hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-03 09:40:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
57,085 Commits 1,673 Branches 157 Tags
d111fa7e94cd3c0760d3fc485ae2492d033d3b22
Commit Graph

57085 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
d111fa7e94 Merge pull request #13862 from jketema/ir-test 
C++: Add IR test that shows dataflow regression after frontend update
 2023-08-01 10:06:49 +02:00
Tony Torralba
2b3cab355d Merge pull request #13859 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2023-08-01 09:18:20 +02:00
Jeroen Ketema
ef8d95f87d C++: Add IR test that shows dataflow regression after frontend update 2023-08-01 09:01:39 +02:00
Owen Mansel-Chan
5a5e921ee7 Merge pull request #13846 from owen-mc/go/better-baselines 
Go: Add language-specific baseline configuration
 2023-08-01 07:14:43 +01:00
Owen Mansel-Chan
a8c64443e8 Merge pull request #13645 from porcupineyhairs/goTiming 
Go : Improvements to Timing Attacks query
 2023-08-01 07:10:42 +01:00
github-actions[bot]
b547ae7c2f Add changed framework coverage reports 2023-08-01 00:18:36 +00:00
Felicity Chapman
df1e8e263b Merge pull request #13854 from github/11185-add-note 
CodeQL library update to use modular API interface - Add note and include in articles
 2023-07-31 17:22:17 +01:00
Owen Mansel-Chan
d98079d72c Apply suggestions from code review 
Co-authored-by: Henry Mercer <henry.mercer@me.com>
 2023-07-31 16:49:11 +01:00
Owen Mansel-Chan
216911dad9 Merge branch 'main' into goTiming 2023-07-31 16:15:10 +01:00
Owen Mansel-Chan
3d495bdd43 Add new files to CODEQL_TOOLS in Makefile 2023-07-31 16:12:52 +01:00
Owen Mansel-Chan
47a536c85d Always output valid JSON containing paths-ignore 2023-07-31 16:09:47 +01:00
Felicity Chapman
46f80dc5ca Put back a missing colon to fix the link 2023-07-31 15:56:24 +01:00
Felicity Chapman
9a334d3300 Add shortened link to changelog 2023-07-31 14:13:52 +01:00
Geoffrey White
1c64fb16f1 Merge pull request #13756 from geoffw0/sources2 
Swift: CustomUrlSchemes test enhancements and minor model improvement
 2023-07-31 12:53:03 +01:00
Felicity Chapman
a0c0da78e9 Merge branch 'main' into 11185-add-note 2023-07-31 11:54:00 +01:00
Geoffrey White
c4b782407b Merge pull request #13853 from geoffw0/commandinject 
Swift: Autoformat experimental query.
 2023-07-31 11:30:20 +01:00
Felicity Chapman
4d05b742d6 Merge branch 'main' into 11185-add-note 2023-07-31 10:58:03 +01:00
Felicity Chapman
32da3c3730 Add main note and include in articles 2023-07-31 10:50:47 +01:00
Geoffrey White
f921076fca Swift: Autoformat. 2023-07-31 10:25:25 +01:00
Tony Torralba
5488abc512 Merge pull request #13850 from atorralba/atorralba/java/unimportant-generated-models 
Java: Remove superfluous generated models
 2023-07-31 11:25:03 +02:00
Tony Torralba
41f1315da9 Merge pull request #13772 from atorralba/atorralba/java/inputstream-wrapper-read-step 
Java: Add taint steps for InputStream wrappers
 2023-07-31 11:12:43 +02:00
Geoffrey White
e534afe634 Merge pull request #13726 from maikypedia/maikypedia/swift-command-injection 
Swift: Add Command Injection query (CWE-078)
 2023-07-31 10:06:22 +01:00
Geoffrey White
12f2539d1d Swift: Use flowTo. 2023-07-31 10:03:25 +01:00
Mathias Vorreiter Pedersen
2562f8a297 Merge pull request #13844 from jketema/forgotten-paren 
C++: Add forgotten parentheses in ternary IR test
 2023-07-31 10:03:06 +02:00
Tony Torralba
3bd4d34a47 Java: Remove superfluous generated models 2023-07-31 09:48:03 +02:00
Porcupiney Hairs
74e5c15eaa Go : Improvements to Timing Attacks query 2023-07-31 06:30:47 +05:30
Owen Mansel-Chan
b5518047fa Go: Add language-specific baseline configuration 2023-07-30 21:52:33 +01:00
Mathias Vorreiter Pedersen
4656130dab Merge pull request #13843 from MathiasVP/revert-13792 2023-07-30 01:18:00 +02:00
Jeroen Ketema
0bc75ea9b7 C++: Add forgotten parentheses in ternary IR test 
Without the parentheses, the expressions are parsed as `a ? x : (y = val)`.
