hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 12:46:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
31,654 Commits 1,673 Branches 157 Tags
cb9e14f54410a184eeea94792ea712df136e8d12
Commit Graph

31654 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Erik Krogh Kristensen
cb9e14f544 add cwe-471 to js/prototype-pollution 2022-01-19 14:54:57 +01:00
Erik Krogh Kristensen
e4203a4109 add CWE-471 to the prototype-pollution queries 2022-01-19 14:26:34 +01:00
Henry Mercer
061b9badfe Merge pull request #7649 from github/henrymercer/bump-atm-query-pack-v0.0.5 
JS: Bump ML-powered query packs to v0.0.5
 2022-01-19 13:00:41 +00:00
Henry Mercer
d467725ccd JS: Bump ML-powered query packs to v0.0.5 2022-01-19 12:08:33 +00:00
Michael Nebel
3df30545d3 Merge pull request #7628 from michaelnebel/csharp/issue-7609 
C#: Fix false positive alert for shadowing on record types.
 2022-01-19 12:24:57 +01:00
Michael Nebel
edafdc8fde C#: Added change note. 2022-01-19 11:04:53 +01:00
Michael Nebel
194da454b1 C#: Add record deconstruct method as an exception from the bad practice rule. 2022-01-19 11:04:53 +01:00
Michael Nebel
2eea6ca5fd C#: Example record type with autogenerated Deconstruct method. 2022-01-19 11:04:53 +01:00
Mathias Vorreiter Pedersen
bdfde88e99 Merge pull request #7630 from JarLob/patch-2 
C++: Reduce FPs in IncorrectPrivilegeAssignment.ql
 2022-01-19 09:49:43 +00:00
Michael Nebel
55f787bcae Merge pull request #7605 from michaelnebel/csharp/record-struct 
C#: Support for record structs
 2022-01-19 10:39:52 +01:00
Harry Maclean
994fcf54b5 Merge pull request #7126 from jeffgran/jg/graphql-ruby 
Ruby: Add support for GraphQL
 2022-01-19 22:19:30 +13:00
Harry Maclean
08d48b9375 Add top-level doc comment to GraphQL.qll 2022-01-19 21:42:46 +13:00
Tony Torralba
b2c7175ac5 Merge pull request #7641 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2022-01-19 09:34:01 +01:00
github-actions[bot]
f7240be136 Add changed framework coverage reports 2022-01-19 00:09:52 +00:00
Jaroslav Lobačevski
a1b0315d90 Update cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql 2022-01-19 00:52:10 +01:00
Jaroslav Lobačevski
3fa2516898 Update cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql 2022-01-18 21:47:55 +01:00
Jaroslav Lobačevski
d1c89562b8 Apply suggestions from code review 2022-01-18 21:45:13 +01:00
Chris Smowton
84097468cc Merge pull request #7286 from luchua-bc/java/unsafe-url-forward-dispatch 
Java: CWE-552 Query to detect unsafe request dispatcher usage
 2022-01-18 18:19:20 +00:00
Henry Mercer
63672ca394 Merge pull request #7616 from github/henrymercer/js-atm-add-query-help 
JS: Add query help for ML-powered queries
 2022-01-18 18:11:53 +00:00
Chris Smowton
1e32514600 Avoid using this for a non-extending supertype, and remove needless casts 2022-01-18 17:20:40 +00:00
Chris Smowton
d744cf9053 Clean up guard logic: 
* Always sanitize after the second guard, not the first
* Only check basic-block dominance in one place
* One BarrierGuard extension per final guard
 2022-01-18 17:10:06 +00:00
Chris Smowton
748008ad51 Remove dangling reference to UnsafeRequestPath.java 2022-01-18 17:08:38 +00:00
luchua-bc
a3d65a8ed0 Update recommendation in qldoc and make examples more comprehendible 2022-01-18 17:01:26 +00:00
Robert Marsh
024bd27485 Merge pull request #7578 from MathiasVP/store-dest-should-not-be-use 
C++: Store destinations should not be uses for dataflow SSA
 2022-01-18 11:36:15 -05:00
Jeff Gran
47697f59c1 Ruby: Add classes for detecting user input from graphql-ruby 2022-01-18 09:13:58 -07:00
CodeQL CI
1912c56f82 Merge pull request #7631 from RasmusWL/sqlalchemy-scoped-session 
Approved by tausbn
 2022-01-18 14:31:49 +00:00
Rasmus Wriedt Larsen
95e935e9c1 Python: Support SQLAlchemy scoped_session 2022-01-18 14:34:31 +01:00
Jaroslav Lobačevski
92f5a5f893 Reduce FPs in IncorrectPrivilegeAssignment.ql 
Implements suggestions from https://github.com/github/codeql/pull/6949#issuecomment-976482965
 2022-01-18 13:43:17 +01:00
Henry Mercer
be0c26f83d Merge pull request #7617 from github/henrymercer/js-atm-update-alert-messages 
JS: Update alert messages for ML-powered queries
 2022-01-18 11:37:02 +00:00
Mathias Vorreiter Pedersen
cb0cc8d859 Merge pull request #7625 from geoffw0/nullterm4 
C++: Fix some code duplication.
