hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 12:46:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
54,729 Commits 1,673 Branches 157 Tags
c2ec1b0a810fcc79a3524f5933e67cbede16f4f0
Commit Graph

54729 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Nebel
c2ec1b0a81 C#: Add extension method testcase for Models as Data. 2023-05-17 13:11:32 +02:00
Tom Hvitved
b46983a381 Merge pull request #13068 from hvitved/ruby/type-tracking-flow-through 
Ruby: Include `self` parameters in type tracking flow-through logic
 2023-05-17 10:59:01 +02:00
Tom Hvitved
867bdcf74d Merge pull request #13183 from hvitved/csharp/ilogger-extension-methods 
C#: Include arguments to `ILogger` extension method calls in `LogMessageSink`
 2023-05-17 08:20:57 +02:00
Jeroen Ketema
2dcdc71e45 Merge pull request #13142 from MathiasVP/precompute-states-in-overrun-write 
C++: Restrict flow-state space of `cpp/overrun-write`
 2023-05-16 21:31:56 +02:00
Michael B. Gale
f5b04ab859 Merge pull request #13187 from github/mbg/java/fix-java-version-too-old-more 
Java: Use empty toolchains.xml for the `java-version-too-old` test
 2023-05-16 19:26:07 +01:00
Mathias Vorreiter Pedersen
a5632a21d1 Merge branch 'main' into precompute-states-in-overrun-write 2023-05-16 18:09:16 +01:00
Mathias Vorreiter Pedersen
99545420d5 Merge pull request #13177 from MathiasVP/recommend-secure-randomness 
Swift: Recommend a proper source of randomness in `swift/hardcoded-key`
 2023-05-16 18:04:13 +01:00
Mathias Vorreiter Pedersen
9def3dd440 Update swift/ql/src/queries/Security/CWE-321/HardcodedEncryptionKey.swift 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2023-05-16 17:42:34 +01:00
Geoffrey White
3bd16fa1d8 Merge pull request #13184 from geoffw0/docconsistency 
Swift: Mirror changes made in the tutorial docs.
 2023-05-16 17:42:03 +01:00
Mathias Vorreiter Pedersen
f5be8cfe58 Merge pull request #13167 from geoffw0/sensitivefps 
Swift: Fix some FPs from the sensitive data library
 2023-05-16 17:12:47 +01:00
Mathias Vorreiter Pedersen
afd1a120ff Merge pull request #13182 from MathiasVP/add-conflation-in-dataflow 
C++: Add example with conflation in dataflow
 2023-05-16 17:11:18 +01:00
Michael B. Gale
2d80302108 Use empty toolchains.xml for java-version-too-old 2023-05-16 16:54:19 +01:00
Mathias Vorreiter Pedersen
c45032844e C++: Add example with conflation in dataflow. 2023-05-16 16:34:20 +01:00
Paolo Tranquilli
fc9fe13278 Merge pull request #13181 from github/redsun82/swift-diagnostics-enable-warnings 
Swift: turn internal error into a TSP warning
 2023-05-16 17:20:46 +02:00
Tom Hvitved
406acbe6a4 Update csharp/ql/lib/change-notes/2023-05-16-ilogger-extension-methods.md 
Co-authored-by: Michael B. Gale <mbg@github.com>
 2023-05-16 17:13:21 +02:00
Tom Hvitved
c412bfde68 Add change note 2023-05-16 16:54:59 +02:00
Paolo Tranquilli
7e61e99e4a Swift: make help links optional argument more explicit 2023-05-16 16:52:22 +02:00
Michael B. Gale
ed79113c7f Merge pull request #13180 from github/mbg/java/fix-java-version-too-old 
Java: Hide GHA variables in `java-version-too-old` test
 2023-05-16 15:49:38 +01:00
Tom Hvitved
3027ed2ca8 C#: Include arguments to ILogger extension method calls in LogMessageSink 2023-05-16 16:04:58 +02:00
Geoffrey White
35b35ec377 Swift: Mirror changes made in the docs. 2023-05-16 14:26:16 +01:00
Michael B. Gale
9660b47879 Hide GHA variables in java-version-too-old test 2023-05-16 14:20:17 +01:00
Alexandre Boulgakov
9e9be4fc5e Merge pull request #13169 from github/sashabu/swift-tests 
Swift: Use `...` to find and run all Bazel tests instead of having list them.
