hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-12 05:01:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,152 Commits 1,690 Branches 160 Tags
aecf4e48f8cd18526440fcdcfd400be2c733c013
Commit Graph

33152 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Lerchedahl Petersen
aecf4e48f8 python: add change note 2022-03-24 11:43:07 +01:00
Rasmus Lerchedahl Petersen
93336bcb16 python: allow alternative middleware 
(observed [on LGTM](9d6a7ee180/files/mozillians/settings.py (L96)))
 2022-03-23 12:27:51 +01:00
Rasmus Lerchedahl Petersen
6c2449564a python: add concept tests 2022-03-23 12:05:09 +01:00
Rasmus Lerchedahl Petersen
441e206cfa python: CSRF -> Csrf 2022-03-23 11:29:27 +01:00
Rasmus Lerchedahl Petersen
53de8287f5 python: rule out test code for CSRF 2022-03-22 14:57:05 +01:00
Rasmus Lerchedahl Petersen
0f2c21c8bd python: require local protection to be absent 
for CSRF to be likely
 2022-03-22 13:42:52 +01:00
Rasmus Lerchedahl Petersen
f5b53083ae python: require authentication middleware 
for CSRF to be relevant
 2022-03-22 08:44:19 +01:00
Rasmus Lerchedahl Petersen
895ce755c1 python: correct file name 2022-03-07 13:03:04 +01:00
Rasmus Lerchedahl Petersen
93750fe17f python: minimal CSRF implementation 
- currectly only looks for custom django middleware
 2022-03-04 12:47:23 +01:00
Jeroen Ketema
3fc2f2f3dc Merge pull request #8309 from jketema/taint-join-order 
C++: Fix join order in the IR dataflow library
 2022-03-03 09:00:42 +01:00
Jeroen Ketema
2fd950caad C++: Fix join order in the IR dataflow library 
Not having this fixed caused problems when updating the database
scheme stats file.
 2022-03-03 07:42:52 +01:00
Michael Nebel
b39f383d45 Merge pull request #8230 from michaelnebel/csharp/autobuilder-buildless 
C#: Buildless extractor option.
 2022-03-02 15:53:02 +01:00
Michael Nebel
938902dc89 C#: Include example fragment in the release note on, how to invoke the extractor with the optional parameter. 2022-03-02 14:28:25 +01:00
Michael Nebel
fc89888c74 C#: Add pattern that only accepts 'true' and 'false' as the buildless option. 2022-03-02 14:28:21 +01:00
Michael Nebel
c5ddf6110f C#: Address review comments (change description to use true/false instead of yes/no). 2022-03-02 14:27:45 +01:00
Michael Nebel
8d9999a8c4 C#: Change note describing the buildless extractor option. 2022-03-02 14:25:11 +01:00
Michael Nebel
3859b62554 C#: Autobuilder should use standalone in case buildless options is provided. 2022-03-02 14:25:11 +01:00
Michael Nebel
c973693bee C#: Introduce buildless extractor option. 2022-03-02 14:25:06 +01:00
Michael Nebel
fff42501fc Merge pull request #8167 from michaelnebel/csharp/extractor-option-compress 
C# Extractor Option for specifying compression.
 2022-03-02 14:22:52 +01:00
Michael Nebel
a0a2cde6fa C#: Update relase note to include example fragment on, how to invoke the extractor with the optional parameter. 2022-03-02 13:17:20 +01:00
Mathias Vorreiter Pedersen
3681a1b736 Merge pull request #7933 from geoffw0/cwe497 
C++: Improve cpp/system-data-exposure
 2022-03-02 10:18:01 +00:00
Mathias Vorreiter Pedersen
71cd507f89 Merge pull request #8298 from MathiasVP/filter-bad-conversions-in-cpp-gvn 
C++: Fix `GVN` performance on more invalid IR
 2022-03-02 10:14:19 +00:00
Arthur Baars
169f65526e Merge pull request #8292 from aibaars/api-graphs-private 
Ruby: ApiGraphs: use private imports
 2022-03-02 00:35:46 +01:00
Taus
8460ab4f31 Merge pull request #7549 from hvitved/python/points-to-perf 2022-03-01 23:05:10 +01:00
Mathias Vorreiter Pedersen
155502cfdb C#/C++: Sync identical files. 2022-03-01 16:56:49 +00:00
Mathias Vorreiter Pedersen
4acae4a2d1 C++: Remove redundant conjunct. 2022-03-01 16:56:25 +00:00
Geoffrey White
2962b125af Merge branch 'main' into cwe497 2022-03-01 16:19:28 +00:00
Paolo Tranquilli
c81f2661a3 Merge pull request #8300 from redsun82/check-qhelp 
check-qhelp: call super init in IncludeHandler
 2022-03-01 17:07:28 +01:00
Paolo Tranquilli
ef4d1de9c3 check-qhelp: call super init in IncludeHandler 
`xml.sax.ContentHandler` has a non-trivial `__init__`. While this is
probably harmless, it does not hurt to fix this.
