hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-20 22:44:52 +02:00
Code Issues Packages Projects Releases Wiki Activity
49,612 Commits 1,741 Branches 165 Tags
cd596403a0e14a7cd6ef2b548ca89dc596eafe81
Commit Graph

49612 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Wriedt Larsen
b220c2f51d Misc: Add security-experimental to generate-code-scanning-query-list.py 
Since not all experimental queries is part of this new suite, it's nice
to be able to list them explicitly without having to replicate the logic
from the .qls file.
 2023-01-25 15:20:49 +01:00
Geoffrey White
f6fe627f4b Merge pull request #11914 from geoffw0/rncrypt3 
Swift: Add RNCryptor sinks to swift/constant-salt
 2023-01-25 13:05:33 +00:00
Alex Ford
3dd9392f5e Merge pull request #11869 from alexrford/rails/render_locals_shared 
Ruby: Rails - generalize rails flow step for accessing render locals hash in view
 2023-01-25 12:07:26 +00:00
Erik Krogh Kristensen
39e9eaf2bc Merge pull request #11986 from erik-krogh/redosNote2 
RB: add note in ReDoS qhelp that Ruby 3.2 has fixed ReDoS
 2023-01-25 11:56:04 +01:00
Paolo Tranquilli
f4cb920624 Merge pull request #11932 from github/redsun82/swift-docs 
Swift: add and fix some `schema.py` documentation
 2023-01-25 10:52:00 +01:00
erik-krogh
54b0350cac add note in ReDoS qhelp that Ruby 3.2 has fixed ReDoS 2023-01-25 10:24:11 +01:00
dependabot[bot]
531c0559a0 Bump num_cpus from 1.13.0 to 1.14.0 in /ruby 
Bumps [num_cpus](https://github.com/seanmonstar/num_cpus) from 1.13.0 to 1.14.0.
- [Release notes](https://github.com/seanmonstar/num_cpus/releases)
- [Changelog](https://github.com/seanmonstar/num_cpus/blob/master/CHANGELOG.md)
- [Commits](https://github.com/seanmonstar/num_cpus/compare/v1.13.0...v1.14.0)

---
updated-dependencies:
- dependency-name: num_cpus
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-25 08:48:08 +00:00
Arthur Baars
358ae7529b Merge pull request #11973 from github/dependabot/cargo/ruby/serde_json-1.0.91 
Bump serde_json from 1.0.72 to 1.0.91 in /ruby
 2023-01-25 09:45:32 +01:00
Arthur Baars
068b71bc3d Merge pull request #11972 from github/dependabot/cargo/ruby/regex-1.7.1 
Bump regex from 1.5.5 to 1.7.1 in /ruby
 2023-01-25 09:44:57 +01:00
Arthur Baars
e634ab771f Merge pull request #11971 from github/dependabot/cargo/ruby/flate2-1.0.25 
Bump flate2 from 1.0.22 to 1.0.25 in /ruby
 2023-01-25 09:44:29 +01:00
Erik Krogh Kristensen
99bad77972 Merge pull request #11906 from erik-krogh/moreStem 
JS: expand what is parsed as the stem of a pathexpr
 2023-01-25 08:44:44 +01:00
Geoffrey White
5375678ca6 Swift: Add consistent CSV extension points. 2023-01-24 18:49:50 +00:00
Geoffrey White
6a210d719b Swift: Rename QueryExtensions.qll files for consistency. 2023-01-24 17:58:13 +00:00
Paolo Tranquilli
ddef87f6e2 Merge pull request #10956 from github/redsun82/swift-linkage-awareness 
Swift: disambuigate entities using linkage awareness on modules
 2023-01-24 18:49:24 +01:00
Paolo Tranquilli
4880ab41a2 Swift: use weakly_canonical instead of canonical 
`weakly_canonical` will resolve as much as possible in the path, and not
return an error if it can't resolve everything (for example due to a
non existant file). In any case in case of problems with the file we
will see an error when actually using the resolved path.

This tunes down some unhelpful log messages.
 2023-01-24 16:34:47 +01:00
Paolo Tranquilli
a74247e5d8 Swift: add filename to an error message 2023-01-24 16:29:10 +01:00
Paolo Tranquilli
6b77e6748a Swift: use same implementation for createTarget{Link,Object}Domain 2023-01-24 16:27:21 +01:00
James Fletcher
176b2cae19 Merge pull request #11882 from github/charisk/rename-vscode-run-query-cmd 
Rename VS Code Extension Run Query command
 2023-01-24 15:17:30 +00:00
Paolo Tranquilli
23344a7183 Merge branch 'main' into redsun82/swift-linkage-awareness 2023-01-24 15:47:44 +01:00
Jeroen Ketema
ae2fa6c1a4 Merge pull request #11975 from MathiasVP/another-dataflow-loop 
C++: Add another looping dataflow test
 2023-01-24 14:21:16 +01:00
Calum Grant
522c9d640d Merge pull request #11957 from github/yoff-list-support-for-python-3.11 
Update supported-versions-compilers.rst
 2023-01-24 10:15:11 +00:00
Mathias Vorreiter Pedersen
510211a4c7 C++: Add testcase with looping behavior in C/C++ def-use flow. 2023-01-24 09:44:30 +00:00
Michael Nebel
4df615f994 Merge pull request #11922 from michaelnebel/csharp11/strings 
C# 11: String related functionality.
 2023-01-24 10:31:31 +01:00
Michael Nebel
0b04654f33 C#: Update expected test output. 2023-01-24 09:51:47 +01:00
Michael Nebel
4c966f2b8a C#: Add some more UTF-8 encoded string examples. 2023-01-24 09:49:38 +01:00
Mathias Vorreiter Pedersen
ca5916f3dc Merge pull request #11946 from MathiasVP/fix-taint-models-2 2023-01-24 08:13:43 +00:00
dependabot[bot]
fd22c7c73e Bump serde_json from 1.0.72 to 1.0.91 in /ruby 
Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.72 to 1.0.91.
- [Release notes](https://github.com/serde-rs/json/releases)
- [Commits](https://github.com/serde-rs/json/compare/v1.0.72...v1.0.91)

