hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-06 19:20:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
56,731 Commits 1,675 Branches 157 Tags
f243e854ae978855613630b3334e7eddda05ed8b
Commit Graph

56731 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Geoffrey White
f243e854ae Swift: Move regex dataflow code into a RegexTracking library (similar to the layout in Ruby and Python). 2023-07-18 09:49:36 +01:00
Geoffrey White
b5a8a8d431 Merge pull request #13715 from geoffw0/parsemode 
Swift: Recognize regular expression parse mode flags
 2023-07-18 09:09:56 +01:00
Jeroen Ketema
a426010b06 Merge pull request #13621 from MathiasVP/deprecate-ast-dataflow 
C++: Deprecate AST dataflow
 2023-07-18 08:13:47 +02:00
Alex Ford
ab1f341aa6 Merge pull request #13566 from alexrford/rb/rack-params 
Ruby: add `Rack::Request` params and cookies as remote input sources
 2023-07-17 14:07:20 +01:00
Mathias Vorreiter Pedersen
11f2681904 Merge pull request #13740 from MathiasVP/unique-entry-point 
C++: Exclude invalid functions from new range analysis
 2023-07-17 13:32:50 +01:00
yoff
d032bf5c0e Merge pull request #13685 from RasmusWL/captured-variables-default-param-value 
Python: Model parameter with default value as `DefinitionNode`
 2023-07-17 14:25:13 +02:00
Mathias Vorreiter Pedersen
be95d29589 Documentation: Update version number. 2023-07-17 11:08:40 +01:00
Mathias Vorreiter Pedersen
8c21699040 C++: Accept test changes. 2023-07-17 10:51:42 +01:00
Mathias Vorreiter Pedersen
f9db6a9868 C++: Don't do range analysis on malformed IR. 2023-07-17 10:15:01 +01:00
Geoffrey White
69b98c769c Merge pull request #13354 from geoffw0/sharedsensitive2 
Swift: Improve SensitiveExprs.qll Heuristics
 2023-07-17 09:16:09 +01:00
Owen Mansel-Chan
0b8353eb64 Merge pull request #13602 from pwntester/ruby/add_gqlgen_support 
Go: Add support for the gqlgen library
 2023-07-15 07:04:09 +01:00
Alvaro Muñoz
0ea0d54050 gofmt -w . 2023-07-14 22:15:40 +02:00
Alex Ford
bdf1aa0807 Merge pull request #13746 from asgerf/rb/fix-rack-todo 
Ruby: Use API graphs asCallable() instead of Proc.new workaround
 2023-07-14 16:29:00 +01:00
Alex Ford
d89c10dd85 Merge pull request #13130 from maikypedia/maikypedia/xpath-injection 
Ruby :  XPath Injection Query (CWE-643)
 2023-07-14 14:10:09 +01:00
Taus
9193de6898 Merge pull request #13730 from github/tausbn/limit-number-of-candidates-in-application-mode 
Java: Limit the number of samples extracted in application mode
 2023-07-14 14:09:59 +02:00
Asger F
2962727f0f Ruby: Use API graphs asCallable() instead of Proc.new workaround 2023-07-14 13:50:07 +02:00
Alex Ford
dbb55ff2b4 Ruby: fix xpathinjection deprecation warnings 2023-07-14 12:45:27 +01:00
Alex Ford
c0009379d1 qlformat 2023-07-14 12:04:03 +01:00
Asger F
31bed36231 Merge pull request #13612 from asgerf/rb/api-graph-explicit-proc-lambda 
Ruby: Improve support for explicit proc-creation
 2023-07-14 13:02:44 +02:00
Geoffrey White
1c8297b91b Merge pull request #13548 from geoffw0/redos 
Swift: Query for REDOS (Regular Expression Denial Of Service)
 2023-07-14 10:44:52 +01:00
Anders Schack-Mulligen
80a799df01 Merge pull request #13735 from aschackmull/dataflow/forcehighprecision-fix 
Dataflow: Fix forceHighPrecision for length-2 prefixes.
