hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-06 07:36:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
46,810 Commits 1,703 Branches 162 Tags
f6255e497bf9bef185aa81bcfa2771c24c285ef6
Commit Graph

46810 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
erik-krogh
f6255e497b Merge branch 'main' into rb-redosMod 2022-11-15 17:14:19 +01:00
Erik Krogh Kristensen
68e513c6a4 Merge pull request #11246 from erik-krogh/java-redosMod 
Java: use the shared regex pack
 2022-11-15 17:12:52 +01:00
Tony Torralba
89a8ccb828 Merge pull request #11273 from atorralba/atorralba/swift/string-utf8-step 
Swift: Add `AdditionalTaintStep`
 2022-11-15 16:46:26 +01:00
Tony Torralba
0570610765 Merge pull request #11138 from atorralba/atorralba/swift/xxe-query-aexml-sinks 
Swift: Add AEXML sinks to XXE query
 2022-11-15 16:42:17 +01:00
Erik Krogh Kristensen
f7b5a4d170 Merge pull request #11203 from erik-krogh/shouldBePath 
C#: update cs/assembly-path-injection cs/hardcoded-key to path-problems
 2022-11-15 16:24:05 +01:00
Tony Torralba
8ca004fde1 Add AdditionalTaintStep 2022-11-15 16:14:22 +01:00
Asger F
dc440aaee6 Merge pull request #11255 from asgerf/js/dynamic-import-type-expr 
JS: Handle DynamicImport in the context of a type
 2022-11-15 13:31:08 +01:00
Stephan Brandauer
4b9b35d1c2 Merge pull request #11267 from github/atm/fix-non-sink-characteristics-hierarchy 
ATM: remove superfluous class in EndpointCharacteristics hierarchy
 2022-11-15 12:59:42 +01:00
erik-krogh
dff7b475fb make the top-level comment in SuperlinearBackTracking.qll a QLDoc 2022-11-15 11:46:44 +01:00
Nick Rolfe
8d854e0a6b Merge pull request #11252 from github/nickrolfe/active_support_enumerable 
Ruby: add flow summary for Enumerable#index_by
 2022-11-15 10:40:42 +00:00
Stephan Brandauer
ec3578364e remove superfluous class in EndpointCharacteristics hierarchy 2022-11-15 10:17:38 +01:00
erik-krogh
10fff4e2ef Merge branch 'main' into rb-redosMod 2022-11-14 21:31:10 +01:00
erik-krogh
b59a9bc95c use instead of a fixed version number 2022-11-14 21:29:41 +01:00
erik-krogh
a4acea9adf add change-note 2022-11-14 21:29:41 +01:00
erik-krogh
c029048306 port the Java regex/redos queries to use the shared pack 2022-11-14 21:29:41 +01:00
erik-krogh
d5b066636f use namespace in PrintAst.qll to avoid conflict with Top 2022-11-14 21:29:41 +01:00
erik-krogh
b737bdbca0 add a Java implementation of RegexTreeViewSig 2022-11-14 21:29:41 +01:00
erik-krogh
20254dfc08 move existing regex-tree into a module 2022-11-14 21:29:41 +01:00
erik-krogh
af1470de07 add codeql/regex as a dependency 2022-11-14 21:29:41 +01:00
Erik Krogh Kristensen
d2857006cf Merge pull request #11247 from erik-krogh/py-redosMod 
Python: use the shared regex pack
 2022-11-14 21:10:43 +01:00
Tiferet Gazit
855eddab80 Merge pull request #11174 from github/tiferet/non-sink-endpoint-characteristics 
Non-sink endpoint characteristics
 2022-11-14 09:37:25 -08:00
Erik Krogh Kristensen
99636ba344 fix typo 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2022-11-14 17:35:55 +01:00
erik-krogh
324e0e8f90 always sort both by location and by term tostring 2022-11-14 17:33:48 +01:00
Ian Lynagh
7bf55c5846 Merge pull request #11251 from igfoo/igfoo/total 
Kotlin: Add total number of diagnostics to telemetry
