hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-11 12:41:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
45,838 Commits 1,688 Branches 160 Tags
bbdda9ef705668c3f44f2004a08d1bf49b618359
Commit Graph

45838 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Erik Krogh Kristensen
bbdda9ef70 Merge pull request #10727 from erik-krogh/js-last-msg 
JS: fix some more style-guide violations in the alert-messages
 2022-10-27 15:48:12 +02:00
Ian Lynagh
f237360d81 Merge pull request #11011 from igfoo/igfoo/modules 
Kotlin: Handle /modules/... paths specially too
 2022-10-27 13:48:32 +01:00
Paolo Tranquilli
507e3b35ad Merge pull request #10987 from github/redsun82/swift-filesystem 
Swift: use `std::filesystem` and `picoSHA2`
 2022-10-27 14:14:37 +02:00
Taus
503cc560cf Merge pull request #10943 from bananabr/main 
Javascript/Python: Tokens built from predictable UUIDs
 2022-10-27 14:12:34 +02:00
Ian Lynagh
bafa80667c Kotlin: Handle /modules/... paths specially too 
On Windows, we don't want a C: prefix on these either.
 2022-10-27 12:24:28 +01:00
Ian Lynagh
6d77b34323 Merge pull request #11000 from igfoo/igfoo/unknown-binary-location 
Kotlin: Handle /!unknown-binary-location/... paths specially on Windows
 2022-10-27 12:09:32 +01:00
Jeroen Ketema
1d7efd8e82 Merge pull request #10905 from jsoref/spelling-code-scanning-product 
Spelling code scanning product
 2022-10-27 12:55:37 +02:00
Erik Krogh Kristensen
cecb498bf3 Merge pull request #10984 from tyage/add-next-js-source 
JS: Add Next.js parameters as source
 2022-10-27 10:36:12 +02:00
Erik Krogh Kristensen
71f29f037a Merge pull request #10988 from erik-krogh/passwrd 
JS: remove some FPs in `js/password-in-configuration-file`
 2022-10-27 10:34:56 +02:00
Tamás Vajk
a428ab5f73 Merge pull request #11006 from tamasvajk/kotlin-fix-test-1 
Kotlin: fix test to expect diagnostic
 2022-10-27 10:34:24 +02:00
Paolo Tranquilli
09f549ab38 Merge pull request #11007 from github/redsun82/cmake-generator 
Swift: fix cmake generator on Linux
 2022-10-27 09:52:55 +02:00
Paolo Tranquilli
09a51ecdd5 Swift: fix cmake generator on Linux 2022-10-27 09:32:05 +02:00
Paolo Tranquilli
3fca25310f Swift: fix copy option 2022-10-27 09:29:05 +02:00
Paolo Tranquilli
22db4932ee Swift: add overwrite_existing to source archiving 2022-10-27 09:26:57 +02:00
Tamas Vajk
1727fcb845 Kotlin: fix test to expect diagnostic 2022-10-27 09:14:23 +02:00
Tamás Vajk
f1fcb64e94 Merge pull request #10992 from tamasvajk/kotlin-unused-extension 
Kotlin: do not report on unused `object` extension parameters
 2022-10-27 08:50:33 +02:00
tyage
c22f9443f2 Refactoring Next.js parameter 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2022-10-27 10:28:51 +09:00
tyage
e8b751ae17 Update javascript/ql/src/change-notes/2022-10-26-nextjs-params.md 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2022-10-27 10:24:08 +09:00
tyage
ac27307a2b Update javascript/ql/lib/semmle/javascript/frameworks/Next.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2022-10-27 10:23:59 +09:00
tyage
54050bf1b6 update test result XssWithAdditionalSources 2022-10-27 10:23:37 +09:00
Harry Maclean
bdb143cf83 Merge pull request #10913 from thiggy1342/expand-ruby-ssrf-sinks-faraday-connection-new 
Ruby: Add Faraday::Connection.new as sink for SSRF query
 2022-10-27 10:33:44 +13:00
Daniel Santos
63c71b7d09 Merge branch 'main' into main 2022-10-26 14:05:26 -05:00
Ian Lynagh
0a470b0864 Kotlin: Handle /!unknown-binary-location/... paths specially on Windows 
The standard code wants to normalise it to C:/!unknown-binary-location/...
which is particularly annoying for cross-platform test output.
 2022-10-26 19:20:32 +01:00
Daniel Santos
64da2cec50 removed unnecessary getACall and fixed formatting 2022-10-26 12:02:55 -05:00
Chris Smowton
fac383a3ac Merge pull request #10974 from smowton/smowton/fix/dont-translate-tochar 
Kotlin: don't try to call nonexistent `j.l.Number.toChar`
 2022-10-26 14:18:03 +01:00
Tamas Vajk
9cc7a30a75 Kotlin: do not report on unused object extension parameters 2022-10-26 15:06:51 +02:00
Tamas Vajk
fbcf7ea669 Kotlin: Add test case for unused extension parameters 2022-10-26 15:05:59 +02:00
Asger F
c9dfba344a Merge pull request #10925 from asgerf/ql/navigate-doc 
Docs: Mention new navigation commands
 2022-10-26 14:29:42 +02:00
Ian Lynagh
37c40c58d2 Merge pull request #10959 from igfoo/igfoo/diags 
Java/Kotlin: Add a diagnostics consistency query
 2022-10-26 13:07:01 +01:00
Paolo Tranquilli
521e6235b5 Swift: use std::filesystem and picoSHA2 
This replaces usages of `llvm::fs` and string manipulation with
`std::filesystem`, also replacing `std::string` with
`std::filesystem::path` where it made sense.

