hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-14 19:44:03 +02:00
Code Issues Packages Projects Releases Wiki Activity
31,919 Commits 1,736 Branches 164 Tags
f1d5d3af9d9533a1bf3dbcfaca0ec963271db807
Commit Graph

31919 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Nebel
f1d5d3af9d C#: Add change note for extended property patterns. 2022-01-25 15:13:11 +01:00
Michael Nebel
44cc044a3d C#: Add testcase for extended property patterns (to indicate that they are de-sugared correctly). 2022-01-25 15:13:11 +01:00
Michael Nebel
833e8e4f1d C#: Add some examples with the extended property pattern syntax. 2022-01-25 15:13:11 +01:00
Michael Nebel
83e7fae578 C#: Desugar property patterns that uses member access syntax. 2022-01-25 15:13:11 +01:00
Michael Nebel
26d9848fca Merge pull request #7730 from michaelnebel/csharp/csharp10-release-notes 
C#: Add change notes for the already implemented C# 10 features.
 2022-01-25 11:31:02 +01:00
Geoffrey White
d70b813949 Merge pull request #7732 from MathiasVP/security-severity-for-return-stack-allocated-memory 
C++: Add security-severity to `cpp/return-stack-allocated-memory`
 2022-01-25 10:13:49 +00:00
Tom Hvitved
0299b4603f Merge pull request #7677 from hvitved/ruby/constant-value 
Ruby: Replace `getValueText` with `getConstantValue`
 2022-01-25 10:31:02 +01:00
Tony Torralba
82ad79f55f Merge pull request #7728 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2022-01-25 09:53:12 +01:00
Mathias Vorreiter Pedersen
72241886bf C++: Add security-severity to 'cpp/return-stack-allocated-memory'. 2022-01-25 08:49:00 +00:00
Michael Nebel
f6a8d50593 C#: Add change notes for the already implemented C# 10 features. 2022-01-25 09:46:57 +01:00
Stephan Brandauer
35cc5ff0e2 Merge pull request #7715 from kaeluka/recognize-fs-extra-path-args 
JS: add a predicate to recognize path arguments in calls to the fs-extra lib
 2022-01-25 09:36:59 +01:00
Tom Hvitved
06776d19ee Merge pull request #4949 from luchua-bc/cs/hash-without-salt 
C#: Query to detect hash without salt
 2022-01-25 09:04:23 +01:00
Tom Hvitved
fdd787b89c Merge pull request #7658 from hvitved/csharp/dataflow/no-negative-positions 
C#: Get rid of negative parameter/argument data-flow positions
 2022-01-25 09:01:44 +01:00
github-actions[bot]
1c2f4e79ff Add changed framework coverage reports 2022-01-25 00:10:23 +00:00
CodeQL CI
8d1e22bc38 Merge pull request #7632 from erik-krogh/CWE-862 
Approved by esbena, felicitymay
 2022-01-24 12:47:16 -08:00
yo-h
364f07e3c5 Merge pull request #7725 from github/turbo-go-117-update 
Update supported Go version
 2022-01-24 15:23:00 -05:00
Robert Marsh
6d3381cb89 Merge pull request #7718 from MathiasVP/move-return-stack-allocated-memory-into-code-scanning 
C++: Add `security` tag to `cpp/return-stack-allocated-memory`
 2022-01-24 14:52:23 -05:00
Pierre
af0fc37f39 Update supported Go version 2022-01-24 20:20:04 +01:00
Rasmus Wriedt Larsen
301318020f Merge pull request #7455 from haby0/py/add-shutil-module-path-injection-sinks 
Python: Add shutil module sinks for path injection query
 2022-01-24 20:06:36 +01:00
Tom Hvitved
e3afcb1b06 C#: Add missing severity and update expected test output 2022-01-24 20:00:25 +01:00
Tom Hvitved
65e1c0ebc1 Merge remote-tracking branch 'upstream/main' into cs/hash-without-salt 2022-01-24 19:57:07 +01:00
Andrew Eisenberg
497c87851c Merge pull request #7571 from github/aeisenberg/remove-upgrades 
Update docs on the output of `resolve qlpacks`
 2022-01-24 09:02:02 -08:00
Erik Krogh Kristensen
75f389749a Merge pull request #7719 from erik-krogh/cwe-219 