 2023-07-14 11:42:35 +02:00
Geoffrey White
1274393c72 Swift: Remove 'cached' annotations. 2023-07-14 10:11:09 +01:00
Chris Smowton
3d8b4d850a Merge pull request #13742 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2023-07-14 09:00:17 +01:00
github-actions[bot]
b675a1e2fe Add changed framework coverage reports 2023-07-14 00:19:14 +00:00
Alvaro Muñoz
11a915dcd7 Merge branch 'ruby/add_gqlgen_support' of https://github.com/pwntester/codeql into ruby/add_gqlgen_support 2023-07-13 22:16:41 +02:00
Alvaro Muñoz
55366f6743 retab 2023-07-13 22:16:34 +02:00
Alvaro Muñoz
9f6c7efd91 Update go/ql/test/library-tests/semmle/go/frameworks/gqlgen/gqlgen.ql 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2023-07-13 22:11:37 +02:00
Alvaro Muñoz
4111ed6653 retab generated.go 2023-07-13 22:10:19 +02:00
Alvaro Muñoz
d681094824 Fixup expected file 2023-07-13 21:42:16 +02:00
Alvaro Muñoz
1dedc0ae55 Update go/ql/test/library-tests/semmle/go/frameworks/gqlgen/graph/schema.resolvers.go 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2023-07-13 21:39:47 +02:00
Alvaro Muñoz
94628edf98 Merge branch 'ruby/add_gqlgen_support' of https://github.com/pwntester/codeql into ruby/add_gqlgen_support 2023-07-13 21:36:49 +02:00
Alvaro Muñoz
730781720d remove unnecessary file 2023-07-13 21:35:11 +02:00
Alvaro Muñoz
7a54755c1b Apply suggestions from code review 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2023-07-13 21:32:56 +02:00
Alvaro Muñoz
1b6308e32f Apply suggestions from code review 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2023-07-13 21:32:46 +02:00
Geoffrey White
962c16d918 Apply suggestions from code review 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2023-07-13 19:20:49 +01:00
Geoffrey White
2b9d25b317 Swift: Additional test cases. 2023-07-13 17:30:03 +01:00
Asger F
d57276ca35 Merge pull request #13719 from asgerf/js/barrier-inout 
JS: Replace barrier edges with barrier nodes
 2023-07-13 16:36:52 +02:00
Tony Torralba
cafc67e3be Merge pull request #13714 from pwntester/java/langs3_improvements 
[Java] Add missing commons lang3 model for ToStringBuilder.reflectionToString
 2023-07-13 14:45:33 +02:00
Max Schaefer
85991266da Merge pull request #13661 from github/max-schaefer/improve-command-injection-qhelp 
JavaScript: Improve query help for js/command-line-injection
 2023-07-13 13:34:10 +01:00
Anders Schack-Mulligen
a0e96594d8 Merge pull request #13736 from aschackmull/dataflow/remove-superfluous-module-members 
C#/Java/Ruby: Remove superfluous module members.
 2023-07-13 13:59:31 +02:00
Alvaro Muñoz
a590c57174 add stubs 2023-07-13 13:31:15 +02:00
Max Schaefer
b8eb2ef8d8 Merge branch 'main' into max-schaefer/improve-command-injection-qhelp 2023-07-13 12:11:15 +01:00
Max Schaefer
ae237247f2 Apply suggestions from code review 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2023-07-13 12:10:57 +01:00
Tamás Vajk
60af9b062c Merge pull request #13733 from tamasvajk/fix/test-path-combine 
C#: Fix test expectations in `RuntimeVersion` tests to handle platfor…
 2023-07-13 12:44:06 +02:00
Alvaro Muñoz
aa2d61c7e3 replace deps with stubs 2023-07-13 12:18:12 +02:00
Asger F
18762db0fb Ruby: factor out isProcCreationCall 2023-07-13 11:53:16 +02:00
Asger F
8d2dba18c0 Ruby: change note 2023-07-13 11:53:16 +02:00
Asger F
f232669ea5 Ruby: support Proc.new alongside 'proc' and 'lambda' 2023-07-13 11:53:16 +02:00
Asger F
194fe85442 Ruby: Use asCallable() to generate epsilon edges 2023-07-13 11:53:16 +02:00
Asger F
452fbe7e8f Ruby: add test showing lack of lambda handling 2023-07-13 11:53:16 +02:00