hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-23 20:26:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
55,715 Commits 1,672 Branches 157 Tags
daf274314331318ecffd16e1bf7de399fe06cadc
Commit Graph

55715 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tony Torralba
72af634575 Kotlin: Add flow through use and with 2023-06-06 11:22:16 +02:00
Nick Rolfe
6c5c338e6b Merge pull request #13348 from github/nickrolfe/java-location-tostring 
Java: avoid call to `Location.toString()`
 2023-06-06 09:55:42 +01:00
Nick Rolfe
3d0ecbed39 Merge pull request #13361 from github/nickrolfe/csharp-location-tostring 
C#: avoid calls to `Location::toString()`
 2023-06-06 09:55:09 +01:00
Tony Torralba
1601846478 Add exclusion to the ZipSlip query to avoid FPs 2023-06-06 10:28:49 +02:00
Tony Torralba
0065e6e1d6 Apply suggestions from code review 
Fix incorrect models-as-data rows
 2023-06-06 10:04:22 +02:00
Tony Torralba
1ccec90c6f Apply suggestions from code review 
Co-authored-by: Jami <57204504+jcogs33@users.noreply.github.com>
 2023-06-06 09:10:18 +02:00
Erik Krogh Kristensen
b78cd48954 Merge pull request #13329 from erik-krogh/sqlhelp 
JS: improve the sql-injection help page
 2023-06-06 08:44:44 +02:00
Erik Krogh Kristensen
29bbf58a29 Merge pull request #13377 from github/dependabot/cargo/ql/regex-1.8.4 
Bump regex from 1.8.3 to 1.8.4 in /ql
 2023-06-06 07:57:04 +02:00
dependabot[bot]
d38bca1e8c Bump regex from 1.8.3 to 1.8.4 in /ql 
Bumps [regex](https://github.com/rust-lang/regex) from 1.8.3 to 1.8.4.
- [Release notes](https://github.com/rust-lang/regex/releases)
- [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/regex/compare/1.8.3...1.8.4)

---
updated-dependencies:
- dependency-name: regex
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-06-06 04:02:46 +00:00
Jeroen Ketema
272ced6ea5 Merge pull request #13374 from jketema/ptr-deref-min 
C++: Remove `cpp/invalid-pointer-deref` results duplicating ones with smaller `k`
 2023-06-05 19:31:24 +02:00
erik-krogh
3cb2ec4e87 fix nits from doc review 2023-06-05 19:06:07 +02:00
Taus
7ad860fc98 Java: Update MaD declarations after triage 
Co-authored-by: Stephan Brandauer <kaeluka@github.com>
 2023-06-05 18:00:40 +02:00
Ian Lynagh
e49b278d61 Java/Kotlin: Add a changenote for the lines-of-code changes. 2023-06-05 16:33:12 +01:00
Jeroen Ketema
93215ba7e1 Merge pull request #13355 from jketema/ptr-deref-forward 
C++: Ensure that the sink instruction occurs last in `cpp/invalid-pointer-deref`
 2023-06-05 15:56:50 +02:00
Jeroen Ketema
86df424fca C++: Fix query formatting 2023-06-05 15:10:54 +02:00
Jeroen Ketema
4a27028768 C++: Remove cpp/invalid-pointer-deref results duplicating ones with smaller k 2023-06-05 15:03:58 +02:00
Jeroen Ketema
90f0209095 C++: Add cpp/invalid-pointer-deref test case with almost duplicated results 2023-06-05 15:03:57 +02:00
Jeroen Ketema
7f7b048f50 C++: Update expected test results 2023-06-05 15:00:11 +02:00
Ian Lynagh
a4a7ad8f99 Java/Kotlin: Split lines of code by language 
We were giving the sum of all lines for both languages, but labelling it
as "Total lines of Java code in the database", which was confusing.

Now we give separate sums for Kotlin and Java lines.
 2023-06-05 13:57:47 +01:00
Paolo Tranquilli
dc26dc81a9 Merge pull request #13370 from github/redsun82/swift-fix-cmake 
Swift: fix cmake generation
 2023-06-05 14:52:40 +02:00
Nick Rolfe
02395867c8 Python: avoid selecting getLocation() in py/truncated-division 2023-06-05 13:42:46 +01:00
Mathias Vorreiter Pedersen
52fb00cac3 Merge pull request #12036 from nmouha/patch-1 
CPP: Add query for CVE-2022-37454: Integer addition may overflow inside if statement
 2023-06-05 12:13:27 +01:00
Jeroen Ketema
11182e4ee4 C++: Move location where getASuccessor is used to avoid join order problems 2023-06-05 12:36:25 +02:00
Nick Rolfe
c67a350e36 Python: avoid selecting getLocation() in py/unnecessary-delete 2023-06-05 11:16:13 +01:00
Paolo Tranquilli
be9d32a6c1 Bazel/CMake: make include not use cmake include 
...but rather just pass along targets. This is required to fix CMake
generation in the internal repository.
 2023-06-05 11:43:48 +02:00
Michael B. Gale
06d48dca67 Merge pull request #13211 from github/mbg/identify-environment-stubs 
Shared: Add stubs for `identify-environment` scripts
 2023-06-05 10:29:06 +01:00
Nick Rolfe
dadb5b34e6 C#: avoid call to Location::toString() in cs/expose-implementation 2023-06-05 10:19:27 +01:00
Paolo Tranquilli
400176f677 Swift: fix cmake generation 
The bazel -> cmake generator is currently not capable of handling
separate included generated cmake files making use of common C/C++
dependencies.

