hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-29 23:26:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
59,785 Commits 1,673 Branches 157 Tags
d15c60ba7674a98060011357e4bd57be01ffb9d7
Commit Graph

59785 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael B. Gale
d15c60ba76 Merge pull request #14516 from github/mbg/go/fix-dependabot-yml-again 2023-10-16 18:48:26 +01:00
Dave Bartolomeo
e4e472ee74 Merge pull request #14512 from MathiasVP/fix-size-in-invalid-ptr-deref 
C++: Fix size deduction in `cpp/invalid-pointer-deref`
 2023-10-16 11:22:41 -04:00
Alex Ford
25c416ec8a Merge pull request #14061 from maikypedia/maikypedia/ruby-jwt 
Ruby: JWT Security Queries (CWE-347)
 2023-10-16 15:42:31 +01:00
Edward Minnix III
21bea38ec8 Merge pull request #14472 from egregius313/egregius313/sync-local-and-remote-queries 
Java: Synchronize `*Local` versions of queries with their remote counterpart
 2023-10-16 10:31:40 -04:00
Michael B. Gale
8c818a8657 group => groups 2023-10-16 14:53:03 +01:00
Michael B. Gale
822f37156e Merge pull request #14483 from github/mbg/go/dependabot 
Go: Improve Dependabot configuration
 2023-10-16 14:05:36 +01:00
Alex Ford
22850b28df Ruby: update alert message test output 2023-10-16 13:08:49 +01:00
Alex Ford
66d230a207 ruby: qlformat 2023-10-16 12:45:46 +01:00
Alex Ford
3dd042c38a Merge remote-tracking branch 'origin/main' into maikypedia/ruby-jwt 2023-10-16 12:42:19 +01:00
Mathias Vorreiter Pedersen
79947956bc Merge pull request #14509 from MathiasVP/tag-redundant-null-check-simple-as-security 
C++: Mark `cpp/redundant-null-check-simple` as a security query
 2023-10-16 11:58:21 +01:00
Mathias Vorreiter Pedersen
ba27a0d515 Update cpp/ql/src/change-notes/2023-10-16-redundant-null-check-simple.md 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2023-10-16 12:48:53 +02:00
Mathias Vorreiter Pedersen
32d82380f1 C++: Add change note. 2023-10-16 11:08:27 +01:00
Mathias Vorreiter Pedersen
d8a049f5cc C++: Accept test changes. 2023-10-16 10:51:47 +01:00
Mathias Vorreiter Pedersen
7e6857d36b C++: Make 'hasSize' slightly smarter when handling ternary operators. 2023-10-16 10:48:28 +01:00
Mathias Vorreiter Pedersen
6a7b2e4aa4 C++: Add failing test. 2023-10-16 10:47:45 +01:00
Joe Farebrother
fe2468e7d0 Merge pull request #14498 from joefarebrother/csharp-missing-access-control 
C#: Fix FP in Missing Function Level Access Control and Insecure Direct Object Reference
 2023-10-16 10:46:19 +01:00
Mathias Vorreiter Pedersen
20c3984872 C++: Add the 'security' tag and add a 'security-severity' rating to 'cpp/redundant-null-check-simple'. 2023-10-16 09:54:36 +01:00
Arthur Baars
0e3369f93f Merge pull request #14484 from aibaars/ts53-js 
JS: Support import attributes
 2023-10-16 10:47:49 +02:00
Erik Krogh Kristensen
80c5e1ea77 Merge pull request #14497 from erik-krogh/jsp 
JS: add support for extracting `.jsp` files
 2023-10-16 09:27:46 +02:00
Erik Krogh Kristensen
c30e004506 Merge pull request #14506 from github/dependabot/cargo/ql/tracing-0.1.39 
Bump tracing from 0.1.38 to 0.1.39 in /ql
 2023-10-16 09:24:12 +02:00
Tony Torralba
ae8e237f2c Merge pull request #14494 from atorralba/atorralba/remove-library 
Java/C/C#: Remove library annotations
 2023-10-16 09:01:40 +02:00
Tamás Vajk
d723905035 Merge pull request #14368 from tamasvajk/standalone/use-legacy-framework-dlls 
C#: Choose between .NET framework or core DLLs in standalone
 2023-10-16 08:53:55 +02:00
dependabot[bot]
7700210ed2 Bump tracing from 0.1.38 to 0.1.39 in /ql 
Bumps [tracing](https://github.com/tokio-rs/tracing) from 0.1.38 to 0.1.39.
