-krogh
194f918c0b Python: delete various outdated deprecations 2023-10-09 09:14:55 +02:00
erik-krogh
c2942b37a7 JS: delete various outdated deprecations 2023-10-09 09:14:55 +02:00
erik-krogh
e0fefce2a3 Ruby: delete various deprecated predicates 2023-10-09 09:14:54 +02:00
erik-krogh
e3e8f3d7c4 Java: delete various outdated deprecations 2023-10-09 09:14:54 +02:00
erik-krogh
689eda4dae CPP: delete the deprecated AnalysedString class 2023-10-09 09:14:54 +02:00
erik-krogh
1c9f59e491 Python:delete deprecated files modelling web frameworks 2023-10-09 09:14:54 +02:00
erik-krogh
0d992a3d1f delete old deprecated aliases of various regex libraries 2023-10-09 09:14:54 +02:00
erik-krogh
28f8c1cc11 update doc example to not use isBarrierGuard 2023-10-09 09:14:51 +02:00
github-actions[bot]
7c332a31a8 Add changed framework coverage reports 2023-10-09 00:16:19 +00:00
Geoffrey White
8a7325268a Swift: Change note. 2023-10-07 23:19:24 +01:00
Geoffrey White
c492b5f2dd Swift: Model sinks. 2023-10-07 23:19:09 +01:00
Geoffrey White
8bf6fd67d1 Swift: Add a test for GRDB hardcoded key sinks. 2023-10-07 23:07:32 +01:00
erik-krogh
4bc4e0845d delete the deprecated isBarrierGuard predicate from the shared dataflow library, and its uses 2023-10-07 21:48:49 +02:00
erik-krogh
d261cec3cd add change-note 2023-10-07 15:41:08 +02:00
Marcono1234
f3e5045259 Java: Add predicate MemberRefExpr::getReceiverExpr 2023-10-07 14:53:07 +02:00
erik-krogh
56e9eda2b9 fix performance by caching getArgument 2023-10-07 13:06:45 +02:00
Marcono1234
2c0dcd3a2d Java: Adjust ClassInstanceExpr type argument predicates docs 
The type arguments which these predicates have as result are for the
type of the created instance.

Previously the documentation said "provided to the constructor", which
is misleading / incorrect. Type arguments provided to the constructor
are specified directly after the `new` keyword:
```
class C {
    <T> C() {
    }
}

new <String> C();
```

And those are not part of the results of these predicates.
 2023-10-07 03:43:58 +02:00