Moreover MD5 hashing used in macOS file remapping was replaced by
SHA256 hashing using a small header-only SHA256 C++ library with an
MIT license, https://github.com/okdshin/PicoSHA2.

File contents hashing was relocated to the newly created `file` library
for later planned reuse.
 2022-10-26 13:23:44 +02:00
erik-krogh
0f9b4334cc remove some FPs in js/password-in-configuration-file 2022-10-26 11:51:56 +02:00
Paolo Tranquilli
e422a4eef9 Swift: move TargetFile to a separate lib 2022-10-26 10:54:51 +02:00
Erik Krogh Kristensen
52cd200ca0 Merge pull request #10985 from asgerf/js/reaches-return-escape 
JS: Do not track returned values out of the enclosing function
 2022-10-26 10:52:11 +02:00
Tony Torralba
924995d9e1 Merge pull request #10977 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2022-10-26 09:51:17 +02:00
Asger F
414bd40c41 JS: Do not track returned values out of the enclosing function 2022-10-26 09:29:49 +02:00
Paolo Tranquilli
a3234503b8 Merge pull request #10983 from github/redsun82/swift-third-party 
Swift: move libraries from `tools` to `third_party`
 2022-10-26 08:59:50 +02:00
Mathias Vorreiter Pedersen
58b6c45d27 Merge pull request #10958 from geoffw0/comma 
C++: Fix performance issue on cpp/comma-before-misleading-indentation
 2022-10-26 08:29:18 +02:00
tyage
7a19744cf2 add change note 2022-10-26 15:17:50 +09:00
tyage
95dca7c3ed update comment 2022-10-26 15:13:59 +09:00
tyage
09f8ca8cc0 add query in comment 2022-10-26 15:13:03 +09:00
tyage
232893aafa make query parameters in ServerSideProps and next/router 
as a RemoteFlowSource
 2022-10-26 14:41:07 +09:00
Paolo Tranquilli
c8788bb5cd Swift: move libraries from tools to third_party 2022-10-26 07:05:56 +02:00
tyage
1f4fc7fc2d add params, query to test 2022-10-26 10:53:11 +09:00
tyage
06925681b0 add test for context.params 2022-10-26 10:53:11 +09:00
github-actions[bot]
5454f9a738 Add changed framework coverage reports 2022-10-26 00:20:29 +00:00
Daniel Santos
f7ace6f801 Update javascript/ql/src/experimental/Security/CWE-340/TokenBuiltFromUUID.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2022-10-25 14:27:03 -05:00
Geoffrey White
1e8b4bdd6f Merge pull request #10973 from geoffw0/comment 
Swift: Fix UrlRemoteFlowSource name clash
 2022-10-25 18:51:51 +01:00
thiggy1342
9c1fbfd330 Merge branch 'main' into expand-ruby-ssrf-sinks-faraday-connection-new 2022-10-25 13:09:17 -04:00
Chris Smowton
004f4be5fb Kotlin: don't try to call nonexistent j.l.Number.toChar 
Previously we thought this could be callable because Kotlin's view of `j.l.Integer` inherits `k.Number` which defines `toChar`.
 2022-10-25 17:09:05 +01:00
Geoffrey White
53fa91f8ba Swift: Add comment. 2022-10-25 16:51:57 +01:00