To work around this limitation, a single generated cmake is now in
place. Long-term, we should either:
* make the cmake generator handle common dependencies gracefully, or
* make the cmake generation aspect travel up `pkg_` rules `srcs`
  attributes
so to avoid having to list the targets to be generated in the top-level
`BUILD` file.

Other things fixed:
* removed some warning spam about redefined `BAZEL_CURRENT_REPOSITORY`
* fixed the final link step, that was failing because `libswiftCore.so`
  was not being linked.
 2023-06-05 11:12:11 +02:00
Michael B. Gale
5d89b0739b Swift: Remove .cmd script 2023-06-05 09:12:21 +01:00
Nick Rolfe
79b3a8c955 C#: avoid call to Location::toString() 2023-06-02 19:39:24 +01:00
Jami
64830809a6 Merge pull request #13228 from jcogs33/jcogs33/deprecated-sink-error-message 
Java: add error message for outdated sink kinds in `getInvalidModelKind`
 2023-06-02 13:44:18 -04:00
jorgectf
3e8c7f72b6 Add changenote 2023-06-02 18:20:55 +02:00
Alex Ford
c95cf5ad6f Merge pull request #13062 from maikypedia/maikypedia/sqli-sink 
Ruby: Add MySQL as SQL Injection Sink
 2023-06-02 17:06:35 +01:00
jorgectf
5608082f35 Update py/unsafe-deserialization name 2023-06-02 17:57:24 +02:00
Jeroen Ketema
8ac1d56a7f C++: Fix join order in cpp/invalid-pointer-deref 2023-06-02 16:37:35 +02:00
Erik Krogh Kristensen
219ec9d05d Merge pull request #13127 from erik-krogh/polReDoS 
ReDoS: revert new superlinear algorithm.
 2023-06-02 16:10:24 +02:00
Geoffrey White
4c8225724b Swift: Fix QL-for-QL warnings. 2023-06-02 12:21:17 +01:00
Geoffrey White
c7c8807f40 Swift: Use FieldDecl.hasQualifiedName. 2023-06-02 11:56:16 +01:00
Jeroen Ketema
ac4933a9cc C++: Ensure that the sink instruction occurs last in cpp/invalid-pointer-deref 
This avoids some counter-intuitive paths where we would seemingly jump back
to an earlier instruction, which might actually have been in bounds.
 2023-06-02 12:36:34 +02:00
Jeroen Ketema
5f64354a70 Merge pull request #13353 from jketema/expecation 
Fix typo in spelling of expectation
 2023-06-02 12:29:49 +02:00
Mathias Vorreiter Pedersen
05e5ebe4f4 Merge pull request #13331 from aibaars/use-shortest-distances-to-count-indirections 
C++: Use the shortestDistances HOP to count indirections (rebased copy of #13323)
 2023-06-02 11:22:59 +01:00
Geoffrey White
5bf82aeddf Swift: Add FieldDecl.hasQualifiedName. 2023-06-02 11:13:57 +01:00
erik-krogh
ac9ede4ec0 add change-notes 2023-06-02 11:58:11 +02:00
erik-krogh
f61b781386 JS: delete effectively empty file 2023-06-02 11:58:09 +02:00
erik-krogh
5cbe6db37d C++: sync files from C# 2023-06-02 11:58:08 +02:00
erik-krogh
3584e85fe8 JS: fix tutorial 2023-06-02 11:58:08 +02:00
erik-krogh
3dfe2b30b1 C#: delete override where the parent predicate no longer existed 2023-06-02 11:58:08 +02:00
erik-krogh
c3e57382f7 Ruby: fix compilation 2023-06-02 11:58:08 +02:00
erik-krogh
9000243828 JS: fix compilation 2023-06-02 11:58:08 +02:00
erik-krogh
44b6366586 delete old deprecations 2023-06-02 11:58:08 +02:00