hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
49,684 Commits 1,671 Branches 157 Tags
dd31be43e07d901bafb543c8f65be8e9b5abb364
Commit Graph

49684 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alvaro Muñoz
dd31be43e0 Support for Twirp framework 2023-02-03 09:35:22 +01:00
Erik Krogh Kristensen
bc36a75bde Merge pull request #12057 from erik-krogh/syncPyFlow 
PY: Sync a dataflow config
 2023-02-01 11:58:40 +01:00
erik-krogh
77e014c5a4 sync added dataflow config 2023-02-01 11:46:57 +01:00
Erik Krogh Kristensen
01f6862965 Merge pull request #11833 from erik-krogh/trackPyReg 
PY: track string-constants to regular expression uses
 2023-02-01 11:40:42 +01:00
Tony Torralba
837cdf7782 Merge pull request #12046 from atorralba/atorralba/urlrequest-models 
Swift: Add taint for URLRequest fields
 2023-02-01 09:24:17 +01:00
Erik Krogh Kristensen
16049d694b Merge pull request #12055 from github/dependabot/cargo/ql/tracing-0.1.37 
Bump tracing from 0.1.35 to 0.1.37 in /ql
 2023-02-01 09:07:11 +01:00
dependabot[bot]
373148decd Bump tracing from 0.1.35 to 0.1.37 in /ql 
Bumps [tracing](https://github.com/tokio-rs/tracing) from 0.1.35 to 0.1.37.
- [Release notes](https://github.com/tokio-rs/tracing/releases)
- [Commits](https://github.com/tokio-rs/tracing/compare/tracing-0.1.35...tracing-0.1.37)

---
updated-dependencies:
- dependency-name: tracing
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-02-01 03:11:28 +00:00
Harry Maclean
0d68d88741 Merge pull request #11934 from hmac/actioncontroller-filters 2023-02-01 09:10:30 +13:00
Chris Smowton
6b0b73b5f6 Merge pull request #12033 from intrigus-lgtm/patch-8 
Fix errorneous slash
 2023-01-31 14:39:51 +00:00
Mathias Vorreiter Pedersen
a2248e6ca6 Merge pull request #12030 from MathiasVP/iterator-public-models 
C++: Make iterator classes public
 2023-01-31 14:11:52 +00:00
Mathias Vorreiter Pedersen
0d38ff8e8c Merge pull request #11920 from gsingh93/bit-shift-range 
C++: Improve left shift and right shift range analysis accuracy
 2023-01-31 14:01:41 +00:00
Erik Krogh Kristensen
8bc9ce749f Merge pull request #12038 from github/dependabot/cargo/ql/tracing-subscriber-0.3.16 
Bump tracing-subscriber from 0.3.15 to 0.3.16 in /ql
 2023-01-31 14:35:35 +01:00
dependabot[bot]
56a0b1d2d8 Merge pull request #12024 from github/dependabot/cargo/ruby/clap-3.0.14 2023-01-31 13:30:21 +00:00
dependabot[bot]
597c71011e Bump tracing-subscriber from 0.3.15 to 0.3.16 in /ql 
Bumps [tracing-subscriber](https://github.com/tokio-rs/tracing) from 0.3.15 to 0.3.16.
- [Release notes](https://github.com/tokio-rs/tracing/releases)
- [Commits](https://github.com/tokio-rs/tracing/compare/tracing-subscriber-0.3.15...tracing-subscriber-0.3.16)

---
updated-dependencies:
- dependency-name: tracing-subscriber
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-31 13:09:13 +00:00
Erik Krogh Kristensen
683761098d Merge pull request #12041 from github/dependabot/cargo/ql/flate2-1.0.25 
Bump flate2 from 1.0.24 to 1.0.25 in /ql
 2023-01-31 14:07:09 +01:00
Mathias Vorreiter Pedersen
fcc4c91739 C++: More responding to comments. 2023-01-31 13:01:00 +00:00
dependabot[bot]
7f22c4c474 Bump clap from 3.0.12 to 3.0.14 in /ruby 
Bumps [clap](https://github.com/clap-rs/clap) from 3.0.12 to 3.0.14.
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v3.0.12...v3.0.14)

---
updated-dependencies:
- dependency-name: clap
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-31 12:49:34 +00:00
dependabot[bot]
8410e46067 Bump flate2 from 1.0.24 to 1.0.25 in /ql 
Bumps [flate2](https://github.com/rust-lang/flate2-rs) from 1.0.24 to 1.0.25.
- [Release notes](https://github.com/rust-lang/flate2-rs/releases)
- [Commits](https://github.com/rust-lang/flate2-rs/compare/1.0.24...1.0.25)

---
updated-dependencies:
- dependency-name: flate2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-31 12:48:10 +00:00
Erik Krogh Kristensen
481dab700c Merge pull request #12037 from github/dependabot/cargo/ql/num_cpus-1.14.0 
Bump num_cpus from 1.13.1 to 1.14.0 in /ql
 2023-01-31 13:45:43 +01:00
yoff
7ae389bb28 Merge pull request #12026 from erik-krogh/nodePty 
JS: add code-injection sink for node-pty
 2023-01-31 13:27:32 +01:00
Michael Nebel
86e9bf2f81 Merge pull request #11996 from michaelnebel/csharp/refstructreffield 
C# 11: Extractor support for `ref` fields in `ref struct`.
 2023-01-31 13:08:57 +01:00
dependabot[bot]
423bab54d3 Bump num_cpus from 1.13.1 to 1.14.0 in /ql 
Bumps [num_cpus](https://github.com/seanmonstar/num_cpus) from 1.13.1 to 1.14.0.
- [Release notes](https://github.com/seanmonstar/num_cpus/releases)
- [Changelog](https://github.com/seanmonstar/num_cpus/blob/master/CHANGELOG.md)
- [Commits](https://github.com/seanmonstar/num_cpus/compare/v1.13.1...v1.14.0)

