hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-06 23:56:48 +01:00
Code Issues Packages Projects Releases Wiki Activity
63,422 Commits 1,703 Branches 162 Tags
e6623ebe4c6202a65cc2957615f8ff3cccb7943d
Commit Graph

63422 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tony Torralba
e6623ebe4c Add change note 2024-02-12 10:10:42 +01:00
Jonathan Leitschuh
1484a169d7 Reduce severity of java/relative-path-command 
Significantly reduces the severity of `java/relative-path-command` from 9.8 to 5.4

https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
 2024-02-06 15:43:19 -05:00
Mathias Vorreiter Pedersen
3b43f848c9 Merge pull request #15529 from MathiasVP/delete-get-interval-updated-by-chi 2024-02-06 19:55:24 +00:00
Mathias Vorreiter Pedersen
b68824a337 C#: Sync identical files. 2024-02-06 17:41:11 +00:00
Mathias Vorreiter Pedersen
7948911415 C++: Delete dead code. 2024-02-06 17:38:22 +00:00
Erik Krogh Kristensen
43f1189615 Merge pull request #15526 from github/erik-krogh/fix-jndi-typo 
Java: fix typo in JndiInjection.qhelp
 2024-02-06 17:39:25 +01:00
Erik Krogh Kristensen
879d882fa4 Java: fix typo in JndiInjection.qhelp 2024-02-06 15:17:30 +01:00
Koen Vlaswinkel
8361efca4d Merge pull request #15503 from github/koesie10/ruby-access-paths 
Ruby: Add query for access paths in model editor
 2024-02-06 10:12:26 +01:00
Erik Krogh Kristensen
cec124c0be Merge pull request #15480 from ockers/ockers/certification_not_certificate 
False positive in SensitiveDataHeuristics - exclude certification from maybeCertificate() regex
 2024-02-06 09:40:25 +01:00
Jim Ockers
01e8109b71 Merge branch 'main' into ockers/certification_not_certificate 2024-02-05 13:42:00 -08:00
Joe Farebrother
525f27173d Merge pull request #15396 from joefarebrother/android-sensitive-ui-text 
Java: Add query for sensitive data exposed in text fields
 2024-02-05 15:47:03 +00:00
Koen Vlaswinkel
6a098120e3 Rename details to node 2024-02-05 16:33:29 +01:00
Koen Vlaswinkel
49dbad96f9 Switch from details string to DataFlow::Node 2024-02-05 16:33:01 +01:00
Tony Torralba
6fbbb82f68 Merge pull request #15517 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2024-02-05 08:45:57 +01:00
github-actions[bot]
ee5df7bf58 Add changed framework coverage reports 2024-02-05 00:16:44 +00:00
Jim Ockers
e477909200 Merge branch 'main' into ockers/certification_not_certificate 2024-02-02 15:39:29 -08:00
James Ockers
9f7f9fcc6e Updating change-notes to reflect what will be the visible change to end users 2024-02-02 11:38:17 -08:00
Joe Farebrother
3878192810 Apply suggestions from documentation review 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2024-02-02 17:21:23 +00:00
Ian Lynagh
643817e74e Merge pull request #15477 from igfoo/igfoo/kot_path_trans 
Kotlin: Add path transformer support
 2024-02-02 15:34:14 +00:00
Mathias Vorreiter Pedersen
8d53bce842 Merge pull request #15476 from geoffw0/preprocblock 
C++: Add PreprocBlock.qll library
 2024-02-02 15:06:17 +00:00
Max Schaefer
21c0422dc7 Merge pull request #15499 from github/max-schaefer/automodel-functional-interface-expr 
Automodel: Do not consider `@FunctionalInterface`-typed expressions as candidates.
 2024-02-02 14:28:41 +00:00
Jeroen Ketema
6b13a8c568 Merge pull request #15504 from MathiasVP/block-summary-flow-out-of-strdup-and-friends 
C++: Block summary flow through `strdup` and friends
 2024-02-02 14:47:05 +01:00
Anders Schack-Mulligen
f631c01fe2 Merge pull request #15511 from aschackmull/java/adjust-mad-abstractstringbuilder 
Java: Remove two redundant models implied by CharSequence models.
