hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 21:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity
41,574 Commits 1,747 Branches 166 Tags
d3dcc3ce3a9db8a96d62096f6209d675cbbf72e1
Commit Graph

41574 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Anders Schack-Mulligen
d3dcc3ce3a Dataflow: Sync. 2022-08-05 11:00:56 +02:00
Anders Schack-Mulligen
09d0f8e0ce Dataflow: Replace stage duplication with parameterised modules. 2022-08-05 11:00:56 +02:00
Tom Hvitved
56ee07e24c Merge pull request #9936 from aibaars/gh-codeql-nightly 
Use 'gh codeql' with the nightly release for CI jobs
 2022-08-05 10:34:39 +02:00
Jeroen Ketema
ba2cee07a9 Merge pull request #8596 from rdmarsh2/rdmarsh2/dataflow-global-vars 
C++: IR data flow through global variables
 2022-08-05 10:07:00 +02:00
Anders Schack-Mulligen
1fde06c0a8 Merge pull request #9970 from aschackmull/java/confusingoverload-perf 
Java: Improve performance of ConfusingOverloading.
 2022-08-05 09:38:22 +02:00
Harry Maclean
74d529d3e3 Merge pull request #9918 from hmac/hmac/mime-type-match 
Ruby: Model Mime::Type
 2022-08-05 11:51:45 +12:00
Harry Maclean
157bbccf62 Merge pull request #9851 from hmac/hmac/active-record-improvements 
Ruby: Recognise more AR write accesses
 2022-08-05 11:49:50 +12:00
Tom Hvitved
6fa1e06afb Merge pull request #9966 from hvitved/csharp/no-clr-tracer 
C#: Disable CLR tracer
 2022-08-04 20:50:19 +02:00
Anders Schack-Mulligen
43d4324f65 Java: Improve performance of ConfusingOverloading. 2022-08-04 16:05:30 +02:00
Tom Hvitved
bc6a74b4dd C#: Disable CLR tracer 
Also remove old tracer configs, as we now use the Lua tracer.
 2022-08-04 13:11:07 +02:00
mc
935def739c Merge pull request #9955 from securingdev/patch-1 
Update Other section with example exit code details
 2022-08-04 10:26:45 +01:00
mc
df1633a838 Merge branch 'main' into patch-1 2022-08-04 10:13:23 +01:00
Anders Schack-Mulligen
a5a58f46eb Merge pull request #9945 from aschackmull/java/wrappedinvocation-joinorder 
Java: Improve join-order.
 2022-08-04 11:12:23 +02:00
mc
360cff9c24 Merge branch 'main' into patch-1 2022-08-04 10:08:55 +01:00
Anders Schack-Mulligen
c2b99747d4 Merge pull request #9951 from aschackmull/java/notintersect-perf 
Java: Improve join-order for `not haveIntersection`.
 2022-08-04 11:08:02 +02:00
mc
8905df9abb Merge branch 'main' into patch-1 2022-08-04 10:06:01 +01:00
mc
e4c9f8a9a2 Update docs/codeql/codeql-cli/exit-codes.rst 2022-08-04 10:05:52 +01:00
Chris Smowton
96091e4fa0 Merge pull request #9947 from github/smowton/fix/golang-path-injection-numeric-sanitizer 
Go: note that numeric-typed nodes can't cause path traversal
 2022-08-04 09:00:34 +01:00
Chris Smowton
af274354a0 Merge pull request #9956 from github/smowton/feature/tainted-path-query-mad 
Make java/path-injection recognise create-file MaD sinks
 2022-08-04 08:59:59 +01:00
Harry Maclean
ee9e6b1f2e Ruby: Add change note 2022-08-04 17:27:34 +12:00
Harry Maclean
452811dbf2 Ruby: move change note 2022-08-04 17:25:55 +12:00
Harry Maclean
83393dc195 Ruby: Recognise more AR write accesses 
This change means we recognise calls like

```rb
User.create(params)
User.update(id, params)
```

as instances of `PersistentWriteAccess`.
 2022-08-04 17:22:46 +12:00
Harry Maclean
21b4918904 Ruby: Add getPositionalArgument 
This gets positional arguments from a call. These are arguments which
are not keyword arguments.