 2022-01-18 11:18:06 +00:00
Tony Torralba
b16b0270d2 Merge pull request #6779 from atorralba/atorralba/android-implicit-pending-intents 
Java: CWE-927 - Query to detect the use of implicit PendingIntents
 2022-01-18 12:14:47 +01:00
Chris Smowton
9819752bdd Merge pull request #7526 from smowton/smowton/fix/restore-nodes-edges-consistency 
Don't include arg -> param edges in PathGraph::edges where arg is not reachable
 2022-01-18 11:05:47 +00:00
Benjamin Muskalla
7e215a5193 Merge pull request #7599 from bmuskalla/modelWriter 
Java: Model Appenable and Writer
 2022-01-18 11:55:27 +01:00
Henry Mercer
1893b9f7a9 Merge pull request #7376 from github/henrymercer/js-atm-absent-features-optimization 
JS: Update featurization for absent features optimization
 2022-01-18 10:15:53 +00:00
Tony Torralba
f103d45340 Merge branch 'main' into atorralba/android-implicit-pending-intents 2022-01-18 10:50:49 +01:00
Mathias Vorreiter Pedersen
e1598aba5e C++: Fix spelling. 2022-01-18 09:44:36 +00:00
Tony Torralba
3ff7710a18 Improve ExplicitIntent's QLDoc 2022-01-18 10:43:52 +01:00
Tony Torralba
fe2755c4a0 Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-01-18 10:41:19 +01:00
Benjamin Muskalla
365a8d9bbd Fix flow for fluent appendable api 2022-01-18 10:41:00 +01:00
Benjamin Muskalla
8e6a15640f Model basic channel APIs 2022-01-18 10:40:39 +01:00
Anders Schack-Mulligen
fff3b5c5b4 Dataflow: Add qldoc. 2022-01-18 10:39:55 +01:00
Anders Schack-Mulligen
9479301485 Ruby: Accept qltest expected changes. 2022-01-18 10:36:52 +01:00
Anders Schack-Mulligen
5cfa3c7927 C++: Accept qltest expected changes. 2022-01-18 10:36:52 +01:00
Anders Schack-Mulligen
7b98ca9b0a C#: Adjust qltest expected output. 2022-01-18 10:36:52 +01:00
Anders Schack-Mulligen
aa9912a699 Java: Fix expected output 2022-01-18 10:36:52 +01:00
Anders Schack-Mulligen
71e39353ca Dataflow: Sync. 2022-01-18 10:36:52 +01:00
Anders Schack-Mulligen
b22c4e3c56 Dataflow: Bugfix: include subpaths ending at a sink. 2022-01-18 10:34:14 +01:00
Chris Smowton
f7d3892320 Update test expectations 2022-01-18 10:30:09 +01:00
Anders Schack-Mulligen
dfa79f6119 Dataflow: Sync. 2022-01-18 10:30:09 +01:00
Anders Schack-Mulligen
46736a137c Dataflow: Don't include subpaths that can't reach a sink. 2022-01-18 10:30:09 +01:00