hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-04 22:56:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
69,647 Commits 1,699 Branches 161 Tags
d1fecd869be3f519f6780a8fca6ca804f4b96c4e
Commit Graph

69647 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Simon Friis Vindum
d1fecd869b C++: Make StringCchPrintf not extend NonThrowingFunction 2024-08-28 15:40:14 +02:00
Simon Friis Vindum
d6049cd98b C++: Add additional implementations of NonThrowingFunction and make minor fixes to docs 2024-08-28 10:54:16 +02:00
Simon Friis Vindum
d9dbcdba34 C++: Fix imports 2024-08-26 12:42:44 +02:00
Simon Friis Vindum
128053e214 C++: Add basic modeling of functions that don't throw 2024-08-26 09:37:44 +02:00
Paolo Tranquilli
c4c8c9ddc1 Merge pull request #17291 from github/criemen/ripunzip 
Make ripunzip installer accessible from outside this repo.
 2024-08-23 20:14:44 +02:00
Cornelius Riemenschneider
3ac8108c4a Address review. 2024-08-23 17:26:05 +02:00
Tamás Vajk
d710c1e89d Merge pull request #17287 from tamasvajk/message-count-telemetry 
C#: Add aggregated compiler and extractor message counts to extractio…
 2024-08-23 14:41:27 +02:00
Cornelius Riemenschneider
d84e745ce9 Make ripunzip installer accessible from outside this repo. 
* The relative path to misc doesn't work when running from another repo
* The buildifier dependency is not available from other repos,
  therefore we can't pull in //misc/bazel without further refactoring.

Therefore, inline the runfiles snippet here.
 2024-08-23 14:24:51 +02:00
Michael Nebel
20d9fd11ac Merge pull request #17288 from michaelnebel/shared/contentflow 
Shared: ContentFlow.
 2024-08-23 09:52:27 +02:00
Michael Nebel
19c2eb17c4 C#: Remove redundant imports. 2024-08-23 09:04:13 +02:00
Chris Smowton
67d94376e8 Merge pull request #17227 from smowton/smowton/fix/baseline-vs-nonroot-vendor-dirs 
Go / configure-baseline: account for multiple vendor directories and the `CODEQL_EXTRACTOR_GO_EXTRACT_VENDOR_DIRS` setting
 2024-08-22 15:00:51 +01:00
Michael Nebel
d935c47231 C#: Use the shared content flow implementation. 2024-08-22 15:46:01 +02:00
Michael Nebel
e6424f0f45 Shared: Make ContentDataFlow reusable. 2024-08-22 15:45:58 +02:00
Owen Mansel-Chan
18b99ffecc Merge pull request #17284 from owen-mc/go/fix-frameworks-coverage 
Go: Try to fix packages in frameworks coverage
 2024-08-22 14:43:52 +01:00
Tamas Vajk
6827bedaa7 C#: Add aggregated compiler and extractor message counts to extraction telemetry query 2024-08-22 15:14:33 +02:00
Tamás Vajk
3dce56b0b1 Merge pull request #17276 from tamasvajk/impr/change-partial-method-location 
C#: Change reporting location of partial methods
 2024-08-22 15:10:21 +02:00
Michael Nebel
4cd34531c6 Shared: Add a copy of the existing C# Content Dataflow implementation. 2024-08-22 15:07:45 +02:00
Owen Mansel-Chan
2edadbf423 Try to fix packages in frameworks coverage 2024-08-22 11:44:34 +01:00
Asger F
a1688f6a1a Merge pull request #17240 from knewbury01/knewbury01/fix-helmetrequiredsetting-model 
Update JS helmet model structure
 2024-08-22 11:59:28 +02:00
Michael Nebel
bd69b96752 Merge pull request #17273 from michaelnebel/csharp/sqlinject 
C#: ASP.NET Controller is allowed to be abstract.
 2024-08-22 11:18:48 +02:00
Asger F
43f54db4db Merge pull request #17274 from asgerf/java/implicit-pending-intents-implicit-read 
Java: Reveal false negative in test
 2024-08-22 11:00:07 +02:00
Tom Hvitved
d41d7c8246 Merge pull request #17207 from hvitved/csharp/content-set 
C#: Implement `ContentSet`
 2024-08-22 10:55:11 +02:00
Tom Hvitved
a213982b48 Merge pull request #17222 from hvitved/ruby/hash-splat-param-arg-matching 
Ruby: Rework (hash) splat argument/parameter matching
 2024-08-22 10:54:52 +02:00
Asger F
09aca6b47e Merge pull request #17212 from mbaluda/main 
Add support for importing NPM modules in XSJS sources
 2024-08-22 10:54:33 +02:00
Anders Schack-Mulligen
d97a301fef Merge pull request #17105 from aschackmull/dataflow/stage6 
Dataflow: Refactor stage 6 to use shared stage code.
 2024-08-22 09:46:49 +02:00
Tom Hvitved
e94fabcc19 Address review comment 2024-08-22 08:27:15 +02:00
Tom Hvitved
cb1b1da422 Ruby: Add another array flow test 2024-08-21 19:06:53 +02:00
Tom Hvitved
b0003c0453 Ruby: Remove two redundant checks 2024-08-21 19:06:29 +02:00
Edward Minnix III
2f3ebfb81f Merge pull request #17205 from egregius313/egregius313/go/dataflow/models/environment 
Go: Add models for environment variables
 2024-08-21 12:27:33 -04:00
Tamas Vajk
f7bf5e89be Add change note 2024-08-21 15:58:05 +02:00
Ed Minnix
c2fa721966 Fix stub 2024-08-21 09:56:42 -04:00
Ed Minnix
6fdff977e5 Fix test cases 2024-08-21 09:47:46 -04:00
Edward Minnix III
2aa3e1f7a2 Alphabetize models 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2024-08-21 09:44:20 -04:00
Edward Minnix III
210ea5be79 Add model from older versions of caarlos0/env 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2024-08-21 09:43:58 -04:00
Edward Minnix III
7ae52425ce Update package list in change note 2024-08-21 09:43:24 -04:00
Edward Minnix III
318a376a78 Remove ProcAttr models 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2024-08-21 09:43:04 -04:00
Chris Smowton
15989ce213 Merge pull request #14089 from am0o0/amammad-java-JWT 
Java: JWT decoding without verification
 2024-08-21 14:14:08 +01:00
Tamas Vajk
7c4733e88f C#: Change reporting location of partial methods 2024-08-21 15:13:14 +02:00
Michael Nebel
7049499e95 C#: Add change-note. 2024-08-21 14:38:55 +02:00
Asger F
3aa32e4aff Java: use MISSING inline annotation 2024-08-21 13:40:40 +02:00
Asger F
f7ea8a1563 Java: trivial result set re-order 2024-08-21 13:37:38 +02:00
Asger F
5751fc2d3a Java: Reveal false negative in test 
One of the sinks was flagged for the wrong reason in the test case.