 2022-03-01 16:50:55 +01:00
Tom Hvitved
92fa0071bd Update python/ql/lib/semmle/python/pointsto/MRO.qll 
Co-authored-by: Taus <tausbn@github.com>
 2022-03-01 14:16:49 +01:00
Geoffrey White
5402b02fd7 Merge branch 'main' into cwe497 2022-03-01 11:58:24 +00:00
Mathias Vorreiter Pedersen
52dbf2c787 C#/C++: Sync identical files. 2022-03-01 11:50:50 +00:00
Mathias Vorreiter Pedersen
b6faa207a4 C++: Remove redundant cast. 2022-03-01 11:50:44 +00:00
Mathias Vorreiter Pedersen
93bd380838 C#/C++: Sync identical files. 2022-03-01 11:37:19 +00:00
Mathias Vorreiter Pedersen
6b324fb781 C++: Filter out InheritanceConversionInstructions with multiple base or derived classes when doing global value numbering. 2022-03-01 11:34:41 +00:00
Michael Nebel
8312fc6895 C#: Use groups and rename to trap.compression instead. Various changes to description to align with Ruby. 2022-03-01 12:01:44 +01:00
Tamás Vajk
94cb5c2be4 Merge pull request #8296 from github/post-release-prep/codeql-cli-2.8.2 
Post-release preparation for codeql-cli-2.8.2
 2022-03-01 11:57:36 +01:00
Rasmus Wriedt Larsen
eece2222ba Merge pull request #8252 from github/RasmusWL/debugging-dataflow-improvements 
Docs: Mention `hasPartialFlowRev` and performance problem
 2022-03-01 11:27:57 +01:00
Erik Krogh Kristensen
51482e4fcf Merge pull request #8295 from erik-krogh/ts46 
JS: Add support for TypeScript 4.6
 2022-03-01 11:09:02 +01:00
Michael Nebel
7522a2d248 Merge pull request #7832 from aschackmull/java/modelgen 
Java: Simplify model generator query using flow state.
 2022-03-01 10:57:07 +01:00
Rasmus Wriedt Larsen
f3f2c3183e Docs: Apply suggestions from code review 
Co-authored-by: James Fletcher <42464962+jf205@users.noreply.github.com>
 2022-03-01 10:45:24 +01:00
Mathias Vorreiter Pedersen
1f01d8014e Merge pull request #8225 from jketema/ir-structured-bindings-translation 
C++: Update the IR translation for structured bindings
 2022-03-01 09:43:35 +00:00
github-actions[bot]
980f822983 Post-release preparation for codeql-cli-2.8.2 2022-03-01 09:24:30 +00:00
Arthur Baars
7e6ef7ac74 Ruby: ApiGraphs: use private imports 2022-03-01 10:24:19 +01:00
Erik Krogh Kristensen
4c58f9781b add support for TypeScript 4.6 2022-03-01 09:56:21 +01:00
Mathias Vorreiter Pedersen
3719353338 Merge pull request #8172 from github/redsun82/pre-commit 
add pre-commit configuration
 2022-03-01 08:54:54 +00:00
Erik Krogh Kristensen
2b7c819135 fix extension of change-note 2022-03-01 09:54:19 +01:00
Michael Nebel
7bde1cbfb3 Java: Add case for Synthetic Fields in isRelevantTaintStep. 2022-03-01 09:15:01 +01:00
Jeroen Ketema
0c2cfa1307 C++: Add comment on the existence of reference types 2022-02-28 19:14:54 +01:00
Arthur Baars
5ce6b847d1 Merge pull request #8166 from aibaars/regex-char-sequence-1 
Ruby/Python: regex parser: group sequences of 'normal' characters
 2022-02-28 17:47:53 +01:00