hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-10 23:41:09 +02:00
Code Issues Packages Projects Releases Wiki Activity
61,391 Commits 1,777 Branches 169 Tags
ba3548b317d8cc63e61446dee3255f01bd6e92ca
Commit Graph

61391 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jami Cogswell
ba3548b317 Java: switch to createRelative sink and add UrlPathHelper sources 2023-11-29 14:46:28 -05:00
Jami Cogswell
efa5ab18c1 Java: add taint steps for getResource sink 2023-11-29 14:46:27 -05:00
Chris Smowton
fefc02d650 Merge pull request #14950 from smowton/smowton/admin/empty-argfile-test 
Java: Add test for empty argfile
 2023-11-29 14:05:39 +00:00
Taus
754deda03e Merge pull request #14946 from github/RasmusWL/list-python-3.12 
Docs: List Python 3.12 as supported
 2023-11-29 15:05:11 +01:00
Chris Smowton
e110db58f8 Add test for empty argfile 2023-11-29 12:51:22 +00:00
Rasmus Wriedt Larsen
76a6fb563d Docs: List Python 3.12 as supported 
Support was added in https://github.com/github/codeql/pull/14636
 2023-11-29 11:22:27 +01:00
Mathias Vorreiter Pedersen
1f9e2c71ce Merge pull request #14928 from MathiasVP/surprising-lifetimes-c_str 
C++: Add a new query for calling `c_str` on temporary objects
 2023-11-29 10:15:11 +00:00
Erik Krogh Kristensen
399872b719 Merge pull request #14943 from rafaelurben/patch-1 
JS: Add django template urls as "save urls"
 2023-11-29 11:10:16 +01:00
Mathias Vorreiter Pedersen
351caaccfe C++: Add GOOD and BAD comments to qhelp examples. 2023-11-29 09:44:54 +00:00
Mathias Vorreiter Pedersen
8afd9288cb Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2023-11-29 09:36:29 +00:00
Rafael
1a05c2e704 Added Django test 2023-11-29 08:26:49 +01:00
Rafael
0a74a3a765 Update javascript/ql/src/change-notes/2023-11-28-django-urls.md 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2023-11-29 08:23:02 +01:00
Rafael
0b0c9e3e48 Create 2023-11-28-django-urls.md 2023-11-28 22:29:53 +01:00
Rafael
286e3951bf Detect Django template URLs 
Django URLs are currently not detected, but flask and nunjucks URL are. (See https://github.com/github/codeql/issues/12267)
 2023-11-28 22:22:07 +01:00
Felicity Chapman
298c6b5295 Merge pull request #14942 from github/codeql-cli-2.15.3 
Mergeback post release changes from the `codeql-cli-2.15.3` branch to `main`
 2023-11-28 20:41:43 +00:00
Jeroen Ketema
483f4c3ce9 Merge pull request #14921 from jketema/kr-style-function-parameters 
C++: Expose whether a function was prototyped or not
 2023-11-28 17:43:22 +01:00
Robert Marsh
4df25f4f7f Merge pull request #14797 from geoffw0/sqlsinks 
Swift: Heuristic sinks for swift/sql-injection
 2023-11-28 11:18:10 -05:00
Tom Hvitved
e79ad3b738 Merge pull request #14937 from hvitved/csharp/stubvisitor-recursion-guard 
C#: Prevent infinite recursion in `EqualsModuloTupleElementNames`
 2023-11-28 16:25:52 +01:00
Jeroen Ketema
28ac46a73f C++: Add change note 2023-11-28 14:57:02 +01:00
Mathias Vorreiter Pedersen
2b36ba33f0 C++: Add support for 'data' in the query. 2023-11-28 12:57:59 +00:00
Michael B. Gale
e349611f86 Merge pull request #14932 from github/dependabot/go_modules/go/extractor/extractor-dependencies-29c4186f99 
Bump the extractor-dependencies group in /go/extractor with 1 update
 2023-11-28 12:57:24 +00:00
Mathias Vorreiter Pedersen
7b8d164692 C++: Add more good test cases. 2023-11-28 11:58:33 +00:00
Mathias Vorreiter Pedersen
62c432f3c7 C++: Tabs -> Spaces. 2023-11-28 11:52:17 +00:00
Tom Hvitved
fea2bf9217 C#: Prevent infinite recursion in EqualsModuloTupleElementNames 2023-11-28 11:45:09 +01:00
Rasmus Wriedt Larsen
c12053287e Merge pull request #14936 from RasmusWL/star-args-kwargs-missing-flow 
Python: Highlight missing post-update flow for `*args` and `**kwargs`
 2023-11-28 11:34:51 +01:00
Rasmus Wriedt Larsen
3c82653b63 Python: Highlight missing post-update flow for *args and **kwargs 2023-11-28 10:59:48 +01:00
Jeroen Ketema
7dec819151 C++: Expose whether a function was prototyped or not 2023-11-28 10:24:43 +01:00
Mathias Vorreiter Pedersen
ff4c63f696 C++: Add change note. 2023-11-28 09:16:49 +00:00
Mathias Vorreiter Pedersen
e10caa68f6 C++: Add tests. 2023-11-28 09:06:24 +00:00
Mathias Vorreiter Pedersen
e94cde9b4b C++: Move the use-after-free tests to subdirectory. 2023-11-28 09:06:24 +00:00
Mathias Vorreiter Pedersen
71ad7696c3 C++: Add qhelp. 2023-11-28 09:06:24 +00:00
Mathias Vorreiter Pedersen
204acbacc5 C++: Add a new query for detecting calls to 'c_str' on temporary objects. 2023-11-28 09:06:24 +00:00
dependabot[bot]
d2cad03e28 Bump the extractor-dependencies group in /go/extractor with 1 update 
Bumps the extractor-dependencies group in /go/extractor with 1 update: [golang.org/x/tools](https://github.com/golang/tools).

- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.15.0...v0.16.0)

---
updated-dependencies:
- dependency-name: golang.org/x/tools
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-11-28 03:58:15 +00:00
Mathias Vorreiter Pedersen
22a91d18b8 C++: Make the sequence container classes public. 2023-11-27 21:32:49 +00:00
Michael Nebel
f05c86239f Merge pull request #14878 from michaelnebel/csharp/pindotnetinintegrationtests 
C#: Pin integration tests to a specific .NET version.
 2023-11-27 13:22:02 +01:00
Ian Lynagh
7560573b89 Merge pull request #14906 from igfoo/igfoo/locs 
Kotlin 2: Accept some location changes in test-kotlin2/library-tests/stmts
 2023-11-27 11:42:47 +00:00
Mathias Vorreiter Pedersen
70e0b33ce6 Merge pull request #14807 from geoffw0/formatsinks 
Swift: More sinks for swift/uncontrolled-format-string
 2023-11-27 11:10:04 +00:00
Michael Nebel
d1c4e772f0 C#: Pin integration tests to a specific .NET version. 2023-11-27 10:51:04 +01:00
Stephan Brandauer
68a7734e08 Merge pull request #14849 from github/kaeluka/automodel-extraction-skip-primitive-types-candidates 
Java Automodel extraction: remove primitives in framework mode
 2023-11-27 09:52:48 +01:00
AlexDenisov
59ee3e16b4 Merge pull request #14800 from github/alexdenisov/more-extractions 
Swift: final 5.8/5.9 extractions
 2023-11-27 08:41:37 +01:00
Mathias Vorreiter Pedersen
865cbab242 Merge pull request #14911 from MathiasVP/remove-duplication-workaround-in-sources 2023-11-24 20:00:57 +00:00
Geoffrey White
dfdc502525 Merge pull request #14908 from geoffw0/setmodels 
Swift: Flow models for Set
 2023-11-24 19:16:16 +00:00
Geoffrey White
2e93c1d7b6 Merge pull request #14879 from geoffw0/contentsof 
Swift: "contentsOf" sources
 2023-11-24 17:47:57 +00:00
Mathias Vorreiter Pedersen
73138f1913 C++: No need to exclude ExprNodes as sources now that #14903 is merged. 2023-11-24 16:58:30 +00:00
Mathias Vorreiter Pedersen
e89d8e2967 Merge pull request #14907 from MathiasVP/remove-workaround-in-authentication-bypass 
C++: Remove workaround for negated conditions in `cpp/user-controlled-bypass`
 2023-11-24 16:54:37 +00:00
Jeroen Ketema
04338215cd Merge pull request #14903 from jketema/ret-val 
C++: Do not use `isReturnValue` in `getenv`, `gets`, and `fgets` models
 2023-11-24 17:51:11 +01:00
Geoffrey White
06ae374206 Swift: Add a predicate for common code. 2023-11-24 16:06:35 +00:00
Geoffrey White
1638796173 Swift: Add change note. 2023-11-24 15:41:49 +00:00
Geoffrey White
2b481bbb48 Swift: Model Sequence.enumerated() as well. 2023-11-24 15:41:49 +00:00
Jeroen Ketema
ee35bfb290 C++: Do not use isReturnValue in getenv, gets, and fgets models 2023-11-24 16:38:15 +01:00