 2024-02-02 14:45:06 +01:00
Michael Nebel
bf94a75698 Merge pull request #15502 from michaelnebel/csharp/refstructdataflow 
C#: Inter-procedural dataflow for `ref` structs when used as arguments.
 2024-02-02 14:44:51 +01:00
Koen Vlaswinkel
f83d2a7d55 Ruby: Avoid using toString where possible 2024-02-02 14:18:21 +01:00
Koen Vlaswinkel
ac1ebf27a7 Ruby: Rename suggestion predicates 2024-02-02 14:18:16 +01:00
Tom Hvitved
6df313b9d1 Merge pull request #15509 from hvitved/csharp/node-reuse-dependency-fetching 
C#: Disable msbuild node reuse in dependency fetcher
 2024-02-02 13:54:53 +01:00
Geoffrey White
72948cbc46 C++: Remove all cached tags. 2024-02-02 12:23:06 +00:00
Anders Schack-Mulligen
49b00f3842 Java: Remove two redundant models implied by CharSequence models. 2024-02-02 13:17:26 +01:00
Mathias Vorreiter Pedersen
439d3d2438 C++: Add tests with higher level of indirection. 2024-02-02 12:09:46 +00:00
Mathias Vorreiter Pedersen
0729c602c5 Update cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2024-02-02 10:39:40 +00:00
Geoffrey White
56538472cf C++: Update the change note. 2024-02-02 09:55:44 +00:00
Geoffrey White
7c37be2e88 C++: Address implicit this. 2024-02-02 09:49:13 +00:00
Mathias Vorreiter Pedersen
b0393287cd Merge pull request #15421 from jketema/unique-function-fix 
C++: Ensure that only one Function exists for every function - take 2
 2024-02-02 09:42:32 +00:00
Tom Hvitved
fa3130cc95 C#: Disable msbuild node reuse in dependency fetcher 2024-02-02 10:15:33 +01:00
Tamás Vajk
5ab4ed1b3b Merge pull request #15505 from tamasvajk/feature/improve-logs 
C#: Improve messages in buildless extraction logs
 2024-02-02 09:22:17 +01:00
Mathias Vorreiter Pedersen
6f5ed9ad3b C++: Accept test changes. 2024-02-01 20:15:15 +00:00
Mathias Vorreiter Pedersen
5ad3e97798 C++: Fix TODO by blocking summary flow through functions that don't preserve identity. 2024-02-01 20:15:15 +00:00
Ian Lynagh
68f267798e Kotlin: Add support for path transformers 2024-02-01 18:07:47 +00:00
Tamas Vajk
7b554636ae C#: Improve messages in buildless extraction logs 2024-02-01 16:45:59 +01:00
Koen Vlaswinkel
8853acb4dd Ruby: Add query for access paths in model editor 2024-02-01 16:20:00 +01:00
Jeroen Ketema
6db68c067f C++: Update stats file 2024-02-01 16:12:53 +01:00
Jeroen Ketema
05e78f14a4 C++: Add upgrade and downgrade scripts 2024-02-01 16:12:53 +01:00
Jeroen Ketema
a79754b696 C++: Resolve functions using complete mangled names 2024-02-01 16:12:53 +01:00
Jeroen Ketema
972d86c0a0 C++: Add column to mangled_name table with completeness information 2024-02-01 16:12:53 +01:00
Mathias Vorreiter Pedersen
1ac75def2b C++: Add another testcase with spurious summary flow. 2024-02-01 15:11:52 +00:00
Michael Nebel
551a7f9577 C#: Update expected test output. 2024-02-01 15:04:06 +01:00
Michael Nebel
9191acc412 C#: Prevent flow out of non ref fields in ref structs used as arguments. 2024-02-01 15:04:06 +01:00
Michael Nebel
4a89cbe8ea C#: Add postupdate nodes for arguments of struct type. 2024-02-01 15:04:06 +01:00
Michael Nebel
4dfeff38f9 C#: Add dataflow field test for ref structs with ref and ordinary fields. 2024-02-01 15:04:06 +01:00