hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-04 22:56:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
65,188 Commits 1,699 Branches 161 Tags
be245dd4b296ccfae51155cbfec791b1bca00a60
Commit Graph

65188 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Anders Schack-Mulligen
03f7968dbf Dataflow: Fix flow-feature bug. 2024-02-16 11:38:30 +01:00
Angela P Wen
4291c75488 Merge pull request #15631 from github/angelapwen/extend-permissions 
Add `security-events: write` permission in `ql-for-ql-build.yml`
 2024-02-16 02:28:30 -08:00
Anders Schack-Mulligen
ba1a0bc320 Java: Add test highlighting problem. 2024-02-16 11:25:33 +01:00
Angela P Wen
c75111619e Add security-events: write permission 2024-02-16 02:17:17 -08:00
Tamas Vajk
d358f8e4f2 Move undocumented environment variable names to a common location 2024-02-16 11:15:53 +01:00
Tamas Vajk
b996f7b3ce Change environment variable for opt-out web view extraction 2024-02-16 11:15:53 +01:00
Tamas Vajk
8f0f6963bb Change desktop dotnet assembly lookup to fall back to nuget reference assemblies 2024-02-16 11:15:53 +01:00
Tamas Vajk
04f0fb0483 Add integration test with mono assemblies as references 2024-02-16 11:15:52 +01:00
Cornelius Riemenschneider
4e022e2098 Merge pull request #15627 from github/criemen/java-test 
Move the JS java tests to be a proper `java_test` target.
 2024-02-16 11:15:18 +01:00
Erik Krogh Kristensen
037e64a4b5 Merge pull request #15623 from erik-krogh/cs-url 
C#: update the QHelp for `cs/web/unvalidated-url-redirection`
 2024-02-16 11:12:22 +01:00
Óscar San José
d46157135a Merge pull request #15630 from tamasvajk/fix/change-coverage-updater-permissions 
Extend permissions in `csv-coverage-update.yml`
 2024-02-16 10:58:24 +01:00
Tamas Vajk
89384bb855 Extend permissions in csv-coverage-update.yml 2024-02-16 10:19:16 +01:00
Mathias Vorreiter Pedersen
c19ed4c17e Merge pull request #15626 from MathiasVP/fix-constness-checking 
C++: Don't strip specifiers away in `TFinalParameterUse`
 2024-02-16 10:09:43 +01:00
Max Schaefer
a95f4128d9 Merge pull request #15554 from github/max-schaefer/automodel-candidate-fixes 
Automodel: Improve handling of varargs and overriding in extraction queries
 2024-02-16 08:51:54 +00:00
Benjamin Rodes
d6b0746b30 The non-constant format query is now a path query. Minor changes to the output alert to be more precise on what is being alerted. Minor changes to the query itself to avoid redundancies with argv. 2024-02-15 12:14:52 -05:00
Ian Lynagh
c6f4a204e9 Merge pull request #15616 from igfoo/igfoo/kt2-exprs 
Kotlin 2: Accept more location changes
 2024-02-15 16:49:28 +00:00
Jeroen Ketema
da3ff4813f Merge pull request #15612 from jketema/destructors4a 
C++: Support `constexpr if` in the IR
 2024-02-15 17:29:56 +01:00
Max Schaefer
652b6bb8e1 Fix bugs revealed by omittable exists variables. 2024-02-15 16:29:20 +00:00
Max Schaefer
8d4a344d47 Merge pull request #15592 from github/max-schaefer/rephrase-negative-characteristics 
Automodel: Make description of some negative characteristics more explicit.
 2024-02-15 16:20:17 +00:00
Michael B. Gale
4d28c0d2a9 Go: Call go mod vendor to synchronise vendor directory when it exists 2024-02-15 16:19:07 +00:00
Cornelius Riemenschneider
798a1e250e Move the JS java tests to be a proper java_test target. 
Previously, we had a `sh_test` wrapping the `java_test` to do some setup.
This was extremely brittle on Windows, and relied on getting a deploy
jar from `java_test`. This breaks when updating to Bazel 7, where the
ability to get a deploy jar from `java_test` was removed.
Therefore, we now do all the test setup in `AllTests.java` instead.
This is much cleaner, and shouldn't break as easily.
