Commit Graph

33727 Commits

Author SHA1 Message Date
Geoffrey White
ff3bedcab9 C++: Fix expensive getWideCharType(). 2022-03-17 14:41:57 +00:00
Erik Krogh Kristensen
f53df255b9 Merge pull request #8459 from erik-krogh/addSeverities
JS: add missing @security-severity to JS queries
2022-03-16 12:03:19 +01:00
Nick Rolfe
82ef2a12f6 Merge pull request #8164 from github/nickrolfe/escape_sequences
Ruby: interpret string escape sequences in getConstantValue()
2022-03-16 10:45:39 +00:00
Nick Rolfe
1a850028e7 Ruby: update date in changenote filename 2022-03-16 10:32:43 +00:00
Erik Krogh Kristensen
cd9d61c1fc Merge pull request #8450 from erik-krogh/importAs
disallow lowercase import-as aliases
2022-03-16 11:32:37 +01:00
Jeroen Ketema
37293141ee Merge pull request #8428 from jketema/noreturn
C++: Handle C11 _Noreturn in DefaultOptions
2022-03-16 11:23:23 +01:00
Erik Krogh Kristensen
d47b0a68e7 exclude tests from ql/missing-security-metadata 2022-03-16 10:40:45 +01:00
Erik Krogh Kristensen
2442beaf9a add missing severities to JS queries 2022-03-16 10:40:34 +01:00
Jeroen Ketema
2894bb0933 C++: Use correct change note file name format 2022-03-15 23:21:14 +01:00
Jeroen Ketema
638b2cac04 C++: Add change note on _Noreturn/noreturn in C11 2022-03-15 23:21:14 +01:00
Jeroen Ketema
1a1c34e1be C++: Handle C11 _Noreturn in DefaultOptions 2022-03-15 23:21:14 +01:00
Erik Krogh Kristensen
b45f56ac08 Merge pull request #8431 from erik-krogh/deadCode
Delete dead code
2022-03-15 20:09:06 +01:00
Mathias Vorreiter Pedersen
57922f56ee Merge pull request #8424 from ihsinme/ihsinme-patch-fix077
Detection reduction on request
2022-03-15 16:17:47 +00:00
Mathias Vorreiter Pedersen
05758181bb Merge pull request #7884 from rdmarsh2/rdmarsh2/template-implicit-copy-constructor
C++: fix hasImplicitCopyConstructor for templates
2022-03-15 15:32:05 +00:00
Anna Railton
a08246a2a7 Merge pull request #8448 from github/annarailton-patch-1
Add docstring to `ExtractEndpointMapping.ql`
2022-03-15 14:54:45 +00:00
Erik Krogh Kristensen
b0fc958b32 simplify imports
Co-authored-by: Henry Mercer <henry.mercer@me.com>
2022-03-15 15:10:04 +01:00
Erik Krogh Kristensen
57db7633c8 C#: make csharp import private 2022-03-15 14:59:06 +01:00
Erik Krogh Kristensen
89af50f6d5 rename all lower-case import-as statements 2022-03-15 14:40:38 +01:00
Erik Krogh Kristensen
54582438a1 QL: recognize the names defined by import as statements 2022-03-15 14:29:33 +01:00
Anna Railton
739d94e8f9 Add docstring to ExtractEndpointMapping.ql 2022-03-15 12:50:51 +00:00
Erik Krogh Kristensen
3067231b1a Merge pull request #8253 from erik-krogh/domWrite
JS: merge hasDominatingWrite and hasDominatingAssignment
2022-03-15 13:37:00 +01:00
Erik Krogh Kristensen
154d0171d3 Merge pull request #8438 from erik-krogh/apiDisable
JS: add some API-nodes to js/disabling-certificate-validation
2022-03-15 12:56:59 +01:00
Mathias Vorreiter Pedersen
9f014be7c7 Merge pull request #8447 from MathiasVP/add-missing-security-severity
C++: Add missing `security-severity` tags
2022-03-15 11:29:28 +00:00
Joe Farebrother
8acd8ea01f Merge pull request #8446 from joefarebrother/sensitive-logging
Java: Add security severity to sensitive logging query
2022-03-15 11:17:46 +00:00
Mathias Vorreiter Pedersen
7337ebd569 C++: Add missing 'security-severity' tags. 2022-03-15 10:54:36 +00:00
