hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 10:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity
69,357 Commits 1,742 Branches 165 Tags
c9aaba677dc2df4c98307e34f0c3bcd40e2cf0f8
Commit Graph

69357 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Owen Mansel-Chan
62adb31ca6 Add more import paths for xmlpath 2024-08-01 14:52:19 +01:00
Owen Mansel-Chan
9d866192a6 Add paths from QL models to MaD models 2024-08-01 14:52:18 +01:00
Owen Mansel-Chan
e051815d96 Merge pull request #17119 from owen-mc/go/finish-converting-tests-to-model-pretty-printing 
Go: finish converting tests to model pretty printing
 2024-08-01 14:04:02 +01:00
Owen Mansel-Chan
8325c4c69c Updated .expected files 2024-08-01 13:12:21 +01:00
Owen Mansel-Chan
cbe54717f6 Revert "Revert post-processing for 6 queries pending bug fix" 
This reverts commit a8236e1545.
 2024-08-01 13:10:06 +01:00
Anders Schack-Mulligen
776c01aa8d Merge pull request #17117 from aschackmull/dataflow/qltest-provenance-workaround 
Dataflow: Allow printing multiple models for one MaDId.
 2024-08-01 13:52:58 +02:00
Anders Schack-Mulligen
90272ddbfa Dataflow: Allow printing multiple models for one MaDId. 2024-08-01 13:04:24 +02:00
Geoffrey White
2ed2a76866 Swift: Add a note about escaping as an alternative way to fix these issues. 2024-08-01 11:52:08 +01:00
Geoffrey White
2fd4b57d74 Swift: Expand the swift/sql-injection qhelp examples by labelling the API that's used, adding SQLite3 C API examples, and adding an example of using a prepared statement incorrectly. 2024-08-01 11:52:06 +01:00
Geoffrey White
9f6a5d9e13 Swift: Fix typo in example. 2024-08-01 11:52:05 +01:00
Geoffrey White
61eb5cd55c Swift: Put a barrier on the qualifiers as well. 2024-08-01 11:49:10 +01:00
Geoffrey White
0c3e8ced4b Swift: Make append methods and string interpolation barriers for swift/constant-salt. 2024-08-01 11:49:09 +01:00
Geoffrey White
2543f3ecfb Swift: Make + a barrier for swift/constant-salt. 2024-08-01 11:49:08 +01:00
Geoffrey White
c8438c38f2 Swift: Tests for string appending with swift/constant-salt. 2024-08-01 11:49:07 +01:00
Geoffrey White
69c18f9cd2 Swift: Use in swift/constant-salt so that the source node is clickable + visible to autofix. 2024-08-01 11:49:06 +01:00
Geoffrey White
b944d47f58 Swift: Fix the example for swift/constant-salt. 2024-08-01 11:49:05 +01:00
Owen Mansel-Chan
d5dc95f1e6 Update frameworks.csv 2024-08-01 11:03:50 +01:00
Anders Schack-Mulligen
377301a55a Merge pull request #17108 from aschackmull/dataflow/flowthrough-provenance 
Dataflow: Propagate provenance correctly for flow-through wrappers.