The flow into the 'startActivities' sink isn't working properly, but this was not revealed by the test since an alternate, spurious path exists. The spurious path goes through the implicit read at the prior sink and takes a use-use step to the 'startActivities' sink. Swapping the order of the two sinks reveals the false negative.
 2024-08-21 13:36:47 +02:00
Michael Nebel
45d4d5138a C#: Update expected test output. 2024-08-21 13:14:12 +02:00
Michael Nebel
79718f1cd6 C#: Remove requirement that a controller is not allowed to be abstract. 2024-08-21 13:00:15 +02:00
Michael Nebel
75772c5832 C#: Add abstract controller remote flow source example. 2024-08-21 13:00:10 +02:00
Michael Nebel
5d14307ea2 C#: Add a SQL injection test case for ASP.NET. 2024-08-21 12:14:30 +02:00
Owen Mansel-Chan
a1a6fe45f1 Merge pull request #17245 from owen-mc/go/update-frameworks 
Go: Update frameworks.csv
 2024-08-21 10:52:21 +01:00
Tamás Vajk
b91ad04e6a Merge pull request #17257 from tamasvajk/buildless/temp-locations 
C#: Change random temp folder names to hash values
 2024-08-21 11:39:40 +02:00
Tamás Vajk
b6255571d8 Merge pull request #17253 from tamasvajk/impr/add-retry-logic-to-file-download 
C#: Add retry logic to file (nuget.exe, dotnet-install.sh) downloads
 2024-08-21 11:39:14 +02:00
Chris Smowton
f13f19d5dc Fix typo 2024-08-21 10:22:42 +01:00