---
updated-dependencies:
- dependency-name: num_cpus
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-31 12:05:11 +00:00
Erik Krogh Kristensen
38bcb2b727 Merge pull request #12039 from github/dependabot/cargo/ql/serde-1.0.152 
Bump serde from 1.0.140 to 1.0.152 in /ql
 2023-01-31 13:03:03 +01:00
dependabot[bot]
198b97ca8d Bump serde from 1.0.140 to 1.0.152 in /ql 
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.140 to 1.0.152.
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.140...v1.0.152)

---
updated-dependencies:
- dependency-name: serde
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-31 11:48:44 +00:00
Erik Krogh Kristensen
f2526d1784 Merge pull request #12040 from github/dependabot/cargo/ql/tree-sitter-0.20.9 
Bump tree-sitter from 0.20.8 to 0.20.9 in /ql
 2023-01-31 12:46:43 +01:00
Gulshan Singh
1a109cab4d Remove unicode characters 2023-01-31 03:38:03 -08:00
dependabot[bot]
807b715320 Bump tree-sitter from 0.20.8 to 0.20.9 in /ql 
Bumps [tree-sitter](https://github.com/tree-sitter/tree-sitter) from 0.20.8 to 0.20.9.
- [Release notes](https://github.com/tree-sitter/tree-sitter/releases)
- [Commits](https://github.com/tree-sitter/tree-sitter/commits)

---
updated-dependencies:
- dependency-name: tree-sitter
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-31 11:27:40 +00:00
Erik Krogh Kristensen
34ca12e5d2 Merge pull request #12042 from erik-krogh/qlTools 
QL: update codeql-action in QL-for-QL
 2023-01-31 12:24:37 +01:00
erik-krogh
94cec17505 bump codeql-action 2023-01-31 12:09:21 +01:00
erik-krogh
4436ec070e ensure the test is run when the workflow is updated 2023-01-31 12:09:21 +01:00
Geoffrey White
ee442e4d4b Merge pull request #11979 from geoffw0/modern1 
Swift: Modernize injection queries
 2023-01-31 10:54:35 +00:00
erik-krogh
0cefa98490 add missing word to the change-note 2023-01-31 11:53:17 +01:00
Mathias Vorreiter Pedersen
daf7d1b7e7 C++: Add more QLDoc. 2023-01-31 10:37:51 +00:00
Mathias Vorreiter Pedersen
7583fe2ad8 C++: Respond to PR reviews. 2023-01-31 10:31:02 +00:00
Tony Torralba
e9a46c926d Add taint for URLRequest fields 2023-01-31 11:15:45 +01:00
erik-krogh
95c19698c7 add change-note 2023-01-31 11:09:07 +01:00
erik-krogh
e5e8496084 fix QL-for-QL warnings 2023-01-31 10:55:27 +01:00
Gulshan Singh
2f38d363ff Fix typo in dependsOnChild 2023-01-30 19:55:53 -08:00
Gulshan Singh
fb31570af3 Fix bitshift test 2023-01-30 19:55:53 -08:00
Gulshan Singh
1758e25207 Merge lshift/rshift range expressions into a single file and address PR comments 2023-01-30 19:55:53 -08:00
Gulshan Singh
051d36ee6a Add ConstantLShiftExprRange and ConstantRShiftExprRange classes 2023-01-30 19:55:53 -08:00
Gulshan Singh
5710289460 Add bitshift test 2023-01-30 19:55:53 -08:00
Harry Maclean
c99a096c9b Ruby: Update test fixtures 2023-01-31 11:27:19 +13:00
Harry Maclean
69ed00cdf1 Ruby: QL4QL fix 2023-01-31 11:06:32 +13:00
Mathias Vorreiter Pedersen
cd596403a0 Merge pull request #12031 from MathiasVP/ir-get-call-predicate 2023-01-30 21:23:02 +00:00
intrigus-lgtm
f23d517236 Fix errorneous slash 
The additional slash causes the request to fail.
Compare `gh api /repos/openjdk/jdk/code-scanning/codeql/databases/` (fails) with:
```
gh api /repos/openjdk/jdk/code-scanning/codeql/databases/
{
  "message": "Not Found",
  "documentation_url": "https://docs.github.com/rest"
}
gh: Not Found (HTTP 404)
```
While `gh api /repos/openjdk/jdk/code-scanning/codeql/databases` (works).
 2023-01-30 20:26:40 +01:00
Mathias Vorreiter Pedersen
a01a4734ed C++/C#: Sync identical files. 2023-01-30 17:32:53 +00:00
Mathias Vorreiter Pedersen
3a1a9a771c C++: Add a 'getCall' predicate to 'ArgumentOperand'. 2023-01-30 17:31:52 +00:00
Mathias Vorreiter Pedersen
f90007ae71 C++: Make our iterator models public. 2023-01-30 17:23:52 +00:00
Jami
7f6efae7dc Merge pull request #12008 from jcogs33/jcogs33/update-queryproducer-package 
Java: update package for `QueryProducer` sinks
 2023-01-30 10:27:58 -05:00