hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-05 23:26:51 +01:00
Code Issues Packages Projects Releases Wiki Activity
45,591 Commits 1,703 Branches 162 Tags
d26b0892cf867aef2723be21f3006e0bd1861cb0
Commit Graph

45591 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger F
d26b0892cf Ruby: also add an AST test 2022-10-21 09:23:21 +02:00
Asger F
038bdecad7 Ruby: add test with compound assignment to a constant 2022-10-21 09:20:03 +02:00
Chris Smowton
ac013f9d19 Merge pull request #10889 from smowton/smowton/fix/enum-entry-class-warning 
Kotlin: Don't warn on extracting an enum-entry class
 2022-10-20 22:08:29 +01:00
Geoffrey White
138643519c Merge pull request #10757 from geoffw0/sqlinject 
Swift: Query for SQL injection
 2022-10-20 18:55:38 +01:00
Geoffrey White
661106c1a0 Apply suggestions from code review 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2022-10-20 17:54:40 +01:00
Chuan-kai Lin
2e9c8c759c Merge pull request #10907 from cklin/document-assume-small-delta 
QL language spec: pragma[assume_small_delta]
 2022-10-20 09:00:45 -07:00
Chris Smowton
f2749a8878 Don't warn on extracting an enum-entry class 2022-10-20 16:09:45 +01:00
Chuan-kai Lin
9df725901b QL language spec: pragma[assume_small_delta] 2022-10-20 07:30:02 -07:00
Tom Hvitved
471a596dfb Merge pull request #10895 from hvitved/ruby/track-module-no-self-params 
Ruby: Block for steps into `self` parameters in `trackModuleAccess`
 2022-10-20 13:34:59 +02:00
Tom Hvitved
faaead682e Ruby: Block for steps into self parameters in trackModuleAccess 2022-10-20 13:00:12 +02:00
Tom Hvitved
bda98261cc Ruby: Add more call graph tests 2022-10-20 12:59:32 +02:00
Chris Smowton
e868cdf91b Merge pull request #9876 from smowton/smowton/feature/interface-forwarding 
Kotlin: implement default interface forwarding
 2022-10-20 10:17:47 +01:00
Arthur Baars
fd5f678e1f Merge pull request #10897 from jsoref/spelling-frontend 
Spelling frontend
 2022-10-20 10:09:54 +02:00
AlexDenisov
32ac7d6f25 Merge pull request #10893 from github/redsun82/setup-python-4 
Swift: bump actions/setup-python from 3 to 4
 2022-10-20 09:35:42 +02:00
Jeroen Ketema
70b48ad213 Merge pull request #10896 from jsoref/codeowners-codeql-frontend-reviewers 
Fix CODEOWNERS docs/codeql paths
 2022-10-20 09:26:03 +02:00
Josh Soref
2d83b86e1a Fix CODEOWNERS docs/codeql/ paths 
* codeql-cli
* codeql-for-visual-studio-code
* ql-language-reference path
 2022-10-19 23:36:42 -04:00
Josh Soref
8fa524cd52 spelling: substitution 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-19 23:27:19 -04:00
Josh Soref
7cc61ec018 spelling: monotonic 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-19 23:27:19 -04:00
Josh Soref
cd0e69ae32 spelling: meaningful 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-19 23:27:19 -04:00
Erik Krogh Kristensen
534574f4d9 Merge pull request #10764 from pwntester/javascript_xss_improvements 
JS: Consider other XSS unsafe content-types when reasoning about XSS vulnerabilities
 2022-10-19 21:53:24 +02:00
Geoffrey White
5b1e138300 Swift: Another qhelp edit. 2022-10-19 20:49:26 +01:00
Geoffrey White
495f744cd3 Swift: Attempt to address qhelp suggestions. 2022-10-19 20:44:27 +01:00
Geoffrey White
05d9c7b892 Swift: More 'an SQL' -> 'a SQL'. 2022-10-19 19:44:59 +01:00
Geoffrey White
83dc6d1564 Apply suggestions from code review 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2022-10-19 19:42:35 +01:00
Alvaro Muñoz
245be44eac Merge branch 'main' into javascript_xss_improvements 2022-10-19 18:18:19 +02:00
dependabot[bot]
c3693f1a20 Swift: bump actions/setup-python from 3 to 4 
Also fixes python version with a `.pythonversion` file.

