codeql

mirror of https://github.com/github/codeql.git synced 2025-12-28 14:46:33 +01:00

Author	SHA1	Message	Date
Mathias Vorreiter Pedersen	e1aef3127c	Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow	2023-02-10 09:23:37 +00:00
Jeroen Ketema	8f15abc285	Merge pull request #12146 from jketema/global-indirect C++: Do not mark global indirect flow as spurious in dataflow tests	2023-02-10 10:21:04 +01:00
Michael Nebel	1bd223b8c8	Merge pull request #12103 from michaelnebel/csharp/scopedmodfier C# 11: Scoped parameters and local variables.	2023-02-10 10:04:09 +01:00
Jeroen Ketema	350fb89ebf	C++: Also mention all locations in the AST case	2023-02-10 09:49:24 +01:00
Mathias Vorreiter Pedersen	9aa9187dd7	Merge pull request #12141 from MathiasVP/fix-multiple-out-nodes C++: Deduplicate `OutNode`s	2023-02-10 08:39:16 +00:00
Mathias Vorreiter Pedersen	4719fd5235	C++: Accept more test changes.	2023-02-10 08:38:46 +00:00
Jeroen Ketema	12930c68fb	C++: Do not mark global indirect flow as spurious in dataflow tests	2023-02-10 09:29:27 +01:00
Paolo Tranquilli	c92fd97783	Merge pull request #12140 from github/redsun82/swift-fix-upgrade Swift: remove query predicates in upgrade/downgrade scripts	2023-02-10 08:49:08 +01:00
Michael Nebel	8d8ebeade1	Merge pull request #12067 from michaelnebel/csharp/reflectionload C#: Delete dead assembly load code.	2023-02-09 18:49:36 +01:00
Mathias Vorreiter Pedersen	981c976754	C++: Expand comments.	2023-02-09 17:10:07 +00:00
Mathias Vorreiter Pedersen	6b851d0529	C++: Fix an inconsistency with too many out nodes.	2023-02-09 16:55:19 +00:00
Paolo Tranquilli	7fa85b34ea	Swift: remove query predicates in upgrade/downgrade scripts	2023-02-09 17:24:27 +01:00
Mathias Vorreiter Pedersen	7439de37a3	C++: Add a new test that demonstrates multiple out nodes.	2023-02-09 16:23:32 +00:00
Jeroen Ketema	9d6098af15	Merge pull request #12004 from jketema/single-use C++: Map operand nodes that are only used once onto the related instruction node	2023-02-09 17:18:39 +01:00
Ian Lynagh	968f588893	Merge pull request #12090 from igfoo/igfoo/kotlin-1.8.10 Kotlin: 1.8.10 and 1.8.20 are supported, and use 1.8.10 for CI	2023-02-09 12:06:42 +00:00
Michael Nebel	0f469ee0f7	C#: Add stats for the scoped annotation relation.	2023-02-09 12:28:15 +01:00
Jeroen Ketema	e4c211df2d	C++: Address review comments	2023-02-09 11:58:41 +01:00
dependabot[bot]	80a397b4a5	Merge pull request #12134 from github/dependabot/cargo/ruby/serde_json-1.0.93	2023-02-09 10:50:27 +00:00
Michael Nebel	d4985a99e0	C#: Add change note.	2023-02-09 11:32:09 +01:00
Michael Nebel	59ab353827	C#: Add upgrade and downgrade scripts.	2023-02-09 11:32:09 +01:00
Michael Nebel	54b45134ef	C#: Add example code including tests.	2023-02-09 11:32:09 +01:00
Michael Nebel	c00b089aa8	C#: Introduce library support for scoped.	2023-02-09 11:32:08 +01:00
Michael Nebel	955f23d021	C#: Introduce extractor support for scoped variables and parameters.	2023-02-09 11:32:08 +01:00
Michael Nebel	dd6ceb7053	C#: Extend the DB schema with a scoped annotation relation.	2023-02-09 11:32:08 +01:00
Michael Nebel	7e174dce8b	C#: Re-factor. Introduce variablekind enum.	2023-02-09 11:32:08 +01:00
Michael Nebel	89bebe9d36	C#: Re-factor local variable populate.	2023-02-09 11:32:08 +01:00
Michael B. Gale	ad4ae1c331	Merge pull request #12132 from github/mbg/fix/log-injection-precision Go: Downgrade `go/log-injection` precision to medium	2023-02-09 10:29:24 +00:00
Michael B. Gale	70a6ff84af	Add change note	2023-02-09 09:56:36 +00:00
Geoffrey White	0f6b05dedf	Merge pull request #12126 from geoffw0/append Swift: Move some models into collections	2023-02-09 09:33:08 +00:00
Michael Nebel	b895065be9	Merge pull request #12058 from michaelnebel/csharp/structdefaults C# 11: Check that we get AST for structs that doesn't initialise all fields.	2023-02-09 09:51:00 +01:00