Mathias Vorreiter Pedersen
9642e59349 Merge pull request #8382 from MathiasVP/use-taint-configuration-in-three-more-queries
C++: Use a `TaintTracking::Configuration` in three more queries
2022-03-15 10:43:05 +00:00
Joe Farebrother
e4a16cc700 Add security severity 2022-03-15 10:42:41 +00:00
Tony Torralba
6d5414281e Merge pull request #8437 from atorralba/atorralba/missing-security-severity-query
Added MissingSecurityMetadata query
2022-03-15 11:42:41 +01:00
Henry Mercer
f38b498eed Merge pull request #8433 from github/henrymercer/js-atm-remove-isEffectiveSinkWithOverridingScore
JS: Remove `isEffectiveSinkWithOverridingScore` from ML-powered libraries
2022-03-15 10:04:30 +00:00
Tony Torralba
6f484d3d64 Merge pull request #8440 from github/workflow/coverage/update
Update CSV framework coverage reports
2022-03-15 10:58:27 +01:00
Tony Torralba
fd4c9fd543 Cover a missing @tag security when @security-severity is used 2022-03-15 10:39:42 +01:00
Tony Torralba
82b2fd2d23 Exclude queries without precision 2022-03-15 10:22:10 +01:00
Mathias Vorreiter Pedersen
7e0e7d5004 Merge branch 'main' into use-taint-configuration-in-three-more-queries 2022-03-15 09:06:55 +00:00
Erik Krogh Kristensen
c7509c4dd3 Merge branch 'main' into deadCode 2022-03-15 09:19:14 +01:00
Tony Torralba
18165cbb46 Exclude examples folder 2022-03-15 09:14:11 +01:00
Jonas Jensen
d89c52f4b0 Merge pull request #8403 from erik-krogh/noUpper
Rename all upper-case variables, and all lower-case modules
2022-03-15 09:00:37 +01:00
github-actions[bot]
b10adfc8da Add changed framework coverage reports 2022-03-15 00:13:15 +00:00
Arthur Baars
3311fedda7 Merge pull request #8365 from aibaars/qldoc-test
CI: add QLdoc test
2022-03-14 23:36:01 +01:00
Erik Krogh Kristensen
195ce9c58a add some API-nodes to js/disabling-certificate-validation 2022-03-14 21:33:13 +01:00
Arthur Baars
6a74e761c8 Merge pull request #8398 from github/post-release-prep/codeql-cli-2.8.3
Post-release preparation for codeql-cli-2.8.3
2022-03-14 21:05:09 +01:00
Tom Hvitved
d3d20c69dd Merge pull request #8425 from hvitved/csharp/structural-comparision-fix
C#: Avoid combinatorial explosion in structural comparison library
2022-03-14 20:10:40 +01:00
Henry Mercer
5102cadf8e Merge pull request #8404 from github/codeql-ci/js-atm-new-release
JS: Bump version numbers of ML-powered packs after 0.1.0 release
2022-03-14 17:32:37 +00:00
Tony Torralba
03f3535188 Added MissingSecuritySeverity query 2022-03-14 17:53:08 +01:00
Nick Rolfe
488c8ef609 Ruby: accept test changes after adding more literals 2022-03-14 15:49:22 +00:00
Nick Rolfe
2a892c39ac Ruby: add change note for getConstantValue improvements 2022-03-14 15:45:58 +00:00
Nick Rolfe
a39aed52c6 Ruby: add more tests for edge cases in parsing of integers 2022-03-14 15:45:57 +00:00
Nick Rolfe
6c5868cfb5 Ruby: use NumberUtils in parseInteger
And make parse{Binary,Octal,Hex}Int hold only for values in the range
0 to 2^31-1 (incl.)
2022-03-14 15:45:57 +00:00
Nick Rolfe
6bd9616c6e Ruby: interpret string escape sequences in getConstantValue() 2022-03-14 15:45:57 +00:00
Michael Nebel
bcdbfefb2b Merge pull request #8329 from michaelnebel/csharp/model-generator
C#: Capture Summary models.
2022-03-14 16:10:05 +01:00
Erik Krogh Kristensen
c93f29b1a1 fix typo in change note
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
2022-03-14 16:03:45 +01:00