Bumps [actions/setup-python](https://github.com/actions/setup-python) from 3 to 4.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-10-19 18:10:42 +02:00
Chris Smowton
c6b62c934b Merge pull request #10853 from smowton/smowton/fix/specialised-anon-classes 
Kotlin: extract called private methods of specialised types, and specialised instances of anonymous types
 2022-10-19 16:48:28 +01:00
Henry Mercer
6a12d676b8 Merge pull request #10878 from jsoref/spelling-ml 
Spelling ml
 2022-10-19 16:28:06 +01:00
Paolo Tranquilli
6426b8dc7e Merge pull request #10891 from github/alexdenisov/xcode-autobuilder-tests 
Swift: add Xcode autobuilder tests
 2022-10-19 17:19:21 +02:00
Chris Smowton
14b8892ced Don't create interface forwarders for other interfaces, and target super accesses correctly 
Intermediate interfaces don't need interface forwarders, since the Kotlin compiler won't try to make them non-abstract by synthesising methods.

Super references should always target an immediate superclass, not the ancestor containing the intended implementation.
 2022-10-19 15:37:06 +01:00
Alex Denisov
bb31ff7aef Swift: drop redundant workflow 2022-10-19 16:36:45 +02:00
Alex Denisov
7790abce22 Swift: better CI names 2022-10-19 16:31:27 +02:00
Alex Denisov
f6cfeab357 Swift: add Xcode autobuilder to CI 2022-10-19 16:29:08 +02:00
Alex Denisov
95b7e8abb5 Swift: make xcode-autobuilder tester work with several tests 2022-10-19 16:20:32 +02:00
Ian Lynagh
71b649558b Merge pull request #10648 from igfoo/igfoo/lockless 
Kotlin: Implement lockless TRAP writing
 2022-10-19 15:04:19 +01:00
Alex Denisov
e51485595c Swift: introduce xcode-autobuilder tests 2022-10-19 16:04:07 +02:00
Erik Krogh Kristensen
8086d37cfc Merge pull request #10840 from erik-krogh/html_safe 
RB: simplify html_safe modeling
 2022-10-19 15:02:21 +02:00
Ian Lynagh
24a84875ad Merge pull request #10879 from jsoref/spelling-kotlin 
Spelling kotlin
 2022-10-19 12:26:52 +01:00
Tom Hvitved
9e5d9f897f Merge pull request #10824 from jsoref/spelling-csharp 
Spelling csharp
 2022-10-19 13:16:02 +02:00
Ian Lynagh
83a3ae64c4 Kotlin: Accept test changes 2022-10-19 12:14:39 +01:00
Ian Lynagh
c9cf33dd20 Kotlin: Nest TRAP files inside their basename 2022-10-19 12:14:39 +01:00
Ian Lynagh
dff1cf4c48 Kotlin: Don't write TRAP files that are already out-of-date 2022-10-19 12:14:38 +01:00
Ian Lynagh
e6e0fe0cd4 Kotlin: Tweak custom_plugin/diagnostics test 2022-10-19 12:14:38 +01:00
Ian Lynagh
b251078976 Kotlin: Implement lockless TRAP writing 
Rather than using lock files and rewriting TRAP file, and storing the
metadata in a .metadata file, we now encode the metadata in the filename
and rename all but the newest TRAP file so that the importer doesn't
see them.

So we might end up with e.g.
    Text.members#0.0-1664381081060-java.trap.gz
    Text.members#55.0-1658481279000-java.trap-old.gz
    Text.members#55.0-1664381081060-java.trap-old.gz

For now, you can go back to the old system by setting
    CODEQL_EXTRACTOR_JAVA_TRAP_LOCKING=true
in the environment.
 2022-10-19 12:14:38 +01:00
Erik Krogh Kristensen
caaee26ae5 Merge pull request #10880 from jsoref/spelling-ql 
Spelling ql
 2022-10-19 12:38:48 +02:00
Chris Smowton
7ba9a31766 Use US spelling 2022-10-19 10:41:29 +01:00
Tony Torralba
fd8f8cb930 Merge pull request #10223 from atorralba/atorralba/unsafe-content-resolver 
Java: New Android query to detect unsafe content URI resolution
 2022-10-19 11:22:04 +02:00
Tamás Vajk
0f499dfb75 Merge pull request #10877 from tamasvajk/kotlin-safe-call-null-check 
Kotlin: Add test for useless null check on safe calls
 2022-10-19 11:19:58 +02:00
Tamás Vajk
086362d8ee Merge pull request #10859 from tamasvajk/kotlin-field-masking 
Kotlin: Exclude fields of live literals from `java/field-masks-super-field`
 2022-10-19 11:19:44 +02:00
Josh Soref
99aa5ffea6 spelling: substitutions 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-19 05:10:23 -04:00