 2024-02-15 17:02:28 +01:00
Joe Farebrother
e36b9f4d3c Add tests and change note 2024-02-15 15:26:20 +00:00
Benjamin Rodes
9e50fc6893 Updating tests to account for removing const char* heuristic. 2024-02-15 09:54:03 -05:00
Benjamin Rodes
caf2ee27fa Adding false negative tests for future work. 2024-02-15 09:43:26 -05:00
Mathias Vorreiter Pedersen
532e8dac45 C++: Don't strip specifiers in 'TFinalParameterUse'. 2024-02-15 14:08:12 +01:00
Owen Mansel-Chan
9cd13cbf37 Merge pull request #15624 from owen-mc/go/update-library-coverage-frameworks 
Add new libraries we cover to frameworks.csv
 2024-02-15 12:55:19 +00:00
Owen Mansel-Chan
6cb4773188 Add new libraries we cover to frameworks.csv 2024-02-15 12:19:49 +00:00
erik-krogh
a5eb2dd906 update the QHelp for cs/web/unvalidated-url-redirection with examples inspired by the JS QHelp 2024-02-15 12:41:01 +01:00
Erik Krogh Kristensen
7c0557269a Merge pull request #15596 from erik-krogh/url-san 
C#: Add a few more sanitizers to `cs/web/unvalidated-url-redirection`
 2024-02-15 12:09:06 +01:00
Angela P Wen
0643184a7e Merge pull request #15493 from jsoref/declare-permissions 
Declare permissions in workflows
 2024-02-15 02:52:24 -08:00
Tony Torralba
f4c9052ba9 Merge pull request #15622 from atorralba/atorralba/java/path-sanitizer-equals 
Java: Expand ExactPathSanitizer to work on the argument of 'equals' too
 2024-02-15 11:29:09 +01:00
Tamás Vajk
a5e3643faf Merge pull request #15621 from tamasvajk/buildless/cleanup 
C#: Code quality improvements (fixed log message, removed unused interface)
 2024-02-15 10:54:47 +01:00
Rasmus Wriedt Larsen
e4c30371f9 Merge pull request #13557 from am0o0/amammad-python-bombs 
Python: Decompression Bombs
 2024-02-15 10:43:12 +01:00
Tony Torralba
90a9d82b9d Java: Expand ExactPathSanitizer to work on the argument of 'equals' too 2024-02-15 10:00:24 +01:00
Harry Maclean
a9abba5859 Merge pull request #15520 from hmac/hmac-erb-raw-output-directive 
Ruby: Recognise raw Erb output as XSS sink
 2024-02-15 08:05:16 +00:00
Harry Maclean
babae65e41 Merge pull request #15488 from hmac/ruby-mad-docs 
Ruby: add docs for customizing library models with data extensions
 2024-02-15 07:58:22 +00:00
Tamas Vajk
2f1472fa48 Code quality improvements (fixed log message, removed unused interface) 2024-02-15 08:52:44 +01:00
Tamás Vajk
8aff913c3c Merge pull request #15614 from tamasvajk/buildless/razor-cleanup 
C# Only remove temp files for MVC view generation if needed
 2024-02-15 08:27:40 +01:00
Joe Farebrother
37eb81097f Add additional sinks for connection methods 2024-02-14 22:42:03 +00:00
Chris Smowton
7e41a895d8 Merge pull request #15618 from JLLeitschuh/patch-6 
Fix typo in NettyRequestSplitting.java
 2024-02-14 20:44:40 +00:00
Josh Soref
b58c856756 Declare permissions 
Repositories can be configured with Default access (restricted)
https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token

Best practice says that workflows should declare the minimal permissions they require.
Without declaring permissions, paranoid forks fail miserably.
 2024-02-14 14:31:45 -05:00
Josh Soref
e468f4062f use github/codeql-action...@main 2024-02-14 14:31:31 -05:00
amammad
09d8a75844 Fix QLDoc issues 2024-02-14 23:31:22 +04:00
Michael B. Gale
6267506a77 Go: Postpone go.mod creation until necessary 2024-02-14 19:12:36 +00:00
Michael B. Gale
1055e773ef Go: Export InitGoModForLegacyProject 2024-02-14 19:12:35 +00:00
Michael B. Gale
4387c73d12 Go: Fix missing word in comment for discoverWorkspace 2024-02-14 19:12:35 +00:00
Michael B. Gale
6dbb5c5fdb Go: Refactor Autobuild to use pairs of scripts and tools from a reusable array 2024-02-14 19:12:35 +00:00
Michael B. Gale
e2c673417f Go: Only call EmitNewerGoVersionNeeded at most once 2024-02-14 19:12:35 +00:00
Michael B. Gale
6eac48caba Go: Refactor greatest version logic into dedicated function 2024-02-14 19:12:34 +00:00
Michael B. Gale
a9d8643f5a Go: check for extracted files in go-files-found-not-processed test 2024-02-14 19:12:34 +00:00