hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity
44,500 Commits 1,673 Branches 157 Tags
ecf7ed38e01483cacbc0d1928e55777e21fee76c
Commit Graph

44500 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger F
ecf7ed38e0 JS: Performance tweak 2022-10-10 16:08:21 +02:00
Asger F
67cef92f94 JS: Rewrite to use DataFlow::Node API and restrict context 2022-10-10 16:08:21 +02:00
tyage
ddc8f72ef7 accept test result Xss.qlref 2022-10-06 18:23:10 +09:00
tyage
7205903a36 Using implicit this 2022-10-04 18:06:30 +09:00
tyage
f47c02431a Merge branch 'main' into property-stringify 2022-10-04 09:57:54 +01:00
tyage
6ec2abbd2d add change note 2022-10-04 17:57:08 +09:00
tyage
192c1f3d89 make test json.stringify 2022-10-04 17:40:52 +09:00
Mathias Vorreiter Pedersen
2593120300 Merge pull request #10597 from geoffw0/swifttaintsource 
Swift: URL taint sources
 2022-10-04 09:22:27 +01:00
tyage
726cd2ca8a refactor test 2022-10-04 17:11:37 +09:00
tyage
9df0720da9 refactoring 2022-10-04 17:05:49 +09:00
tyage
2006ae8332 rename file 2022-10-04 17:05:15 +09:00
tyage
8a7f23a8ea support VarRef 2022-10-04 14:45:39 +09:00
tyage
33d204913c add test for json stringify xss 2022-10-04 14:45:09 +09:00
Harry Maclean
42a97b26bb Merge pull request #10316 from hmac/hmac/actionview 
Ruby: Model ActionView
 2022-10-04 08:16:16 +13:00
Robert Marsh
98f4caf76f Merge pull request #10645 from MathiasVP/add-more-range-analysis-tests 
C++: Port SimpleRangeAnalysis tests to the new range-analysis
 2022-10-03 14:34:56 -04:00
Robert Marsh
8d1817bc48 Merge pull request #10635 from MathiasVP/add-heuristic-allocation-class 
C++: Recognize allocation functions heuristically
 2022-10-03 14:34:09 -04:00
Mathias Vorreiter Pedersen
872615bd58 Merge pull request #10536 from karimhamdanali/ecbmode 
Swift: check for using ECB encryption mode
 2022-10-03 17:53:10 +01:00
Tony Torralba
a589d8f647 Merge pull request #10662 from atorralba/atorralba/fix-stub-generator 
Java: Fix stub generator
 2022-10-03 16:59:10 +02:00
Aditya Sharad
f7d455efc5 Merge pull request #10612 from adityasharad/docs/system-requirements 
Docs: Add CodeQL system requirements page
 2022-10-03 07:50:44 -07:00
Tony Torralba
ba9eb8c73c Fix stub generator 
Add line break after all stubbed annotations to avoid malformed code

See https://github.com/github/codeql/pull/8695\#discussion_r985674245
 2022-10-03 14:43:58 +02:00
Tom Hvitved
d52d3d7b75 Merge pull request #10644 from hvitved/ruby/prevent-reevaluation 
Ruby: Prevent reevaluation of expensive predicates
 2022-10-03 13:10:39 +02:00
Tony Torralba
9942dfff21 Merge pull request #8695 from atorralba/atorralba/stub-generator-annotation-types 
Java: Add support for Annotation types stub generation
 2022-10-03 12:54:20 +02:00
Karim Ali
d44f6b0f41 fix formatting issue raised by ql-format 2022-10-03 12:18:01 +02:00
Rasmus Wriedt Larsen
a0fcd4a9bf Merge pull request #10631 from RasmusWL/cleanup-options-files 
Python: Remove last `-p ../lib/` in `options` files
 2022-10-03 11:09:59 +02:00
Tony Torralba
f860ae8c82 Apply review suggestions 2022-10-03 10:38:35 +02:00
Tony Torralba
2036453176 Add stub generation tests 2022-10-03 10:31:14 +02:00
Tony Torralba
0645f62a0d Use monotonicAggregates to avoid non-monotonic recursions 2022-10-03 10:31:14 +02:00
Tony Torralba
66e6f4d25e Use empty string as default value for string annotation values 2022-10-03 10:31:14 +02:00
Tony Torralba
8a3ed6bdcf Apply code review suggestions 2022-10-03 10:31:14 +02:00
Tony Torralba
6f7b7c9efe If an annotation value is an array, order its elements by index 2022-10-03 10:31:14 +02:00
Tony Torralba
6f1124d7e7 Handle more annotation element value types 2022-10-03 10:31:13 +02:00
Tony Torralba
1ece12efd7 Add annotation element names 2022-10-03 10:31:13 +02:00
Tony Torralba
d4499a10d2 Fix typo 2022-10-03 10:31:13 +02:00
Tony Torralba
ee7507386c Fix annotation vs interface keyword stubbing 2022-10-03 10:31:13 +02:00
Tony Torralba
eda676df3e Add support for Annotation types stub generation 2022-10-03 10:31:13 +02:00
Erik Krogh Kristensen
3d00a61dac Merge pull request #10528 from erik-krogh/java-followMsg 
Java: Update the alert messages to better follow the style guide
 2022-10-03 09:49:47 +02:00
Asger F
47e5623b90 Merge pull request #10639 from hvitved/ruby/dataflow/known-element-no-floats-complexs 
Ruby: Do not attempt to track precise hash indices for floats and complex numbers
 2022-10-03 09:23:33 +02:00
Tony Torralba
683cacb8b5 Merge pull request #10640 from atorralba/atorralba/fix-cartesian-product 
Java: Fix cartesian product
 2022-10-03 08:56:47 +02:00
Harry Maclean
e48665ad9f Fix doc 2022-10-03 14:13:12 +13:00
Harry Maclean
ba83b7c6c7 Merge pull request #10599 from hmac/hmac/actioncontroller-datastreaming 
Ruby: Model send_file
 2022-10-03 09:44:05 +13:00
erik-krogh
39ffa558f1 make a few more queries consistent with the other languages 2022-10-02 22:38:25 +02:00
Alex Ford
5c32c8badf Merge pull request #10560 from alexrford/ruby/yaml-load_file 
Ruby: treat `Psych` and `YAML` as aliases for rb/unsafe-deserialization
 2022-10-02 20:19:10 +01:00
Karim Ali
9e3d5f49c5 add interprocedural cases to the tests 2022-10-02 15:54:39 +02:00
Karim Ali
72ba77d900 Add rule that checks for using the insecure ECB block mode for encryption 2022-10-02 15:53:39 +02:00
Karim Ali
5e189b8c75 update qhelp 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2022-10-02 15:50:26 +02:00
Karim Ali
677946d19d update typos to address requested changes 2022-10-02 15:50:26 +02:00
Karim Ali
dbc86b2cd8 update qhelp to adjust for US spelling + improved readability 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-10-02 15:50:26 +02:00
Karim Ali
a23e17a370 fix typo in qhelp 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2022-10-02 15:50:26 +02:00
Karim Ali
2409ba2c05 update query description 2022-10-02 15:50:26 +02:00
Karim Ali
2080f0dd36 address style violation in generated alerts 2022-10-02 15:50:26 +02:00