 2023-07-29 18:44:28 +02:00
Mathias Vorreiter Pedersen
fd1949092c C++: Accept test changes. 2023-07-29 11:29:06 +02:00
Mathias Vorreiter Pedersen
ce9a14b692 Revert "Merge pull request #13792 from MathiasVP/swap-argument-order-in-invalid-ptr-deref" 
This reverts commit 1fa6511482, reversing
changes made to 4676ca5a4a.
 2023-07-29 11:26:41 +02:00
Stephan Brandauer
40eab180cc Merge pull request #13823 from github/kaeluka/support-argument-this-in-frameworkmode-metadata-extraction 
Java: Support Argument[this] and parameters of bodiless interface methods in framework mode metadata extraction
 2023-07-28 17:38:39 +02:00
Tony Torralba
08cba7dc5f Merge pull request #13713 from pwntester/java/struts2_source_taint_inheriting 
[Java] Implement field taint inheritance for Struts2 unmarshalled objects
 2023-07-28 16:46:27 +02:00
Owen Mansel-Chan
a020189895 Merge pull request #13822 from owen-mc/dataflow/mergepathgraph3-signature-fix 
Dataflow: MergePathGraph3 signature fix
 2023-07-28 15:15:43 +01:00
Shati Patel
a98ae8941c Merge pull request #13832 from github/shati-patel/docs-indentation 
Docs: Fix indentation in tutorial examples
 2023-07-28 14:07:16 +01:00
Tony Torralba
2dff0ce5b4 Merge pull request #13712 from pwntester/java/new_struts2_models 
[Java] New models for Struts2 framework
 2023-07-28 14:31:25 +02:00
Stephan Brandauer
8bf960bd44 Java: fix QL-for-QL alert 2023-07-28 14:28:47 +02:00
Stephan Brandauer
021eedfdf1 Java: format 2023-07-28 14:26:34 +02:00
Stephan Brandauer
82fd0e45aa Java: support Argument[this] in NotAModelApiParameter 2023-07-28 14:04:53 +02:00
Stephan Brandauer
a9d2f43538 Java: use a newtype for framework mode candidates 2023-07-28 13:51:25 +02:00
Stephan Brandauer
8ed773b240 Java: Framework mode extraction now uses a custom class for endpoints, so we can support both Argument[this] and interface-method parameters 2023-07-28 12:56:39 +02:00
Stephan Brandauer
09c64e8fee Java: Support Argument[this] in framework mode metadata extraction 2023-07-28 12:55:26 +02:00
shati-patel
1694915535 Docs: Fix indentation in tutorial examples 2023-07-28 11:45:39 +01:00
Ian Lynagh
499bd970d3 Merge pull request #13412 from igfoo/igfoo/json_escape 
Kotlin: Tweak our JSON escaping
 2023-07-28 11:13:51 +01:00
Alvaro Muñoz
c3a2ae2943 Account for public fields/setters 2023-07-28 12:12:07 +02:00
Alvaro Muñoz
c089368557 Merge branch 'java/struts2_source_taint_inheriting' of https://github.com/pwntester/codeql into java/struts2_source_taint_inheriting 2023-07-28 12:05:38 +02:00
Maiky
90ac5b905b 2023-07-28 00:21:02 +02:00
Maiky
2a49219127 Move query to experimental 2023-07-28 00:15:33 +02:00
Maiky
d9800c7bb6 Update CommandInjection.ql 2023-07-27 22:45:50 +02:00
Maiky
d0a912fb02 Update swift/ql/src/queries/Security/CWE-078/CommandInjection.ql 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2023-07-27 22:45:05 +02:00