hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-30 06:42:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
2,346 Commits 1,684 Branches 159 Tags
bfae3fdf97d7bb333936403379f8ea98f76a9d08
Commit Graph

1295 Commits

Author SHA1 Message Date
github-actions[bot]
970e8e1f91 Post-release preparation for codeql-cli-2.7.5 2022-01-12 13:28:33 +00:00
github-actions[bot]
980c162fe3 Release preparation for version 2.7.5 2022-01-04 14:44:48 +00:00
Owen Mansel-Chan
daa55eaae2 Merge pull request #651 from erik-krogh/patches 
various automatic patches applied to codeql-go
 2022-01-04 11:46:20 +00:00
Dave Bartolomeo
171aa8bd62 Move change notes to proper location 2022-01-03 17:38:09 -05:00
github-actions[bot]
00aae7cba5 Post-release version bumps 2022-01-03 20:10:43 +00:00
Erik Krogh Kristensen
afe7ee17a0 run the use-set-literals patch 2021-12-20 17:55:19 +01:00
Erik Krogh Kristensen
4459c8e7c6 run the redundant-cast patch 2021-12-20 17:53:09 +01:00
github-actions[bot]
ee6ea0f8cb Release preparation for version 2.7.4 2021-12-14 21:34:55 +00:00
Dave Bartolomeo
42ecc9b1c7 Move new change notes to appropriate pack 2021-12-14 12:46:19 -05:00
Chris Smowton
9309abf8cd Merge pull request #574 from sauyon/dataflow-update 
Update dataflow libraries and add support for CSV summary flow
 2021-12-13 11:28:28 +00:00
Chris Smowton
08c10bf97b Merge pull request #625 from smowton/smowton/fix/minor-perf-improvements 
Improve performance: join-order AllocationSizeOverflow's source and use `matches` not `regexpFind`
 2021-12-13 10:36:02 +00:00
Andrew Eisenberg
3cc48fea6a Merge pull request #622 from github/post-release/v2.7.3 
Post release/v2.7.3
 2021-12-10 10:00:11 -08:00
Chris Smowton
e9e4f5a687 Improve performance: join-order AllocationSizeOverflow's source and use matches not regexpFind 
The join order fix takes 10 seconds off that predicate; the get-a-flag changes take about 25% off compared to using regexes.
 2021-12-10 12:23:50 +00:00
Andrew Eisenberg
cedf55c46e Update pack dependency 2021-12-09 07:58:14 -08:00
Chris Smowton
3cf1459c4f Revert getACallee type change 2021-12-08 11:20:33 -05:00
Rasmus Wriedt Larsen
a650c56c0c Tag queries with CWE-328 
CWE-328: Use of Weak Hash, see https://cwe.mitre.org/data/definitions/328.html
 2021-12-07 20:54:31 +00:00
Sauyon Lee
d62f417130 Remove uses of getEnclosingCallable 2021-12-07 07:39:26 -05:00
Sauyon Lee
30ab22f5a6 Fix compilation errors with new DataFlowCallable 2021-12-07 07:39:26 -05:00
Andrew Eisenberg
b714988d7c Post release 2.7.3 2021-12-01 14:34:07 -08:00
github-actions[bot]
e4b5dceb14 Release preparation for version 2.7.3 2021-11-30 20:39:28 +00:00
Dave Bartolomeo
9373bdc206 Fix suite-helpers dependency 2021-11-30 11:35:26 -05:00
Dave Bartolomeo
8367fdbec4 Change notes 2021-11-29 16:47:56 -05:00
Dave Bartolomeo
52b68963d2 Prepare for automatic release prep 2021-11-29 16:47:30 -05:00
Erik Krogh Kristensen
1ade6c55d8 apply the implicit-this patch to the remaining go code 2021-11-29 13:10:04 +01:00
Tony Torralba
cc8d9bdc7f Update ql/src/Security/CWE-117/LogInjection.qhelp 
Co-authored-by: Matt Pollard <mattpollard@users.noreply.github.com>
 2021-11-24 13:57:34 +01:00
Tony Torralba
c886d10388 Add Log Injection query 2021-11-19 17:55:34 +01:00
Chris Smowton
33fd1aaf2a Add missing @id tag 2021-11-16 18:52:41 +00:00
Chris Smowton
792bc4bce0 Merge pull request #596 from pupiles/feature/cwe-090 
CWE-090: Ldap Injection
 2021-11-10 11:31:36 +00:00
Chris Smowton
2c5fe1dedc File names should be camel-case 2021-11-09 10:45:09 +00:00
Chris Smowton
bc9300ebf5 Copyedit examples 
Fragments suffice for illustration, and the two bad and good examples can be easily combined
 2021-11-09 10:42:58 +00:00
Chris Smowton
c18b11a470 Copy-edit query: 
* Regular comments to qldoc
* Improve naming
* Update out-of-date documentation from earlier versions of the query
 2021-11-09 10:31:30 +00:00
Chris Smowton
dda425ca8d Improve query style 
No need to highlight the sink again in the message when the sink is the alert location to begin with
 2021-11-09 10:08:02 +00:00
Chris Smowton
f7c19dea71 Copyedit qhelp 2021-11-09 10:05:18 +00:00
pupiles
7f68f85002 fomat .ql inline comment 2021-11-09 14:42:32 +08:00
pupiles
c97d0c6ce5 Remove redundant code 2021-11-05 13:14:28 +08:00
Chris Smowton
233269869c Tidy sanitizers, using instanceof not extends or a charpred where possible 2021-11-04 16:26:14 +00:00
Chris Smowton
23855979d5 Include UntrustedFlowSource into ServerSideRequestForgery::Source but not vice versa 2021-11-04 16:19:22 +00:00
Chris Smowton
9e218a70bb Make imports private 2021-11-04 15:32:37 +00:00
Chris Smowton
18028dca2d Share repeated regex 2021-11-04 15:30:34 +00:00
Chris Smowton
648a70945d Copyedit docs and improve naming 2021-11-04 15:30:29 +00:00
Chris Smowton
a9c853257d Fix qhelp good example 2021-11-04 14:42:54 +00:00
Chris Smowton
5256725359 Copyedit qhelp 2021-11-04 14:41:38 +00:00
valeria-meli
b84f31e918 format 2021-11-04 10:01:38 -03:00
Valeria
9f52a6654e Merge branch 'main' into feature/SSRF 2021-11-04 09:56:10 -03:00
pupiles
4f1052b3a7 feature add common sanitizer 2021-11-04 13:16:24 +08:00
Chris Smowton
b023b405b1 Merge pull request #599 from smowton/smowton/fix/comparison-barrier-join-order 
Improve join order in InsufficientKeySize.ql
 2021-11-03 10:08:25 +00:00
Owen Mansel-Chan
109e3660f8 Split Incorrect Integer Conversion into query and lib files 
This is in preparation for changing the tests to use inline
expectations
 2021-11-02 12:43:54 +00:00
Chris Smowton
a92f144469 Improve join order in InsufficientKeySize.ql 2021-11-02 10:54:51 +00:00
pupiles
adea73da23 Merge branch 'main' into feature/cwe-090 2021-10-29 20:46:50 +08:00
pupiles
cd230bf9d7 feat:add ldap sink &&change code style 2021-10-29 20:44:03 +08:00