hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-28 22:02:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
55,097 Commits 1,684 Branches 159 Tags
f79bd2a071fbd1e9aae468fbdbca5aeb0e51bf20
Commit Graph

55097 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
amammad
f79bd2a071 added remote flow sources related to multipart upload, added flag package command line source 2023-08-06 06:49:35 +10:00
amammad
7ce825c5ea convert to module based dataflow 2023-07-31 22:43:45 +10:00
amammad
ab7e797fff it seems that I must use both isSink and isSource with flow states! 2023-07-31 20:00:59 +10:00
amammad
26f1091d5f fix a mistake :( 2023-07-31 19:48:21 +10:00
amammad
56d0254d2b fix ReadAll argumrnt number 2023-07-31 19:37:28 +10:00
amammad
4ee54738fa fix a mistake :( 2023-07-31 19:36:21 +10:00
amammad
260c111932 put comment about detecting https://github.com/advisories/GHSA-jpxj-2jvg-6jv9 2023-07-31 19:32:22 +10:00
amammad
1b598c8683 v1.2 make better sinks 2023-07-31 19:26:18 +10:00
amammad
f1918fb4e0 v1.1 2023-07-31 05:11:09 +10:00
amammad
fbfc959f82 V1 Bombs 2023-06-25 01:21:09 +10:00
Robert Marsh
5bc844c4c6 Merge pull request #13207 from MathiasVP/use-equiv-class-in-getInstruction 
C++: Reduce memory pressure from `getInstruction`
 2023-05-26 13:13:57 -04:00
Robert Marsh
b2fb2aa0d1 Merge pull request #13045 from rdmarsh2/rdmarsh2/cpp/improve-constant-off-by-one 
C++: stitch paths and ignore cast arrays in constant off-by-one query
 2023-05-26 12:47:08 -04:00
Philip Ginsbach
ded98c5a5f Merge pull request #13304 from github/ginsbach/SmallSpecificationFixes 
two small QL specification fixes
 2023-05-26 16:18:36 +01:00
Paolo Tranquilli
ddf45b27ca Merge pull request #13300 from github/redsun82/swift-fix-autobuild-corner-case 
Swift: exclude unknown type targets ending in `Tests` or `Test` from autobuilding
 2023-05-26 16:49:01 +02:00
Philip Ginsbach
47a0d4b774 more explicit mentioning of QLL files 2023-05-26 15:03:34 +01:00
Philip Ginsbach
ba51ded516 bindingset is not really a pragma 2023-05-26 15:03:34 +01:00
Asger F
3831dc7785 Merge pull request #13288 from asgerf/rb/super-and-flow-through 
Ruby: two bug fixes
 2023-05-26 15:04:52 +02:00
Asger F
cfaa27ab5d Ruby: change note 2023-05-26 14:44:00 +02:00
Paolo Tranquilli
c5cee0d419 Swift: exclude targets ending in Tests or Test from autobuilding 2023-05-26 14:19:07 +02:00
Jami
6867e94ed5 Merge pull request #13158 from jcogs33/jcogs33/update-csharp-sink-kinds 
C#: update MaD sink kinds
 2023-05-26 08:03:21 -04:00
yoff
af1f4c30fb Merge pull request #13299 from asgerf/rb/meta-query-summarised-callable-sites 
Ruby/Python: add meta-queries for calls to summarised callables
 2023-05-26 13:27:56 +02:00
Arthur Baars
e0466900ad Merge pull request #12992 from Sim4n6/ruby-UBV 
[Ruby] Add Unicode Bypass Validation query, test and help file
 2023-05-26 13:00:21 +02:00
Alex Ford
baabd2d1fa Merge pull request #12832 from maikypedia/maikypedia/pg-sqli 
Ruby: Add SQL Injection Sinks
 2023-05-26 11:36:17 +01:00
Paolo Tranquilli
a6e21dac8f Merge pull request #13284 from github/redsun82/swift-remove-property-wrapper-inconsistencies 
Swift: remove some AST and CFG inconsistencies
 2023-05-26 12:22:56 +02:00
Asger F
75fd20b3b8 Python: add meta-query for calls to summarized callables 2023-05-26 11:40:58 +02:00
Jeroen Ketema
63657396c5 Merge pull request #13267 from MathiasVP/promote-overrun-write 
C++: Promote `cpp/overrun-write` out of experimental
 2023-05-26 11:34:26 +02:00
Asger F
1c7f6dc32e Ruby: add meta-query for calls to summarized callables 2023-05-26 11:34:23 +02:00
Paolo Tranquilli
192c0d5e83 Swift: simplify change note 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2023-05-26 08:20:58 +02:00
Esben Sparre Andreasen
081c069b3c Merge pull request #13295 from github/dependabot/cargo/ql/regex-1.8.3 
Bump regex from 1.8.2 to 1.8.3 in /ql
 2023-05-26 08:13:41 +02:00
dependabot[bot]
4ab389bf1a Bump regex from 1.8.2 to 1.8.3 in /ql 
Bumps [regex](https://github.com/rust-lang/regex) from 1.8.2 to 1.8.3.