- [Release notes](https://github.com/tokio-rs/tracing/releases)
- [Commits](https://github.com/tokio-rs/tracing/compare/tracing-0.1.38...tracing-0.1.39)

---
updated-dependencies:
- dependency-name: tracing
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-10-16 03:21:13 +00:00
Owen Mansel-Chan
53561008a1 Merge pull request #14445 from owen-mc/go/automated-mad-coverage-report 
Go: automated mad coverage report
 2023-10-15 21:49:47 +01:00
Owen Mansel-Chan
39bca2d4bb Merge pull request #14276 from tunnelshade/enable-gokit-by-default 
Go: Enable GoKit module into the default list
 2023-10-15 21:44:27 +01:00
Maiky
e204100701 Resolve conflict in Concepts.qll 2023-10-15 10:37:10 +02:00
Maiky
17210c76a5 change-note edition 
Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>
 2023-10-15 10:25:58 +02:00
BD
0ef83b3c74 Merge branch 'main' into enable-gokit-by-default 2023-10-15 10:22:27 +05:30
Jeroen Ketema
d56a9f0781 Merge pull request #14424 from jketema/rewrite-cgi-xss 
C++: Rewrite `cpp/cgi-xss` to not use default taint tracking
 2023-10-13 17:57:04 +02:00
Mathias Vorreiter Pedersen
fb0016e4f6 Merge pull request #14485 from geoffw0/logging 
Swift: Add more sinks to `swift/cleartext-logging`
 2023-10-13 16:09:19 +01:00
Mathias Vorreiter Pedersen
9a2ac65f53 Merge pull request #14394 from geoffw0/sqlpathinject3 
Swift: Add sinks for sqlite3 and SQLite.swift to swift/hardcoded-key
 2023-10-13 16:07:09 +01:00
Joe Farebrother
915352861d Check for generic base types in Missing Function Level Access Control and Insecure Direct Object Reference. 2023-10-13 14:22:45 +01:00
erik-krogh
69c3e62965 add change-note 2023-10-13 15:16:39 +02:00
Tamas Vajk
15ec0a10c9 Code quality improvements 2023-10-13 14:09:58 +02:00
Jeroen Ketema
61676277e8 C++: Fix barrier in cpp/cgi-xss 2023-10-13 14:05:47 +02:00
Tony Torralba
0cea3f8531 Remove library annotations 2023-10-13 12:46:56 +02:00
Harry Maclean
1297acf5b1 Merge pull request #14216 from hmac/hmac-graphql-enum 
Ruby: Restrict GraphQL remote flow sources
 2023-10-13 11:31:50 +01:00
erik-krogh
9080e84fc9 add support for extracting .jsp files 2023-10-13 12:09:27 +02:00
Tony Torralba
5e921784fb Merge pull request #14399 from ebickle/fix/thread-resource-arithmetic 
Java: Flow taint through arithmetic expressions for java/thread-resource-abuse experimental query
 2023-10-13 10:06:33 +02:00
Erik Krogh Kristensen
b1ad61e27d Merge pull request #14481 from erik-krogh/proper-codepoints 
ReDoS: use the new codePointAt and codePointCount methods instead of regex hacks
 2023-10-13 09:35:55 +02:00
Felicity Chapman
2ddcd1d9cc Merge pull request #14489 from github/felicitymay-typo-fix 
Fix typo in link
 2023-10-12 21:45:30 +01:00
Felicity Chapman
8f70b55158 Fix typo in link 2023-10-12 20:53:44 +01:00
Ian Lynagh
2edc70da79 Merge pull request #14390 from igfoo/igfoo/compr 
Kotlin: Improve support for TRAP compression options
 2023-10-12 20:22:10 +01:00
Geoffrey White
fe57cd0784 Merge pull request #14488 from geoffw0/strlentest 
Swift: Additional test cases for `swift\string-length-conflation`
 2023-10-12 19:39:43 +01:00
AlexDenisov
6ab2de10e3 Merge pull request #14437 from github/alexdenisov/ignore-unavailable-declarations 
Swift: skip declarations marked as unavailable
 2023-10-12 20:08:18 +02:00
Ian Lynagh
ed9502fd0b Kotlin: Enhance the TRAP compression test 2023-10-12 18:13:07 +01:00
Ian Lynagh
adb47399c7 Kotlin: Improve support for TRAP compression options 
While you could control compression with
    CODEQL_EXTRACTOR_JAVA_OPTION_TRAP_COMPRESSION
before, most TRAP files used gzip regardless for compatibility with the
Java extractor. Now Java understands the option too we can use it for
shared TRAP files.
 2023-10-12 18:13:06 +01:00
Mathias Vorreiter Pedersen
3c34638438 Merge pull request #14486 from MathiasVP/simplify-overrun-write 
C++: Remove unnecessary `FlowState` from `cpp/overrun-write`
 2023-10-12 17:48:52 +01:00
Geoffrey White
9f683b8630 Swift: Remove duplicate results. 2023-10-12 17:38:58 +01:00
Geoffrey White
cf7f355fc4 Swift: Additional test cases. 2023-10-12 17:11:56 +01:00