hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-08 00:24:03 +02:00
Code Issues Packages Projects Releases Wiki Activity
63,794 Commits 1,731 Branches 164 Tags
c19ed4c17e90b7bd991d7e6419e4d1aac81f9536
Commit Graph

63794 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
c19ed4c17e Merge pull request #15626 from MathiasVP/fix-constness-checking 
C++: Don't strip specifiers away in `TFinalParameterUse`
 2024-02-16 10:09:43 +01:00
Max Schaefer
a95f4128d9 Merge pull request #15554 from github/max-schaefer/automodel-candidate-fixes 
Automodel: Improve handling of varargs and overriding in extraction queries
 2024-02-16 08:51:54 +00:00
Ian Lynagh
c6f4a204e9 Merge pull request #15616 from igfoo/igfoo/kt2-exprs 
Kotlin 2: Accept more location changes
 2024-02-15 16:49:28 +00:00
Jeroen Ketema
da3ff4813f Merge pull request #15612 from jketema/destructors4a 
C++: Support `constexpr if` in the IR
 2024-02-15 17:29:56 +01:00
Max Schaefer
652b6bb8e1 Fix bugs revealed by omittable exists variables. 2024-02-15 16:29:20 +00:00
Max Schaefer
8d4a344d47 Merge pull request #15592 from github/max-schaefer/rephrase-negative-characteristics 
Automodel: Make description of some negative characteristics more explicit.
 2024-02-15 16:20:17 +00:00
Mathias Vorreiter Pedersen
532e8dac45 C++: Don't strip specifiers in 'TFinalParameterUse'. 2024-02-15 14:08:12 +01:00
Owen Mansel-Chan
9cd13cbf37 Merge pull request #15624 from owen-mc/go/update-library-coverage-frameworks 
Add new libraries we cover to frameworks.csv
 2024-02-15 12:55:19 +00:00
Owen Mansel-Chan
6cb4773188 Add new libraries we cover to frameworks.csv 2024-02-15 12:19:49 +00:00
Erik Krogh Kristensen
7c0557269a Merge pull request #15596 from erik-krogh/url-san 
C#: Add a few more sanitizers to `cs/web/unvalidated-url-redirection`
 2024-02-15 12:09:06 +01:00
Angela P Wen
0643184a7e Merge pull request #15493 from jsoref/declare-permissions 
Declare permissions in workflows
 2024-02-15 02:52:24 -08:00
Tony Torralba
f4c9052ba9 Merge pull request #15622 from atorralba/atorralba/java/path-sanitizer-equals 
Java: Expand ExactPathSanitizer to work on the argument of 'equals' too
 2024-02-15 11:29:09 +01:00
Tamás Vajk
a5e3643faf Merge pull request #15621 from tamasvajk/buildless/cleanup 
C#: Code quality improvements (fixed log message, removed unused interface)
 2024-02-15 10:54:47 +01:00
Rasmus Wriedt Larsen
e4c30371f9 Merge pull request #13557 from am0o0/amammad-python-bombs 
Python: Decompression Bombs
 2024-02-15 10:43:12 +01:00
Tony Torralba
90a9d82b9d Java: Expand ExactPathSanitizer to work on the argument of 'equals' too 2024-02-15 10:00:24 +01:00
Harry Maclean
a9abba5859 Merge pull request #15520 from hmac/hmac-erb-raw-output-directive 
Ruby: Recognise raw Erb output as XSS sink
 2024-02-15 08:05:16 +00:00
Harry Maclean
babae65e41 Merge pull request #15488 from hmac/ruby-mad-docs 
Ruby: add docs for customizing library models with data extensions
 2024-02-15 07:58:22 +00:00
Tamas Vajk
2f1472fa48 Code quality improvements (fixed log message, removed unused interface) 2024-02-15 08:52:44 +01:00
Tamás Vajk
8aff913c3c Merge pull request #15614 from tamasvajk/buildless/razor-cleanup 
C# Only remove temp files for MVC view generation if needed
 2024-02-15 08:27:40 +01:00
Chris Smowton
7e41a895d8 Merge pull request #15618 from JLLeitschuh/patch-6 
Fix typo in NettyRequestSplitting.java
 2024-02-14 20:44:40 +00:00
Josh Soref
b58c856756 Declare permissions 
Repositories can be configured with Default access (restricted)
https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token

Best practice says that workflows should declare the minimal permissions they require.
Without declaring permissions, paranoid forks fail miserably.
