codeql

mirror of https://github.com/github/codeql.git synced 2026-02-18 16:03:45 +01:00

Author	SHA1	Message	Date
Nick Rolfe	3abe047cac	Fix parsing of POSIX bracket expressions. The docs are misleading. [[:alpha:]] is actually a character class containing a POSIX bracket expression, and that means you can have expressions like [[:alpha:][:digit:]_?!]	2021-07-29 17:24:51 +01:00
Nick Rolfe	5d336d8e1d	Make some predicates/classes/imports private	2021-07-29 17:17:11 +01:00
Mathias Vorreiter Pedersen	b1e5fbe2de	Merge pull request #6377 from sashabu/sashabu/virtual C++: Allow querying virtual, override, and final declaration specifiers.	2021-07-29 17:51:14 +02:00
Joe Farebrother	227818adb4	Add change note	2021-07-29 16:41:33 +01:00
Joe Farebrother	e23f666f67	Replace get and newWith methods with real implementations	2021-07-29 16:39:50 +01:00
Tony Torralba	29490e5872	Add suggestion from code review	2021-07-29 17:07:18 +02:00
Joe Farebrother	f1ca29a846	Add more stubs	2021-07-29 15:58:42 +01:00
Tony Torralba	3fcc9fae79	Refactor sinks to reuse code	2021-07-29 16:48:47 +02:00
Geoffrey White	417edab126	C++: Simplify out the 'effect' string.	2021-07-29 15:44:53 +01:00
Geoffrey White	7f621bc737	C++: Repair the tests that use subtraction so that the thing they're testing is preserved, and add two new explicit tests of behaviour on subtraction.	2021-07-29 15:36:43 +01:00
Tony Torralba	6e3b6dcb98	Imporve qhelp	2021-07-29 16:36:38 +02:00
Tony Torralba	bdf0f582a4	QLDoc improvements from code review Co-authored-by: Felicity Chapman <felicitymay@github.com> Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2021-07-29 16:34:21 +02:00
Tony Torralba	90b5e02b6e	Improve qhelp	2021-07-29 16:28:10 +02:00
Geoffrey White	13823df5a1	C++: Remove underflow detection.	2021-07-29 15:22:18 +01:00
Geoffrey White	9e0411238b	C++: Add some more test cases.	2021-07-29 15:15:26 +01:00
Tony Torralba	4ea6729c53	Update java/ql/src/Security/CWE/CWE-347/MissingJWTSignatureCheck.ql Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>	2021-07-29 16:10:49 +02:00
mc	0a986ad0e8	Update JndiInjection.qhelp Improve negation	2021-07-29 15:10:32 +01:00
Joe Farebrother	096509b9aa	Generate tests and stubs	2021-07-29 15:01:50 +01:00
Joe Farebrother	3bcb46f875	Model guava cache package	2021-07-29 14:52:26 +01:00
Mathias Vorreiter Pedersen	bbb38fd2aa	C++: Accept more test changes.	2021-07-29 15:49:50 +02:00
Tony Torralba	2628d3dc39	Improve csv sink models	2021-07-29 15:36:18 +02:00
Tony Torralba	3edc8bc679	Doc improvements	2021-07-29 15:35:39 +02:00
Tony Torralba	d9fb650dfb	JacksonCreateParserMethod converted to CSV summay model	2021-07-29 15:19:30 +02:00
Tony Torralba	b20d53cfd4	Update java/ql/src/semmle/code/java/security/OgnlInjection.qll Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2021-07-29 15:08:27 +02:00
Alexandre Boulgakov	e55bd4fb64	C++: Allow querying virtual, override, and final declaration specifiers.	2021-07-29 14:02:03 +01:00
Mathias Vorreiter Pedersen	41d233f086	C++: Make the 'definition by reference'-node in 'foo(a.b);' a source in the 'FieldConfiguration' configuration.	2021-07-29 14:49:59 +02:00
Mathias Vorreiter Pedersen	a082172422	C++: Add testcase demonstrating missing local flow out of fields that are defined by reference.	2021-07-29 14:46:32 +02:00
Nick Rolfe	e757d2e654	Merge pull request #241 from github/fix_yml Fix invalid file-type identifier	2021-07-29 12:05:10 +01:00
Arthur Baars	c568162256	Use a single TrapWriter The output of two distinct TrapWriters should not be written to the same TRAP file because this causes name clashes between TRAP labels.	2021-07-29 12:50:27 +02:00
Nick Rolfe	4aacdafb38	Fix invalid file-type identifier Upper-case characters are not allowed.	2021-07-29 11:49:22 +01:00
mc	8f1fc9e893	Update MvelInjection.qhelp Minor tweaks	2021-07-29 11:30:19 +01:00
Arthur Baars	cc1bdf1fc3	Add charpred to RubyFile class	2021-07-29 11:48:35 +02:00
Joe Farebrother	143b302eef	Merge pull request #6384 from joefarebrother/test-gen-improvements Java: Test generator: use getComponentType	2021-07-29 10:47:37 +01:00
Joe Farebrother	3b430d4925	Use getComponentType	2021-07-29 10:11:22 +01:00
Joe Farebrother	f7099f459f	Java: Test generator: use getComponentType	2021-07-29 10:08:45 +01:00
Artem Smotrakov	83a9b0ee28	Apply suggestions from code review Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2021-07-29 11:04:21 +02:00
mc	ebf004a4df	Update MissingJWTSignatureCheck.qhelp Using same syntax as on other queries for 'BAD' and 'GOOD'.	2021-07-29 09:13:00 +01:00
Benjamin Muskalla	b7b74b51a3	Track taint for String.valueOf(..)	2021-07-29 09:14:03 +02:00
Arthur Baars	fcf2d4cbd2	Apply suggestions from code review Co-authored-by: Nick Rolfe <nickrolfe@github.com>	2021-07-29 09:02:57 +02:00
Geoffrey White	ae35ae10e6	C++: Fix readlink FPs.	2021-07-28 17:45:18 +01:00
Fosstars	893f84fbf4	Merge branch 'unsafe-jackson-deserialization' of github.com:artem-smotrakov/ql into unsafe-jackson-deserialization	2021-07-28 18:25:53 +02:00
Fosstars	50497eb747	Make imports as private as possible	2021-07-28 18:25:05 +02:00
ihsinme	2d5a263799	Update FindIncorrectlyUsedExceptions.ql	2021-07-28 18:46:49 +03:00
Geoffrey White	c2ef58d29d	C++: Support 'readlinkat'.	2021-07-28 16:15:28 +01:00
Geoffrey White	358d89f3ce	C++: Add tests.	2021-07-28 16:15:16 +01:00
Joe Farebrother	d900fcaf42	Merge pull request #6374 from joefarebrother/test-gen-improvements Java: Add support for synthetic fields to the test generator	2021-07-28 16:02:47 +01:00
Artem Smotrakov	7fec575df8	Simplify JsonTypeInfo stub Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2021-07-28 14:23:50 +02:00
Shati Patel	65e9262b41	Merge pull request #556 from github/shati-patel-patch-1 Update CODEOWNERS	2021-07-28 12:56:48 +01:00
Shati Patel	0c4674cf86	Update CODEOWNERS Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>	2021-07-28 11:54:25 +01:00
Shati Patel	e83af8e4ea	Update CODEOWNERS	2021-07-28 11:42:33 +01:00

... 256 257 258 259 260 ...

41418 Commits