 2022-08-04 17:22:46 +12:00
Harry Maclean
d4f7f2b75e Ruby: Add test for AR PersistentWriteAccesses 2022-08-04 17:22:46 +12:00
Harry Maclean
7ed81db32d Ruby: Move ActiveRecord tests to new directory 2022-08-04 17:22:46 +12:00
Harry Maclean
def1b3c3b3 Ruby: QLDoc fix 2022-08-04 17:21:29 +12:00
Harry Maclean
fdbe16945f Ruby: Add change note 2022-08-04 17:19:05 +12:00
Mathias Vorreiter Pedersen
9355f9132e Merge pull request #9961 from MathiasVP/swift-cache-lastRefRedef 
Swift: Cache `lastRefRedef`
 2022-08-03 15:43:35 +01:00
Alex Ford
33fbec1174 Merge pull request #9917 from github/post-release-prep/codeql-cli-2.10.2 
Post-release preparation for codeql-cli-2.10.2
 2022-08-03 15:17:00 +01:00
Mathias Vorreiter Pedersen
97bd007592 Merge pull request #9962 from intrigus-lgtm/patch-7 
C: Add additional reference to CERT C coding standard
 2022-08-03 15:00:33 +01:00
Alex Ford
440547c958 Merge branch 'main' into post-release-prep/codeql-cli-2.10.2 2022-08-03 13:44:37 +01:00
Arthur Baars
912dce3ea7 Merge branch 'main' into gh-codeql-nightly 2022-08-03 14:43:07 +02:00
Arthur Baars
e23a45d02c Merge pull request #9959 from aibaars/order-order 
Ruby: PrintAST: more stable order for synthesized nodes
 2022-08-03 14:42:42 +02:00
intrigus-lgtm
c59e6586f7 Add additional reference to CERT C coding standard 2022-08-03 14:19:53 +02:00
Mathias Vorreiter Pedersen
be7ba925f9 Swift: Cache 'lastRefRedef'. 2022-08-03 11:14:55 +01:00
Arthur Baars
35f7fdf24b Update ruby/ql/lib/codeql/ruby/printAst.qll 
Co-authored-by: Tom Hvitved <hvitved@github.com>
 2022-08-03 12:06:47 +02:00
Chris Smowton
977823bd76 Create 2022-08-03-tainted-path-mad.md 2022-08-03 10:54:35 +01:00
Chris Smowton
84a4b6a866 Make reporting locations consistent with PathCreation; add test 2022-08-03 10:42:09 +01:00
Rasmus Wriedt Larsen
8fb85a98d8 Merge branch 'main' into post-release-prep/codeql-cli-2.10.2 2022-08-03 10:42:02 +02:00
Mathias Vorreiter Pedersen
c582d17350 Merge pull request #9952 from MathiasVP/speedup-return-stack-allocated-memory 
C++: Speedup `cpp/return-stack-allocated-memory`
 2022-08-03 09:41:38 +01:00
Chris Smowton
e04c77ce15 Rename sanitizer 2022-08-03 09:37:20 +01:00
Chris Smowton
03fa5d8ed0 Merge pull request #9960 from RasmusWL/fix-qltest 
Python: Accept `.expected` for TarSlip
 2022-08-03 09:28:47 +01:00
Chris Smowton
83498f58db Add missing import 2022-08-03 08:53:43 +01:00
Rasmus Wriedt Larsen
3d0c23e441 Python: Accept .expected for TarSlip 
Changed after merging https://github.com/github/codeql/pull/9579,
which improved our handling of `not` for guards.
 2022-08-03 09:52:11 +02:00
Arthur Baars
d8592a2b05 Ruby: PrintAST: more stable order for synthesized nodes 2022-08-03 09:02:38 +02:00
Anders Schack-Mulligen
d9ae4605c1 Merge pull request #9948 from aschackmull/java/samenameassuper-perf 
Java: Fix join-order in SameNameAsSuper.
 2022-08-03 08:04:30 +02:00
Chris Smowton
81f3bcd802 Don't require a PathCreation for every tainted-path sink 2022-08-02 21:30:06 +01:00
Chris Smowton
c95f17fdf2 Make java/path-injection recognise create-file MaD sinks 2022-08-02 21:28:00 +01:00
Alex Ford
8e3548efb3 Merge branch 'main' into post-release-prep/codeql-cli-2.10.2 2022-08-02 20:29:26 +01:00
Arthur Baars
759fd6cc0b Use 'gh codeql' with the nightly release for CI jobs 2022-08-02 17:01:20 +02:00