 2024-02-14 14:31:45 -05:00
Josh Soref
e468f4062f use github/codeql-action...@main 2024-02-14 14:31:31 -05:00
amammad
09d8a75844 Fix QLDoc issues 2024-02-14 23:31:22 +04:00
Jonathan Leitschuh
50056d603e Fix typo in NettyRequestSplitting.java 2024-02-14 14:03:33 -05:00
Ian Lynagh
f6d6a04ba2 Kotlin 2: Accept location changes in library-tests/exprs 2024-02-14 17:01:21 +00:00
Ian Lynagh
4fcc1c26d4 Kotlin 2: Accept location changes in library-tests/exprs 2024-02-14 16:56:22 +00:00
Ian Lynagh
b95c69dc66 Kotlin 2: Accept location changes in library-tests/exprs 2024-02-14 16:54:20 +00:00
Ian Lynagh
2fe4c8c519 Kotlin 2: Accept some loc changes in library-tests/exprs/exprs 2024-02-14 16:47:46 +00:00
Ian Lynagh
14979585c9 Kotlin 2: Accept loc changes for library-tests/exprs/funcExprs.kt 2024-02-14 16:40:54 +00:00
Tony Torralba
f5d9fe6b08 Merge pull request #15615 from atorralba/atorralba/go/hardcoded-credentials-test-fix 
Go: Use less confusing name for hardcoded credentials tests
 2024-02-14 17:33:43 +01:00
Ian Lynagh
efe5184a74 Kotlin 2: Accept loc change for fn in library-tests/exprs/funcExprs.kt 2024-02-14 16:09:14 +00:00
Tony Torralba
1202b5b429 Go: Use less confusing name for hardcoded credentials tests 
We don't want name-based heuristics to pick these variable names, but also using something like 'safeName' may mislead readers into believing the test cases are intended to be GOOD cases (i.e. safe)
 2024-02-14 17:06:05 +01:00
Ian Lynagh
18a28e2623 Kotlin 2: Accept loc changes in library-tests/exprs for kFunctionInvoke.kt 2024-02-14 16:04:10 +00:00
Ian Lynagh
c11bfb3c83 Kotlin 2: Accept loc changes in library-tests/exprs for localFunctionCalls.kt 2024-02-14 16:03:23 +00:00
Tamas Vajk
12663b58f1 C# Only remove temp files for MVC view generation if needed 2024-02-14 17:00:37 +01:00
Tony Torralba
99ac640536 Merge pull request #15527 from atorralba/atorralba/go/promote-hardcoded-key 
Go: Promote `go/hardcoded-key` from experimental
 2024-02-14 16:54:03 +01:00
Rasmus Wriedt Larsen
eb401a205d Python: Fix test exclusion for stdlib Python 3.12 2024-02-14 16:53:19 +01:00
Ian Lynagh
1cc645b276 Kotlin 2: Accept location changes in library-tests/exprs for samConversion.kt 2024-02-14 15:49:44 +00:00
Ian Lynagh
9195be34a2 Kotlin 2: Accept location changes in library-tests/exprs/exprs for whenExpr.kt 2024-02-14 15:45:09 +00:00
Ian Lynagh
5d0b780c06 Kotlin 2: Accept some location improvements in library-tests/exprs/exprs.expected 2024-02-14 15:37:37 +00:00
Ian Lynagh
2cc2a90880 Kotlin 2: Accept some location changes in library-tests/exprs/exprs.expected 2024-02-14 15:37:35 +00:00
Jeroen Ketema
9ef2c83d71 Merge pull request #15611 from jketema/destructors4 
C++: For unnamed local variable declaration entries consider the name of the variable
 2024-02-14 16:18:33 +01:00
Rasmus Wriedt Larsen
59014787a1 Python: Fix DataflowQueryTest 
You're only allowed to have `result=OK` if there is a sink on that line...
 2024-02-14 15:44:40 +01:00
Rasmus Wriedt Larsen
cd596f5d05 Python: Reformat test-file 
All those newlines are not good for inline expectations
 2024-02-14 15:44:06 +01:00
Jeroen Ketema
33413129a5 C++: For unnamed local variable declaration entries consider the name of the variable 2024-02-14 15:03:04 +01:00
Ian Lynagh
c87b7b5f88 Merge pull request #15606 from igfoo/igfoo/kt2 
Kotlin: Fix build with latest 2.0.255 snapshots
 2024-02-14 14:00:50 +00:00
Rasmus Wriedt Larsen
e5bd633028 Python: Change name/id to Decompression Bomb 
The old title/id matches how we used to write queries, but I think just
using the normal conversational name is easier for everyone :)
 2024-02-14 14:54:25 +01:00
Rasmus Wriedt Larsen
69c8ef9898 Python: Use dataflow instead of taint-tracking 2024-02-14 14:52:37 +01:00
Rasmus Wriedt Larsen
ba7dd38fc9 Python: Delete duplicated file 2024-02-14 14:48:37 +01:00
Rasmus Wriedt Larsen
9ae3ea81ff Python: Remove spurious results in stdlib 2024-02-14 14:47:28 +01:00