 2023-05-16 14:20:03 +01:00
Paolo Tranquilli
8291b2229a Swift: turn internal error into a TSP warning 2023-05-16 15:18:29 +02:00
Jeroen Ketema
e8423f858f Merge pull request #13149 from MathiasVP/barrier-out-on-phi-back-edges 
C++: Block flow through back-edges in `cpp/overrun-write`
 2023-05-16 14:22:55 +02:00
Mathias Vorreiter Pedersen
03ef18b286 Swift: Recommend a proper source of randomness in 'swift/hardcoded-key'. 2023-05-16 11:59:41 +01:00
Kasper Svendsen
843640c486 Merge pull request #13173 from kaspersv/kaspersv/enable-implicit-this-warnings-shared-packs 
Enable implicit this warnings for shared packs
 2023-05-16 10:50:28 +02:00
Kasper Svendsen
bfb098c3d6 Enable implicit this warnings for shared packs 2023-05-16 09:22:29 +02:00
Tony Torralba
ac1df4de91 Merge pull request #13166 from atorralba/atorralba/java/xpath-xxe-sink 
Java: Add `XPath.evaluate` as XXE sink
 2023-05-16 09:14:56 +02:00
Erik Krogh Kristensen
57858afbd9 Merge pull request #13165 from erik-krogh/proto-assign-qhelp 
JS: fixup in the qhelp for `js/prototype-polluting-assignment`
 2023-05-16 08:52:52 +02:00
Owen Mansel-Chan
1a9bd9ccde Merge pull request #13135 from owen-mc/go/fix-unit-test 
Go: fix unit test
 2023-05-16 07:50:50 +01:00
Alexandre Boulgakov
8db945a11e Swift: Use ... to find and run all Bazel tests instead of having to list them. 2023-05-15 20:51:31 +01:00
Philip Ginsbach
167a5723b4 Merge pull request #13156 from github/ginsbach/SpecifyParameterisedSyntax 
add parameter syntax for module declarations and module references
 2023-05-15 17:07:20 +01:00
Tony Torralba
7d79d87d48 Add XPath.evaluate as XXE sink 2023-05-15 17:39:35 +02:00
erik-krogh
2ebce99eae add another example of how to fix the prototype pollution issue 2023-05-15 17:24:02 +02:00
erik-krogh
7a338c408e fix typo, the variable in the example is called items 2023-05-15 17:23:40 +02:00
Geoffrey White
4781881a6a Swift: Improve mobile/phone number regexp. 2023-05-15 15:30:30 +01:00
Tom Hvitved
826b6219a0 Ruby: Include self parameters in type tracking flow-through logic 2023-05-15 16:02:33 +02:00
Tom Hvitved
3cdb27725a Ruby: Add more call graph tests 2023-05-15 16:02:33 +02:00
Tom Hvitved
9dede31c0d Merge pull request #13077 from hvitved/ruby/track-regexp-improvements 
Ruby: Improvements to `RegExpTracking`
 2023-05-15 16:02:00 +02:00
Geoffrey White
a0cba8cb6b Swift: Address boolean value FPs. 2023-05-15 14:24:18 +01:00
Geoffrey White
27c8eb301e Swift: Fix URL-related FPs. 2023-05-15 14:08:43 +01:00
Mathias Vorreiter Pedersen
650e9e1088 C++: Fix Code Scanning error. 2023-05-15 14:05:41 +01:00
Mathias Vorreiter Pedersen
f1c124a3da C++: Share more code between 'ValidState' and 'StringSizeConfig'. 2023-05-15 14:01:17 +01:00
Geoffrey White
e59d7e0345 Swift: Remove assumption that 'username' is not sensitive (in the tests). 2023-05-15 13:58:44 +01:00
Geoffrey White
dba951111a Swift: Add more sensitive data test cases. 2023-05-15 13:58:44 +01:00
Paolo Tranquilli
725a0a5eec Merge pull request #13161 from github/redsun82/swift-markdown-diagnostics 
Swift: support markdown TSP diagnostics
 2023-05-15 14:47:59 +02:00
Mathias Vorreiter Pedersen
f31709fb29 C++: Make comment more clear. 2023-05-15 13:36:29 +01:00
Paolo Tranquilli
10d084fbbf Swift: update comment 2023-05-15 13:48:24 +02:00
Paolo Tranquilli
cfcd26cf0d Swift: support markdown TSP diagnostics 2023-05-15 13:48:24 +02:00
Paolo Tranquilli
d8c0054ea9 Merge pull request #13133 from github/redsun82/swift-diagnostics-locations 
Swift: add location and visibility support to TSP diagnostics
 2023-05-15 13:47:52 +02:00