hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-05 02:30:19 +01:00
Code Issues Packages Projects Releases Wiki Activity
58,455 Commits 1,673 Branches 157 Tags
ecbf2d8b1377974fb593139b8a380c46dcfaefdc
Commit Graph

58455 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tom Hvitved
ecbf2d8b13 C#: Exclude CIL arguments from ArgumentNode when they are compiled from source 2023-09-08 14:14:06 +02:00
Tom Hvitved
f720528368 Merge pull request #14149 from hvitved/csharp/extract-gen-no-trap-stack 
C#: Clear TRAP stack when calling `PopulateGenerics`
 2023-09-08 10:37:07 +02:00
Erik Krogh Kristensen
94442c1799 Merge pull request #14166 from github/dependabot/cargo/ql/chrono-0.4.30 
Bump chrono from 0.4.29 to 0.4.30 in /ql
 2023-09-08 09:38:28 +02:00
dependabot[bot]
66a4f1bf74 Bump chrono from 0.4.29 to 0.4.30 in /ql 
Bumps [chrono](https://github.com/chronotope/chrono) from 0.4.29 to 0.4.30.
- [Release notes](https://github.com/chronotope/chrono/releases)
- [Changelog](https://github.com/chronotope/chrono/blob/main/CHANGELOG.md)
- [Commits](https://github.com/chronotope/chrono/compare/v0.4.29...v0.4.30)

---
updated-dependencies:
- dependency-name: chrono
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-08 04:04:05 +00:00
Mathias Vorreiter Pedersen
49fee35b37 Merge pull request #13947 from rdmarsh2/rdmarsh2/swift/dictionary-flow-tuples 
Swift: collection/tuple content for dictionary flow
 2023-09-07 22:05:10 +01:00
Robert Marsh
603f2cd3b2 Swift: fix test expectation properly 2023-09-07 19:35:02 +00:00
Mathias Vorreiter Pedersen
32ed82eecc Merge pull request #14154 from MathiasVP/fix-off-by-one-in-asDefiningArgument 2023-09-07 18:48:57 +01:00
Robert Marsh
0fff540add Swift: update a test expectation for dictionary flow 2023-09-07 16:14:23 +00:00
Robert Marsh
4f4491a876 Swift: autoformat 2023-09-07 16:14:05 +00:00
Rasmus Wriedt Larsen
2182bf17dc Merge pull request #14160 from erik-krogh/py-clear-text-log-help 
Py: add new qhelp for clear-text-logging
 2023-09-07 16:35:19 +02:00
Alexander Eyers-Taylor
df2b313c5e Merge pull request #14155 from alexet/reach-end-of-function-return 
CPP: Make functions that reach the end return.
 2023-09-07 13:58:43 +01:00
Alex Eyers-Taylor
e8dfecc4a4 CPP: Fix test result 2023-09-07 12:49:13 +01:00
Alex Eyers-Taylor
d603b7ac3c CPP: Make functions that reach the end return. 
This is UB in C++ but not C where it is only bad if the result is used.
 2023-09-07 12:39:48 +01:00
erik-krogh
bf3fe3cd66 add new qhelp for clear-text-logging 2023-09-07 12:39:13 +02:00
Michael B. Gale
38892bb51b Merge pull request #13999 from github/mbg/csharp/standalone/dotnet-version 
C# Standalone: Install .NET SDK specified in `global.json`
 2023-09-07 11:30:53 +01:00
Rasmus Wriedt Larsen
ec0529d68c Merge pull request #14145 from p-/p--asyncio-cmdi-exec 
Python: Support for command injection sinks found in the `asyncio` module
 2023-09-07 11:27:50 +02:00
Rasmus Wriedt Larsen
bfb4be26c2 Python: Autoformat 2023-09-07 10:31:39 +02:00
Rasmus Wriedt Larsen
54c456d95d Python: Apply suggestions from code review 2023-09-07 10:28:46 +02:00
Rasmus Wriedt Larsen
d4c3dfffec Merge pull request #14158 from RasmusWL/fix-ssrf-example 
Python: Fix typo in SSRF example
 2023-09-07 10:22:21 +02:00
Rasmus Wriedt Larsen
c85ea9a0c0 Python: Fix typo in SSRF example 2023-09-07 09:45:02 +02:00
Michael B. Gale
ccbc6f446a Use git ls-files to find DLLs to index 2023-09-06 22:17:08 +01:00
Tom Hvitved
718e491800 C#: Clear TRAP stack when calling PopulateGenerics 2023-09-06 21:12:01 +02:00
Tom Hvitved
334502a3de Merge pull request #14153 from github/revert-14082-csharp/bump-dependencies 
Revert "C#: Bump all dependencies"
 2023-09-06 21:10:56 +02:00
Mathias Vorreiter Pedersen
3f6346737c Update 2023-09-06-as-defining-argument-off-by-one-fix.md 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2023-09-06 19:48:48 +01:00
Mathias Vorreiter Pedersen
87925abaa2 C++: Add change note. 2023-09-06 17:26:08 +01:00
Mathias Vorreiter Pedersen
14faa5d020 C++: Fix off-by-one in 'asDefiningArgument' so that the domain of the argument is '[1..]' like 'asIndirectArgument'. 2023-09-06 17:19:44 +01:00
Peter Stöckli
7aa5d2dc8a Python: move asyncio CMDi related tests to stdlib tests 2023-09-06 16:54:18 +02:00
Robert Marsh
5bdd9597d2 Merge branch 'main' into rdmarsh2/swift/dictionary-flow-tuples 2023-09-06 14:50:16 +00:00
Mathias Vorreiter Pedersen
12a717e3af Merge pull request #14141 from github/alexdenisov/unresolved-ast-nodes 
Swift: add queries for unresolved AST nodes
 2023-09-06 15:40:11 +01:00
Tom Hvitved
6e0ff56788 Revert "C#: Bump all dependencies" 2023-09-06 16:23:38 +02:00
Peter Stöckli
ede7d8fb6a Python: apply suggestions from code review for asyncio 2023-09-06 15:47:07 +02:00
Michael Nebel
a8e427ffe1 Merge pull request #14097 from michaelnebel/csharp/extractorerrormessages 
C#: Update extractor_messages relation schema.
 2023-09-06 14:01:36 +02:00
Cornelius Riemenschneider
76f1c7a4cd Merge pull request #14137 from github/dependabot/github_actions/actions/checkout-4 
Bump actions/checkout from 2 to 4
 2023-09-06 13:13:30 +02:00
Cornelius Riemenschneider
79d210f7bd Update .github/workflows/ruby-build.yml 
Co-authored-by: Arthur Baars <aibaars@github.com>
 2023-09-06 12:19:46 +02:00
Tom Hvitved
3a9c34c3c6 Merge pull request #14132 from hvitved/csharp/data-flow-property-write 
C#: Fix logic for flow into property writes
 2023-09-06 08:49:53 +02:00
Erik Krogh Kristensen
a11db7a80a Merge pull request #14148 from github/dependabot/cargo/ql/chrono-0.4.29 
Bump chrono from 0.4.28 to 0.4.29 in /ql
 2023-09-06 07:25:13 +02:00
dependabot[bot]
7f73c59304 Bump chrono from 0.4.28 to 0.4.29 in /ql 
Bumps [chrono](https://github.com/chronotope/chrono) from 0.4.28 to 0.4.29.
- [Release notes](https://github.com/chronotope/chrono/releases)
- [Changelog](https://github.com/chronotope/chrono/blob/main/CHANGELOG.md)
- [Commits](https://github.com/chronotope/chrono/compare/v0.4.28...v0.4.29)

