codeql

mirror of https://github.com/github/codeql.git synced 2026-01-13 06:24:46 +01:00

Author	SHA1	Message	Date
Nora Dimitrijević	e137993acd	Merge pull request #12061 from d10c/cpp/missing-check-scanf-join-order-fix	2023-02-02 07:57:21 +01:00
Harry Maclean	d671cc6e43	Merge pull request #12052 from hmac/barrier-guard-fix	2023-02-02 08:16:07 +13:00
Chuan-kai Lin	255f989ede	Merge pull request #12034 from cklin/document-assume-small-delta Document pragma[assume_small_delta]	2023-02-01 10:36:40 -08:00
Tony Torralba	407e7cbbde	Merge pull request #12045 from atorralba/atorralba/more-custom-url-schemes Swift: Add more sources for custom URL schemes	2023-02-01 17:40:20 +01:00
Joe Farebrother	97b2e852c9	Merge pull request #11713 from joefarebrother/sensitive-result-receiver Java: Add query for leaking sensitive data through a ResultReceiver	2023-02-01 16:34:17 +00:00
Nora Dimitrijević	1df0be3ca2	C++: Fix join order in `cpp/missing-check-scanf` The issues were: * `revFlow`: `revFlow` joins `fwdFlow` on `vn`. * `Node.getASuccessor()`: `MkNode` self-join on `vn`. * `hasFlow/5`: `MkNode` self-join on `vn`.	2023-02-01 16:29:43 +01:00
Tony Torralba	834fc51a3a	Update java/ql/src/Security/CWE/CWE-927/SensitiveResultReceiver.ql	2023-02-01 15:26:26 +01:00
Tony Torralba	43b234eeb5	Switch to MaD models for UISceneDelegate methods	2023-02-01 15:15:51 +01:00
Tony Torralba	f7cc5f9627	Add more sources for custom URL schemes Also add the appropriate steps so that these sources are useful	2023-02-01 15:07:37 +01:00
Geoffrey White	96ee0f68b0	Merge pull request #11935 from geoffw0/protocol-extension Swift: Flow sources through protocol extensions	2023-02-01 13:47:09 +00:00
Joe Farebrother	74dba953ca	Apply suggestions from docs review Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com>	2023-02-01 12:54:19 +00:00
Erik Krogh Kristensen	bc36a75bde	Merge pull request #12057 from erik-krogh/syncPyFlow PY: Sync a dataflow config	2023-02-01 11:58:40 +01:00
erik-krogh	77e014c5a4	sync added dataflow config	2023-02-01 11:46:57 +01:00
Erik Krogh Kristensen	01f6862965	Merge pull request #11833 from erik-krogh/trackPyReg PY: track string-constants to regular expression uses	2023-02-01 11:40:42 +01:00
Tony Torralba	837cdf7782	Merge pull request #12046 from atorralba/atorralba/urlrequest-models Swift: Add taint for URLRequest fields	2023-02-01 09:24:17 +01:00
Geoffrey White	b9d487ac35	Merge branch 'main' into protocol-extension	2023-02-01 08:21:05 +00:00
Erik Krogh Kristensen	16049d694b	Merge pull request #12055 from github/dependabot/cargo/ql/tracing-0.1.37 Bump tracing from 0.1.35 to 0.1.37 in /ql	2023-02-01 09:07:11 +01:00
dependabot[bot]	373148decd	Bump tracing from 0.1.35 to 0.1.37 in /ql Bumps [tracing](https://github.com/tokio-rs/tracing) from 0.1.35 to 0.1.37. - [Release notes](https://github.com/tokio-rs/tracing/releases) - [Commits](https://github.com/tokio-rs/tracing/compare/tracing-0.1.35...tracing-0.1.37) --- updated-dependencies: - dependency-name: tracing dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2023-02-01 03:11:28 +00:00
Harry Maclean	da45d3aa7f	Ruby: Fix string comparison barrier guard `strNode` was not properly restricted for some cases.	2023-02-01 14:40:53 +13:00
Harry Maclean	0d68d88741	Merge pull request #11934 from hmac/actioncontroller-filters	2023-02-01 09:10:30 +13:00
Geoffrey White	7f58a2222a	Merge branch 'main' into protocol-extension	2023-01-31 16:06:55 +00:00
Chris Smowton	6b0b73b5f6	Merge pull request #12033 from intrigus-lgtm/patch-8 Fix errorneous slash	2023-01-31 14:39:51 +00:00
Mathias Vorreiter Pedersen	a2248e6ca6	Merge pull request #12030 from MathiasVP/iterator-public-models C++: Make iterator classes public	2023-01-31 14:11:52 +00:00
Mathias Vorreiter Pedersen	0d38ff8e8c	Merge pull request #11920 from gsingh93/bit-shift-range C++: Improve left shift and right shift range analysis accuracy	2023-01-31 14:01:41 +00:00
Erik Krogh Kristensen	8bc9ce749f	Merge pull request #12038 from github/dependabot/cargo/ql/tracing-subscriber-0.3.16 Bump tracing-subscriber from 0.3.15 to 0.3.16 in /ql	2023-01-31 14:35:35 +01:00
dependabot[bot]	56a0b1d2d8	Merge pull request #12024 from github/dependabot/cargo/ruby/clap-3.0.14	2023-01-31 13:30:21 +00:00
dependabot[bot]	597c71011e	Bump tracing-subscriber from 0.3.15 to 0.3.16 in /ql Bumps [tracing-subscriber](https://github.com/tokio-rs/tracing) from 0.3.15 to 0.3.16. - [Release notes](https://github.com/tokio-rs/tracing/releases) - [Commits](https://github.com/tokio-rs/tracing/compare/tracing-subscriber-0.3.15...tracing-subscriber-0.3.16) --- updated-dependencies: - dependency-name: tracing-subscriber dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2023-01-31 13:09:13 +00:00