 2024-08-01 09:35:56 +02:00
Owen Mansel-Chan
97c9207595 Merge pull request #17104 from owen-mc/go/add-extra-go-jose-package-path 
Go: Fix missing `go-jose` package path
 2024-08-01 00:14:46 +01:00
yoff
251036c6b4 Merge pull request #17080 from sylwia-budzynska/streamlit 
Python: Add Streamlit models
 2024-07-31 18:20:11 +02:00
Jami
f9f57e9122 Merge pull request #17023 from jcogs33/jcogs33/java/add-apache-ant-path-inj-sinks 
Java: add apache-ant `Property` path injection sinks
 2024-07-31 11:04:13 -04:00
Geoffrey White
20672acb74 Merge pull request #17110 from geoffw0/memfree 
C++: Improve cpp/memory-may-not-be-freed
 2024-07-31 15:59:42 +01:00
Mathias Vorreiter Pedersen
06a4f907ef Merge pull request #17109 from MathiasVP/constexpr-if-unevaluated 
C++: Mark `constexpr if` as unevaluated
 2024-07-31 15:34:29 +01:00
Owen Mansel-Chan
6280ed2a6b Merge pull request #13555 from am0o0/amammad-java-bombs 
Java: Decompression Bombs
 2024-07-31 14:55:28 +01:00
Geoffrey White
c172b946a1 C++: Change note. 2024-07-31 14:55:15 +01:00
Geoffrey White
4aea4c0323 C++: Simple fix. 2024-07-31 14:46:25 +01:00
Geoffrey White
c04428dedc C++: Add test cases for the memory freed queries. 2024-07-31 14:03:56 +01:00
Anders Schack-Mulligen
9724516c84 C#/Go/Java/Python/Ruby: Accept qltest .expected changes. 2024-07-31 14:45:10 +02:00
Anders Schack-Mulligen
af06763c42 Dataflow: Propagate provenance correctly for flow-through wrappers. 2024-07-31 14:37:13 +02:00
Jami
4fb29c4473 Merge branch 'main' into jcogs33/java/add-apache-ant-path-inj-sinks 2024-07-31 08:15:07 -04:00
Mathias Vorreiter Pedersen
61eda0df9d C++: Add change note. 2024-07-31 13:13:19 +01:00
Jami
05b0a3f41c Merge pull request #17093 from jcogs33/jcogs33/java/provenance-postprocess-qltest-remaining-lib-tests 
Java: Add support for post-process provenance pretty-printing in `.ql` library-tests
 2024-07-31 08:11:15 -04:00
Mathias Vorreiter Pedersen
fe575df325 C++: Mark constexpr if as unevalauted. 2024-07-31 13:09:12 +01:00
Mathias Vorreiter Pedersen
4e62dc81d2 C++: Add constexpr if testcase. 2024-07-31 13:08:49 +01:00
yoff
123dcc75d1 Merge pull request #16971 from RasmusWL/mad-dict-source 
Python: Add MaD support for DictionaryElement/DictionaryElementAny for sources
 2024-07-31 13:40:07 +02:00
Sylwia Budzynska
9bd00c9e1e Change Gradio rfs test to use shared rfs test module 2024-07-31 13:25:32 +02:00
Sylwia Budzynska
2a6ad00a2f Fix typo 2024-07-31 13:22:27 +02:00
Sylwia Budzynska
72e7b6c872 Update python/ql/lib/semmle/python/frameworks/Streamlit.qll 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2024-07-31 13:20:01 +02:00
Owen Mansel-Chan
01c6dbaa27 Accept provenance numbering changes 2024-07-31 12:19:18 +01:00
Owen Mansel-Chan
8901b1fd14 Merge pull request #17100 from owen-mc/java/sensitive-log/ignore-tokenizer 
Java: whitelist variable names containing "tokenizer" for `java/sensitive-log`
 2024-07-31 12:16:03 +01:00
Owen Mansel-Chan
59e22f6cd9 Merge pull request #17101 from owen-mc/java/dead-ref-types-junit-4-5 
Java: Fix FPs in `java/unused-reference-type` for JUnit 4-style tests
 2024-07-31 11:11:35 +01:00
Owen Mansel-Chan
e4cd29efc6 Fix missing go-jose package path 2024-07-31 11:09:53 +01:00
Cornelius Riemenschneider
d75da82528 Merge pull request #17102 from github/criemen/installer-ripunzip 
Bazel installer: Retry ripunzip step.
 2024-07-31 12:04:20 +02:00
Owen Mansel-Chan
f953249692 Merge pull request #17103 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2024-07-31 10:47:08 +01:00
Cornelius Riemenschneider
de47838c36 Remove unused exception class. 2024-07-31 11:31:11 +02:00
Owen Mansel-Chan
f8e8b362ab Merge branch 'main' into workflow/coverage/update 2024-07-31 10:07:35 +01:00
Owen Mansel-Chan
3ece3ec50f Merge pull request #17092 from owen-mc/go/provenance-postprocess-qltest 
Go: Add support for provenance pretty-printing
 2024-07-31 09:54:28 +01:00
Cornelius Riemenschneider
1ce15ae2fd Fix exit code when ripunzip isn't called. 2024-07-31 08:09:53 +02:00
github-actions[bot]
d0c2b4a60f Add changed framework coverage reports 2024-07-31 00:15:22 +00:00
Edward Minnix III
bae0ea5599 Merge pull request #17042 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2024-07-30 20:04:23 -04:00