- [Release notes](https://github.com/rust-lang/regex/releases)
- [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/regex/compare/1.8.2...1.8.3)

---
updated-dependencies:
- dependency-name: regex
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-05-26 04:02:31 +00:00
Mathias Vorreiter Pedersen
960e6521a4 Revert "C++: Whitespace commit to make qhelp show up in diff." 
This reverts commit ec192d621c.
 2023-05-25 15:21:09 -07:00
Mathias Vorreiter Pedersen
c6275bfa28 Merge pull request #13293 from MathiasVP/fix-performance-of-dtt 
C++: Fix result duplication on `DefaultTaintTracking`
 2023-05-25 15:20:02 -07:00
Mathias Vorreiter Pedersen
e7f82a3571 Update cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2023-05-25 13:56:01 -07:00
Mathias Vorreiter Pedersen
384ca0c31f C++: Respond to review comments. 2023-05-25 13:50:35 -07:00
Mathias Vorreiter Pedersen
c3fdc83af6 C++: Also add an out barrier on all sinks. 2023-05-25 12:23:50 -07:00
Mathias Vorreiter Pedersen
7361ad977a Merge pull request #13291 from geoffw0/correction 
Swift: Promote some Data models to DataProtocol
 2023-05-25 11:28:42 -07:00
Mathias Vorreiter Pedersen
a7252e625e C++: Fix result duplication on 'cpp/unbounded-write' on 'kirxkirx/vast'. 2023-05-25 11:12:01 -07:00
Alex Ford
609319da20 ruby: update TaintStep.ql test output 2023-05-25 17:53:01 +01:00
Geoffrey White
3f3a5d39e5 Swift: Fix the SQL injection test. 2023-05-25 17:13:51 +01:00
Geoffrey White
98e5f0fc4f Swift: Add change note. 2023-05-25 16:04:18 +01:00
Geoffrey White
51321a218b Swift: Correct models in Data.qll. 2023-05-25 15:55:45 +01:00
Geoffrey White
5dfb07ce37 Swift: Test DataProtocol. 2023-05-25 15:51:21 +01:00
Asger F
9e8cef5e1b Ruby: fix type-tracking flow-through for new->initialize calls 2023-05-25 15:03:38 +02:00
Asger F
93678e5d36 Ruby: fix name of super calls in singleton methods 2023-05-25 15:03:34 +02:00
Paolo Tranquilli
5e66885a8e Swift: add change note 2023-05-25 14:00:04 +02:00
Paolo Tranquilli
51f1a5dcc8 Swift: remove getOpaqueExpr from OpenExistentialExpr's children 2023-05-25 13:05:21 +02:00
Paolo Tranquilli
7b76aa34bd Swift: fix CFG inconsistency on TapExpr 2023-05-25 13:05:21 +02:00
Paolo Tranquilli
b26b0a6e43 Swift: remove property wrapper CFG inconsistencies 2023-05-25 13:05:21 +02:00
Sim4n6
52dd247a81 Removed redundant cast 2023-05-25 11:55:13 +01:00
Paolo Tranquilli
7878bc3cc1 Swift: remove property wrapper AST inconsistencies 2023-05-25 12:15:22 +02:00