hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-23 20:26:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
42,800 Commits 1,672 Branches 157 Tags
e4d22a2a5aa496f5979dca8c5ffb32b218febd03
Commit Graph

6945 Commits

Author SHA1 Message Date
Jami Cogswell
15df392fd8 updates to InlineExpectationsTest 2022-08-15 15:50:00 -04:00
Jami Cogswell
d8dbdfcd70 rename expected file, add ql file, delete qlref file 2022-08-15 15:50:00 -04:00
Jami Cogswell
8c4b98c04f rename files 2022-08-15 15:50:00 -04:00
Jami Cogswell
475d67a4df minor updates, removed comments 2022-08-15 15:50:00 -04:00
Jami Cogswell
e2374f816a test commit for new branch 2022-08-15 15:50:00 -04:00
Jami Cogswell
54470c794d updated location part of query to use abs path and /build 2022-08-15 15:49:59 -04:00
Jami Cogswell
54acd0e330 add numeric value for security-severity 2022-08-15 15:49:59 -04:00
Jami Cogswell
fdb437552c clean up android query and tests 2022-08-15 15:49:59 -04:00
Jami Cogswell
cf39cc0909 updates to android debug query 2022-08-15 15:49:59 -04:00
Jami Cogswell
6720dba8e7 draft android debug query 2022-08-15 15:49:59 -04:00
Sid Shankar
02cd7bc7d2 Remove reference to infosecwriters.com 
infosecwriters.com now redirects to a completely unrelated page. The broken link was replaced with a mailing list post from Diabolical Crab (DCrab) diving into HTTP response splitting.
 2022-08-15 14:41:50 -04:00
Sid Shankar
ffbb158570 Update invalid link to devx.com 2022-08-15 14:40:12 -04:00
Ian Lynagh
d06b3a17bb Kotlin: Remove a non-null-expr 2022-08-15 15:01:48 +01:00
Ian Lynagh
48e6b4c01b Kotlin: Remove another not-null-expression 2022-08-15 14:43:59 +01:00
Ian Lynagh
10463e12a7 Kotlin: Add List<T?>.requireNoNullsOrNull(): List<T>? utility 2022-08-15 14:38:09 +01:00
Ian Lynagh
d4517f1266 Kotlin: Refactor away a NotNullExpr in the extractor 2022-08-15 14:17:53 +01:00
Chris Smowton
774e379eb1 Merge pull request #9742 from smehta23/feat/SM/java_partial_path_traversal_vulnerability 
[JAVA] Partial Path Traversal Vuln Query
 2022-08-15 12:56:16 +01:00
Erik Krogh Kristensen
0adb588fe8 Merge pull request #9712 from erik-krogh/badRange 
JS/RB/PY/Java: add suspicious range query
 2022-08-15 13:55:44 +02:00
Chris Smowton
e27d62b0b4 Fix qldoc wording 2022-08-15 12:08:14 +01:00
Chris Smowton
c40ec728c6 Remove non-ascii char 2022-08-15 12:08:14 +01:00
Chris Smowton
38c0557d90 Adjust test to moved and expanded stubs 2022-08-15 12:08:14 +01:00
Chris Smowton
1a3dc1d6eb Remove extra closing tag 2022-08-15 11:31:53 +01:00
Ian Lynagh
09d249e5d8 Merge pull request #10038 from igfoo/igfoo/java-downgrades 
Java: Add initial downgrades directory
 2022-08-15 10:57:52 +01:00
Chris Smowton
5677e38994 Style edit 2022-08-15 10:37:55 +01:00
Chris Smowton
3cf871e9e5 Apply docs suggestions 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-08-15 10:34:55 +01:00
Anders Schack-Mulligen
a3fb54c9de Merge pull request #10007 from aschackmull/dataflow/source-node-identity 
Dataflow: Fix identification of source PathNodes in the presence of source-to-source flow
 2022-08-15 10:39:17 +02:00
Chris Smowton
ca4ef6578d Spelling 2022-08-13 14:37:08 +01:00
Chris Smowton
c5e46f78ec Add change note 2022-08-13 14:29:17 +01:00
Chris Smowton
8bea2a5f6c Add missing qldoc 2022-08-13 14:20:48 +01:00
Chris Smowton
b62e9dc92c Convert tests to inline expectations and fix one bug revealed doing so 
Specifically Apache sshd defines its sensitive api calls on an inherited interface, and they need to be described that way for us to pick them up.
 2022-08-13 14:02:05 +01:00
Chris Smowton
ddb0846e06 Split up hardcoded creds queries, ready for conversion to inline expectations 2022-08-13 12:39:16 +01:00
Chris Smowton
0a6ccbca45 Add stubs and tests for new hardcoded-credential sinks 2022-08-13 12:39:15 +01:00
Daniel Santos
60e0f09586 Additional hardcoded credentials candidates 3rd-party api calls 2022-08-13 12:39:15 +01:00
erik-krogh
3a4a3437b5 fix some QL-for-QL warnings 2022-08-12 20:38:50 +02:00
erik-krogh
b54f037424 Merge branch 'main' into refacReDoS 2022-08-12 20:28:30 +02:00
erik-krogh
b9e96fb078 sync changes to other languages 2022-08-12 20:28:12 +02:00
Ian Lynagh
254c166f93 Java: Add initial downgrades directory 2022-08-12 16:19:31 +01:00
Tamas Vajk
ccef2f7646 Address review comments 2022-08-12 15:25:46 +02:00
Tamas Vajk
451be6c32c Kotlin: Add explicit CI version number to build script 2022-08-12 14:27:06 +02:00
Tamas Vajk
0bd00ce1db Kotlin: Change handling of version variants in build script 2022-08-12 13:11:33 +02:00
github-actions[bot]
21d0c78376 Post-release preparation for codeql-cli-2.10.3 2022-08-11 23:20:39 +00:00
Anders Schack-Mulligen
a3fc463d0a Java: Minor perf improvement. 2022-08-11 14:21:10 +02:00
github-actions[bot]
57c4f9145b Release preparation for version 2.10.3 2022-08-11 11:12:15 +00:00
Erik Krogh Kristensen
73df8e4c7d Merge pull request #9832 from erik-krogh/misspellings 
Fix lots of misspellings
 2022-08-11 12:43:26 +02:00
Chris Smowton
e9df675f88 Autoformat ql 2022-08-11 09:55:46 +01:00
Anders Schack-Mulligen
74b05d2aa4 Kotlin: Reflection test should not refer to DataFlowPrivate. 2022-08-11 09:48:10 +02:00
Anders Schack-Mulligen
87461fece4 Merge pull request #10006 from aschackmull/java/sensitive-log-dedup 
Java: Remove SensitiveLoggingQuery results that flow through a source.
 2022-08-11 09:26:33 +02:00
github-actions[bot]
33ce9552cb Add changed framework coverage reports 2022-08-11 00:17:52 +00:00
Erik Krogh Kristensen
887f6557ed fix common misspellings throughout github/codeql 2022-08-10 23:21:41 +02:00
Chris Smowton
cc8e9806c4 Merge pull request #10009 from smowton/smowton/java17-options 
Java: Adapt tests as required by JDK17 extractor upgrade
 2022-08-10 18:46:06 +01:00