 2022-11-14 15:09:57 +00:00
Tony Torralba
5791e8b9a2 Slight renaming 2022-11-14 15:46:44 +01:00
Tony Torralba
07de92cdb6 Move AEXML.qll to avoid nesting 2022-11-14 15:46:44 +01:00
Tony Torralba
f2888dcb1e Add sinks and tests for the AEXML library. 2022-11-14 15:46:44 +01:00
Tony Torralba
3ef7f3f44d Merge pull request #11120 from atorralba/atorralba/swift/xxe-query-xmldocument-sinks 
Swift: Adds XMLDocument sinks to the XXE query
 2022-11-14 15:46:02 +01:00
Asger F
2bcf9b86cf JS: Bump extractor version string 2022-11-14 15:09:50 +01:00
Asger F
5f18484fa9 JS: Change note 2022-11-14 15:09:30 +01:00
Asger F
b028d72d51 JS: Handle DynamicImport in the context of a type 2022-11-14 15:07:59 +01:00
Chris Smowton
61149f297c Merge pull request #11232 from grddev/patch-1 
Go: Optimize trap.Writer by buffering gzip writes
 2022-11-14 14:01:47 +00:00
Ian Lynagh
fab2d30f38 Kotlin: Make emitDiagnostic private 2022-11-14 13:53:16 +00:00
Ian Lynagh
1e6ef99a50 Merge pull request #11249 from igfoo/igfoo/telem-compilation-info 
Java/Kotlin: Add compilation info to telemetry
 2022-11-14 13:51:35 +00:00
Tom Hvitved
b242bd6468 Merge pull request #11080 from github/revert-11074-revert-10576-ssa/consistency-queries 
Revert "Revert "SSA: Turn consistency predicates into `query` predicates""
 2022-11-14 14:43:58 +01:00
Ian Lynagh
847ecd1eec Java/Kotlin: Small refactoring of ExtractorInformation 2022-11-14 13:09:49 +00:00
Nick Rolfe
c80fbff648 Ruby: add changenote for Enumerable#index_by flow summary 2022-11-14 12:47:50 +00:00
Ian Lynagh
b20f8fc8c9 Kotlin: Add total number of diagnostics to telemetry 2022-11-14 12:27:54 +00:00
Tony Torralba
52bd140213 Fix test expectations 2022-11-14 12:41:13 +01:00
Tony Torralba
c03eab2410 Add XMLDocument sinks 2022-11-14 12:41:13 +01:00
Tony Torralba
a21db3b3c2 Merge pull request #11086 from atorralba/atorralba/swift/xxe-query 
Swift: Add new query for XML External Entities (XML) vulnerabilities
 2022-11-14 12:34:30 +01:00
Ian Lynagh
87ee979a12 Java/Kotlin: Add compilation info to telemetry 
This will give info about which kotlinc versions are used.
 2022-11-14 11:31:37 +00:00
Ian Lynagh
3afd895d41 Merge pull request #11217 from igfoo/igfoo/kotlin_version_rec 
Java/Kotlin: Write Kotlin version information to the database
 2022-11-14 10:55:46 +00:00
Nick Rolfe
83b3312467 Merge pull request #11207 from github/nickrolfe/arel-sql 
Ruby: add `SqlConstruction` concept, and implement it for calls to `Arel.sql`
 2022-11-14 10:21:37 +00:00
Nick Rolfe
0dadf0bbb4 Ruby: add flow summary for Enumerable#index_by 2022-11-14 10:01:24 +00:00
yoff
dd525a4f9b Merge pull request #11061 from erik-krogh/shared-redosMod 
ReDoS: add a shared regex pack
 2022-11-14 10:53:05 +01:00
AlexDenisov
d19bde8cb1 Merge pull request #11205 from github/alexdenisov/swift-db-upgrades-infra 
Swift: db up/downgrade scripts
 2022-11-14 09:51:15 +01:00
Alex Denisov
b5400f6dc9 Swift: remove rebase artifact 2022-11-14 08:55:44 +01:00
Gustav
3514694cdf Fix direct access to trap.Writer from trap.Labeler 2022-11-11 18:39:25 +01:00
Jeroen Ketema
5c109cdef1 Merge pull request #11234 from jketema/std-iterator-fix 
C++: Recognize `basic_string::iterator` as an iterator
 2022-11-11 17:21:42 +01:00