Erik Krogh Kristensen	683761098d	Merge pull request #12041 from github/dependabot/cargo/ql/flate2-1.0.25 Bump flate2 from 1.0.24 to 1.0.25 in /ql	2023-01-31 14:07:09 +01:00
Mathias Vorreiter Pedersen	fcc4c91739	C++: More responding to comments.	2023-01-31 13:01:00 +00:00
dependabot[bot]	7f22c4c474	Bump clap from 3.0.12 to 3.0.14 in /ruby Bumps [clap](https://github.com/clap-rs/clap) from 3.0.12 to 3.0.14. - [Release notes](https://github.com/clap-rs/clap/releases) - [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md) - [Commits](https://github.com/clap-rs/clap/compare/v3.0.12...v3.0.14) --- updated-dependencies: - dependency-name: clap dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2023-01-31 12:49:34 +00:00
dependabot[bot]	8410e46067	Bump flate2 from 1.0.24 to 1.0.25 in /ql Bumps [flate2](https://github.com/rust-lang/flate2-rs) from 1.0.24 to 1.0.25. - [Release notes](https://github.com/rust-lang/flate2-rs/releases) - [Commits](https://github.com/rust-lang/flate2-rs/compare/1.0.24...1.0.25) --- updated-dependencies: - dependency-name: flate2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2023-01-31 12:48:10 +00:00
Erik Krogh Kristensen	481dab700c	Merge pull request #12037 from github/dependabot/cargo/ql/num_cpus-1.14.0 Bump num_cpus from 1.13.1 to 1.14.0 in /ql	2023-01-31 13:45:43 +01:00
yoff	7ae389bb28	Merge pull request #12026 from erik-krogh/nodePty JS: add code-injection sink for node-pty	2023-01-31 13:27:32 +01:00
Michael Nebel	86e9bf2f81	Merge pull request #11996 from michaelnebel/csharp/refstructreffield C# 11: Extractor support for `ref` fields in `ref struct`.	2023-01-31 13:08:57 +01:00
dependabot[bot]	423bab54d3	Bump num_cpus from 1.13.1 to 1.14.0 in /ql Bumps [num_cpus](https://github.com/seanmonstar/num_cpus) from 1.13.1 to 1.14.0. - [Release notes](https://github.com/seanmonstar/num_cpus/releases) - [Changelog](https://github.com/seanmonstar/num_cpus/blob/master/CHANGELOG.md) - [Commits](https://github.com/seanmonstar/num_cpus/compare/v1.13.1...v1.14.0) --- updated-dependencies: - dependency-name: num_cpus dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2023-01-31 12:05:11 +00:00
Erik Krogh Kristensen	38bcb2b727	Merge pull request #12039 from github/dependabot/cargo/ql/serde-1.0.152 Bump serde from 1.0.140 to 1.0.152 in /ql	2023-01-31 13:03:03 +01:00
dependabot[bot]	198b97ca8d	Bump serde from 1.0.140 to 1.0.152 in /ql Bumps [serde](https://github.com/serde-rs/serde) from 1.0.140 to 1.0.152. - [Release notes](https://github.com/serde-rs/serde/releases) - [Commits](https://github.com/serde-rs/serde/compare/v1.0.140...v1.0.152) --- updated-dependencies: - dependency-name: serde dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2023-01-31 11:48:44 +00:00
Erik Krogh Kristensen	f2526d1784	Merge pull request #12040 from github/dependabot/cargo/ql/tree-sitter-0.20.9 Bump tree-sitter from 0.20.8 to 0.20.9 in /ql	2023-01-31 12:46:43 +01:00
Gulshan Singh	1a109cab4d	Remove unicode characters	2023-01-31 03:38:03 -08:00
dependabot[bot]	807b715320	Bump tree-sitter from 0.20.8 to 0.20.9 in /ql Bumps [tree-sitter](https://github.com/tree-sitter/tree-sitter) from 0.20.8 to 0.20.9. - [Release notes](https://github.com/tree-sitter/tree-sitter/releases) - [Commits](https://github.com/tree-sitter/tree-sitter/commits) --- updated-dependencies: - dependency-name: tree-sitter dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2023-01-31 11:27:40 +00:00
Erik Krogh Kristensen	34ca12e5d2	Merge pull request #12042 from erik-krogh/qlTools QL: update codeql-action in QL-for-QL	2023-01-31 12:24:37 +01:00
erik-krogh	94cec17505	bump codeql-action	2023-01-31 12:09:21 +01:00
erik-krogh	4436ec070e	ensure the test is run when the workflow is updated	2023-01-31 12:09:21 +01:00
Geoffrey White	ee442e4d4b	Merge pull request #11979 from geoffw0/modern1 Swift: Modernize injection queries	2023-01-31 10:54:35 +00:00
erik-krogh	0cefa98490	add missing word to the change-note	2023-01-31 11:53:17 +01:00
Mathias Vorreiter Pedersen	daf7d1b7e7	C++: Add more QLDoc.	2023-01-31 10:37:51 +00:00
Mathias Vorreiter Pedersen	7583fe2ad8	C++: Respond to PR reviews.	2023-01-31 10:31:02 +00:00
Tony Torralba	e9a46c926d	Add taint for URLRequest fields	2023-01-31 11:15:45 +01:00
erik-krogh	95c19698c7	add change-note	2023-01-31 11:09:07 +01:00
erik-krogh	e5e8496084	fix QL-for-QL warnings	2023-01-31 10:55:27 +01:00

1 2 3 4 5 ...

49714 Commits