JS: add CWE-219 to js/exposure-of-private-files
 2022-01-24 17:06:09 +01:00
Tom Hvitved
cc712c20cb Ruby: Use bitShiftLeft instead of pow in parseInteger 2022-01-24 16:06:35 +01:00
Tom Hvitved
6efa595478 Merge pull request #7688 from hvitved/dataflow/required-component-stack 
Data flow: Restructure `RequiredSummaryComponentStack`
 2022-01-24 15:10:08 +01:00
Tom Hvitved
2a972dc045 Address review comments 2022-01-24 14:27:42 +01:00
Tony Torralba
b59fd4070f Merge pull request #7136 from atorralba/atorralba/promote-insecure-trustmanager 
Java: Promote Insecure TrustManager from experimental
 2022-01-24 14:05:14 +01:00
Erik Krogh Kristensen
148b0c33a9 update the empty-password-in-config-file qhelp 2022-01-24 13:39:54 +01:00
Erik Krogh Kristensen
ab0d67a573 update query name and description 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2022-01-24 13:37:25 +01:00
Erik Krogh Kristensen
b2dc02b831 Merge pull request #7717 from erik-krogh/cwe-80 
JS: add CWE-80 to queries that detect bad HTML sanitizers
 2022-01-24 13:34:57 +01:00
Tom Hvitved
64f19637d4 Address review comments 2022-01-24 13:33:18 +01:00
Erik Krogh Kristensen
823cadecd5 add CWE-219 to js/exposure-of-private-files 2022-01-24 13:22:06 +01:00
Mathias Vorreiter Pedersen
7db66055e5 C++: Add change note. 2022-01-24 11:57:25 +00:00
Mathias Vorreiter Pedersen
08379df613 C++: Add 'security' tag to 'cpp/return-stack-allocated-memory'. 2022-01-24 11:43:38 +00:00
Geoffrey White
4c99d39acf Merge pull request #7701 from MathiasVP/remove-intentional-get-stack-pointer 
C++: Remove FPs from `cpp/return-stack-allocated-memory`
 2022-01-24 11:39:10 +00:00
Geoffrey White
683f909f7a Merge pull request #7704 from geoffw0/clrtxt4 
C++: Another improvement to cpp/cleartext-transmission
 2022-01-24 10:11:11 +00:00
Erik Krogh Kristensen
ab1bc685bb add CWE-80 to queries that detect bad HTML sanitizers 2022-01-24 11:01:17 +01:00
Stephan Brandauer
02db472209 consistent notation 2022-01-24 10:58:06 +01:00
Anders Schack-Mulligen
7af6dc7164 Merge pull request #7702 from atorralba/atorralba/fix-jndi-injection-sinks 
Java: Remove some JNDI Injection sinks
 2022-01-24 10:53:58 +01:00
Stephan Brandauer
8be58fe01e Fix comment to avoid summarizing implementation 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2022-01-24 10:47:28 +01:00
Stephan Brandauer
b277731312 add a predicate to recognize path arguments in calls to the fs-extra lib 2022-01-24 09:40:22 +01:00
Tony Torralba
908b7c43f2 Fix stubs 2022-01-24 09:34:43 +01:00
Anders Schack-Mulligen
9bd2ac96ea Merge pull request #7705 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2022-01-24 09:14:35 +01:00
Anders Schack-Mulligen
b4bf7a1561 Merge pull request #7698 from aschackmull/java/bitwise-assignop-guards 
Java: Add support for bitwise compound assignments in Guards.
 2022-01-24 09:11:53 +01:00
github-actions[bot]
020970ff4c Add changed framework coverage reports 2022-01-24 00:09:45 +00:00
Tom Hvitved
85e1cda81b Ruby: Distinguish symbols from strings in ConstantValue 2022-01-21 19:16:12 +01:00
Harry Maclean
8e40899dfd Merge pull request #7419 from github/hmac/const-get 2022-01-22 07:01:09 +13:00
Harry Maclean
2fa18801aa Merge pull request #7665 from github/hmac/barrier-guard-array-const 2022-01-22 06:59:51 +13:00
Tony Torralba
78d7e538a5 Remove some JNDI Injection sinks 
Add tests and stubs
 2022-01-21 17:47:15 +01:00
Henry Mercer
c41de33156 Merge pull request #7700 from github/henrymercer/js-atm-fix-xss-results-pattern 
JS: Fix copy/paste error in XSS ML-powered queries results patterns
 2022-01-21 16:18:33 +00:00