---
updated-dependencies:
- dependency-name: serde_json
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-24 06:39:13 +00:00
dependabot[bot]
c4bf25f33c Bump regex from 1.5.5 to 1.7.1 in /ruby 
Bumps [regex](https://github.com/rust-lang/regex) from 1.5.5 to 1.7.1.
- [Release notes](https://github.com/rust-lang/regex/releases)
- [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/regex/compare/1.5.5...1.7.1)

---
updated-dependencies:
- dependency-name: regex
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-24 06:39:09 +00:00
dependabot[bot]
b1f73b59cd Bump flate2 from 1.0.22 to 1.0.25 in /ruby 
Bumps [flate2](https://github.com/rust-lang/flate2-rs) from 1.0.22 to 1.0.25.
- [Release notes](https://github.com/rust-lang/flate2-rs/releases)
- [Commits](https://github.com/rust-lang/flate2-rs/compare/1.0.22...1.0.25)

---
updated-dependencies:
- dependency-name: flate2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-24 06:39:03 +00:00
Arthur Baars
c512eddb69 Merge pull request #11969 from hmac/simplify-ruby-dependabot-config 
Ruby: Simplify dependabot config
 2023-01-24 07:34:45 +01:00
Harry Maclean
8050639b16 Ruby: Simplify dependabot config 
Dependabot is able to understand cargo workspaces, so it's not necessary
to enumerate each workspace member. It should be enough to configure it
with the workspace root directory. This will hopefully ensure that the
Cargo.lock file gets updated correctly.
 2023-01-24 16:37:10 +13:00
Harry Maclean
e6e4e29bf8 Ruby: newline 2023-01-23 21:53:52 +00:00
Harry Maclean
224db456af Ruby: Simplify isRackResponse 2023-01-23 21:53:09 +00:00
Harry Maclean
60f9635ada Ruby: Move import 2023-01-23 21:51:27 +00:00
Harry Maclean
c1207e0938 Ruby: Fix rack response tracking 
Use type tracking instead of getReturningNode, which seems to be faster
and works correctly for the cases I've tried.
 2023-01-23 21:43:04 +00:00
Erik Krogh Kristensen
fc66c905ff Merge pull request #11859 from erik-krogh/moreShell 
JS: slightly broaden the regular expression that recognizes bad string-concats used as shell commands
 2023-01-23 22:26:17 +01:00
Henry Mercer
21e63a8a86 Merge pull request #11967 from github/codeql-ci/atm/release-0.4.6 
JS: Bump version numbers of ML-powered packs after 0.4.6 release
 2023-01-23 20:43:18 +00:00
Henry Mercer
241951f53e Merge branch 'main' into codeql-ci/atm/release-0.4.6 2023-01-23 18:24:36 +00:00
github-actions[bot]
be481d975c JS: Bump version of ML-powered library and query packs to 0.4.7 2023-01-23 18:22:18 +00:00
github-actions[bot]
40a67d61d2 JS: Bump patch version of ML-powered library and query packs 2023-01-23 18:15:56 +00:00
Geoffrey White
25bcaa3a54 Merge pull request #11966 from geoffw0/usenumerics 
Swift: Use numeric types in CleartextLogging.qll.
 2023-01-23 18:06:17 +00:00
Sid Shankar
e32823c3e0 Merge pull request #11964 from github/sidshank/update-supported-language-versions-Jan-2023 
Update supported language versions in documentation
 2023-01-23 12:12:43 -05:00
Geoffrey White
19527016a5 Swift: Use numeric types in CleartextLogging.qll. 2023-01-23 16:52:03 +00:00
Sid Shankar
f77d156e9a Update supported version of Java 2023-01-23 15:41:35 +00:00
Sid Shankar
444df6fccb Update supported version of Go 2023-01-23 15:41:02 +00:00
Erik Krogh Kristensen
240248b9cf Merge pull request #11453 from erik-krogh/unsafeHtmlConstruction 
RB: add unsafe-html-construction query
 2023-01-23 16:40:25 +01:00
erik-krogh
11894144aa remove regular expression that did nothing 2023-01-23 16:38:09 +01:00
Jeroen Ketema
0a0d6d0841 Merge pull request #11963 from MathiasVP/testcase-with-loop 
C++: Add testcase with looping behavior
 2023-01-23 16:33:36 +01:00
Erik Krogh Kristensen
5be97f3761 Merge pull request #11909 from erik-krogh/concatCode 
Rb: recognize string concatenations as sinks for unsafe-code-construction
 2023-01-23 16:22:46 +01:00
Mathias Vorreiter Pedersen
a217017859 C++: Add testcase with looping behavior in C/C++ use-use flow. 2023-01-23 14:29:39 +00:00