---
updated-dependencies:
- dependency-name: chrono
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-06 03:58:08 +00:00
Mathias Vorreiter Pedersen
570b08e2e9 Merge pull request #14143 from alexet/global-from-unreachble 
CPP: Handle globals flowing into "UnreacheachedInstruction"
 2023-09-05 16:58:55 +01:00
Peter Stöckli
9027eac312 Python: add change notes for asyncio CMDi sinks 2023-09-05 16:14:56 +02:00
Peter Stöckli
8c4dccc81b Python: initial support for CMDi via asyncio 2023-09-05 15:33:29 +02:00
Michael Nebel
b5d4987c0a C#: Add upgrade and downgrade scripts. 2023-09-05 15:32:09 +02:00
Michael Nebel
880da69d16 C#: Update extractor_messages relation schema. 2023-09-05 15:19:32 +02:00
Tamás Vajk
97f09e106e Merge pull request #14101 from tamasvajk/csharp/recursive-generics 
C#: Exclude base type extraction of recursive generics
 2023-09-05 14:24:51 +02:00
Alex Denisov
35e949945d Swift: add queries for unresolved AST nodes 2023-09-05 13:29:11 +02:00
Alex Eyers-Taylor
3db384ddc3 CPP: Handle globals flowing into "UnreacheachedInstruction" 2023-09-05 11:50:32 +01:00
dependabot[bot]
03771ffad2 Bump actions/checkout from 2 to 4 
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-05 12:17:54 +02:00
Tom Hvitved
cb8922034c Merge pull request #14133 from hvitved/ruby/flow-test-path-graph-fixes 
Ruby: Use proper `PathGraph` module in inline flow tests
 2023-09-05 10:33:07 +02:00
Tamas Vajk
bf96e688ff Fix review findings 2023-09-05 10:19:41 +02:00
Rasmus Wriedt Larsen
49f5d38956 Merge pull request #14068 from RasmusWL/dataflow-config-refactor 
Python: Use new dataflow API
 2023-09-04 21:04:10 +02:00
Tom Hvitved
a2912cd72b Ruby: Use proper PathGraph module in inline flow tests 
Gets rid of
```
PathNode is incompatible with PathNode (the type of the edge relation).
```
warnings.
 2023-09-04 20:27:34 +02:00