Anders Schack-Mulligen	3e2bf23bfe	Merge pull request #12118 from michaelnebel/telemetry/performancefix C#/Java: Materialize sink/source/summary predicates to avoid bad join order.	2023-02-09 09:39:38 +01:00
dependabot[bot]	bd98ae0dcc	build(deps): bump serde_json from 1.0.91 to 1.0.93 in /ruby Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.91 to 1.0.93. - [Release notes](https://github.com/serde-rs/json/releases) - [Commits](https://github.com/serde-rs/json/compare/v1.0.91...v1.0.93) --- updated-dependencies: - dependency-name: serde_json dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2023-02-09 08:13:18 +00:00
Erik Krogh Kristensen	f2904ca29b	Merge pull request #12135 from github/dependabot/cargo/ql/serde_json-1.0.93 build(deps): bump serde_json from 1.0.92 to 1.0.93 in /ql	2023-02-09 09:08:45 +01:00
dependabot[bot]	5e2f9e1568	build(deps): bump serde_json from 1.0.92 to 1.0.93 in /ql Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.92 to 1.0.93. - [Release notes](https://github.com/serde-rs/json/releases) - [Commits](https://github.com/serde-rs/json/compare/v1.0.92...v1.0.93) --- updated-dependencies: - dependency-name: serde_json dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2023-02-09 03:09:08 +00:00
Chris Smowton	f113eaa77d	Merge pull request #12059 from pwntester/go_twirp_support [GoLang] Add support for Twirp framework	2023-02-08 21:55:56 +00:00
Michael B. Gale	46d49cd66f	Downgrade log injection precision to medium This is in line with the precision of this query for other languages	2023-02-08 15:49:06 +00:00
Michael Nebel	f6a02310d3	C#: Fix bad join order in TestLibrary characteristic predicate.	2023-02-08 16:37:49 +01:00
Owen Mansel-Chan	18335854b6	Update go/ql/lib/semmle/go/frameworks/Twirp.qll Co-authored-by: Michael B. Gale <mbg@github.com>	2023-02-08 15:33:35 +00:00
Mathias Vorreiter Pedersen	946e301ed6	Merge pull request #12079 from rdmarsh2/rdmarsh2/use-use-taint-test-reads C++: allow read steps at the sink in IR taint test	2023-02-08 15:08:00 +00:00
Robert	13c7c8449c	Merge pull request #12123 from github/robertbrignull/telemetry_privacy_docs Update telemetry privacy document for UI interaction and exceptions	2023-02-08 13:40:35 +00:00
Mathias Vorreiter Pedersen	825628675e	C++: Only allow implicit reads of fields that exist on the sink node's type.	2023-02-08 13:08:22 +00:00
Ian Lynagh	844e372651	Kotlin: Add a changenote for 1.8.20 support	2023-02-08 11:35:23 +00:00
Ian Lynagh	069c9674d1	Kotlin: Update supported versions	2023-02-08 11:35:23 +00:00
Ian Lynagh	6255298876	Kotlin: Use 1.8.10 for CI I don't think there's any need for the CI version to be one of the versions we build extractors for, so I've removed that check.	2023-02-08 11:35:23 +00:00
Chris Smowton	99bed0b089	Merge pull request #12127 from smowton/smowton/perf/golang-less-string-construction Go: Consolidate repeated calls to `matches` and `regexpMatch`	2023-02-08 11:07:39 +00:00
Michael Nebel	02364d072e	Java: Fix bad join in TestLibrary characteristic predicate.	2023-02-08 11:59:59 +01:00
Alvaro Muñoz	764155ce97	remove bracket	2023-02-08 11:57:03 +01:00
Michael B. Gale	3abf321071	Merge pull request #11496 from github/mbg/add/writable-file-closed-error-query Go: Add query to detect lack of error handling for `os.File.Close` on writable handles	2023-02-08 10:53:44 +00:00
Owen Mansel-Chan	931c683146	Use regex for case-insensitive string comparisons This is slightly more efficient.	2023-02-08 10:45:07 +00:00
Mathias Vorreiter Pedersen	7f09684577	Merge pull request #12121 from github/alexdenisov/extract-availability-info Swift: extract availability info	2023-02-08 09:54:42 +00:00

1 2 3 4 5 ...

50252 Commits